Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Cloud Security
M o d e r n i z i n g E n t e r p r i s e IT
Introduction 2
The leap of faith to the cloud 4
I dentity management
meets the cloud 9
T
The leap of faith to the cloud 4
he cloud is fast becoming an underlying assumption Cloud providers typically have better security defenses
of computing, mainly because everyone wants the ability than your own data center – yet risks remain. The Cloud
to provision and scale applications with minimal fuss. Security Alliance flags the nine most likely threats.
B y E R I C kn o r r
Often, public cloud services present the best options.
The problem for IT is that business managers frequently fire up Identity management
accounts with public cloud services and fail to think through the se- meets the cloud 9
curity implications. That can lead to increased risk of data loss, indus- Organizations always wrestle with authentication and
trial spying, compromised customer data, and more. In this Digital access control, but rapid adoption of cloud apps and
services is complicating the problem.
Spotlight on cloud security, we dive into the key security issues for B y F A H M I D A y. R A S H I D
organizations that — by accident or design — have moved a substan-
tial portion of their computing workloads to the cloud. Hanging on to cloud identity 13
We begin by walking through the nine most pressing cloud se- Organizations are embracing cloud-based apps –
and incurring new risks in the bargain.
curity liabilities. Next, we explain identity management, and delve Identity management lowers the liability.
into the ways organizations are using it to extend authentication and B y P a u l F. R o be r t s
authorization to the cloud. Finally, we tackle data encryption and the
options cloud providers should offer to ensure your data stays safe. Practical cloud encryption
Today, nearly all businesses have one foot in the cloud whether solutions 17
Encryption has become a huge issue, thanks to the NSA.
they realize it or not. We hope this Digital Spotlight helps enable For cloud customers, this has already led to a wider array of
you to assess your own exposure and reap the benefit of public encryption solutions.
cloud services without creating worry or unnecessary risk. B y RO G E R A . G R I M E S
sungardas.com/securecloud
3
digital
spotlıght
CLOUD SECURITY
f faith
leap o d
e
Th o the clo u
t Cloud providers have better security defenses
than your average enterprise data center – as they
should, since any flaw could affect many, many
customers. The Cloud Security Alliance identifies
the nine most likely threats. B Y E r i c K n o r r
N
ot long ago, the notion of en-
trusting vital company data to a public
cloud service would have struck most
IT managers as mildly insane at best.
My data? Out there on some shared
platform in a data center I’ve never
seen? You’ve got to be kidding me.
1.
cloud services are simply better than
solutions obtainable on premises.
It’s becoming a cloud world, to Data breaches
the point where corporate CIOs are No surprise that data
attempting to emulate the hyperef- breaches are the No. 1
ficient clouds of major providers in fear, since anxiety over exposing data
their own data centers. Nonetheless, has always been the chief inhibitor
subscribing to cloud services without to cloud computing adoption. On
considering the potential security one level, the antidote is simple: a
full array of strong encryption op- ing it — and when they call on IT to through phishing or social engi-
tions. Roger Grimes’ article “Practi- recover data from a cloud service, neering can result in compromised
cal encryption solutions” walks you it may be too late. financial data, stolen intellectual
through the options. Moreover, although top cloud property, and other dire conse-
But locking down data with en- service providers have an excellent quences for any business. But stolen
cryption is only part of the story. record when it comes to accidental cloud service logons incur a special
Encryption keys can fall into the data corruption or loss, users some- set of risks.
wrong hands. You need proper au- times select third-tier providers with- For one thing, security profes-
thentication and access control to out making a realistic assessment sionals routinely use a specific set of
ensure only those authorized can ac- of their viability. An SLA may be in tools to determine whether an orga-
cess data. Plus, you need proper data place, but a subscription refund does nization has been compromised —
governance to manage the lifecycle of not amount to adequate compensa- and few would be willing or able to
data — and under which conditions tion for data lost by a dysfunctional use those tools to check cloud ser-
data can be stored in a shared cloud provider. In addition, if either the vices. If a SaaS application is com-
environment or in any other location. user or the provider practices lax ac- promised, for example, an intruder
Another issue is data deletion. cess control, data could be deleted by might be able to monitor activity
Over the years, occasional reports vandals, disaffected former employ- and peruse data over a long stretch
have surfaced that customer data ees, or other malicious individuals. of time without being detected.
