THOUGHTS FROM THE CLOUD A selection of Cloud-Security Articles from the CloudAccess Blog Vol4

AUTHOR’S NOTE

“Thoughts from the Cloud” is a weekly blog written by Kevin Nikkhoo, CEO of

CloudAccess. It looks to discuss, dissect and debate the many pressing issues

surrounding cloud computing with a special focus on cloud-based security

and security-as-a-service. You can read all the blog entries at:

http://cloudaccesssecurity.wordpress.com/

In this Volume you will find:

Rethinking IT Using Cloud as a Change Catalyst

The Lessons Learned from LinkedIn

Size Doesn’t Matter: Controlling Big Data Through Cloud Security

Public or Private Cloud, that is the question…or is it?

The Independence of Cloud Security

RETHINKING IT USING CLOUD AS A CHANGE CATALYST

There are a lot of experts

and process gurus who are

more qualified than I to tell

you how to manage change.

They will offer a great deal

of high level advice such as

“define the vision,” “create a change proposition,” “promote staff input to

shape the solution.” And these are very wise nuggets of advice. And we (in

IT) are at a crossroads for change. The landscape of the role, the

challenges of the responsibilities, the tools of the trade are all evolving.

Presented by:

CloudAccess:

CloudAccess provides comprehensive

security-as-a-service from the

cloud. Our suite of robust and scalable

solutions eliminates the challenges of

deploying enterprise-class security

solutions including costs, risks,

resources, time-to-market, and

administration. By providing such

integral services as SIEM, Identity

Management, Log Management, Single

Sign On, Web SSO, Access

Management, Cloud Access offers cost-

effective, high-performance

solutions controlled and managed from

the cloud that meet compliance

requirements, diverse business needs

and ensure the necessary protection of

IT assets.

www.CloudAccess.com

877-550-2568

CloudAccess, Inc 12121 Wilshire Blvd

Suite 1111 Los Angeles, CA 90025

www.CloudAccess.com

CLOUDACCESS 877-550-2568 www.cloudaccess.com

SECURITY FROM THE CLOUD:

Much of the change revolves around the migration to cloud-based

solutions. For going on a dozen years, SaaS applications have ingrained

themselves in most IT architectures-from ERP/CRM to payroll to security-

as-a-service. Without extolling the virtues of the cloud solutions

themselves, what this has done is transformed and upgraded the value of

the IT professional. Whereas there is a sincere appreciation for the

professional who writes code, manages a help desk and installs and

maintains computed assets, I am speaking more of the sea change from a

person plugging in cables to an analyst; from a compiler of stacks to a

broker of business needs.

From a business standpoint, think of the value of an employee who enables

your best practices and workflows, monitors your progress, and manages

various business needs. The cloud provides this opportunity. Instead of

writing that code for an application, you simply subscribe and acquire the

functionality. Instead of moving from endpoint to endpoint, the

provisioning and ongoing maintenance is instantaneous. Instead of

infrastructure-based, you get to be information-centric. And as such you

get to make better decisions, faster.

The evolution of security issues is no different. The cloud has matured to

the point where solutions such as SIEM. Log Management, Single Sign On,

Identity and Access management are not just viable options managed from

the cloud, but in many cases, provide greater bandwidth, power, agility and

versatility than can be managed on premise. With cloud-based security you

divest the bulk of programming and day-to-day high resource/limited

return activities while gaining the ability to instantly analyze evaluate and

act. In short, you become a catalyst for change management and risk

mitigation.

The residual benefit of cloud security is that IT no longer has to be in the

Identity Management business, but still reap all the benefits and

efficiencies. No more time dedicated to resetting passwords or setting up

role based access every time someone is hired, fired or moved. It doesn’t

have to be in the log monitoring business, but still is effectively and

securely protected from intrusion and attack with 24/7/365 monitoring. IT

department is no longer a compiler of data, but a conduit of information

and evaluator of compliance audits and reports that meet the various

THE CASE FOR ACCESS

CONTROL

It’s not a theoretical. Without practical access management initiatives, an enterprise can come under attack. And it is not always the hackers lurking in countries across two continents. Sometimes the villain is on your payroll…whether they know it or not. Some recent cases in point:

• A former employee at the U.S. subsidiary of Japanese pharma Shionogi pled guilty to deleting 15 business–‐critical VMware host systems, costing the company $800,000.

