thoughts from the cloud€¦ · hackers lurking in countries across two continents. sometimes the...
TRANSCRIPT
THOUGHTS FROM THE CLOUD A selection of Cloud-Security Articles from the CloudAccess Blog Vol4
AUTHOR’S NOTE
“Thoughts from the Cloud” is a weekly blog written by Kevin Nikkhoo, CEO of
CloudAccess. It looks to discuss, dissect and debate the many pressing issues
surrounding cloud computing with a special focus on cloud-based security
and security-as-a-service. You can read all the blog entries at:
http://cloudaccesssecurity.wordpress.com/
In this Volume you will find:
Rethinking IT Using Cloud as a Change Catalyst
The Lessons Learned from LinkedIn
Size Doesn’t Matter: Controlling Big Data Through Cloud Security
Public or Private Cloud, that is the question…or is it?
The Independence of Cloud Security
RETHINKING IT USING CLOUD AS A CHANGE CATALYST
There are a lot of experts
and process gurus who are
more qualified than I to tell
you how to manage change.
They will offer a great deal
of high level advice such as
“define the vision,” “create a change proposition,” “promote staff input to
shape the solution.” And these are very wise nuggets of advice. And we (in
IT) are at a crossroads for change. The landscape of the role, the
challenges of the responsibilities, the tools of the trade are all evolving.
Presented by:
CloudAccess:
CloudAccess provides comprehensive
security-as-a-service from the
cloud. Our suite of robust and scalable
solutions eliminates the challenges of
deploying enterprise-class security
solutions including costs, risks,
resources, time-to-market, and
administration. By providing such
integral services as SIEM, Identity
Management, Log Management, Single
Sign On, Web SSO, Access
Management, Cloud Access offers cost-
effective, high-performance
solutions controlled and managed from
the cloud that meet compliance
requirements, diverse business needs
and ensure the necessary protection of
IT assets.
www.CloudAccess.com
877-550-2568
CloudAccess, Inc 12121 Wilshire Blvd
Suite 1111 Los Angeles, CA 90025
www.CloudAccess.com
CLOUDACCESS 877-550-2568 www.cloudaccess.com
SECURITY FROM THE CLOUD:
Much of the change revolves around the migration to cloud-based
solutions. For going on a dozen years, SaaS applications have ingrained
themselves in most IT architectures-from ERP/CRM to payroll to security-
as-a-service. Without extolling the virtues of the cloud solutions
themselves, what this has done is transformed and upgraded the value of
the IT professional. Whereas there is a sincere appreciation for the
professional who writes code, manages a help desk and installs and
maintains computed assets, I am speaking more of the sea change from a
person plugging in cables to an analyst; from a compiler of stacks to a
broker of business needs.
From a business standpoint, think of the value of an employee who enables
your best practices and workflows, monitors your progress, and manages
various business needs. The cloud provides this opportunity. Instead of
writing that code for an application, you simply subscribe and acquire the
functionality. Instead of moving from endpoint to endpoint, the
provisioning and ongoing maintenance is instantaneous. Instead of
infrastructure-based, you get to be information-centric. And as such you
get to make better decisions, faster.
The evolution of security issues is no different. The cloud has matured to
the point where solutions such as SIEM. Log Management, Single Sign On,
Identity and Access management are not just viable options managed from
the cloud, but in many cases, provide greater bandwidth, power, agility and
versatility than can be managed on premise. With cloud-based security you
divest the bulk of programming and day-to-day high resource/limited
return activities while gaining the ability to instantly analyze evaluate and
act. In short, you become a catalyst for change management and risk
mitigation.
The residual benefit of cloud security is that IT no longer has to be in the
Identity Management business, but still reap all the benefits and
efficiencies. No more time dedicated to resetting passwords or setting up
role based access every time someone is hired, fired or moved. It doesn’t
have to be in the log monitoring business, but still is effectively and
securely protected from intrusion and attack with 24/7/365 monitoring. IT
department is no longer a compiler of data, but a conduit of information
and evaluator of compliance audits and reports that meet the various
THE CASE FOR ACCESS
CONTROL
It’s not a theoretical. Without practical access management initiatives, an enterprise can come under attack. And it is not always the hackers lurking in countries across two continents. Sometimes the villain is on your payroll…whether they know it or not. Some recent cases in point:
• A former employee at the U.S. subsidiary of Japanese pharma Shionogi pled guilty to deleting 15 business–‐critical VMware host systems, costing the company $800,000.
