Have you ever wondered what was going on within a cloud regardless of type? SaaS? PaaS? IaaS? Do you need to audit these environments to ensure compliance with your security policy (not to mention the subset of your security policy that contains regulatory compliance)? To provide solutions for these issues, a number companies both new and old have put forward various tools that utilize proxies, reverse proxies, and transparent gateways to uncover what is happening within a SaaS application. The goal is to know who did what, when, where, how, and hopefully why.
Symantec and others are providing more products that fill the gaps in current End-to-End Hybrid Cloud and Application Security. These solutions range to improved log analysis through multi-layer security for critical systems. If these solutions are rolled out would we finally have secure environments? But first what are the products that have come to light? Should we be focusing on the App more? Continue reading Filling the Gaps: Focus on Application Security
There needs to be better Data Loss Prevention applied to Social Media than there exists today. How such security will be applied to the plethora of devices is a hefty concern. The abuse of social media growing trend. I see on twitter from those I know many things that should not appear: from the discussion of internal only intellectual property to locations sent to Four Square. Add into this, the myriad forms of ‘U There’ requests. It is so easy to tell people anything on twitter, that it also becomes a problem with telling people too much even in 146 characters. Yet, I also see the same when using text messages, chat, and other technologies. So what is the solution? Continue reading “U There” End User Computing Security
With the diversity of cloud’s available today, data being sent from one to another could appear to be a hodge-podge of security. As one colleague put it recently when I asked what he was expecting to maintain integrity of data in motion between clouds:
“… what kind of kludge can things end up being when you have multiple connections to multiple hybrid clouds all doing different things” — Steve Beaver
So how does data transfer between the clouds? Is it a kludge? or can it be done using a uniform security policy, procedures, and protocols while maintaining Integrity and Confidentiality and auditability? Continue reading Multiple Hybrid Clouds Kludged Together? — Cloud Architecture
Last week I spoke with two different Security as a Service vendors, each with their own approaches to security as a service. The first company I spoke to was Cloud Passage who just exited stealth mode in time for RSA Conference, and Zscaler who is a well known company. Both provide Security as a Service with a similar approach by a different design. Both make use of large grids or computers to do all the heavy lifting of security, but from there they differ completely. While there is some overlap in the products, the different designs show us multiple ways to implement Security as a Service. Continue reading Security as a Service: Is it Safe?