• An IT employee at Bank of America admitted that he hacked the bank’s ATMs to dispense cash without recording the activity.

• A contract programmer fired by Fannie Mae was convicted of planting malicious code intended to destroy all data on nearly 5,000 internal servers.

• A Goldman Sachs programmer was found guilty of stealing computer code for high frequency trading from the investment bank when he left to join a startup.

• A Utah computer contractor pleaded guilty to stealing about $2 million from four credit unions for which he worked.

www.CloudAccess.com

CLOUDACCESS 877-550-2568 www.cloudaccess.com

SECURITY FROM THE CLOUD:

industry standards and government requirements. The rethought IT

department now gets to be in the business of integrator of business goals.

As a facilitator, IT interfaces with the various departments to understand

their objectives and find the best tools to integrate. The cloud allows you

to not only deploy instantly, but creates a set of resources at lower costs

that help achieve success.

This is not to say a full-scale migration to the cloud is warranted. Every

company has unique needs and not all of them are best served through the

cloud; whether public, private or hybrid. However, the benefits outweigh

the concerns. And if considering options without taking in account the cost

benefits, the resource surplus and the ease of management the cloud

provides, you do your organization a disservice. The issue of control often

comes up in these discussions. Do virtual applications or more specifically,

security-as-a-service provide the necessary control for you to transact

proprietary or personal information, protect intellectual property? Any

vetted solution, like the ones from CloudAccess, does. But control is not

about where data is stored, but how it is stored and the rules you apply to

manage it. By removing staff from lower level priorities and implementing

strong rules, workflows and processes, it should not matter whether a

function resides on premise or in the cloud. But when you can divest your

staff from the day-to-day lesser priorities, you open up a world of new

possibilities and a streamline means of achieving goals for the entire

enterprise.

Change is not coming. It’s already here.

THE LESSONS LEARNED FROM LINKEDIN

Users are making it too easy for hackers.

If we take a closer look at the 6.5 million hashed

LinkedIn passwords that leaked we find a large

swath of the user population are ignoring

warnings of overly simplistic and obvious

passwords. Would you believe the most common

word or phrase found in a 160K sampling of the list was “link”? And would

PREDICTIONS FOR THE

IMMEDIATE FUTURE

“Cloud is here to stay, and in fact,

a tidal wave is coming within a

decade. With a new technology,

people start slow, test the waters

and gain confidence. Once they

feel they have proven that the

technology works, they say, ‘Now

I’m going to move more

applications to the cloud.’ This

will create a tidal wave of cloud

adoption. Beyond that, I see

integration between different

applications taking center stage

so that there will be greater

application interoperability. The

improved interoperability

between applications will reduce

the cost and complexity for users

enabling them to quickly benefit

from cloud deployment.”

-Kevin Nikkhoo

Get Your Head into the

Clouds by Fairway

Technologies

www.CloudAccess.com

CLOUDACCESS 877-550-2568 www.cloudaccess.com

SECURITY FROM THE CLOUD:

you further shake your head in disbelief that “1234” and “12345” followed

close behind. Rounding out the top 10 were “work,” “god,” “job,” “angel,”

“the,” “ilove,” and “sex.”

Moreso than Facebook, LinkedIn is the social media of choice for business.

So it is likely to be used by the users in your enterprise as part of their SaaS

profile. This makes their problem, your problem. If we learn anything from

this debacle, it is that password management should be a priority for any

organization that allows its users unfettered access to password-protected

public sites.

What people need to understand is that even with trusted sites such as

LinkedIn there is still a possibility for massive compromise. The bigger the

site, the more personal information is leaked.

As a security or IT professional, you are already well aware how fast a

hacker can crack a simple 5 character code. The answer is within 45

seconds, especially if users help them by choosing “password” or their

birthday as the entry. I am not spending any further time lecturing on

password management strategies. However, with that said it’s important

to note that even the strongest of passwords provided little defense

against the LinkedIn hack. Bad guys stole password files directly from the

companies involved, so even “%R7^Tgh1″ was compromised.

If you check an earlier blog, ****** is your first defense, I offer some of

password management strategies. But beyond enforcing protocols of how

often passwords should change, randomizing characters and outlawing

phrases and personal identifiers, I think the LinkedIn breach is a good

reminder that updated authentication techniques need to be considered.

