Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Who has responsibility for cloud security? A Network World roundtable

John Dix | March 26, 2013
As more organizations leverage the cloud for critical business applications, they are discovering one of the greatest challenges is combining existing internal controls with cloud protection efforts. Highly regulated business and government organizations in particular must maintain comprehensive security and compliance postures across these hybrid systems.

NW: Rothman mentioned visibility as being a problem. How big a problem is it?

ROTHMAN: Oh, it's a terrible problem. There is the option [Kingsberry] described which, from my perspective, is unique, of running all of your traffic through a choke point, but that starts pushing on the balance between the performance you get with cloud computing and the reality of what you need to do in order to control these environments. It creates difficulty. And what that means is you can't do things like capture network traffic with tools like NetWitness in traditional cloud architectures.

But if you're going to route everything to a choke point that kind of breaks the architectural constructs that make cloud computing interesting in the first place. So what you see are folks climbing the stack from the perspective of instrumenting their applications, instrumenting their databases, instrumenting their instances to a much greater degree because they don't have the ability to do that at the network layer.

KINGSBERRY: That's why I say business drives technology. For federal agencies to feel comfortable with the cloud, we had to take that approach. If we were a larger agency it would be architected slightly differently to address performance issues. Right now, however, for our agency, there is no performance hit. We're a small agency and our network pipes are larger than what's really required

NW: Any closing thoughts?

KINGSBERRY: When you look at where we are today and where we're going, the opportunities are through the roof. There are lots of opportunities today to do all types of things. I can tell you when we migrated to Microsoft 365 we ended up paying roughly 30% less than if we had to do it on-prem. And It enabled us to stand up something that we hadn't stood up ... Microsoft AD FS 2.0, which gave us an added level of security. So cloud gave us some interesting opportunities to do some really cool stuff.


Previous Page  1  2  3  4  5  6  7  8 

Sign up for CIO Asia eNewsletters.