Cloud Security

Is CASB a new solution for Cloud Security?

 Is CASB a New solution for Cloud Security?
Most of the today’s cyber security processes and tools are developed for applications hosted in protected data centers and endpoint systems. All these systems are owned and managed by the corporate enterprises where administrators could control how files were stored, accessed, and shared. But when it comes to cloud hosted applications, every cloud service provider has its own mechanisms for authentication and access control, activity monitoring capabilities, alerting system, and audit trails. As a result:
  • The consumers or the security organizations often are unable to detect policy violations or indicators of potential attacks.
  • Though the attacks are detected, it is difficult and time-consuming to pull together and correlate threat indicators and data from multiple applications.

23 predictions you need to know on cloud security

23 predictions you need to know on cloud security
Cloud security is top of mind for IT professionals in 2016, as organizations migrate more applications to the cloud.
On an online security magazine post, Dr. Sundeep Oberoi (Delivery Head - TCS' Enterprise Security and Risk Management) quoted,
"The cloud security focus will shift from access control to infrastructure to access control for data. Apart from security and confidentiality there will be a major emphasis on integrity of data"
Explore the full post "Cloud Security: 23 predictions you need to know #tech2016" and know the outlook of various other security experts on cloud security.

Infosec 2016 technical roadmap - Make a choice ÔÇô Based on your business constraints and technological realities !!!

Infosec 2016 technical roadmap - Make a choice ÔÇô Based on your business constraints and technological realities

When we go for security solution design, it is important that we understand the business problem, need or opportunity. Our approach and methodologies should be based on that. Also we need to optimize architecture across customer needs, business constraints, and technological realities. For that we need to follow the industry trends and standards, both from a business and technical standpoint.

As a Security team, we need to closely watch the technology developments to ensure that our organization is effectively positioned to respond to any of the security threats. We need to develop technical roadmaps for future implementations across the enterprise to ensure the soundness of the solution. We also need to maintain a forward looking perspective on emerging technology developments and their relevance to both business and technology strategies.

Secure your Cloud with a Security Guard - Select those guards carefully !!

Secure your Cloud with a Security Guard - Select those guards carefully !!

Do you have a cloud based SaaS application? If Yes, Is that SaaS application core to your business? If so, I have the following questions.

(1) How can you enforce your security policies with your cloud connections?  (2) How can you comply with the internal and external regulations such as HIPAA, SOX etc? (3) How would you trust the security controls the service provider offer?  (4) When a user access the application in cloud, how can you get the visibility of what he is doing? (5) How can you ensure that proper authentication and authorization is enforced? (6) How can you ensure that encryption is enforced for both data in transition and data at rest?

Man-in-the-Cloud Attack - who can be the Victim?

As per recent Imperva’s Hacker Intelligence Initiative report on "Man-in-the-Cloud Attack", popular cloud storage services such as Google Drive and Dropbox can be abused by malicious hacker. They can exploit common file synchronization services for command and control (C&C) communications, remote access, data exfiltration and endpoint hacking by reconfiguring them.Attackers don’t even need to compromise targeted users’ credentials to gain access to their file synchronization accounts.

To manage files easily, many popular applications don’t require users to enter their account credentials each time synchronization is performed. Instead, authentication to the cloud relies on a synchronization token that is usually stored in a file, a registry, or the Windows Credential Manager on the user’s machine.

Example of true L3 level support

Recently, one of our ESRM associate Thrinath Thunuguntla has shown a commendable performance by solving a critical cloud connectivity issue and has been nominated as the winner of TCS On The Spot Award. He has set an example of providing true L3 level support to the customer.
Connectivity issues were reported in migration of services to Cloud. There was a requirement to enable two-way SSL authentication between REST on PLM and Enterprise side IBM Data Power. Client was able to enable one way SSL and requested assistance from ESRM team to establish the connectivity using two-way SSL. Click here to know the background of this issue and the complete solution provided.
Also, sharing some appreciation notes which he received.

Subscribe to RSS - Cloud Security