• An IT employee at Bank of America admitted that he hacked the bank’s ATMs to dispense cash without recording the activity.
• A contract programmer fired by Fannie Mae was convicted of planting malicious code intended to destroy all data on nearly 5,000 internal servers.
• A Goldman Sachs programmer was found guilty of stealing computer code for high frequency trading from the investment bank when he left to join a startup.
• A Utah computer contractor pleaded guilty to stealing about $2 million from four credit unions for which he worked.
www.CloudAccess.com
CLOUDACCESS 877-550-2568 www.cloudaccess.com
SECURITY FROM THE CLOUD:
industry standards and government requirements. The rethought IT
department now gets to be in the business of integrator of business goals.
As a facilitator, IT interfaces with the various departments to understand
their objectives and find the best tools to integrate. The cloud allows you
to not only deploy instantly, but creates a set of resources at lower costs
that help achieve success.
This is not to say a full-scale migration to the cloud is warranted. Every
company has unique needs and not all of them are best served through the
cloud; whether public, private or hybrid. However, the benefits outweigh
the concerns. And if considering options without taking in account the cost
benefits, the resource surplus and the ease of management the cloud
provides, you do your organization a disservice. The issue of control often
comes up in these discussions. Do virtual applications or more specifically,
security-as-a-service provide the necessary control for you to transact
proprietary or personal information, protect intellectual property? Any
vetted solution, like the ones from CloudAccess, does. But control is not
about where data is stored, but how it is stored and the rules you apply to
manage it. By removing staff from lower level priorities and implementing
strong rules, workflows and processes, it should not matter whether a
function resides on premise or in the cloud. But when you can divest your
staff from the day-to-day lesser priorities, you open up a world of new
possibilities and a streamline means of achieving goals for the entire
enterprise.
Change is not coming. It’s already here.
THE LESSONS LEARNED FROM LINKEDIN
Users are making it too easy for hackers.
If we take a closer look at the 6.5 million hashed
LinkedIn passwords that leaked we find a large
swath of the user population are ignoring
warnings of overly simplistic and obvious
passwords. Would you believe the most common
word or phrase found in a 160K sampling of the list was “link”? And would
PREDICTIONS FOR THE
IMMEDIATE FUTURE
“Cloud is here to stay, and in fact,
a tidal wave is coming within a
decade. With a new technology,
people start slow, test the waters
and gain confidence. Once they
feel they have proven that the
technology works, they say, ‘Now
I’m going to move more
applications to the cloud.’ This
will create a tidal wave of cloud
adoption. Beyond that, I see
integration between different
applications taking center stage
so that there will be greater
application interoperability. The
improved interoperability
between applications will reduce
the cost and complexity for users
enabling them to quickly benefit
from cloud deployment.”
-Kevin Nikkhoo
Get Your Head into the
Clouds by Fairway
Technologies
www.CloudAccess.com
CLOUDACCESS 877-550-2568 www.cloudaccess.com
SECURITY FROM THE CLOUD:
you further shake your head in disbelief that “1234” and “12345” followed
close behind. Rounding out the top 10 were “work,” “god,” “job,” “angel,”
“the,” “ilove,” and “sex.”
Moreso than Facebook, LinkedIn is the social media of choice for business.
So it is likely to be used by the users in your enterprise as part of their SaaS
profile. This makes their problem, your problem. If we learn anything from
this debacle, it is that password management should be a priority for any
organization that allows its users unfettered access to password-protected
public sites.
What people need to understand is that even with trusted sites such as
LinkedIn there is still a possibility for massive compromise. The bigger the
site, the more personal information is leaked.
As a security or IT professional, you are already well aware how fast a
hacker can crack a simple 5 character code. The answer is within 45
seconds, especially if users help them by choosing “password” or their
birthday as the entry. I am not spending any further time lecturing on
password management strategies. However, with that said it’s important
to note that even the strongest of passwords provided little defense
against the LinkedIn hack. Bad guys stole password files directly from the
companies involved, so even “%R7^Tgh1″ was compromised.
If you check an earlier blog, ****** is your first defense, I offer some of
password management strategies. But beyond enforcing protocols of how
often passwords should change, randomizing characters and outlawing
phrases and personal identifiers, I think the LinkedIn breach is a good
reminder that updated authentication techniques need to be considered.