that was supposed to have been de- In a 2013 study by the security Other risks can be incurred if a
leted remained with the cloud pro- vendor Symantec, 43 percent of the malicious hacker steals logon cre-
vider. Encryption obviously reduces 3,200 organizations surveyed lost dentials to a business user’s IaaS
risk should that slipup occur. data in the cloud and had to recover account. In the past, infrastructure
2.
from backups. Data in the cloud clouds have been used to launch
needs to be protected as you would new VMs for botnets, DDoS at-
Data loss protect it on any system. tacks, and other malicious activity.
3.
Because cloud ser- That’s one reason cloud monitoring
vices are often ad- is essential.
opted without IT’s permission, users Account or service
may lose company data simply by traffic hijacking
misplacing it or accidentally delet- Logons stolen
4.
have now deployed rela-
Insecure inter- tively effective, automated
faces and APIs defenses against DDoS
Cloud interfaces and attacks. Smaller providers
APIs enable integration with SSO may or may not have the
(single sign-on) solutions, as well as wherewithal to mount such
data or process integration with other a defense.
6.
cloud services or on-premises soft-
ware. But those interfaces and APIs
are also potential targets for attack. Malicious
To secure APIs, providers give users insiders
tokens or API keys that are validated In a 2013
in order for a client to connect. survey by Forrester re-
If an API is secured poorly, an search, 25 percent of re-
7.
attacker could launch a DoS attack spondents said that abuse
and render a cloud service unusable. by a malicious insider was the most Second, due to the decentralized
APIs may provide access to all sorts common cause of data breaches. pattern of cloud adoption typical of Abuse of cloud
of cloud functions, including ac- The truth, however, is that no one many organizations, IT’s purview services
count provisioning; if compromised, knows. Malicious insider attacks – over identity management and ac- Cloud computing pro-
APIs may even enable an attacker to by disgruntled employees or those cess control may not extend to all viders such as Amazon Web Services
extract critical data. who jump ship to competitors and cloud services. Such lax control may offer something the world has never
5.
take data with them – frequently go give employees free reign over data seen before: the ability to spin up
undetected or, for political reasons, they would normally be unauthor- massive computing power on de-
Denial of service unreported. ized to access. In the worst case, mand for any conceivable workload,
Public cloud ser- Insider threats specific to the cloud logons may be retained by employ- pay for only the cloud resources re-
vices are, well, public. are twofold. First, there’s the added ees after they leave an organization, quired, then simply close the cloud
Hacktivists have targeted cloud ser- risk that a rogue insider working for opening opportunities for mischief service account.
vices for political reasons, rendering a cloud service provider might be or data theft. That’s ideal for, say, actuarial cal-
them temporarily unusable. Fortu- tempted to view, sell, or tamper with culations. But it’s also an opportunity
nately, most of the large providers customer data and avoid detection. for cyber criminals to engage in an-
other compute-intensive task: crack- ing Security Reference Architecture, a multitenant architecture.” A pro-
ing encryption. In addition, cloud and the American Institute of CPA’s vider must put controls in place that
computing services may provide a SSAE 16, or the ISO/IES’s 27001 ensure such potential vulnerabilities
home for botnets, DDoS attacks, family of information security stan- are not exploited — and foil hackers
and other criminal operations that dards. No customer can look over who create accounts expressly to at-
require scale. the shoulder of a provider to ensure tack other customers.
8.
