Cloud services, misty security

Insights
(Image: Mediateam)

11 April 2016

The number of organisations employing some form of cloud service is growing at a rapid pace, resulting in ever more hybrid IT users. This, as has been seen recently, is the new normal in IT. However, this has serious implications for security that have resulted in some misconceptions and a lot of confusion.

Prevailing wisdom is that cloud security is really no different to the old style, with a few key exceptions. The first of these is the idea of the perimeter. Long before the cloud was really a widespread concern, there was recognition of the fact that enterprises were increasingly facing the challenge of porous networks, where instances such as distributed campuses, branch offices, merged organisations and of course the march of mobile, showed that the old idea of everything behind a firewall was simply unworkable.

As usages and attitudes changed, IT gradually came around to the idea of protecting the user, the data and the device in different, more appropriate ways, and still allowing those various protections to work in harmony with the protected, without losing capability.

Cloud difference
The cloud, so the emerging consensus seems to say, is no different. First of all, it is the data that needs to be protected, irrespective of where it lies. The data controller is always responsible for data protection, even if that protection is delivered through a third party, such as a cloud service provider, whether that be for hosting, back-up, processing or via a managed security service.

The same goes for protecting the user though measures such as biometrics, two factor authentication, fraud protection and so on. Finally, the device can now be protected with improved end point measures, such as real time scanning services, as well as the more traditional antivirus and malware controls.

The recent RSA conference highlighted some of the specifics to be aware of within this approach, covering topics such as data breaches, compromised credentials, hacked interfaces and application programming interfaces (API), inadequate diligence, and more.

Similarities and more
However, the overall thrust is still the same: keep systems up to date with patches, provide the specifics protections for data, users and devices and ensure that each provider in the supply chain meets the standards required from end to end.

A critical issue that seems to run through all of this still is how to achieve the balance of protection and usability. The constant, and some report increasing, issue of shadow IT has shown that if users have an issue in using a system or service, they will simply bypass it with another, unsanctioned service that will allow them to do their job — outside of company visibility, policy and control.

To get an idea of how to handle this particular balancing act, TechFire, in association with Trend Micro and Arrow ECS, will hear from industry experts and end users about achieving the required levels of security, while still leveraging the best of the cloud.

Balance point
Mark Graham, ICT director, Beaumont Hospital, will describe the hospital’s requirement to protect medical and clinical data, while allowing clinicians access to the latest tools and collaborative systems to deliver the highest levels of patient care. With a need for the utmost in security and confidentiality, the hospital successfully achieved its balance using both on-premises and cloud resources, guided by its partners.

The event on 20 April at the Gibson Hotel, Dublin, will also hear from independent security consultant Brian Honan, who is an advisor to the European Commission and co-author of the book “The Cloud Security Rules”. Honan will share real world experiences from his own work, as well as insights from IRISS-CERT – Ireland’s Computer Emergency Response Team that provides information security-based services to all users within the country.

With experts from VMware and Trend Micro, the event will provide attendees with the key information to discern and achieve their own balance of cloud security and usability, without compromise.

TechFire is free to attend but places are limited. Go to techfire.ie to register now.

 

 

TechCentral Reporters

Read More:


Leave a Reply

Back to Top ↑