Password management, especially in larger organizations can be a
nightmare. Dozens of websites and applications per person can be
overwhelming. This could be a full time job. However the integrated
automations managed from the cloud provide a safe, cost-effective and
secure option that offers as much control as any on premise or home
developed solution. If your department is like most that I’ve come across,
you just don’t have the bandwidth or the additional budget to launch a full
scale password crusade.
TOP 10WORST/HACKED
PASSWORDS
Source Forbes Magazine
1. Your user name
2. Your user name followed
by password
3. Password
4. 123456
5. 12345678
6. Qwerty
7. abc123
8. 1234567
9. Letmein
10. trustno1
11. work
12. baseball
13. 111111
14. Iloveyou
15. master
16. welcome
17. sexy
18. angel
19. passw0rd
20. shadow
21. 123123
22. 654321
23. superman
24. ninja
25. jesus
www.CloudAccess.com
CLOUDACCESS 877-550-2568 www.cloudaccess.com
SECURITY FROM THE CLOUD:
Regardless, companies must explore more sophisticated ways to
authenticate users or the lessons from LinkedIn will never be fully learned.
This can be done by looking to the cloud. Such solutions as single sign on
help credential and authorize users by providing access to applications and
approved sites. And I know of one organization that combines the power of
password management in the bundle for no extra cost. Besides the obvious
cost benefits, what the security-as-a-service does is helps centrally manage
the process by automating several aspects and promoting self-service for
users. Combined with SSO, you have taken strides to protect your
intellectual property.
In this configuration, (public, private or hybrid clouds), there is only one
password to remember that creates access to an entire (role-based
credentialing) section of applications and websites. It cuts down on help
desk calls (according to Gartner, passwords retrieval and resets account for
25% of all calls and costs upward of $50 per incident) and most important,
provides the necessary control to better protect the enterprise. And by
combining password policies and synchronization, passwords can be
managed in a consistent way across systems within the enterprise. I realize
part of the appeal is making it easier for the end user. Users won’t embrace
policies and best practices unless they are easy to adopt and don’t
interrupt their daily workflow.
LinkedIn is another warning that passwords are one of the weakest links in
the security initiative and the faster you take control of those aspects that
potentially affect your network, the faster you’ll sleep better at night.
CREATING A BYOD POLICY
BYOD is not an information
security only program; also it is
not a technology-only program.
People, procedures and
technology have to work together
to have a successful BYOD
program. It’s important to look at
the BYOD program holistically.
Another critical factor in building a successful BYOD policy is to ensure it’s an integral component of the organization’s larger security program. It is a compliance and liability issue as well.
Too many organizations have failed to recognize that employees are using personally owned devices for work-related purposes, even though the organization lacks a formal BYOD policy. The lack of a policy can create serious risks, such as a lack of awareness of the loss of a personally-owned device that contains corporate data.
www.CloudAccess.com
CLOUDACCESS 877-550-2568 www.cloudaccess.com
SECURITY FROM THE CLOUD:
SIZE DOESN’T MATTER: CONTROLLING BIG DATA THROUGH
CLOUD SECURITY
There’s data. And then there’s BIG DATA.
Many of us have been bombarded with the
term in many frameworks. There are some
professionals that chalk it up to marketing
hype or meaningless buzzword. Personally, I
prefer the way Gartner categorizes it. That it
is more than size. It is a multi-dimensional model that includes
complexity, variety, velocity and, yes, volume.
But the pressing issue with this definition of Big Data is how best to secure
something so vast and multifaceted. If you recognize the old concept of a
network perimeter is antiquated and dangerously narrow, there should be
some concern as to corralling all this data and ensuring its transit and
storage is protected. The latter issue speaks directly to compliance needs.
Banks and other financial institutions, medical facilities, insurance, retailers
and government entities are especially sensitive to the compliance
requirements. However, if your business doesn’t fit into these verticals
doesn’t mean you can’t directly benefit from cloud based security that
creates the necessary context. And though your organization is dealing
with an incredible mountain of data, you still must do what you can to
ensure not only the proprietary intelligence behind your firewalls, but all
the data trafficking in, around and through all various endpoints
throughout the enterprise.
But again, size should not be the only consideration regarding Big Data. It is
the means by which you analyze and apply various processes that allow
you to make the best decisions possible about the ongoing security,
accessibility and viability of all those many bits and bytes.
