BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

HR and IT – How Data Security Can Make for Strange Bedfellows

Posted May 31, 2011    Peter McCalister

Yes, you read my lead correctly. I am going to talk about how HR and IT can team up to improve Network Security in the Cloud. So bear with me…

Recently we posted on The Cloud and Liability issues. The Cloud – as ingenious a solution it is for information obtain-ability and computing flexibility – it also eliminates most of your control over who can access your organization’s most valuable asset: your data.

Think about it. The cloud presents an ever-changing, externally determined chain of custody for sensitive data and applications. For many business functions commonly run in the cloud, such as hosting websites and wikis, it is often sufficient to have a cloud provider vouch for the security of the underlying infrastructure. However, for business-critical processes and sensitive data, it is absolutely essential for organizations to be able to verify for themselves that the underlying cloud infrastructure is secure. The cloud can drastically compromise confidentiality if your provider can’t guarantee the integrity of the people manning your property.

The Cloud brings up basic question: How much do you trust your Cloud provider’s HR department?

What are the IT employee hiring protocols or security checks employed by your cloud provider? The lack of visibility into the hiring standards and practices for cloud employees and a general lack of transparency into provider processes and procedures, such as how its employees are granted access to physical and virtual assets, make preventing data theft a potential nightmare. Depending on the level of access granted, a malicious outside-insider may be able to harvest your organization’s confidential data or even gain control of the entire infrastructure with little or no risk of detection.

But we don’t think that security concerns should be an absolute barrier to the adoption of Cloud computing technologies. What we do think is that organizations are right to consider the implications of the Cloud – and demand visibility into their suppliers technology and processes to ensure the appropriate level of administrative privileges for better information protection.

Perhaps its time to ‘geek up’ HR. For example, Application and Privilege controls can provide HR visibility into how businesses and individuals access and manage applications. With HR and IT in concert on privilege user parameters and administrative rights, policy enforcement can become more distributed and effective.

Security is an on-going, collaborative process. Constant review of both policy and technology is necessary to safeguard corporate networks. And although you can never eliminate risk completely, when you improve relations between HR and IT, so that policy and technology go hand in hand, an organization’s security becomes a great deal tighter. Check out our latest cloud security whitepaper.

Tags:
, ,

Leave a Reply

Additional articles

pbps-customer-campaign-image

You Change Your Oil Regularly; Why Not Your Passwords?

Posted September 11, 2014    Chris Burd

There are many things in life that get changed regularly:  your car oil, toothbrush and hopefully, your bed sheets.  It’s rare that you give these things much thought – even when you forget to change them. But what if you’re forgetting something that can cost you millions of dollars if left unchanged for long periods…

Tags:
, , ,

On-Demand Webcast: The Little JPEG that Could (Hack Your Organization) with Marcus Murray

Posted September 10, 2014    Chris Burd

IT security has come a long way, but every once in a while you see something that makes you think otherwise. Every day, internal and external hackers breach and traverse “secure” environments, making you wonder just how easy it is for attackers to completely compromise your network. In a new on-demand BeyondTrust webcast, Marcus Murray,…

Tags:
, , , , ,

Retina Vulnerability Audits – September 2014 Patch Tuesday

Posted September 9, 2014    BeyondTrust Research Team

The following is a list of Retina vulnerability audits for this September 2014 Patch Tuesday: MS14-052 – Cumulative Security Update for Internet Explorer (2977629) 35141 – Microsoft Cumulative Security Update for Internet Explorer (2977629) 35142 – Microsoft Cumulative Security Update for Internet Explorer (2977629) – IE8/2003 35143 – Microsoft Cumulative Security Update for Internet Explorer (2977629) – IE8…