Password management, especially in larger organizations can be a

nightmare. Dozens of websites and applications per person can be

overwhelming. This could be a full time job. However the integrated

automations managed from the cloud provide a safe, cost-effective and

secure option that offers as much control as any on premise or home

developed solution. If your department is like most that I’ve come across,

you just don’t have the bandwidth or the additional budget to launch a full

scale password crusade.

TOP 10WORST/HACKED

PASSWORDS

Source Forbes Magazine

1. Your user name

2. Your user name followed

by password

3. Password

4. 123456

5. 12345678

6. Qwerty

7. abc123

8. 1234567

9. Letmein

10. trustno1

11. work

12. baseball

13. 111111

14. Iloveyou

15. master

16. welcome

17. sexy

18. angel

19. passw0rd

20. shadow

21. 123123

22. 654321

23. superman

24. ninja

25. jesus

www.CloudAccess.com

CLOUDACCESS 877-550-2568 www.cloudaccess.com

SECURITY FROM THE CLOUD:

Regardless, companies must explore more sophisticated ways to

authenticate users or the lessons from LinkedIn will never be fully learned.

This can be done by looking to the cloud. Such solutions as single sign on

help credential and authorize users by providing access to applications and

approved sites. And I know of one organization that combines the power of

password management in the bundle for no extra cost. Besides the obvious

cost benefits, what the security-as-a-service does is helps centrally manage

the process by automating several aspects and promoting self-service for

users. Combined with SSO, you have taken strides to protect your

intellectual property.

In this configuration, (public, private or hybrid clouds), there is only one

password to remember that creates access to an entire (role-based

credentialing) section of applications and websites. It cuts down on help

desk calls (according to Gartner, passwords retrieval and resets account for

25% of all calls and costs upward of $50 per incident) and most important,

provides the necessary control to better protect the enterprise. And by

combining password policies and synchronization, passwords can be

managed in a consistent way across systems within the enterprise. I realize

part of the appeal is making it easier for the end user. Users won’t embrace

policies and best practices unless they are easy to adopt and don’t

interrupt their daily workflow.

LinkedIn is another warning that passwords are one of the weakest links in

the security initiative and the faster you take control of those aspects that

potentially affect your network, the faster you’ll sleep better at night.

CREATING A BYOD POLICY

BYOD is not an information

security only program; also it is

not a technology-only program.

People, procedures and

technology have to work together

to have a successful BYOD

program. It’s important to look at

the BYOD program holistically.

Another critical factor in building a successful BYOD policy is to ensure it’s an integral component of the organization’s larger security program. It is a compliance and liability issue as well.

Too many organizations have failed to recognize that employees are using personally owned devices for work-related purposes, even though the organization lacks a formal BYOD policy. The lack of a policy can create serious risks, such as a lack of awareness of the loss of a personally-owned device that contains corporate data.

www.CloudAccess.com

CLOUDACCESS 877-550-2568 www.cloudaccess.com

SECURITY FROM THE CLOUD:

SIZE DOESN’T MATTER: CONTROLLING BIG DATA THROUGH

CLOUD SECURITY

There’s data. And then there’s BIG DATA.

Many of us have been bombarded with the

term in many frameworks. There are some

professionals that chalk it up to marketing

hype or meaningless buzzword. Personally, I

prefer the way Gartner categorizes it. That it

is more than size. It is a multi-dimensional model that includes

complexity, variety, velocity and, yes, volume.

But the pressing issue with this definition of Big Data is how best to secure

something so vast and multifaceted. If you recognize the old concept of a

network perimeter is antiquated and dangerously narrow, there should be

some concern as to corralling all this data and ensuring its transit and

storage is protected. The latter issue speaks directly to compliance needs.

Banks and other financial institutions, medical facilities, insurance, retailers

and government entities are especially sensitive to the compliance

requirements. However, if your business doesn’t fit into these verticals

doesn’t mean you can’t directly benefit from cloud based security that

creates the necessary context. And though your organization is dealing

with an incredible mountain of data, you still must do what you can to

ensure not only the proprietary intelligence behind your firewalls, but all

the data trafficking in, around and through all various endpoints

throughout the enterprise.

But again, size should not be the only consideration regarding Big Data. It is

the means by which you analyze and apply various processes that allow

you to make the best decisions possible about the ongoing security,

accessibility and viability of all those many bits and bytes.

