BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

HR and IT – How Data Security Can Make for Strange Bedfellows

Posted May 31, 2011    Peter McCalister

Yes, you read my lead correctly. I am going to talk about how HR and IT can team up to improve Network Security in the Cloud. So bear with me…

Recently we posted on The Cloud and Liability issues. The Cloud – as ingenious a solution it is for information obtain-ability and computing flexibility – it also eliminates most of your control over who can access your organization’s most valuable asset: your data.

Think about it. The cloud presents an ever-changing, externally determined chain of custody for sensitive data and applications. For many business functions commonly run in the cloud, such as hosting websites and wikis, it is often sufficient to have a cloud provider vouch for the security of the underlying infrastructure. However, for business-critical processes and sensitive data, it is absolutely essential for organizations to be able to verify for themselves that the underlying cloud infrastructure is secure. The cloud can drastically compromise confidentiality if your provider can’t guarantee the integrity of the people manning your property.

The Cloud brings up basic question: How much do you trust your Cloud provider’s HR department?

What are the IT employee hiring protocols or security checks employed by your cloud provider? The lack of visibility into the hiring standards and practices for cloud employees and a general lack of transparency into provider processes and procedures, such as how its employees are granted access to physical and virtual assets, make preventing data theft a potential nightmare. Depending on the level of access granted, a malicious outside-insider may be able to harvest your organization’s confidential data or even gain control of the entire infrastructure with little or no risk of detection.

But we don’t think that security concerns should be an absolute barrier to the adoption of Cloud computing technologies. What we do think is that organizations are right to consider the implications of the Cloud – and demand visibility into their suppliers technology and processes to ensure the appropriate level of administrative privileges for better information protection.

Perhaps its time to ‘geek up’ HR. For example, Application and Privilege controls can provide HR visibility into how businesses and individuals access and manage applications. With HR and IT in concert on privilege user parameters and administrative rights, policy enforcement can become more distributed and effective.

Security is an on-going, collaborative process. Constant review of both policy and technology is necessary to safeguard corporate networks. And although you can never eliminate risk completely, when you improve relations between HR and IT, so that policy and technology go hand in hand, an organization’s security becomes a great deal tighter. Check out our latest cloud security whitepaper.

Tags:
, ,

Leave a Reply

Additional articles

PBPS-screenshot-blog aug2014

Failing the Security Basics: Backoff Point-of-Sale Malware

Posted August 22, 2014    Marc Maiffret

At the beginning of this month, US-CERT issued a security alert relating to a string of breaches that had been targeting Point of Sale (POS) systems. The alert details that attackers were leveraging brute forcing tools to target common remote desktop applications such as Microsoft’s Remote Desktop, Apple Remote Desktop, Splashtop and LogMeIn among others….

Tags:
, , , , , ,

Troubleshooting Windows Privilege Management Rules with Policy Monitor

Posted August 21, 2014    Jason Silva

When defining and testing PowerBroker for Windows rules for production or pilots, customers sometimes tell us, “I don’t think this policy / program is working.” This is usually a case of the policy not properly triggering because of the way the rule was created. A unique feature of PowerBroker for Windows compared to other solutions is a client-side…

Tags:
, , ,
darren-mar-elia

BeyondTrust Webcast: Darren Mar-Elia’s 4 Active Directory Change Scenarios to Track

Posted August 20, 2014    Chris Burd

In our latest webcast, we joined Darren Mar-Elia, CTO at SDM Software, to discuss best practices for Active Directory (AD) change management. Here are some key takeaways from the presentation, followed by a link to a full-length video of the presentation. Mar-Elia kicks things off with a critical insight: that the best AD change management…

Tags:
, , , , , , ,