BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Is Public Cloud Security As Mysterious As Crop Circles?

Posted August 18, 2011    Peter McCalister

There are many of you out there who have seen pictures of crop circles and believe that they are truly a mystery that no one will ever get to the bottom of. For those of us in the information security field, I think we are starting to believe that the key to security in public clouds may be as elusive as the secret to crop circles.

Case in point, Amazon continues to deliver new, enterprise grade capabilities in its AWS cloud offering. Their recent release of federation capabilities is quite impressive. Coupled with their earlier release of policy based IAM capabilities. it gives their security and compliance sensitive customers a number of powerful tools to work with. Enterprises can now create temporary security credentials for AWS to allow existing identities (from, for example, a LDAP server) to make use of IAM’s fine-grained access controls.

Others like IBM with their Smart Cloud Enterprise and Enterprise+ offerings are also stepping up to meet the security and reliability standards of their most demanding customers.

But talking to a former Peregrine Systems colleague who is spending a lot of time with cloud vendors, highlighted that one big remaining issue is the mystery of what goes on at the hypervisor level in public clouds. As I highlighted in an earlier post the recent report by the Ponemon Institute on the Security of Cloud Computing Providers shows that cloud providers are “least confident in their ability to restrict privileged user access to sensitive data”.

We are helping our customers extend their existing insider security infrastructure, policies and compliance reporting to their private, public and hybrid clouds (more on that next week) but we can’t yet help control and monitor what the cloud provider’s many insiders are doing. But I will say this, if the cloud providers want to remove the mystery, we are happy to help provide the tools to do it.

Leave a Reply

Additional articles

VMware Hardening Guidelines-img3

How to Audit VMware ESX and ESXi Servers Against the VMware Hardening Guidelines with Retina CS

Posted February 27, 2015    BeyondTrust Research Team

Retina CS Enterprise Vulnerability Management has included advanced VMware auditing capabilities for some time, including virtual machine discovery and scanning through a cloud connection, plus the ability to scan ESX and ESXi hosts using SSH. However, in response to recent security concerns associated with SSH, VMware has disabled SSH by default in its more recent…

Tags:
, , , ,
dave-shackleford-headshot

Privileged Passwords: The Bane of Security Professionals Everywhere

Posted February 19, 2015    Dave Shackleford

Passwords have been with us since ancient times. Known as “watchwords”, ancient Roman military guards would pass a wooden tablet with a daily secret word engraved from one shift to the next, with each guard position marking the tablet to indicate it had been received. The military has been using passwords, counter-passwords, and even sound…

Tags:
, , ,
Privileged Account Management Process

In Vulnerability Management, Process is King

Posted February 18, 2015    Morey Haber

You have a vulnerability scanner, but where’s your process? Most organizations are rightly concerned about possible vulnerabilities in their systems, applications, networked devices, and other digital assets and infrastructure components. Identifying vulnerabilities is indeed important, and most security professionals have some kind of scanning solution in place. But what is most essential to understand is…

Tags:
, , , , ,