Thinking Beyond Cloud Security

Background Image on Blogs "Quilted" Page: 
image/jpeg iconlabs-quilt-image.jpg
Publish to Facebook: 
No
Twitter Card Style: 
summary

A few years ago, most businesses would have been right to wonder whether their digital work processes would ever be as easy to use as Facebook. But cloud technology has come a long way in a short time. 

Cloud services are transforming internal business workloads and processes of countless companies and whole industries like retail, transportation, and even manufacturing. Organizations are able to choose among a variety of intuitive, cloud-based services to find the best fit.   

The shared, on-demand nature of cloud computing also means that enterprises need to plan for a host of new security challenges. Fortunately, Symantec and other companies can help with products such as ProxySG, "ProxySG-as-a-Service" in the Cloud (officially  known as Web Security Service, (or WSS), Cloud Access Security Brokers, and the single-sign-on features of our own Validation & Identity Protection service Access Manager.   

However, we're always reaching for more. That's why the Research Lab continued tackling new challenges like insider threat detection, micro-segmentation, and micro-services, all from the perspective of the cloud. 

Indeed, going back over a decade, we did some of the earliest work in the industry on constructs like “containers.” More recently, we published on “Security-as-a-Service for Microservices-Based Cloud Applications,” to guide administrators as they implemented permission controls around the “principle of least privilege” policy enforcement for containers. 

The Research Lab has also applied machine learning to protect cloud-based services and combat insider threats. In fact, our first trial deployment, working with a company employing more than ten thousand cloud users, helped catch real insiders who were abusing the system.

A Personal Kind of Cloud Security

However, when I mull the future of security and the cloud, I see even bigger potential. Think about security delivered “from the cloud” as an always-on service, protecting users everywhere they go. 

Let me offer an analogy. 

The Internet surrounds us nearly everywhere we go. We’ve come to expect wireless and constant connections, anywhere, anytime. In similar fashion, security should envelop us wherever we go. 

I like to envision it as an invisible body of armor, one that moves with us like a summer shirt, but more bulletproof than Kevlar, titanium or carbon fiber all combined. 

Personal VPNs offer a bit of the “always on” protection that I’m describing. They ensure that computing devices are always connected to a safe data center, protected by a strongly encrypted pipe that lets you securely transmit communications, protected against any eavesdroppers who might be lurking. 

That’s just a first step. With so many websites getting hacked, how can even you be sure that the websites you visit aren’t attacking you “through” that pipe? That’s where cloud-based services like WSS and Fireglass help.  

Such services can detect and block such attacks in real-time, including some never seen before. 

Given the countless mobile devices now part of the growing Internet of Things are truly “cloud-driven” things, building such powerful and flexible security into mobile devices is a crucial step. That’s why Symantec Labs was eager to help Symantec become among the first to leverage the ARM TrustZone technology that’s now built into billions of mobile devices.  

It also explains why we’re still helping drive new standards for such authentication, safely and securely connecting people to their information in the cloud, perhaps even finally killing passwords in the process.  

What’s more, it’s also part of the reason we are so excited about our more recent acquisition of Skycure, which makes a predictive threat detection platform for mobile devices.

This is an idea that can’t come to fruition fast enough. Consider, for example, the practice of merchants and ad-networks invading our privacy to profile everyone. 

Meanwhile, some governments are going so far as to attack our smartphones to gather information about the political leanings of their citizenry and unmask the anonymity of dissidents protesting against repressive regimes. 

If ever there was a time we could use the powerful and flexible armor that I’m talking about, it’s now. Both for individuals as well as for organizations. My hope is that this kind of security will be delivered from the cloud. 

And soon. 

