Comments
Cloud Security Needs More Layers: HyTrust
Newest First  |  Oldest First  |  Threaded View
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Author
2/28/2014 | 9:38:32 AM
Re: Interesting
Seconding what Charlie said. Also, the very process of automation can uncover security problems. In our recent DevOps report, we discussed how one large company was spinning up a DevOps-driven development project using a private cloud provider, and it added a security engineer to the discussion.

Imagine the engineer's dismay when he saw that the scripts the team planned to use for automated provisioning and network changes stored user names and passwords and used domain-administrator-level accounts. With some digging he found out that the company was already storing domain-level accounts in all kinds of batch files, scripts, and application configuration files — in plain text.

Automation tends to impose discipline, and shine a light, on processes. That's good for security.
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Author
2/27/2014 | 6:15:16 PM
Automation of security is more secure
If Lorna means the security practices themselves are made automatic, such as limiting system admins, except the group boss, from deleting a production VM, then I would agree with her. Too often security relies on a human completing a standard process, over and over again, and once in a while, slip ujps occur. With the constant interuptions in today's workplace, is it any surprise?
J_Brandt
50%
50%
J_Brandt,
User Rank: Ninja
2/27/2014 | 5:37:59 PM
Re: Interesting
I have to disagree with you Lorna.  More automation does not equal better security.  If security were to permeate all aspects of development, all aspects of the work flow and from end point to end point this might be true, but in most instances this is simply not true.  Today you have consumer tech hardware and software cobbled and shoehorned into enterprise systems.  More automation for sure, but in many instances a drop in security.  People are more automated with their shadow tech, but security is usually an afterthought and nonexistent.  Plus you have data collection and sharing that occurs many times without the knowledge of the end user.  More automation, but again, no better security.
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Author
2/27/2014 | 12:05:56 PM
Don't rely on just one vendor
Cloud security needs more layers, and it's probably wise not to rely on just one vendor to provide all of them. Look for different vendors to have different strengths.
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Author
2/27/2014 | 12:03:02 PM
Interesting
It's a great point that more automation equals better security, and I admit to being surprised that a VM might move 10 times. I wonder what is the tipping point for efficiency/movement.

Also not sure the headline does this column justics: more layers = more complexity, which (usually) does not = better security!


The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.