BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

HR and IT – How Data Security Can Make for Strange Bedfellows

Posted May 31, 2011    Peter McCalister

Yes, you read my lead correctly. I am going to talk about how HR and IT can team up to improve Network Security in the Cloud. So bear with me…

Recently we posted on The Cloud and Liability issues. The Cloud – as ingenious a solution it is for information obtain-ability and computing flexibility – it also eliminates most of your control over who can access your organization’s most valuable asset: your data.

Think about it. The cloud presents an ever-changing, externally determined chain of custody for sensitive data and applications. For many business functions commonly run in the cloud, such as hosting websites and wikis, it is often sufficient to have a cloud provider vouch for the security of the underlying infrastructure. However, for business-critical processes and sensitive data, it is absolutely essential for organizations to be able to verify for themselves that the underlying cloud infrastructure is secure. The cloud can drastically compromise confidentiality if your provider can’t guarantee the integrity of the people manning your property.

The Cloud brings up basic question: How much do you trust your Cloud provider’s HR department?

What are the IT employee hiring protocols or security checks employed by your cloud provider? The lack of visibility into the hiring standards and practices for cloud employees and a general lack of transparency into provider processes and procedures, such as how its employees are granted access to physical and virtual assets, make preventing data theft a potential nightmare. Depending on the level of access granted, a malicious outside-insider may be able to harvest your organization’s confidential data or even gain control of the entire infrastructure with little or no risk of detection.

But we don’t think that security concerns should be an absolute barrier to the adoption of Cloud computing technologies. What we do think is that organizations are right to consider the implications of the Cloud – and demand visibility into their suppliers technology and processes to ensure the appropriate level of administrative privileges for better information protection.

Perhaps its time to ‘geek up’ HR. For example, Application and Privilege controls can provide HR visibility into how businesses and individuals access and manage applications. With HR and IT in concert on privilege user parameters and administrative rights, policy enforcement can become more distributed and effective.

Security is an on-going, collaborative process. Constant review of both policy and technology is necessary to safeguard corporate networks. And although you can never eliminate risk completely, when you improve relations between HR and IT, so that policy and technology go hand in hand, an organization’s security becomes a great deal tighter. Check out our latest cloud security whitepaper.

Tags:
, ,

Leave a Reply

Additional articles

ovum-research

New Analyst SWOT Assessment Identifies Key Strengths of PowerBroker

Posted November 24, 2014    Scott Lang

Following on the heels of the Gartner PAM market guide and Frost & Sullivan review of Password Safe comes a new analyst review of our BeyondInsight and PowerBroker platforms, a SWOT assessment of BeyondTrust written by Ovum. Ovum’s honest and thorough review of BeyondTrust indicates that we are delivering, “…an integrated, one-stop approach to PAM….

Tags:
, , ,

Patented Windows privilege management brings you unmatched benefits

Posted November 24, 2014    Scott Lang

We are pleased to announce that BeyondTrust has been granted a new U.S. Patent (No. 8,850,549) for privilege management, validating our approach to helping our customers achieve least privilege in Windows environments. The methods and systems that we employ for controlling access to resources and privileges per process are unique to BeyondTrust PowerBroker for Windows….

Tags:
6

A Quick Look at MS14-068

Posted November 20, 2014    BeyondTrust Research Team

Microsoft recently released an out of band patch for Kerberos.  Taking a look at the Microsoft security bulletin, it seems like there is some kind of issue with Kerberos signatures related to tickets. Further information is available in the Microsoft SRD Blogpost So it looks like there is an issue with PAC signatures.  But what…

Tags:
, , , ,