If you are looking at scale the McKinsey Global Institute estimates that

“enterprises globally stored more than 7 exabytes of new data on disk

drives in 2010, One exabyte of data is the equivalent of more than 4,000

times the information stored in the US Library of Congress. That’s a lot of

data.

ADVANTAGES OF THE CLOUD

FOR BIG DATA

Excerpted from AT&T white paper “Cloud Services: It’s Not Just What, but How…and Who from CIO Magazine

Cloud services provide significant advantages for any enterprise dealing with big data. A cloud provider who can transport, store and analyze data within a single infrastructure has the tools required to deliver the highest efficiency and return on investment.

• Reduced Complexity – Let the cloud provider worry about real estate costs, power, air conditioning, staffing and other operational minutia.

• Better Quality – As a specialist, the cloud operator’s expertise and turnaround time will be best in class—and almost impossible for a non-specialist to match.

• Lower Capital Costs – Cloud services can make it possible to cut capital costs and redirect investment into other opportunities.

• More Flexibility – The cloud is a way to handle overflow or enable agile, flexible IT service delivery.

.

www.CloudAccess.com

CLOUDACCESS 877-550-2568 www.cloudaccess.com

SECURITY FROM THE CLOUD:

Storing is one thing, but analyzing and managing all the data into useful

strategic and tactical outcomes now depends on the other elements of Big

Data (complexity, variety, velocity). To do this successfully you have to

have a means to put all of it into context. For instance, let’s say an account

is accessed. It has the right user name/password credentialing and seeks to

export some personal data or transfer funds, or change sensitive account

settings. On its face you should allow this action. They have the right name

and authentication. But when this is given greater context, there are

dynamics from other silos of information that need to be factored. What is

the device profile? URL reputation? Is the IP address consistent? When was

last log in attempt? What time did this latest transaction occur? So, what

seemed to be a reasonable transaction might shows patterns of

anomalous behavior.

But here’s the larger issue—all these factors that play into determining

true context (which I call situational awareness) may come from different

sources and require a bit of juggling and cross-correlating. You have SIEM,

Access Management, Log Management, and Identity Management. And

they may all live on various servers in various places within the enterprise.

So ensuring this process association is doable, but with so many layers and

stacks, the results may take too long to take preventative measures. You

know what they say about the horse having already left the barn.

By migrating security functions to the cloud (security-as-a-service) you still

may run into these same issues unless you find a provider who can

combine all the functionality and create the rules for cross-correlation that

can normalize and sort through gargantuan amounts of data. A SIEM

solution in the cloud is able to take raw data from a variety of sources,

normalize it and create and manage the alerts, escalations and prevention

protocols. Such a configuration takes the activity from Identity and access

management silos, combines them with the silos of general traffic of web

traffic, internal access, SaaS solutions and other business/consumer facing

applications and generates a flexible and scalable intrusion detection

matrix.

A fully-realized cloud-based SIEM deployment (which is much less

expensive in the cloud, yet just as powerful as any on premise solution) can

prevent an IP address in China from spoofing your customers account and

create intelligence that deflects and notes if a Flame virus is being lobbed

CLOSING THE VULNERABILITY

GAP

Independent and original

vulnerability research is

important to security

organizations. Security teams

need actionable intelligence. They

need precise and timely

information to help them make

the decisions necessary to protect

their company’s networks and

applications.

Looking at logs once a week is not

enough. Your security perimeter

must be monitored continuously

7/24/365. And it must look at all

the silos data and applications

reside across the enterprise. By

leveraging the cooperative

functionality of solutions like

SIEM, Log Management, Access

Management and Identity

Management, companies

enhance this visibility. And when

it is done in real time, create the

conditions the Forrester findings

support: immediate actionable

intelligence.

www.CloudAccess.com

CLOUDACCESS 877-550-2568 www.cloudaccess.com

SECURITY FROM THE CLOUD:

at your network. But a true cloud-based security partner worth their salt

will also provide the raw data for post-capture analysis. This way you can

analyze new traffic patterns, but more important create the baseline to

make intelligent decisions for the long term security of your network or

immediate recognitions of anomalous behavior. But all that raw

data…that’s where the cloud gets you, right? You get penalized for having

bigger and bigger data sets. Not if you have the right vendor. I personally

know where you can get storage space for as little as $1 per gB per month.

