We have looked at the hidden dependencies around upgrades (Cloud Dependency: Automated Upgrades) as well as the hidden dependencies around networking (Cloud Dependency: Ubiquitous Networking). Now, we will look at the hidden dependencies on visibility. Or more to the point, the lack of visibility within the cloud. With regard to visibility, the question most often asked is, “Do we know what is happening behind the scenes within our tenancy?”
Articles Tagged with CloudPassage
It has now been a few weeks since RSA Conference 2014. A number of very disparate items to consider were announced at the conference. We covered some of them on the Virtualization Security Podcast held at the NSS Labs hospitality suite at the conference. Yet there is still more to consider. The impact of the solutions presented and the conversations held at the conference are still being worked out. While RSA Conference seemed about one-third mobile, one-third analytics, and one-third everything else, the products below were chosen due to their impact on virtual and cloud environments.
At the InfoSec World 2011 conference, in the sessions I attended, there was quite a bit of discussion about moving to the cloud as well as cloud outages. What did I discover:
- Migration to the cloud requires planning and resources
- Migration to the cloud requires a team including legal
- Diversification is very important
- It must be easy to migrate
- Security as a Service is a valid option
- I should not lower my standards just to enter the cloud
Some of this was discussed at InfoSec World 2011, The Virtualization Security Podcast of 4/21, and while at Innovations at Epcot Center.
Last week I spoke with two different Security as a Service vendors, each with their own approaches to security as a service. The first company I spoke to was Cloud Passage who just exited stealth mode in time for RSA Conference, and Zscaler who is a well known company. Both provide Security as a Service with a similar approach by a different design. Both make use of large grids or computers to do all the heavy lifting of security, but from there they differ completely. While there is some overlap in the products, the different designs show us multiple ways to implement Security as a Service.