
close
close
Want to know about the security benefits of Microsoft's E5 license?
One of the highlights of every RSA Conference is the Cloud Security Alliance (CSA) Summit, which is traditionally held on Monday morning of the RSA Conference. This year’s summit was well-attended, with IT security professionals packing the hall to hear from a variety of cloud security experts.
There were several presentations throughout the morning, but two in particular stood out for me: A panel on the top security challenges facing enterprises who adopt the cloud, and another panel that provided feedback on cloud security from a number of the largest cloud service providers, including Amazon, Google, and Microsoft.
The “Top 5 Security Challenges Facing the Cloud Adopting Enterprise” panel at the CSA Summit 2015. (Photo: Jeff James)
In a wide-ranging discussion about the top security challenges facing businesses who adopt the cloud, six security experts highlighted five cloud security challenges that all IT professionals should be mindful of, namely:
When it comes to overall data security, John DiMaria of the British Standards Institution suggested that security admins needed to focus on an overall approach to security rather than on traditional perimeter defense. “[Sometimes] you can be too reliant on technology…and what I’d call an ‘eggshell’ protection model: The exterior is hard, but the internal is very soft,” DiMaria said. “There’s a fundamental difference between IT security and information security.”
The security challenges panel at CSA Summit 2015. L to R: Chenxi Wang – CipherCloud, Jay Chaudry – zScaler, Sol Cates – Vormetric, Rehan Jalil – Elastica, Krishna Narayanaswamy – Netskope, and John DiMaria of the British Standards Institution, moderator Jim Reavis (Photo: Jeff James)
Chenxi Wang, the VP of Cloud Security & Strategy for CipherCloud, said that data loss prevention (DLP) systems could use improvement. “Traditional DLP systems don’t work, and this remains a huge data loss problem,” Wang said. “Technical solutions that solve narrowly-define problems [aren’t the answer]…we need to focus on the content.” Jay Chaudry, the Chief Executive Officer and Founder of Zscaler, agreed that there was “…no one answer to the DLP problem.”
The enterprise lessons panel at the CSA Summit presented the provider perspective on cloud security. (Photo: Jeff James)
With an increasing number of IT organizations moving workloads into the cloud, the state of cloud security is becoming increasingly important. Getting the perspective of cloud providers on the state of IT security was the focus of the last panel of the conference, which featured executives from Microsoft, Google, Amazon, Rackspace, and Dropbox.
The cloud provider panel at CSA Summit 2015 (L to R): Brian Kelly, Chief Security Officer, Rackspace; Patrick Heim, Head of Trust & Security, Dropbox; Eran Feigenbaum, Director of Security, Google for Work, Google; Jerry Cochran, Principal Security Engineering Manager, Microsoft Office 365; Chad Woolf, Global Risk and Compliance Leader for Amazon Web Services. (Photo: Jeff James)
One of the consistent themes mentioned by all of the panelists is the importance of users turning on two-factor authentication for users accessing cloud services. “User authentication is still a big problem,” said Eran Feigenbaum, the Director of Security for Google for Work for Google.
Patrick Heim, the Head of Trust & Security for Dropbox, suggested that IT administrators should “…turn on two-factor authentication for everything you can” and suggested that bad actors trolling for cloud service user credentials had almost reached an “epidemic level.”
Another step that all the providers urged admins to take was to turn on logging, which provides a wealth of information about who is accessing what files, when access is being made, etc. In nearly all cases these logging features are free and readily available, but not all cloud service users may know about them.
More in Security
Slack Releases Fix for Critical Bug That Exposed Hashed Passwords for Years
Aug 8, 2022 | Rabia Noureen
Microsoft Defender Experts for Hunting Lets Businesses Proactively Hunt Security Threats
Aug 4, 2022 | Rabia Noureen
Microsoft Defender Gets New Security Tools Powered By RiskIQ's Threat Intelligence
Aug 2, 2022 | Rabia Noureen
Most popular on petri