If you are looking at scale the McKinsey Global Institute estimates that
“enterprises globally stored more than 7 exabytes of new data on disk
drives in 2010, One exabyte of data is the equivalent of more than 4,000
times the information stored in the US Library of Congress. That’s a lot of
data.
ADVANTAGES OF THE CLOUD
FOR BIG DATA
Excerpted from AT&T white paper “Cloud Services: It’s Not Just What, but How…and Who from CIO Magazine
Cloud services provide significant advantages for any enterprise dealing with big data. A cloud provider who can transport, store and analyze data within a single infrastructure has the tools required to deliver the highest efficiency and return on investment.
• Reduced Complexity – Let the cloud provider worry about real estate costs, power, air conditioning, staffing and other operational minutia.
• Better Quality – As a specialist, the cloud operator’s expertise and turnaround time will be best in class—and almost impossible for a non-specialist to match.
• Lower Capital Costs – Cloud services can make it possible to cut capital costs and redirect investment into other opportunities.
• More Flexibility – The cloud is a way to handle overflow or enable agile, flexible IT service delivery.
.
www.CloudAccess.com
CLOUDACCESS 877-550-2568 www.cloudaccess.com
SECURITY FROM THE CLOUD:
Storing is one thing, but analyzing and managing all the data into useful
strategic and tactical outcomes now depends on the other elements of Big
Data (complexity, variety, velocity). To do this successfully you have to
have a means to put all of it into context. For instance, let’s say an account
is accessed. It has the right user name/password credentialing and seeks to
export some personal data or transfer funds, or change sensitive account
settings. On its face you should allow this action. They have the right name
and authentication. But when this is given greater context, there are
dynamics from other silos of information that need to be factored. What is
the device profile? URL reputation? Is the IP address consistent? When was
last log in attempt? What time did this latest transaction occur? So, what
seemed to be a reasonable transaction might shows patterns of
anomalous behavior.
But here’s the larger issue—all these factors that play into determining
true context (which I call situational awareness) may come from different
sources and require a bit of juggling and cross-correlating. You have SIEM,
Access Management, Log Management, and Identity Management. And
they may all live on various servers in various places within the enterprise.
So ensuring this process association is doable, but with so many layers and
stacks, the results may take too long to take preventative measures. You
know what they say about the horse having already left the barn.
By migrating security functions to the cloud (security-as-a-service) you still
may run into these same issues unless you find a provider who can
combine all the functionality and create the rules for cross-correlation that
can normalize and sort through gargantuan amounts of data. A SIEM
solution in the cloud is able to take raw data from a variety of sources,
normalize it and create and manage the alerts, escalations and prevention
protocols. Such a configuration takes the activity from Identity and access
management silos, combines them with the silos of general traffic of web
traffic, internal access, SaaS solutions and other business/consumer facing
applications and generates a flexible and scalable intrusion detection
matrix.
A fully-realized cloud-based SIEM deployment (which is much less
expensive in the cloud, yet just as powerful as any on premise solution) can
prevent an IP address in China from spoofing your customers account and
create intelligence that deflects and notes if a Flame virus is being lobbed
CLOSING THE VULNERABILITY
GAP
Independent and original
vulnerability research is
important to security
organizations. Security teams
need actionable intelligence. They
need precise and timely
information to help them make
the decisions necessary to protect
their company’s networks and
applications.
Looking at logs once a week is not
enough. Your security perimeter
must be monitored continuously
7/24/365. And it must look at all
the silos data and applications
reside across the enterprise. By
leveraging the cooperative
functionality of solutions like
SIEM, Log Management, Access
Management and Identity
Management, companies
enhance this visibility. And when
it is done in real time, create the
conditions the Forrester findings
support: immediate actionable
intelligence.
www.CloudAccess.com
CLOUDACCESS 877-550-2568 www.cloudaccess.com
SECURITY FROM THE CLOUD:
at your network. But a true cloud-based security partner worth their salt
will also provide the raw data for post-capture analysis. This way you can
analyze new traffic patterns, but more important create the baseline to
make intelligent decisions for the long term security of your network or
immediate recognitions of anomalous behavior. But all that raw
data…that’s where the cloud gets you, right? You get penalized for having
bigger and bigger data sets. Not if you have the right vendor. I personally
know where you can get storage space for as little as $1 per gB per month.
