Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
SPONSORED BY
2/7/2018
09:00 AM
Paul Martini
Paul Martini
Partner Perspectives
Connect Directly
Twitter
RSS
50%
50%

Top Cloud Security Misconceptions Plaguing Enterprises

Contrary to popular opinion, there is no one single cloud. There are a wealth of cloud-based providers that own dedicated server space across the globe. Here's how to find the best fit for your company.

Despite all the buzz over the past decade, the cloud remains a bit of a mystery for many users who rely on it day-to-day. The cloud has made it easy for companies to embrace a number of "as-a-service" technologies seamlessly and lowered cost by eliminating the need to purchase security tools and appliances.

Yet adopting cloud operations blindly – as with any new workflow or technology – comes with risks. This is especially important in the context of how these tools are delivered, and whether they are a good fit for an organization based in specific needs.

All Clouds Are Not Created Equal
For starters, there is not just one single cloud. There are a wealth of cloud-based security providers that own dedicated server space across the globe, and each of their offerings is unique based upon their own business focus and target demographics. The cloud providers operating most widely in the enterprise are shared-tenant cloud environments where customers’ data and information is managed in one database and controlled using the same central operating system.

While a shared environment may not be much of a concern when cloud applications are used for programs such as marketing, that don't involve customer data or other personal identifiable information.  However, there may be significant impacts on enterprises who store and manage customer data in the cloud, for example, when security tools might redirect a customer’s traffic from one jurisdiction to a data center in a location with a different set of compliance standards. If a business operates within an industry that is privy to heavy regulations – especially where geolocation and PII sharing is concerned – they need to be sure their cloud provider isn’t bringing the data to a location that leaves them exposed to noncompliance penalties.

A prime example of this is the increased regulations stemming from Europe’s General Data Protection Regulation (GDPR). The GDPR  – which dictates strict rules about collecting personally identifiable information (PII) – further complicate  the issue of protecting customer data in the cloud. When a customer’s data is in a multi-tenant cloud that is shared, the ability to isolate a customer’s data becomes difficult. Next-generation cloud security solutions are making fast-work of addressing this, by leveraging multi-tenant cloud platforms with non-shared architectures, which give each customer their own operating system for content management and control.

Synchronized Management Workflow
A significant concern when implementing cloud security solutions from a multi-tenant shared cloud provider is that these tools might force organizations to employ a number of non-compatible security solutions, requiring multiple management consoles that create a disjointed workflow. For instance, in situations where organizations are collecting highly sensitive information, they may require an on-premises secure web gateway to ensure that data is isolated from outside traffic. The traditional ‘hybrid’ solution – using cloud-based and on-premises security tools to vet traffic –doesn’t provide a seamless view across the organization, resulting in security blind spots that impact the ability of teams to respond to an incident.

The majority of newer cloud security solutions within the industry decouple the physical from the virtual and provide a multi-tenant cloud with non-shared resources that deliver the best of both worlds. The result is greater visibility across the organization, shorter incident response times and substantial cost savings by avoiding the need to purchase appliances. Businesses need to consider protections that can align their security mission without forcing teams to continually purchase hardware and overcomplicate their security infrastructure. 

Paul Martini is the CEO, co-founder and chief architect of iboss, where he pioneered the award-winning iboss Distributed Gateway Platform, a web gateway as a service. Paul has been recognized for his leadership and innovation, receiving the Ernst & Young Entrepreneur of The ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Aviation Faces Increasing Cybersecurity Scrutiny
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/22/2019
Microsoft Tops Phishers' Favorite Brands as Facebook Spikes
Kelly Sheridan, Staff Editor, Dark Reading,  8/22/2019
Capital One Breach: What Security Teams Can Do Now
Dr. Richard Gold, Head of Security Engineering at Digital Shadows,  8/23/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2016-6154
PUBLISHED: 2019-08-23
The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect).
CVE-2019-5594
PUBLISHED: 2019-08-23
An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI.
CVE-2019-6695
PUBLISHED: 2019-08-23
Lack of root file system integrity checking in Fortinet FortiManager VM application images of all versions below 6.2.1 may allow an attacker to implant third-party programs by recreating the image through specific methods.
CVE-2019-12400
PUBLISHED: 2019-08-23
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this im...
CVE-2019-15092
PUBLISHED: 2019-08-23
The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class.