24/7 compliance, but customers are Of particular concern have been
sometimes given audit privileges potential security vulnerabilities
Insufficient and allowed to physically inspect at the hypervisor level, since these
due diligence facilities. could theoretically enable an attack-
The cloud depends Obviously, SLAs that include er to compromise multiple virtual
on trust between the provider and reparations for security breaches are machines across multiple accounts.
the customer. The big brand names desirable. On the other hand, no In 2012, researchers discovered the
in the cloud have earned customer agreement is likely to sufficiently Crisis Trojan, the Windows version
confidence thanks to a declining compensate for major theft or expo- of which was found to be capable
number of outages and few cata- sure of critical data. of infecting VMware virtual ma-
9.
strophic data breaches to date — al- chines. Later that year, a University
though the NSA debacle has given of North Carolina research paper
many (especially European) cus- Shared technolo- described how a virtual machine
tomers pause. With smaller, newer, gy vulnerabilities could use side-channel timing in-
lesser-known providers, the lack One of the biggest inhibitors to The cloud, by its formation to extract private crypto-
of a public track record demands cloud computing has been custom- nature, is based on the idea of mul- graphic keys in use by other VMs on
more faith, which many enterprise ers’ inability to continuously monitor tiple customers sharing the same the same server.
customers are unwilling to invest. a cloud provider’s security infrastruc- infrastructure — a concept known So far, however, no known breach-
Another consideration is the viability ture and practices. True, there are as “multitenancy.” As the Notorious es have been attributed to hypervi-
of the provider’s business: A recent standards and guidelines, such as Nine report puts it, “the underly- sor-based attacks, encouraging some
Gartner study predicted that one the Cloud Security Alliance’s Se- ing components that make up this to assert that fears of this sort of ex-
in four of the top 100 IaaS provid- curity, Trust & Assurance Registry, infrastructure (e.g., CPU caches, ploit are overblown.
ers will be “gone” by 2015, mainly the National Institute of Standards GPUs, etc.) … were not designed to
through acquisition. and Technology’s Cloud Comput- offer strong isolation properties for Eric Knorr is Editor in Chief at InfoWorld.
Identity management
meets the cloud
Organizations always wrestle with authentication
and access control, but rapid adoption of cloud
apps and services is complicating the problem.
This quick guide offers a straightforward antidote.
B y F A H M I D A y. R A S H I D
O
rganizations have an identity
problem. Numerous data breaches result
from organizations not knowing who
people are or what they’re allowed to do.
IAM (identity and access management) is
the solution — and in the cloud era, when
employees may access multiple cloud services outside the
enterprise perimeter, IAM is needed more than ever.
(single sign-on) and IAM are the the user roles and access deleted or have overly broad access,
same, when in fact SSO is just rules within the organiza- or even uncover missing roles and
one component of the larger IAM tion. This can be done in accounts that should already exist.
whole. Implementing SSO makes the form of a matrix, mapping A final audit will make it easier to
life easier for users because they users with accounts, applications, create the centralized user reposi-
no longer have to keep track of all roles, and privileges. This will tory during deployment.
their passwords, and IT can add help the organization understand One thing to keep in mind is to
gatekeeping mechanisms such as who has access to which applica- stay small. Instead of trying to do a
device fingerprinting, multifac- tion, how the application is be- full deployment with every single
tor authentication, and IP address ing used, and what types of roles user and application, a better ap-
tracking, depending on the prod- should be in place. proach is to focus on a few applica-
uct. But arguably, authorization “Users” in this matrix refers not tions and a subset of users. Once
is important when an employee’s just to employees, but also to any that phase is complete, more users
job function or employment status accounts used by other applica- can be added. Applications should
changes. tions or systems. For example, also be added in a controlled man-
Some IAM vendors offer little the content management system ner so it’s clear what configuration
more than SSO, which may mean should not be using the adminis- changes or customizations need to
automated provisioning and de- trator credential to get to the da- be made.
provisioning of accounts is not tabase, but a more restricted one, Whether an organization has
included. If an organization is rela- and that needs to be included in only on-premise applications, only
tively small and doesn’t need mul- the matrix. If an application sup- cloud infrastructure, or most likely
tiple levels of access control, SSO ports third-party log-ins, such as a mix of both, having the access
alone may be sufficient. Needless Facebook or OpenID credentials, matrix is critical for a successful
to say, detailed discussions of re- those need to be included as well. IAM rollout.
