download issue 27 here - Help Net Security
download issue 27 here - Help Net Security
download issue 27 here - Help Net Security
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Net</strong>work visibility continues to be a necessary and important part of information<br />
security, but in this era of social networks and Web 2.0 it is no longer entirely<br />
sufficient. The main problem is that content continues to move away<br />
from corporate servers, into the less visible and manageable cloud. Because<br />
of this shift, the ways in which we monitor and secure our business applications<br />
must also change.<br />
The cloud remains difficult to secure for many<br />
reasons: the computing platform is highly distributed;<br />
the platforms are often virtual; but<br />
perhaps the most challenging quality is its diversity.<br />
Cloud services can theoretically be<br />
accessed by anyone, from anyw<strong>here</strong>, putting<br />
the security onus almost exclusively on user<br />
authentication.<br />
Whether or not the cloud can ever be truly secured<br />
is a matter of debate: even if itʼs possible<br />
to control access to cloud services, enforcing<br />
behavior in the cloud can be extremely<br />
difficult.<br />
Discussions about cloud security often focus<br />
on strong authentication and trying to protect<br />
the cloud service itself, but letʼs forget for a<br />
moment the <strong>issue</strong> of securing the cloud and<br />
think about what else connects to it.<br />
Does the cloud connect back to anything<br />
within your enterprise network? It is becoming<br />
commonplace for companies to use a webbased<br />
CRM - itʼs an excellent service and<br />
provides lots of value. However, those companies<br />
also host their own corporate web<br />
servers, and have tightly integrated their intranets<br />
with their customer-facing CRM, in order<br />
to deliver valuable internal tools for<br />
business intelligence.<br />
The integration is done the correct way, using<br />
published APIs. The web servers themselves<br />
are protected behind firewalls and intrusion<br />
prevention systems, so the assumption is that<br />
www.insecuremag.com 12