Partner Perspectives  Connecting marketers to our tech communities.
SPONSORED BY
2/7/2018
09:00 AM
Paul Martini
Paul Martini
Partner Perspectives
Connect Directly
Twitter
RSS
50%
50%

Top Cloud Security Misconceptions Plaguing Enterprises

Contrary to popular opinion, there is no one single cloud. There are a wealth of cloud-based providers that own dedicated server space across the globe. Here's how to find the best fit for your company.

Despite all the buzz over the past decade, the cloud remains a bit of a mystery for many users who rely on it day-to-day. The cloud has made it easy for companies to embrace a number of "as-a-service" technologies seamlessly and lowered cost by eliminating the need to purchase security tools and appliances.

Yet adopting cloud operations blindly – as with any new workflow or technology – comes with risks. This is especially important in the context of how these tools are delivered, and whether they are a good fit for an organization based in specific needs.

All Clouds Are Not Created Equal
For starters, there is not just one single cloud. There are a wealth of cloud-based security providers that own dedicated server space across the globe, and each of their offerings is unique based upon their own business focus and target demographics. The cloud providers operating most widely in the enterprise are shared-tenant cloud environments where customers’ data and information is managed in one database and controlled using the same central operating system.

While a shared environment may not be much of a concern when cloud applications are used for programs such as marketing, that don't involve customer data or other personal identifiable information.  However, there may be significant impacts on enterprises who store and manage customer data in the cloud, for example, when security tools might redirect a customer’s traffic from one jurisdiction to a data center in a location with a different set of compliance standards. If a business operates within an industry that is privy to heavy regulations – especially where geolocation and PII sharing is concerned – they need to be sure their cloud provider isn’t bringing the data to a location that leaves them exposed to noncompliance penalties.

A prime example of this is the increased regulations stemming from Europe’s General Data Protection Regulation (GDPR). The GDPR  – which dictates strict rules about collecting personally identifiable information (PII) – further complicate  the issue of protecting customer data in the cloud. When a customer’s data is in a multi-tenant cloud that is shared, the ability to isolate a customer’s data becomes difficult. Next-generation cloud security solutions are making fast-work of addressing this, by leveraging multi-tenant cloud platforms with non-shared architectures, which give each customer their own operating system for content management and control.

Synchronized Management Workflow
A significant concern when implementing cloud security solutions from a multi-tenant shared cloud provider is that these tools might force organizations to employ a number of non-compatible security solutions, requiring multiple management consoles that create a disjointed workflow. For instance, in situations where organizations are collecting highly sensitive information, they may require an on-premises secure web gateway to ensure that data is isolated from outside traffic. The traditional ‘hybrid’ solution – using cloud-based and on-premises security tools to vet traffic –doesn’t provide a seamless view across the organization, resulting in security blind spots that impact the ability of teams to respond to an incident.

The majority of newer cloud security solutions within the industry decouple the physical from the virtual and provide a multi-tenant cloud with non-shared resources that deliver the best of both worlds. The result is greater visibility across the organization, shorter incident response times and substantial cost savings by avoiding the need to purchase appliances. Businesses need to consider protections that can align their security mission without forcing teams to continually purchase hardware and overcomplicate their security infrastructure. 

Paul Martini is the CEO, co-founder and chief architect of iboss, where he pioneered the award-winning iboss Distributed Gateway Platform, a web gateway as a service. Paul has been recognized for his leadership and innovation, receiving the Ernst & Young Entrepreneur of The ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Microsoft President: Governments Must Cooperate on Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/8/2018
5 Reasons Why Threat Intelligence Doesn't Work
Jonathan Zhang, CEO/Founder of WhoisXML API and TIP,  11/7/2018
Why Password Management and Security Strategies Fall Short
Steve Zurier, Freelance Writer,  11/7/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
iboss has created the first and only web gateway as a service specifically designed to solve the challenge of securing distributed organizations. Built for the cloud, the iboss Distributed Gateway Platform leverages an elastic, cloud-based node architecture that provides advanced security for todays decentralized organizations with more financial predictability. Backed by more than 110 patents and patents pending, and protecting over 4,000 organizations worldwide, iboss is one of the fastest growing cybersecurity companies in the world. To learn more, visit www.iboss.com.
Featured Writers
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-16470
PUBLISHED: 2018-11-13
There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.
CVE-2018-16471
PUBLISHED: 2018-11-13
There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to a...
CVE-2018-6980
PUBLISHED: 2018-11-13
VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they...
CVE-2018-17614
PUBLISHED: 2018-11-13
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Losant Arduino MQTT Client prior to V2.7. User interaction is not required to exploit this vulnerability. The specific flaw exists within the parsing of MQTT PUBLISH packets. The issue results from th...
CVE-2018-8009
PUBLISHED: 2018-11-13
Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file.