You can scale the amount and the type of data you wish to keep in the
cloud. You control when it gets destroyed according to various compliance
requirements. I also have some thoughts about vendors who provide the
services, but require you to buy some appliance that you install and
maintain on your network…but that’s a whole other blog.
The bottom line is Big Data can be managed given the right tools. And
those tools do exist in the cloud and can be managed through the same.
And when you have the right rules, passing though an integrated suite of
security solutions you’ll begin to see that size doesn’t matter. What
matters is creating a situational awareness that provides you a platform
to make better decisions. And if that place is in the cloud…all the better.
PUBLIC CLOUD OR PRIVATE CLOUD, THAT IS THE QUESTION?
OR IS IT?
You realize the overarching benefits of the
cloud, but you are a bit wary regarding the
security of any data stored and transacted
in these virtualized environments. But the
cost-saving benefits and user preference
and resource delegation of the cloud are
such that not integrating some processes,
applications and data is counterproductive
to your overall IT strategy. So you decide
that a private cloud is a more secure route
that its public counterpart. But are you
really any more secure?
The quick answer is no. But not for the reason you might think. A private
cloud is infrastructure operated solely for a single organization. The only
A CSO’S OPINION ON BYOD
“Devices are not the issue. It is a
compliance and liability issue.
We secure devices for a living and
we are very good at it, however
the discussion is about what
rights you give up when you
decide to use personal
equipment. What can I monitor?
What happens if the phone is
lost? What happens if it breaks?
What happens when you leave
the company…does the company
retain the right to wipe the phone
clean; even personal pictures,
contacts etc. My personal and
professional opinion as a security
professional is equivocating it to
entering the military-you give up
certain rights including privacy.
Before I let anyone use their own
device, the employee must sign
an agreement that puts in writing
my companies answers to all the
above questions.”
www.CloudAccess.com
CLOUDACCESS 877-550-2568 www.cloudaccess.com
SECURITY FROM THE CLOUD:
difference is that your data is segregated from any other organization. And
if that brings you any semblance of peace, then it’s a good investment. It all
depends on your business need. It offers greater control, but means you
shoulder all the overhead, updating, risk management and related costs.
And if you factor in the compliance requirements for financial or healthcare
related companies, it might be the better option.
But, the thing is, it is still a server. It is still prone to all the issues on-
premise and pubic clouds in terms of intrusions, attacks, user carelessness
and resource deficiencies. It is as vulnerable (or protected) as the
alternative counterparts. The only difference is the means of security you
apply towards protecting it. You can build the most sophisticated on
premise security solution, but if you leave a window open, data will still
leak, unwanted intrusions will still get in and George from sales will still log
into your network from his unsecured iPhone.
So let’s be clear. From a platform security perspective, it does not matter
whether you choose public, private or hybrid clouds. It matters how you
protect it; which can also be effectively managed from the cloud. And
depending on your preference, a cloud-based security management should
be able to equally protect and support any cloud or on-premise
configuration.
If you assume your SaaS-based CRM, payroll or inventory shipping
applications are well protected by the developer, you are equally inviting
problems. According to new guidance from the National Institute of
Standards and Technology, YOU and not your providers have ultimate
responsibility for the security and privacy of data stored on the cloud. The
SaaS developer are responsible for their infrastructure, not your data or
who you provide access to that data or how you transit the data from
endpoint to endpoint…unless the service you invest in is a cloud-based
security-as-a-service.
Cloud-based security can be seen as having your cake and eating it too. You
benefit from a diverse portfolio to meet your specific business needs and
now you have another resource that allows you to gain best-of-breed,
enterprise level power, capabilities and control. You have a way to
monitor your public or private clouds (or your complex integrated
networks) 24/7/365 or create multifactor authentication barriers to access
intellectual property. With the right processes and rules, you can create
ARE BREACHES MORE
COMMON WHEN USING THE
PUBLIC CLOUD?
“In the past, companies felt that
having an application run behind
a firewall in their own
organization meant they were
protected, whereas if the app was
run in a public cloud, they were
exposed. As it turns out, it can be
easier to get into a private cloud
because people find
vulnerabilities within the network
and gain access to critical data.
Because public clouds serve so
many users, it is paramount that
providers help their customers
meet governance and compliance
regulations. Public cloud
providers tend to be more
diligent about security. In fact,
there are independent studies
that show that public cloud
security is getting better than
some private clouds.”
