BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

HR and IT – How Data Security Can Make for Strange Bedfellows

Post by Peter McCalister May 31, 2011

Yes, you read my lead correctly. I am going to talk about how HR and IT can team up to improve Network Security in the Cloud. So bear with me…

Recently we posted on The Cloud and Liability issues. The Cloud – as ingenious a solution it is for information obtain-ability and computing flexibility – it also eliminates most of your control over who can access your organization’s most valuable asset: your data.

Think about it. The cloud presents an ever-changing, externally determined chain of custody for sensitive data and applications. For many business functions commonly run in the cloud, such as hosting websites and wikis, it is often sufficient to have a cloud provider vouch for the security of the underlying infrastructure. However, for business-critical processes and sensitive data, it is absolutely essential for organizations to be able to verify for themselves that the underlying cloud infrastructure is secure. The cloud can drastically compromise confidentiality if your provider can’t guarantee the integrity of the people manning your property.

The Cloud brings up basic question: How much do you trust your Cloud provider’s HR department?

What are the IT employee hiring protocols or security checks employed by your cloud provider? The lack of visibility into the hiring standards and practices for cloud employees and a general lack of transparency into provider processes and procedures, such as how its employees are granted access to physical and virtual assets, make preventing data theft a potential nightmare. Depending on the level of access granted, a malicious outside-insider may be able to harvest your organization’s confidential data or even gain control of the entire infrastructure with little or no risk of detection.

But we don’t think that security concerns should be an absolute barrier to the adoption of Cloud computing technologies. What we do think is that organizations are right to consider the implications of the Cloud – and demand visibility into their suppliers technology and processes to ensure the appropriate level of administrative privileges for better information protection.

Perhaps its time to ‘geek up’ HR. For example, Application and Privilege controls can provide HR visibility into how businesses and individuals access and manage applications. With HR and IT in concert on privilege user parameters and administrative rights, policy enforcement can become more distributed and effective.

Security is an on-going, collaborative process. Constant review of both policy and technology is necessary to safeguard corporate networks. And although you can never eliminate risk completely, when you improve relations between HR and IT, so that policy and technology go hand in hand, an organization’s security becomes a great deal tighter. Check out our latest cloud security whitepaper.

Tags:
, ,

Leave a Reply

Additional articles

smart rules manager for vulnerabilities - v2

A New Way of Looking at Vulnerabilities in Your Environment

Assets, users, vulnerabilities and exploits; all are common themes in my posts on BeyondInsight. With BeyondInsight v5.1, we unveiled a new way to view exploitable assets. Sure, most vulnerability management solutions link vulnerability data to exploit information, allowing tools like NeXpose and QualysGuard to list an asset, its vulnerabilities, and any related exploits. BeyondInsight does…

Post by Morey Haber April 23, 2014
Tags:
, , , , ,
smart rules manager for vulnerabilities

Staying on Top of the Latest Vulnerabilities with BeyondInsight v5.1

It’s no secret that dozens of new OS and application vulnerabilities are revealed every day. Staying on top of these new exposures normally requires paying for services or subscribing to multiple RSS feeds. BeyondInsight 5.1 provides customers with another option: a built-in, customizable vulnerability alerting system that delivers up-to-date information on the latest vulnerabilities in…

Post by Morey Haber April 21, 2014
Tags:
, , , , , ,
BI-Qualys-Connector-IMG1

Getting More Value from QualysGuard Vulnerability Data with BeyondInsight v5.1

If your vulnerability assessment scans can’t produce meaningful and actionable reports, performing a scan does no good for anyone. If you’ve read my other blog posts, you know I have no qualms about stating that BeyondTrust provides the best vulnerability reporting in the industry. Ask your favorite analyst and they’ll tend to agree. Of course,…

Post by Morey Haber April 18, 2014
Tags:
, , , , , , , ,