Best Cloud Security and IAM Practices of Fortune 500 Companies

Best Cloud Security and IAM Practices of Fortune 500 CompaniesGilad Parann-Nisanny, CEO of Virtual Privacy and Cloud Security company Porticor has laid out some advice from cloud security and IAM masters at Fortune 500 companies for your benefit in anticipation of the upcoming 15th International Cloud Expo in Santa Clara, CA from November 4-6. Included are comments from Intel, HP, IBM and Unisys.  I have listed out the recommendations below:

1. Intel GM Jason Waxman says that clouds by their very nature, regardless of whether they are public or private, lead to a lack of visibility as a result of “using shared, multi-tenant resources.” Gilad explains what this means for you:

Intel wants you to know that private clouds are not a panacea. Segregating sensitive projects form others is essential (and can be achieved through encryption).  In virtual environments, you need virtual walls to replace the physical separations of the data center.

Gilad has some further explanation for how to erect those virtual walls of separation:

Techniques for segregating data should include segregation of network segments and encryption of data with encryption keys that are specific to a project.

2. HP CISO Anil Katarki’s advice is to learn from what regulatory compliance law are trying to tell you, and apply the lessons contained within them to your security architecture so that you can better protect your data.

Here are some basic lessons that Gilad has distilled from Katarki:

  • Do not use vendor-supplied defaults for passwords and other security parameters.
  • Use and regularly update anti-virus software.
  • Protect data with encryption and protect cryptographic keys against disclosure and misuse.
  • Restrict access to data by business need-to-know and assign a unique ID to each person with access.
  • Track and monitor all access and regularly test security systems and processes.

3. IBM’s Director of IBM Internet Security Systems, Peter Evans writes that today’s enterprises are looking for IAM “solutions that protect data in transit, at rest, in motion, in use, and throughout the lifecycle.” Another way to think about this is that it is foolish “to protect your data only some of the time.” Gilad’s line here is that “a hacked backup is just as dangerous as compromised “live” data.” One way to protect your data at all steps according to Gilad is to always encrypt the data, no matter where it is:

Encryption should be applied to the network, when data is in transit, through techniques such as SSL. And it should be applied to data at rest, whether it is on the current (virtual) disk or in a backup.

4. Unisys VP and GM of Enterprise Security, Nick Evans says that cloud security solutions shouldn’t just be about risk mitigation, but also should enable “growth and innovation.” It shouldn’t just be “insurance.” Gilad expands and explains:

Proper cloud security enables you to reduce costs, achieve regulatory compliance and a “safe harbor,” and create a brand that is committed to securing the data of its customers.

Improving customer trust in your brand certainly goes beyond “insurance.”

All of these recommendations are good pieces of advice that can and should be incorporated into most organizations’ cloud security and Identity and Access Management strategies.

For Gilad’s article from Sys-Con Media. click here.

 

Doug Atkinson
Follow Doug