
close
close
One of the highlights of every RSA Conference is the Cloud Security Alliance (CSA) Summit, which is traditionally held on Monday morning of the RSA Conference. This year’s summit was well-attended, with IT security professionals packing the hall to hear from a variety of cloud security experts.
There were several presentations throughout the morning, but two in particular stood out for me: A panel on the top security challenges facing enterprises who adopt the cloud, and another panel that provided feedback on cloud security from a number of the largest cloud service providers, including Amazon, Google, and Microsoft.
advertisment
The “Top 5 Security Challenges Facing the Cloud Adopting Enterprise” panel at the CSA Summit 2015. (Photo: Jeff James)
In a wide-ranging discussion about the top security challenges facing businesses who adopt the cloud, six security experts highlighted five cloud security challenges that all IT professionals should be mindful of, namely:
When it comes to overall data security, John DiMaria of the British Standards Institution suggested that security admins needed to focus on an overall approach to security rather than on traditional perimeter defense. “[Sometimes] you can be too reliant on technology…and what I’d call an ‘eggshell’ protection model: The exterior is hard, but the internal is very soft,” DiMaria said. “There’s a fundamental difference between IT security and information security.”
The security challenges panel at CSA Summit 2015. L to R: Chenxi Wang – CipherCloud, Jay Chaudry – zScaler, Sol Cates – Vormetric, Rehan Jalil – Elastica, Krishna Narayanaswamy – Netskope, and John DiMaria of the British Standards Institution, moderator Jim Reavis (Photo: Jeff James)
Chenxi Wang, the VP of Cloud Security & Strategy for CipherCloud, said that data loss prevention (DLP) systems could use improvement. “Traditional DLP systems don’t work, and this remains a huge data loss problem,” Wang said. “Technical solutions that solve narrowly-define problems [aren’t the answer]…we need to focus on the content.” Jay Chaudry, the Chief Executive Officer and Founder of Zscaler, agreed that there was “…no one answer to the DLP problem.”
The enterprise lessons panel at the CSA Summit presented the provider perspective on cloud security. (Photo: Jeff James)
With an increasing number of IT organizations moving workloads into the cloud, the state of cloud security is becoming increasingly important. Getting the perspective of cloud providers on the state of IT security was the focus of the last panel of the conference, which featured executives from Microsoft, Google, Amazon, Rackspace, and Dropbox.
advertisment
The cloud provider panel at CSA Summit 2015 (L to R): Brian Kelly, Chief Security Officer, Rackspace; Patrick Heim, Head of Trust & Security, Dropbox; Eran Feigenbaum, Director of Security, Google for Work, Google; Jerry Cochran, Principal Security Engineering Manager, Microsoft Office 365; Chad Woolf, Global Risk and Compliance Leader for Amazon Web Services. (Photo: Jeff James)
One of the consistent themes mentioned by all of the panelists is the importance of users turning on two-factor authentication for users accessing cloud services. “User authentication is still a big problem,” said Eran Feigenbaum, the Director of Security for Google for Work for Google.
Patrick Heim, the Head of Trust & Security for Dropbox, suggested that IT administrators should “…turn on two-factor authentication for everything you can” and suggested that bad actors trolling for cloud service user credentials had almost reached an “epidemic level.”
Another step that all the providers urged admins to take was to turn on logging, which provides a wealth of information about who is accessing what files, when access is being made, etc. In nearly all cases these logging features are free and readily available, but not all cloud service users may know about them.
advertisment
More from Jeff James
advertisment
Petri Newsletters
Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.
advertisment
More in Security
Build 2022: Microsoft Boosts Data Analytics and Cybersecurity in New Training & Certifications
May 24, 2022 | Rabia Noureen
Microsoft Defender for Office 365 to Get Preset Security Policy Improvements In June
May 23, 2022 | Rabia Noureen
CISA Warns Federal Agencies to Mitigate Critical VMware Vulnerabilities by May 23
May 20, 2022 | Rabia Noureen
CISA Warns Windows Admins Against Applying May Patch Tuesday Updates on Domain Controllers
May 17, 2022 | Rabia Noureen
Most popular on petri
Log in to save content to your profile.
Article saved!
Access saved content from your profile page. View Saved
Join The Conversation
Create a free account today to participate in forum conversations, comment on posts and more.
Copyright ©2019 BWW Media Group