-Kevin Nikkhoo
Get Your Head into the
Clouds by Fairway
Technologies
www.CloudAccess.com
CLOUDACCESS 877-550-2568 www.cloudaccess.com
SECURITY FROM THE CLOUD:
and seamless layer across multiple servers and infrastructures that connect
each independent silo of data that can differentiate roles, traffic patterns,
context and data sensitivities. We are talking a combination of intrusion
detection, log management audits, identity and password management
and SaaS single sign on and web authentication services.
Before the maturation of cloud-based security, ensuring the security of any
cloud-based application could be problematic. There was significant
investment and limited budgets for in various software, time
commitments, expertise and the great unknown of how dedicated the
application developer was in the security of your data. To secure just this
aspect of your business, you were looking at a 2:1 or 3:1 ratio of
professional services on top of the licensing and required hardware installs.
Now that security-as-a-service is not only an emerging (and tremendously
cost-effective alternative) but tested choice, it provides a great latitude in
terms of being able to properly keep in lock step with the challenges
posed by applications…public, private and legacy.
So when deciding whether public, private or hybrid clouds make more
sense for your organization, know that your choice should be dependent
on the best option for your specific need. There are plenty of experts
willing to weigh in on best practices for each. But when it comes to
security, make sure you have the flexibility and scalability to securely
manage your quickly disappearing perimeter.
THE INDEPENDENCE OF CLOUD SECURITY
I was watching fireworks over the
Pacific Ocean last night (one of the
benefits of living near the California
coast). The Navy Band was
trumpeting patriotic music and
thoughts of freedom and liberty
swirled in my head. That’s when it
occurred to me. Cloud computing is
independence for many companies:
freedom from costly infrastructure;
liberty of enhanced mobility and
CLOSING THE VULNERABILITY
GAP PART 2
Companies want to leverage
relationships with vulnerability
researchers to make decisions.
Given the complexities of today’s
threats, security organizations cannot
afford to have the level of expertise
in house necessary to fully defend
their network from the vast array of
current and future dangers. They
must cultivate relationships with
third parties to get the levels of cyber
intelligence needed to meet future
challenges. Having this access to
dedicated vulnerability researchers is
extremely important.
Security-as-a-service (from the cloud)
is a cost effective means of achieving
the level of expertise necessary
without the additional headcount
and the cost-prohibitive expense of
a high profile consultant. Although
driven from the cloud, CloudAccess
clients benefit from having a live
security analyst monitoring their
network.
www.CloudAccess.com
CLOUDACCESS 877-550-2568 www.cloudaccess.com
SECURITY FROM THE CLOUD:
storage; emancipation from ongoing updates and maintenance; the
autonomy to scale and automate; the sovereignty to grow businesses
based on need and innovation rather than anchored simply by budget and
bandwidth.
But cuteness aside, there is a degree of independence provided by the
cloud. But just like democracy, managing in the cloud comes with a price,
or more specifically a responsibility. With the many benefits provided by
the cloud, security issues still need to be addressed. Just having data and
application functionality in the cloud may provide new flexibility and the
ability to enforce consistencies throughout the enterprise, but processes
for control, monitoring and anomaly mitigation still need to be applied
and maintained. The cloud application you use might have great security
controls, but in the end any data you generate, store or transact is yours to
secure…not the application vendor.
The good news is that these security issues and functions can also be
managed and effectively enhanced from the cloud. This means the receipt
of the same benefits provided by these lithe applications can be realized by
migrating some or all security management functions to a virtualized
environment. Security-as-a-service provides a greater sense of
independence and an expanded mode of control over the disparate,
disconnected and sometimes unprotected elements of the enterprise.
The cloud managing the cloud…seems like an oxymoron, right? Wrong. I
am hoping we’ve moved beyond the argument of whether the cloud is a
best practice or at least an accepted business practice. A vetted security-
as-a-service can provide the necessary capability, control and cost-savings
while removing a burden from overtaxed and overextended IT staffs. And
not just for SMBs. Larger companies (especially those bound by unique
compliance issues like healthcare, finance, retail and even government
entities) can take advantage of cloud-based security and generate the
necessary ROI and secure influence over all or parts of their enterprise.