You can scale the amount and the type of data you wish to keep in the

cloud. You control when it gets destroyed according to various compliance

requirements. I also have some thoughts about vendors who provide the

services, but require you to buy some appliance that you install and

maintain on your network…but that’s a whole other blog.

The bottom line is Big Data can be managed given the right tools. And

those tools do exist in the cloud and can be managed through the same.

And when you have the right rules, passing though an integrated suite of

security solutions you’ll begin to see that size doesn’t matter. What

matters is creating a situational awareness that provides you a platform

to make better decisions. And if that place is in the cloud…all the better.

PUBLIC CLOUD OR PRIVATE CLOUD, THAT IS THE QUESTION?

OR IS IT?

You realize the overarching benefits of the

cloud, but you are a bit wary regarding the

security of any data stored and transacted

in these virtualized environments. But the

cost-saving benefits and user preference

and resource delegation of the cloud are

such that not integrating some processes,

applications and data is counterproductive

to your overall IT strategy. So you decide

that a private cloud is a more secure route

that its public counterpart. But are you

really any more secure?

The quick answer is no. But not for the reason you might think. A private

cloud is infrastructure operated solely for a single organization. The only

A CSO’S OPINION ON BYOD

“Devices are not the issue. It is a

compliance and liability issue.

We secure devices for a living and

we are very good at it, however

the discussion is about what

rights you give up when you

decide to use personal

equipment. What can I monitor?

What happens if the phone is

lost? What happens if it breaks?

What happens when you leave

the company…does the company

retain the right to wipe the phone

clean; even personal pictures,

contacts etc. My personal and

professional opinion as a security

professional is equivocating it to

entering the military-you give up

certain rights including privacy.

Before I let anyone use their own

device, the employee must sign

an agreement that puts in writing

my companies answers to all the

above questions.”

www.CloudAccess.com

CLOUDACCESS 877-550-2568 www.cloudaccess.com

SECURITY FROM THE CLOUD:

difference is that your data is segregated from any other organization. And

if that brings you any semblance of peace, then it’s a good investment. It all

depends on your business need. It offers greater control, but means you

shoulder all the overhead, updating, risk management and related costs.

And if you factor in the compliance requirements for financial or healthcare

related companies, it might be the better option.

But, the thing is, it is still a server. It is still prone to all the issues on-

premise and pubic clouds in terms of intrusions, attacks, user carelessness

and resource deficiencies. It is as vulnerable (or protected) as the

alternative counterparts. The only difference is the means of security you

apply towards protecting it. You can build the most sophisticated on

premise security solution, but if you leave a window open, data will still

leak, unwanted intrusions will still get in and George from sales will still log

into your network from his unsecured iPhone.

So let’s be clear. From a platform security perspective, it does not matter

whether you choose public, private or hybrid clouds. It matters how you

protect it; which can also be effectively managed from the cloud. And

depending on your preference, a cloud-based security management should

be able to equally protect and support any cloud or on-premise

configuration.

If you assume your SaaS-based CRM, payroll or inventory shipping

applications are well protected by the developer, you are equally inviting

problems. According to new guidance from the National Institute of

Standards and Technology, YOU and not your providers have ultimate

responsibility for the security and privacy of data stored on the cloud. The

SaaS developer are responsible for their infrastructure, not your data or

who you provide access to that data or how you transit the data from

endpoint to endpoint…unless the service you invest in is a cloud-based

security-as-a-service.

Cloud-based security can be seen as having your cake and eating it too. You

benefit from a diverse portfolio to meet your specific business needs and

now you have another resource that allows you to gain best-of-breed,

enterprise level power, capabilities and control. You have a way to

monitor your public or private clouds (or your complex integrated

networks) 24/7/365 or create multifactor authentication barriers to access

intellectual property. With the right processes and rules, you can create

ARE BREACHES MORE

COMMON WHEN USING THE

PUBLIC CLOUD?

“In the past, companies felt that

having an application run behind

a firewall in their own

organization meant they were

protected, whereas if the app was

run in a public cloud, they were

exposed. As it turns out, it can be

easier to get into a private cloud

because people find

vulnerabilities within the network

and gain access to critical data.

Because public clouds serve so

many users, it is paramount that

providers help their customers

meet governance and compliance

regulations. Public cloud

providers tend to be more

diligent about security. In fact,

there are independent studies

that show that public cloud

security is getting better than

some private clouds.”