We’re working hard on that.



from ransomware-malware-blade http://ift.tt/2fjB7B3
via Specialisti Securitate IT in Cluj-Napoca, Romania

Comentarii

Trimiteți un comentariu

Postări populare de pe acest blog

数据保护十大准则

Imagine
Background Image on Blogs "Quilted" Page:  data-protection-quilt2.png Publish to Facebook:  No 人类在过去几千年里经历了巨大变革,对于人类社会来说,过去传下来的十条简单准则在确保国富民强方面仍非常奏效。 这使我很想知道我们是否能找到十条数据保护的准则,而这就是我们在本博文中所探讨的内容。 随着公司凭借数字化转型而不断演变,数据安全变得更为复杂。负责的数据管理人员开始整合大量相关元素,以保证数据的安全,而优秀的数据管理人员更是创建了各种整合体系,将技术、进程和人类行为相互结合。以下是 数据保护的十条准则 : 了解您的数据 如果您不能确定哪些数据是敏感数据,则明显无法对其进行保护!尽可能利用人才和技术,确保您能识别所有敏感数据。某些数据很容易定义,因此诸如数据丢失预防或云访问安全代理(CASB)等技术可很好地发现这些数据,无论数据是处于固定或移动状态,或是在云端。然而,在融入人为因素之后,一切问题才真正地迎刃而解。这使数据拥有者也可对敏感数据进行标记,因此您在数据整个生命周期内都可对其进行分类。 始终如一地保护属于您的数据 现在您已经对敏感数据有了全面了解,接下来就是确保数据的安全。最好的方法是什么呢?那就是加密。使用数据分类以确定保护需要,这样您便能够依据敏感性级别采用适当的保护方法,避免每次都“重蹈覆辙”。 提供无所不在的保护 不是所有事情都黑白分明,那么您怎么在灰色区域执行保护呢?例如,可以让某些人打开文档,或甚至进行编辑,但却无权打印。将加密技术进行升级,整合数字版权管理,使您具有更高的灵活性和控制力。 给云一线希望 云代表了人类社会最好和最差的一面。云使人们能够开放式协作,展示出人类精神的慷慨大度。但是这种慷慨大度可导致数据被过度分享,损坏了人与人之间的信任。这里有一个更好的方法,那就是基于数据的保护,这样即使在云端,也可确保无论在何处或是由何人来保护数据,慷慨大度的精神始终是一件好事情。 不要让任何人破解您的秘密 解密密钥落入坏人之手将非常危险。您如何控制谁可以访问您的数据呢?与其仅依赖于解密密钥,不如将用户的身份嵌入至进程之中。此外,如果您添加第三维的多因素身份验证,您便可
Citiți mai multe

Mobile Menace Monday: A race to hidden ads

Imagine
Who doesn’t love a good motorcycle racing game, right? How about one easily available on Google Play, a “safe” place for all your Android app desires? How about a bike racing game that sticks with you so much, you can’t easily uninstall it? And it displays hidden ads? Wait, what!? That’s right! In the slideshow below, a game titled Motorcycle Race—Bike Race (package name: com.bikeme.racersm) has rave  reviews by users who demand to know how to uninstall the game. Click to view slideshow. Rev your engines for heightened privileges So how does one get into such a predicament? That all starts with the install process. Upon installing Motorcycle Race—Bike Race, the first screen asks to Activate device administrator. Okay, so obviously a bike racing game requesting device administrator rights with permission to Lock the screen is a big red flag. However, if you didn’t catch that, there’s another clue that something is amiss. Look at the app name asking for permission: Media Player.
Citiți mai multe

Ransomware attack: a cautionary example from one small business | Avast Business

Imagine
“You feel invaded and vulnerable. This was his business, his baby, and it could all be over because some hackers were after a bit of cash.” Names like Bad Rabbit, WannaCry and CryptoWall make the news due to the massive impact ransomware attacks have. Hackers cost individuals and businesses $5bn in 2017 , and that figure is predicted to rise in 2018 to an astonishing $11.5bn . Avast alone blocked 132,000,000 ransomware attacks in 2017. Most people understand how ransomware works – it’s in the name – but what’s it like when it happens to you and your business? What’s it like when the boss announces: ‘We’re being attacked’? We spoke to Chris* who offers us an example of what happens when ransomware hits your business. This is his story - a detailed account of four days he will never forget. “It didn’t just happen … it unfolded,” he says. *Chris’s name has been changed and some of the details have been omitted or altered to protect the identity of those involved. The prolog
Citiți mai multe