decrypting myths
responsibility for the security of the
software and applications they offer to
their customers.
However, SaaS and AaaS subscribers
should know that infections and
intrusions originating in those
services can easily spread to other
infrastructures. Complicating things
further, SaaS vendors often run their
offerings on third-party IaaS clouds.
When considering AaaS or SaaS
solutions, look for vendors that have
ways for you to integrate your security
policies into their services, including
such things as authentication, monitoring
and inspection.
3. Private and public clouds are
the same, but different when it
comes to security
As noted, the vast majority of
organisations access both private and
public cloud resources through a hybrid
cloud strategy. The challenge lies in
creating security consistency between
these environments. For example,
security tools an organisation uses
internally may not be available as part of
a cloud vendor’s security options, which
adds another layer of complexity when
trying to manage an extended security
infrastructure. Ideally, end-users should
be able to deploy, view and orchestrate
security for both their private and public
cloud resources using a common
set of tools and single pane of glass
management. Achieving this, however,
requires a security architecture able
to function seamlessly across multiple
private and public cloud environments.
4. Transparency and
centralisation are
essential virtues
The ability to seamlessly manage
security across your traditional network
environments as well as all private and
public cloud assets should be the goal
of any security team. Instead, many
organisations are forced to view their
security portfolio through different
78
and isolated consoles, which leads to
degraded situational awareness through
visibility gaps, perceptual ambiguities
and the wasted motion involved in hand-
correlating information between tool A
and solution B.
What’s needed is a holistic, fabric-
based security architecture that can
overcome these silo-generated visibility
and control gaps.
5. Security vendor- cloud
service provider relationships
are very important
The last thing any cloud end-user
wants are ‘over-the-wall’ relationships
between their cloud service and
Cloud computing
has taken the world
by storm for a very
good reason.
cybersecurity vendors. Many leading
cloud service providers work closely
with a handful of cybersecurity vendors
to expand security transparency and
interoperability to their customers.
Therefore, it is not only important to
look into the relationships between your
Issue 04
|
www.intelligentciso.com