Grounded in the Cloud
cancel
Showing results for 
Search instead for 
Did you mean: 

Who moved my cheese? Changing the game in cloud security

TerenceNgai

hp security low.jpgDon’t you hate it when someone changes the rules of the game you have been playing for years? I used to beat my brother in the basketball game of H-O-R-S-E with my perfect bank shots. One day, he decided that bank shots would not be allowed and I played miserably until I learned how to shoot without the backboard. This is similar to the experience when you move from a traditional IT environment to the cloud—where the old rules do not apply any more.

 

Many companies are urged to rethink their traditional approaches to cyber defense as they increasingly turn to mobile and cloud technologies to store and access data and systems. As mobile and technologies decentralize the digital environments of organizations, the perimeter on which traditional cyber defenses are based upon is disappearing. Traditional perimeter defense solutions such as firewalls, anti-virus and intrusion detection systems can no longer protect against today’s advanced attacks or malicious insider attacks across hybrid cloud environment and multiple service providers.

 

Before you start develop your cloud secuirty strategy, you must access and understand your risk profile. This excellent blog post by Ed Choi provides an in-depth view on how to determin your security risk profile.

 

 

Practical modern approaches to secure the Cloud

  1. Effective identity and access management – In a hybrid cloud environment where data and applications can sprawl across multiple providers and environments, having an effective authentication of user identity and access control matters more than ever. Many well-documented data breaches in companies such as AT&T and Blue Cross Blue Shield of Michigan are the works of malicious insiders. You have to prepare yourself for attacks from all angles—especially from the inside.
  2. Runtime security virtualization - The most innovative security solution involves the dynamic creation of runtime security virtualization. The idea is that as infrastructure is virtualized in a runtime environment, security functions such as firewall, IDPS and DLP should be embedded in the same virtualized runtime environment. They should be embedded alongside the cloud components/objects they are intended to protect. With runtime security virtualization, different assets that reside together in the same cloud can be associated with different security policies. Catbird, a HP Helion Ready program partner, offers a cloud security platform that provides real-time visibility into east-west traffic flows among virtual assets and allows for customization of security policy across different assets.
  3. Session Containers – A cloud security solution for mobile access involved session containers. The user can obtain access to cloud services and content via a secure connection that maintains end-to-end closure to ensure the user data associated with the cloud application or session is completely wiped from the client device when the session is over. A session container must provide multiple persona support (compartmentalize different personas on a client device) and data separation to dynamically separate different user activities within the cloud and keep data from intermingling with resources outside the container.
  4. Security Service Provider - If you don’t have the skill set or experience, you might consider using a managed security service provider or a cloud access broker. When a user decides to access a cloud-based application, the special cloud access broker or agent, often implemented as proxy, can monitor and mitigate malware or policy violations in real time. A managed security service provider such as HP can deliver security monitoring, management and threat remediation services from sites around the world.

 

Keeping an eye on what’s most important

 

You must understand what matters to your business and what is mission critical. You have to develop a solid plan to defend your most important assets. However, security is not a one-time event and is never enough. Adapting quickly to new threats and the ever-changing environment are key to an effective security plan. And this is not just a technology problem. You need to consider your hiring process, security control procedure, training, mindset change, etc. In my next blog, I will address these organizational considerations.

 

To learn how HP can help, visit the HP Security or HP Helion page to find out how HP can help.

  • HP Cloud
0 Kudos
About the Author

TerenceNgai

cloud SaaS hybrid IT

Events
28-30 November
Madrid, Spain
Discover 2017 Madrid
Join us for Hewlett Packard Enterprise Discover 2017 Madrid, taking place 28-30 November at the Feria de Madrid Convention Center
Read more
See posts for dates
Online
HPE Webinars - 2017
Find out about this year's live broadcasts and on-demand webinars.
Read more
View all