quirements related to this issue are The matrix serves two purposes:
paramount. To understand what types of use Diving into use cases
cases the final IAM deployment With all the access rules defined,
Defining scope has to support, and also to act as an the next step is to understand the
The most critical step in the IAM audit. This exercise can help iden- use cases and the business require-
planning process is to identify all tify accounts that should have been ments. For example, whether
In
applications and realizing
the not so distant past, enter-
big productivity gains – prise IT shops operated as enlight-
and incurring new security ened dictatorships. With hands
risks in the bargain. firmly on the keys to the technol-
Identity management ogy kingdom — application serv-
ers, identity stores, and so on – the
solutions lower the liability. IT group was the final arbiter of any new technology.
B y P a u l F . R o be r t s No longer. Today, separate lines of business and
even individual employees procure cloud applications
with little more than a credit card. Moreover, they
often do so without the knowledge or approval of IT.
That kind of agility is great for productivity. But if the
IT-as-dictator model is untenable, so is the chaos of ad-
hoc cloud technology adoption that, in recent years, has
created new security risks and management headaches.
What’s to be done? Forward-looking organizations are
finding ways to walk the tightrope between control and
chaos. Specifically, new cloud-based identity manage-
ment tools give organizations a way to temper the chaos
of cloud adoption, dragging SaaS (software as a service)
application use within the enterprise into the sunlight.
based services and SaaS applications pany’s existing identity infrastructure. fact, says Litterer. occurring,” he observes.
under control starts with identity and Shire was in the latter group, ac- Shire found that sup- “Is it Okta or did the
authentication, experts agree. cording to Litterer. The company port for the SAML 2.0 cloud guys not provision
“Once you start on the roller coast- has about 6,000 employees working standard, which is used the user correctly? Did
er of making deals with SaaS vendors from offices in the United States and to exchange authen- someone change a name
and enabling SaaS applications, IT Europe, as well as a roving staff of tication information but not change it in Ac-
groups want to be able to provision medical sales representatives. Behind between Web domains, tive Directory? If so, that’s
and control things like user permis- the scenes, the company still relies was uneven. “Some get it not an Okta problem.”
sions and password resets for those on Active Directory as its sole identity and some are new to it,” “Don’t underestimate
external applications,” Maler says. management platform and doesn’t Litterer says. That can the support process
Cloud identity providers such as plan on investing in a larger enter- add to the time and effort flow,” Litterer warns.
OneLogin, Ping Identity, Sympli- prise identity management platform. to get those applications “You have homework to
fied, and Okta do just that: synchro- Litterer says that deploying Okta working with a cloud- do, which is figuring out
nize with Microsoft’s Active Direc- to manage the cloud applications his identity platform that where things might fail,
tory or other LDAP repositories, employees used was easy. An Okta uses SAML for single sign-on and how they might fail and who is re-
allow companies to manage local Active Directory agent with access user management. sponsible for handling the issue.”
and Web-based access permissions to the local domain controller con- Finally, Litterer says that Shire’s
together, and enable single sign-on nected the Active Directory instance Okta deployment has gone off almost Mobility and migration
to SaaS applications. with Shire’s Okta instance in the without a hitch. He notes only one to the cloud
Kerrest, Okta’s COO, says that cus- cloud. Once Active Directory user or two hiccups in almost two years Cloud-based identity providers are
tomers use his company’s technology accounts are imported, Okta uses since the company went live with the proving themselves valuable in corral-
in different ways. Some see it as a matching algorithms to link Active cloud-based identity management ling enterprise SaaS usage. Will they
way to tame rampant SaaS adoption, Directory user accounts to existing technology. Unfortunately, when challenge or displace traditional, on-
using Okta’s Web portal as a gateway Okta user accounts as well as any ac- problems do crop up, the distributed premises identity and access manage-
to IT-sanctioned SaaS applications. counts in other SaaS applications. nature of cloud identity platforms can ment systems like those by RSA, IBM,
Others take an “all comers” approach, But the ease of that transition re- make it difficult to troubleshoot. Oracle and CA? That’s less clear.
