Page 26 - Cyber Warnings
P. 26
Let’s Get Technical
There are technologies today to address these needs while enforcing separation of duties. The
best start with a core principle: isolate all data in the cloud—from providers, from other tenants,
from bad actors. This is best accomplished not by relying solely on a provider’s security, or even
encrypting data at rest, but by encrypting S3 traffic in route prior to transmission but also
transparently to the user. The result? Even if data resides in a container labeled “public,” it is
rendered unintelligible to any viewer without the appropriate keys. Since S3 is data-at-rest
transmitted over an IP network both network and data controls need to be in place
Second, ensure the separation of duties between IT and developers. The latter should be able
to work unencumbered by security processes, while the former exists to provide a single set of
security policies across all deployments. The ideal solution is transparently elegant
Last, make sure it cannot be turned off or bypassed. Today’s best solutions prevent even those
with root access from disabling safeguards, ensuring security always remains in place.
Getting Back to Business
Enterprises have always had to contend with managing their own security; this was easier and
afforded more control when data was stored on-premise. Now, they must continue to provide
security, only in much more complicated and demanding circumstances. This is not conducive
to the aims of most businesses, nor is it likely to become part of an organization’s mission
statement (“We endeavor to secure our users’ data while selling them an exclusive travel
experience,” etc.). But that doesn’t mean the cloud can’t be used effectively.
The ready solution to human error and malicious activities requires turning security—all of it—
over to IT or or operations, where it belongs. It simplifies and speeds the task at hand, it
enforces separation of duties, and it secures data regardless of location or service provider.
Now, can we all get back to work?
About the Author
As Bracket's VP of Product Management, Adam Conway brings extensive
experience across Enterprise Security, Networking, Mobility, and Cloud. A
veteran of Aerohive Networks, where he served from foundation through
IPO as VP of Product Management, he defined the initial controler-less
wireless LAN product offering, helped bring the company to the cloud, and
oversaw product roadmap and vision through myriad product iterations.
Prior to Aerohive, Adam managed the low- and mid-range firewall offerings
at Netscreen and remained at Juniper through the acquisition to grow that
business threefold in three years. Adam started his career at Cisco
Systems as an engineer in both the secure routers and IP Telephony
divisions. Adam holds a MSE from Stanford and a BSME from Santa Clara University with a
minor in Fine Art.
26 Cyber Warnings E-Magazine – July 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