First, cloud-based security is more that being a watchdog for your
salesforce.com or Dropbox accounts. It can be a gamer changer-a fully
realized security environment that addresses data and applications on
public clouds, private clouds, hybrid clouds and even legacy, on premise
networks. It can monitor every ping, burp and hiccup that touches your
network in real time. It can create escalations, alerts and effective
UNIFIED SECURITY
The key questions need to be
answered:
who touched what, when,
where and the potential security
impact to the business!
Unified security is the best
practice that leverages the
capabilities of multiple security
solutions across multiple silos and
centralizes them under a single
pane of glass.
Simply, it is the comprehensive
and collective forensic analytic
platform to provide greater
visibility to create a holistic
approach to security initiatives
The key is that the data is
continuously monitored and
correlates in real time. This allows
for a higher, more responsive
degree of proactivity through
security administration and faster
reactivity to any actionable event.
www.CloudAccess.com
CLOUDACCESS 877-550-2568 www.cloudaccess.com
SECURITY FROM THE CLOUD:
remediation without the need of human intervention. It can provision and
prevent access to some or all of your data. It can authorize, maintain
credentials, and streamline identities. It can facilitate encryption in data at
rest or on the move. The promise of security-as-a-service is that it provides
comprehensive and integrated functionality across the enterprise. A true
cloud-based security initiative must be more than SIEM; more than single-
sign on, more than password and access management. It must incorporate
all these things.
Second, most companies take security very seriously-especially in terms of
storing their data or maintaining the sacrosanctity of that proprietary
intelligence while in transit. They understand how important it is to keep
their networks intrusion-fee. Problem is IT is a big family and there are so
many mouths to feed. Even as many companies have teams dedicated to
security issues, too many don’t have a dedicated person, but rather line
item in an overall job description. This is the way things fall through the
cracks. And I don’t think I am talking out of school here-many CIOs and
CEOs have said the same thing. Again, security-as-a-service, with all of its
best-of-breed capabilities and behind-the-scenes 7/24 monitoring, creates
the necessary automations and controls that allow an organization ( who
doesn’t have a dedicated security officer) the confidence that security
issues aren’t relegated to hair-on-fire priorities.
Once you have agreed that security-as-a-service delivers the necessary
protection, then the question begs how do you determine which partner or
vendor is right for you? Although there are several markers for which you
can evaluate (cost, service scope, proven viability, etc…), I think the key to
success is finding a partner that matches your business needs: one that has
the track record of integrating a single piece of the security puzzle or help
launch a comprehensive solution from the cloud. And, of course, one that
helps you reach a sustainable level of independence so you can
concentrate on other priorities.
And if you have the time, listen to an interview I gave over at The Cloudcast
with Cloud Computing experts Brian Gracely and Aaron Delp:
Happy Independence Day!
THE PARADIGM CHANGE IS
HAPPENING NOW
According to Forrester Research,
it is estimated that the managed
cloud services security (MSS)
market stands at $4.5 billion.
Gartner, the nationally respected
IT research firm predicted that
the total worth of the cloud
computing market will rise to
more than $150 billion by 2013.
In 2015, public cloud services will
account for 46% of net new
growth in overall IT spending.
Morgan Stanley estimates that by
2015, the mobile web will be
bigger than desktop internet.
With user expectations about
where and how they access
information changing
dramatically, there'll be growing
pressure on IT to make enterprise
applications available in similar
ways.
www.CloudAccess.com
CLOUDACCESS 877-550-2568 www.cloudaccess.com
SECURITY FROM THE CLOUD:
MENTION THIS WHITE PAPER AND WE WILL EXTEND A FREE MONTH OF SERVICE WHEN YOU SIGN UP FOR A YEAR OR MORE PAY-AS-YOU-GO SUBSCRIPTION
CONTACT CLOUDACCESS FOR A
LIVE ONLINE DEMONSTRATION OF OUR SIEM AND LOG MANAGEMENT SOLUTIONS DELIVERED AND MANAGED FROM THE CLOUD.
MORE INFORMATION:
CONTACT: 877-550-2568
Read Our Blog: http://cloudaccesssecurity.wordpress.com/
LIKE Us on Facebook Follow Us On Twitter Join us on LinkedIn
The sky is no longer the limit
with secure, affordable cloud
security solutions from
CloudAccess.
WANT TO LEARN
MORE ABOUT
COMPLIANCE?
www.CloudAccess.com