One thing is guaranteed at InfoSecurity this year – there will be plenty of people talking about the cloud. However, they will not all be talking about the same thing. When it comes to IT security they will be taking one of three angles; securing the cloud, using the cloud securely and using the cloud to deliver security. If you can establish early on which of these any given discussion alludes to you then you may proceed with a little more clarity.
Having said that, many discussions involving the cloud tend be a bit vague. So you would also be well advised to establish what sort of cloud is being alluded to, as Quocirca will in this article. If it is a public cloud service, is it regarding the provision of infrastructure or applications? – i.e. infrastructure as a service/IaaS or software as a service/SaaS. If it is not a discussion about public cloud services then it must about the private cloud, which is just an efficient way of configuring and using private data centre resources using technology that has been developed to build a public cloud infrastructure.
Let’s take the first of those security issues mentioned above – securing the cloud, or to be precise helping IaaS and PaaS providers secure their services. These service providers need firewalls, intrusion protection, content security etc. just as those configuring private IT infrastructure do.
The second issue is secure use of the cloud. This involves making sure the communication between an organisation’s users and the cloud services they are expected to use is secure. This is really no different to making sure remote users can safely access privately owned IT applications and infrastructure.
Cloud service providers know what they are doing here too; for them everyone is an outsider, so the default is to authenticate access and communicate securely. It also involves making sure the use of cloud-based services employees invoke themselves is secure (social networks, web mail, collaboration tools etc.) Much of this is about content filtering, preventing bad stuff coming in and good stuff getting into the wrong hands.
The final issue is using the cloud to deliver security. This is an established and growing practice. One of the first use cases was to deliver anti-virus updates over the Internet rather than distributing them on diskettes. Perhaps the largest cloud-based service is Microsoft update, delivering patches to hundreds of millions of PCs on a regular basis to try and keep them secure from the latest exploits.
Email filtering, web content filtering, security management and a range of other requirements are being delivered as on-demand services by security vendors and the managed security service providers (MSSP) they partner with. They also rely on the cloud to gather most of the information they have on known threats through their protection networks.
Bob Tarzey, analyst and director of Quocirca, is speaking on “Securing the Cloud – Shining A Light Through The Fog”, in the keynote programme at Infosecurity Europe. Held from 19th – 21st April at Earl’s Court, London, the event provides a free education programme, with exhibitors showcasing new and emerging technologies and offering practical and professional expertise. For further information please visit www.infosec.co.uk
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…