October 17, 2019
December 31, 2019
AddressOnline Event View map
Cloud computing is no new topic, and while we’ve all been managing its intricacies in some form or another for quite some time, there still remains big questions regarding the security of management, applications, migration, hosting, scalability and most prominently, the risk associated with the cloud. There are hybrid networks, monitoring challenges and the disappearing perimeter. So, how do you know what works best for your configuration?
Join us for the Cloud Security eSummit and find out what services and software will best serve the security of your cloud performance and growth.
Should you entrust your private keys in the cloud? Eighty percent of companies store information in the public cloud, begging the question of cloud security. The cloud promises availability, simplified management, and cost savings — yet, the cloud is not threat-proof and opens new attack vectors. What is compelling about the cloud is also its weakness: its openness makes it vulnerable. For example, if the host hardware or operating system are compromised, all data hosted can also be exploited via a process called hyperjacking.
Organizations need to proceed with caution about what they store. Should you entrust your private keys in the cloud? Storing private keys and identities in the cloud is dangerous. For public key infrastructure, the security of private keys is critical. Anyone who obtains a private key could impersonate the rightful owner and compromise information, potentially resulting in a tsunami of damage. The keys can be stolen or misappropriated, and there is no proven law that shields companies from disclosure. It’s best to consider the cloud as a storage repository and maintain control of the encryption keys on premises until established practices and the law can protect those keys.
With cloud usage growing exponentially, are we asking enough questions about cloud security for organizations to make informed risk management decisions? A clear and strong identity management process and plan is critical in this turbulent time. As hybrid enterprise solutions evolve, including cloud and on-premises software, the need for stronger identity management and identity-as-a-service is a must. Weak identities undermine everything else an organization can do to protect itself. A misappropriated identity means that no firewall, access control list, or VPN solution will prevent someone from gaining access.