-Kevin Nikkhoo

Get Your Head into the

Clouds by Fairway

Technologies

www.CloudAccess.com

CLOUDACCESS 877-550-2568 www.cloudaccess.com

SECURITY FROM THE CLOUD:

and seamless layer across multiple servers and infrastructures that connect

each independent silo of data that can differentiate roles, traffic patterns,

context and data sensitivities. We are talking a combination of intrusion

detection, log management audits, identity and password management

and SaaS single sign on and web authentication services.

Before the maturation of cloud-based security, ensuring the security of any

cloud-based application could be problematic. There was significant

investment and limited budgets for in various software, time

commitments, expertise and the great unknown of how dedicated the

application developer was in the security of your data. To secure just this

aspect of your business, you were looking at a 2:1 or 3:1 ratio of

professional services on top of the licensing and required hardware installs.

Now that security-as-a-service is not only an emerging (and tremendously

cost-effective alternative) but tested choice, it provides a great latitude in

terms of being able to properly keep in lock step with the challenges

posed by applications…public, private and legacy.

So when deciding whether public, private or hybrid clouds make more

sense for your organization, know that your choice should be dependent

on the best option for your specific need. There are plenty of experts

willing to weigh in on best practices for each. But when it comes to

security, make sure you have the flexibility and scalability to securely

manage your quickly disappearing perimeter.

THE INDEPENDENCE OF CLOUD SECURITY

I was watching fireworks over the

Pacific Ocean last night (one of the

benefits of living near the California

coast). The Navy Band was

trumpeting patriotic music and

thoughts of freedom and liberty

swirled in my head. That’s when it

occurred to me. Cloud computing is

independence for many companies:

freedom from costly infrastructure;

liberty of enhanced mobility and

CLOSING THE VULNERABILITY

GAP PART 2

Companies want to leverage

relationships with vulnerability

researchers to make decisions.

Given the complexities of today’s

threats, security organizations cannot

afford to have the level of expertise

in house necessary to fully defend

their network from the vast array of

current and future dangers. They

must cultivate relationships with

third parties to get the levels of cyber

intelligence needed to meet future

challenges. Having this access to

dedicated vulnerability researchers is

extremely important.

Security-as-a-service (from the cloud)

is a cost effective means of achieving

the level of expertise necessary

without the additional headcount

and the cost-prohibitive expense of

a high profile consultant. Although

driven from the cloud, CloudAccess

clients benefit from having a live

security analyst monitoring their

network.

www.CloudAccess.com

CLOUDACCESS 877-550-2568 www.cloudaccess.com

SECURITY FROM THE CLOUD:

storage; emancipation from ongoing updates and maintenance; the

autonomy to scale and automate; the sovereignty to grow businesses

based on need and innovation rather than anchored simply by budget and

bandwidth.

But cuteness aside, there is a degree of independence provided by the

cloud. But just like democracy, managing in the cloud comes with a price,

or more specifically a responsibility. With the many benefits provided by

the cloud, security issues still need to be addressed. Just having data and

application functionality in the cloud may provide new flexibility and the

ability to enforce consistencies throughout the enterprise, but processes

for control, monitoring and anomaly mitigation still need to be applied

and maintained. The cloud application you use might have great security

controls, but in the end any data you generate, store or transact is yours to

secure…not the application vendor.

The good news is that these security issues and functions can also be

managed and effectively enhanced from the cloud. This means the receipt

of the same benefits provided by these lithe applications can be realized by

migrating some or all security management functions to a virtualized

environment. Security-as-a-service provides a greater sense of

independence and an expanded mode of control over the disparate,

disconnected and sometimes unprotected elements of the enterprise.

The cloud managing the cloud…seems like an oxymoron, right? Wrong. I

am hoping we’ve moved beyond the argument of whether the cloud is a

best practice or at least an accepted business practice. A vetted security-

as-a-service can provide the necessary capability, control and cost-savings

while removing a burden from overtaxed and overextended IT staffs. And

not just for SMBs. Larger companies (especially those bound by unique

compliance issues like healthcare, finance, retail and even government

entities) can take advantage of cloud-based security and generate the

necessary ROI and secure influence over all or parts of their enterprise.

