Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Who has responsibility for cloud security? A Network World roundtable

John Dix | March 26, 2013
As more organizations leverage the cloud for critical business applications, they are discovering one of the greatest challenges is combining existing internal controls with cloud protection efforts. Highly regulated business and government organizations in particular must maintain comprehensive security and compliance postures across these hybrid systems.

KINGSBERRY: From our perspective, federal agencies are always going to have something on-prem and then they're going to want to offload workloads. So if you turn it into a network problem, an information assurance problem, and everything is based on NetFlow, you're going to get full visibility. You can control things in a different way. And when it's infrastructure as a service, it's really no different than having a physical server on-prem. In essence, I have full control of all services running on that box, which means I can connect in enterprise management tool sets to ensure I can manage it.

AMMON: Many of the new security options will actually improve your agility and reduce your costs. An example of that would be a typical machine shutdown and forensics if you had an exploit. With the cloud you can copy a suspected server image to your forensic tool kit, fire up a brand-new replacement image and do all this through the click of a mouse as opposed to deploying employees to data centers. With cloud, experience really matters. Customer can greatly benefit by contracting with proven cloud architects who can help them figure out how to take advantage of the power of the cloud while avoiding cloud supplier lock-in or overly complex management of desperate security tool sets. Customers should implement centrally managed security if they want to maximize reduction in expense and complexity. A piecemeal cloud strategy may leave you with a collection of cloud islands operated and controlled through disconnected security tool sets.

That's actually a problem we are just starting to see in the privileged identity management arena, something we call islands of identity, where organizations are using a different tool on each platform -- cloud, virtual, etc. -- to manage privileged identities. We address this with a privileged identity management solution that reduces the risks that privileged users and unprotected credentials pose to systems and data. With Xsuite, customers can implement secure privileged identity management across their entire hybrid cloud. It vaults privileged account credentials, implements role-based access control, and monitors and records privileged user sessions. And our unified policy management enables Xsuite to deliver the seamless administration of security controls across systems, whether they reside in a traditional data center, a private cloud, on public cloud infrastructure, or any combination thereof.

KINGSBERRY: You mentioned using cloud for forensic work ... we had a similar business requirement. If something like that happens, we leverage Amazon to roll those VMs into a enclave that already has all the forensics tools. So we have snapshots of the compromised VM and all the tools ready and it's locked down so no network traffic can take place. So I'm using the cloud for what its best for.


Previous Page  1  2  3  4  5  6  7  8  Next Page 

Sign up for CIO Asia eNewsletters.