There has been a dearth of intelligence reporting on cloud services and up until now we had to rely upon the Verizon Breach Report, Alert Logic’s State of the Cloud report, the Enisa and other reports, but even so there was nothing specifically about a given cloud service outside the lightly used Cloud Security Alliances STAR self-certification. Instead you must imply something about a given service. This has changed. Meeting this need is Sky High Networks.
Articles Tagged with Security as a Service
There needs to be better Data Loss Prevention applied to Social Media than there exists today. How such security will be applied to the plethora of devices is a hefty concern. The abuse of social media growing trend. I see on twitter from those I know many things that should not appear: from the discussion of internal only intellectual property to locations sent to Four Square. Add into this, the myriad forms of ‘U There’ requests. It is so easy to tell people anything on twitter, that it also becomes a problem with telling people too much even in 146 characters. Yet, I also see the same when using text messages, chat, and other technologies. So what is the solution?
Since Juniper bought Altor Networks, there has been steady progress to use Altor VF3 (now Juniper vGW, pronounced vee-Gee-W) as a way to extend the functionality of the Juniper SRX Series of Service Gateways into the virtual and cloud environments. Juniper is focusing on the entire security stack from the endpoint to the hypervisor, vGW offers one component of that entire picture. Another component is the Junos Pulse Mobile Security Suite which provides Security as a Service for mobile devices. These two components alone are a very powerful set of tools for any Enterprise. When you add in the other components it is a compelling story from network security perspective.
At the InfoSec World 2011 conference, in the sessions I attended, there was quite a bit of discussion about moving to the cloud as well as cloud outages. What did I discover:
- Migration to the cloud requires planning and resources
- Migration to the cloud requires a team including legal
- Diversification is very important
- It must be easy to migrate
- Security as a Service is a valid option
- I should not lower my standards just to enter the cloud
Some of this was discussed at InfoSec World 2011, The Virtualization Security Podcast of 4/21, and while at Innovations at Epcot Center.
Last week I spoke with two different Security as a Service vendors, each with their own approaches to security as a service. The first company I spoke to was Cloud Passage who just exited stealth mode in time for RSA Conference, and Zscaler who is a well known company. Both provide Security as a Service with a similar approach by a different design. Both make use of large grids or computers to do all the heavy lifting of security, but from there they differ completely. While there is some overlap in the products, the different designs show us multiple ways to implement Security as a Service.