Cloud Security Week in Review: Radware, Thales, CSA, Skyhigh, Intel, British Telecom
Cloud Security news this week included a range of items from Radware’s analysis of the new position of federal chief information security officer (CISO), a study from Thales about the rise in use of data encryption, the Cloud Security Alliance’s list of major threats to cloud computing security, Skyhigh’s launch of its new security reference architecture, and a partnership between Intel and British Telecom to create new cybersecurity software.
Carl Herberger, the vice president of security solutions at Radware, spoke at TMC this week about President Obama’s newly created position of Federal CISO. He noted that the first Cybersecurity Czar began his position under the presidency of George W. Bush but departed only two years after beginning. That position, which still remains but has been filled by another, will remain separate from the new CISO and even the existing Federal chief information officer (CIO). The Czar has the responsibilities of orchestrating the U.S. government’s cybersecurity policies and collaborating with various government agencies to fulfill that mission. The new CISO will report to the CIO and examine the cybersecurity risk inherent in the structure of the federal government.
Herberger recommended that, for the CISO to have success, the person in that position should clearly articulate the vision of what U.S. cybersecurity should be, balance the present reality and future goals, maximize the investment of any funds the government can throw at this position, and establish a framework of rewards and punishments that security professionals can easily follow to keep U.S. security moving in the right direction.
In the private sector, it appears that the trend of using encryption is rising. The recent Thales “2016 Global Encryption and Key Management Trends Study” showed that industry regulation and customer concerns about privacy have forced enterprises to begin using encryption for all their data, especially that which has been moved into the cloud. This global phenomenon comes from the study of 5,000 IT professionals in the U.S., the U.K., Germany, France, Australia, Japan, Brazil, the Russian Federation, Mexico, India, and Saudi Arabia. More than half of respondents also indicated that their companies are currently transferring sensitive data to the cloud, and 84 percent said they would perform similar actions in the next two years.
The Cloud Security Alliance, for its part in this industry-wide discussion, identified the top 12 threats to cloud computing security by presenting a number of issues to its working group members. It found that data breaches, insecure APIs, account hijacking and weak identify, and credential and access management rounded out the top of the list. The group noted that the “always on” nature of the cloud presents a unique threat to which companies must pay strong attention.
Skyhigh Networks is trying to get companies to move to the cloud with its new security reference architecture. TMC noted that Skyhigh has codified the best practices security professionals use at more than 500 enterprises. Its database of information means to address the pros and cons of modes of cloud deployment, the reasons behind the use of best practices, and the best ways in which businesses can participate with their cloud service providers.
Finally this week, Intel and British Telecom have announced their partnership in which they want to create new security software and services. They reportedly want to take advantage of each other’s expertise and avoid the complications of point security and data silos. In addition, the companies said they want to simplify the management of networks to improve the speed at which service providers can respond to network issues.