First, cloud-based security is more that being a watchdog for your

salesforce.com or Dropbox accounts. It can be a gamer changer-a fully

realized security environment that addresses data and applications on

public clouds, private clouds, hybrid clouds and even legacy, on premise

networks. It can monitor every ping, burp and hiccup that touches your

network in real time. It can create escalations, alerts and effective

UNIFIED SECURITY

The key questions need to be

answered:

who touched what, when,

where and the potential security

impact to the business!

Unified security is the best

practice that leverages the

capabilities of multiple security

solutions across multiple silos and

centralizes them under a single

pane of glass.

Simply, it is the comprehensive

and collective forensic analytic

platform to provide greater

visibility to create a holistic

approach to security initiatives

The key is that the data is

continuously monitored and

correlates in real time. This allows

for a higher, more responsive

degree of proactivity through

security administration and faster

reactivity to any actionable event.

www.CloudAccess.com

CLOUDACCESS 877-550-2568 www.cloudaccess.com

SECURITY FROM THE CLOUD:

remediation without the need of human intervention. It can provision and

prevent access to some or all of your data. It can authorize, maintain

credentials, and streamline identities. It can facilitate encryption in data at

rest or on the move. The promise of security-as-a-service is that it provides

comprehensive and integrated functionality across the enterprise. A true

cloud-based security initiative must be more than SIEM; more than single-

sign on, more than password and access management. It must incorporate

all these things.

Second, most companies take security very seriously-especially in terms of

storing their data or maintaining the sacrosanctity of that proprietary

intelligence while in transit. They understand how important it is to keep

their networks intrusion-fee. Problem is IT is a big family and there are so

many mouths to feed. Even as many companies have teams dedicated to

security issues, too many don’t have a dedicated person, but rather line

item in an overall job description. This is the way things fall through the

cracks. And I don’t think I am talking out of school here-many CIOs and

CEOs have said the same thing. Again, security-as-a-service, with all of its

best-of-breed capabilities and behind-the-scenes 7/24 monitoring, creates

the necessary automations and controls that allow an organization ( who

doesn’t have a dedicated security officer) the confidence that security

issues aren’t relegated to hair-on-fire priorities.

Once you have agreed that security-as-a-service delivers the necessary

protection, then the question begs how do you determine which partner or

vendor is right for you? Although there are several markers for which you

can evaluate (cost, service scope, proven viability, etc…), I think the key to

success is finding a partner that matches your business needs: one that has

the track record of integrating a single piece of the security puzzle or help

launch a comprehensive solution from the cloud. And, of course, one that

helps you reach a sustainable level of independence so you can

concentrate on other priorities.

And if you have the time, listen to an interview I gave over at The Cloudcast

with Cloud Computing experts Brian Gracely and Aaron Delp:

Happy Independence Day!

THE PARADIGM CHANGE IS

HAPPENING NOW

According to Forrester Research,

it is estimated that the managed

cloud services security (MSS)

market stands at $4.5 billion.

Gartner, the nationally respected

IT research firm predicted that

the total worth of the cloud

computing market will rise to

more than $150 billion by 2013.

In 2015, public cloud services will

account for 46% of net new

growth in overall IT spending.

Morgan Stanley estimates that by

2015, the mobile web will be

bigger than desktop internet.

With user expectations about

where and how they access

information changing

dramatically, there'll be growing

pressure on IT to make enterprise

applications available in similar

ways.

www.CloudAccess.com

CLOUDACCESS 877-550-2568 www.cloudaccess.com

SECURITY FROM THE CLOUD:

MENTION THIS WHITE PAPER AND WE WILL EXTEND A FREE MONTH OF SERVICE WHEN YOU SIGN UP FOR A YEAR OR MORE PAY-AS-YOU-GO SUBSCRIPTION

CONTACT CLOUDACCESS FOR A

LIVE ONLINE DEMONSTRATION OF OUR SIEM AND LOG MANAGEMENT SOLUTIONS DELIVERED AND MANAGED FROM THE CLOUD.

MORE INFORMATION:

CONTACT: 877-550-2568

Read Our Blog: http://cloudaccesssecurity.wordpress.com/

LIKE Us on Facebook Follow Us On Twitter Join us on LinkedIn

The sky is no longer the limit

with secure, affordable cloud

security solutions from

CloudAccess.

WANT TO LEARN

MORE ABOUT

COMPLIANCE?

www.CloudAccess.com