Have you ever wondered what was going on within a cloud regardless of type? SaaS? PaaS? IaaS? Do you need to audit these environments to ensure compliance with your security policy (not to mention the subset of your security policy that contains regulatory compliance)? To provide solutions for these issues, a number companies both new…
Symantec and others are providing more products that fill the gaps in current End-to-End Hybrid Cloud Security. These solutions range to improved log analysis through multi-layer security for critical systems. If these solutions are rolled out would we finally have secure environments? Would we be approaching the dream of secure multi-tenancy? But first what are the products that have come to light?
There needs to be better Data Loss Prevention applied to Social Media than there exists today and how that will be applied globally is a huge issue. But it is a growing trend. I see on twitter from those I know many things that should not appear: from the discussion of internal only intellectual property to locations sent to 4 square. Add into this, the myriad forms of ‘U There’ requests. It is so easy to tell people anything on twitter, that it also becomes a problem with telling people too much even in 146 characters. Yet, I also see the same when using text messages, chat, and other technologies. So what is the solution?
With the diversity of cloud’s available today, data being sent from one to another could appear to be a hodge-podge of security. As one colleague put it recently when I asked what he was expecting to maintain integrity of data in motion between clouds:
“… what kind of kludge can things end up being when you have multiple connections to multiple hybrid clouds all doing different things” — Steve Beaver
So how does data transfer between the clouds? Is it a kludge? or can it be done using a uniform security policy, procedures, and protocols while maintaining Integrity and Confidentiality and auditability?
Last week I spoke with two different Security as a Service vendors, each with their own approaches to security as a service. The first company I spoke to was CloudPassage who just exited stealth mode in time for RSA Conference, and Zscaler who is a well known company. Both provide Security as a Service with a similar approach by a different design. Both make use of large grids or computers to do all the heavy lifting of security, but from there they differ completely. While there is some overlap in the products, the different designs show us multiple ways to implement Security as a Service.