Partner Perspectives  Connecting marketers to our tech communities.
SPONSORED BY
2/7/2018
09:00 AM
Paul Martini
Paul Martini
Partner Perspectives
Connect Directly
Twitter
RSS
50%
50%

Top Cloud Security Misconceptions Plaguing Enterprises

Contrary to popular opinion, there is no one single cloud. There are a wealth of cloud-based providers that own dedicated server space across the globe. Here's how to find the best fit for your company.

Despite all the buzz over the past decade, the cloud remains a bit of a mystery for many users who rely on it day-to-day. The cloud has made it easy for companies to embrace a number of "as-a-service" technologies seamlessly and lowered cost by eliminating the need to purchase security tools and appliances.

Yet adopting cloud operations blindly – as with any new workflow or technology – comes with risks. This is especially important in the context of how these tools are delivered, and whether they are a good fit for an organization based in specific needs.

All Clouds Are Not Created Equal
For starters, there is not just one single cloud. There are a wealth of cloud-based security providers that own dedicated server space across the globe, and each of their offerings is unique based upon their own business focus and target demographics. The cloud providers operating most widely in the enterprise are shared-tenant cloud environments where customers’ data and information is managed in one database and controlled using the same central operating system.

While a shared environment may not be much of a concern when cloud applications are used for programs such as marketing, that don't involve customer data or other personal identifiable information.  However, there may be significant impacts on enterprises who store and manage customer data in the cloud, for example, when security tools might redirect a customer’s traffic from one jurisdiction to a data center in a location with a different set of compliance standards. If a business operates within an industry that is privy to heavy regulations – especially where geolocation and PII sharing is concerned – they need to be sure their cloud provider isn’t bringing the data to a location that leaves them exposed to noncompliance penalties.

A prime example of this is the increased regulations stemming from Europe’s General Data Protection Regulation (GDPR). The GDPR  – which dictates strict rules about collecting personally identifiable information (PII) – further complicate  the issue of protecting customer data in the cloud. When a customer’s data is in a multi-tenant cloud that is shared, the ability to isolate a customer’s data becomes difficult. Next-generation cloud security solutions are making fast-work of addressing this, by leveraging multi-tenant cloud platforms with non-shared architectures, which give each customer their own operating system for content management and control.

Synchronized Management Workflow
A significant concern when implementing cloud security solutions from a multi-tenant shared cloud provider is that these tools might force organizations to employ a number of non-compatible security solutions, requiring multiple management consoles that create a disjointed workflow. For instance, in situations where organizations are collecting highly sensitive information, they may require an on-premises secure web gateway to ensure that data is isolated from outside traffic. The traditional ‘hybrid’ solution – using cloud-based and on-premises security tools to vet traffic –doesn’t provide a seamless view across the organization, resulting in security blind spots that impact the ability of teams to respond to an incident.

The majority of newer cloud security solutions within the industry decouple the physical from the virtual and provide a multi-tenant cloud with non-shared resources that deliver the best of both worlds. The result is greater visibility across the organization, shorter incident response times and substantial cost savings by avoiding the need to purchase appliances. Businesses need to consider protections that can align their security mission without forcing teams to continually purchase hardware and overcomplicate their security infrastructure. 

Paul Martini is the CEO, co-founder and chief architect of iboss, where he pioneered the award-winning iboss Distributed Gateway Platform, a web gateway as a service. Paul has been recognized for his leadership and innovation, receiving the Ernst & Young Entrepreneur of The ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Australian Teen Hacked Apple Network
Dark Reading Staff 8/17/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
iboss has created the first and only web gateway as a service specifically designed to solve the challenge of securing distributed organizations. Built for the cloud, the iboss Distributed Gateway Platform leverages an elastic, cloud-based node architecture that provides advanced security for todays decentralized organizations with more financial predictability. Backed by more than 110 patents and patents pending, and protecting over 4,000 organizations worldwide, iboss is one of the fastest growing cybersecurity companies in the world. To learn more, visit www.iboss.com.
Featured Writers
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15504
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.
CVE-2018-15505
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 a...
CVE-2018-15492
PUBLISHED: 2018-08-18
A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification.
CVE-2018-15494
PUBLISHED: 2018-08-18
In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.
CVE-2018-15495
PUBLISHED: 2018-08-18
/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value.