allowing employees to use whatever vealed faults in the company’s Active “If you have an issue with authenti- Many Shire employees have
SaaS applications they deem relevant Directory configuration, including cation that arises in an application in- switched — or are in the process of
to their work — but use Okta to tie orphaned accounts and user groups tegrated with Okta, it can be difficult switching — from traditional laptops
those applications back to the com- that had to be sorted out after the to figure out where the problem is to iPads. That transition is accelerat-
ing the migration from tradition- complex infrastructure to also pull mote workers more flexibility in the
al client/server applications for in cloud-based resources and SaaS kinds of software tools they use and
functions like human resources applications than it is to go the other the manner in which they use them.
to cloud-based alternatives, even “We’re way, he said. That was the goal be- The result may be akin to the
for internal users. However, the hind EMC’s purchase of Aveksa, a old Maoist adage of letting a thou-
company has yet to expand Okta looking company Taneja founded last July. sand flowers bloom, says Forrester’s
to manage internal applications,
including the company’s Microsoft
very hard at “We’re looking very hard at ex-
panding our reach aggressively into
Maler. Cloud-based tools will end
up enabling innovation at the line-of-
SharePoint deployments. “We just expanding the cloud in all different dimen- business or even the department level.
haven’t had a clear business case to sions,” he says. “But its a lot easier By reducing the friction for smaller
do that,” Litterer says.
our reach to go out to the cloud when we have groups within an organization to
“When you look at companies with aggressively a strong hand on complexity inside experiment (and succeed) with tech-
ten thousand or twenty thousand em- the firewall.” nology deployments, companies may
ployees, things haven’t changed a lot,” into the actually find they achieve better secu-
says Deepak Taneja, CTO of Identity cloud in all The long march rity through less discipline, not more.
at RSA. Most mature enterprises have The monolithic, brittle identity As low-hanging fruit such as en-
hundreds of applications operating different management infrastructure that terprise single sign-on, and central
inside the firewall. They might also
have scores of SaaS applications, but
dimensions.” has become common in the past 20
years won’t disappear overnight, but
user and identity management get
checked off the list, companies can
the core challenges are the same: user — DEEPAK TANEJA, it will eventually be replaced. finally move on to real transforma-
CIO of Identity, RSA
authentication, authorization, single “I don’t know why anyone would tion: removing identity barriers that
sign-on for applications, provisioning want to set up and maintain their own separate businesses from their part-
and deprovisioning, and policy en- [identity] infrastructure and maintain ners and suppliers from their custom-
forcement, Taneja says. internally if you don’t have to,” says ers, fostering ever deeper and more
There’s no doubt that changing Litterer of Shire Pharmaceuticals. powerful collaboration.
technology use patterns – mobility Cloud-based identity tools that
chief among them – mean changes make it easy to manage cloud-based Paul F Roberts is Editor-in-Chief of The
to the way authentication is done. resources today will, in the near fu- Security Ledger, an independent security
But it’s easier to extend technology ture, expand to cover both cloud and news website, and is a former Senior Edi-
capable of managing that kind of on-premises applications, giving re- tor for InfoWorld.
lo u d
ca l c i o n
a ct i
y p t n s
r
P nc utior
e sol oping
sno
inst e
If
a a
g to th er s,
e e
ns anks ustom y of
def h ud c r arra encryption hadn’t
s a d, t
ti on a ’s min or clo wide . already existed, cloud com-
cryp one
y SA . F in a from puting would have had to
En ever the N sulted oose invent it. Clouds are the
is on sses of eady re ns to ch computing equivalent of
exce has alr solutio E S public utilities, where mul-
this yption . G R I M tiple customers share the same resources and
r
enc G E R A
frequently upload or gather valuable data in the
RO process. Such an environment demands data
By encryption, so that customers needn’t fear
exposing data to others, either by accident
or via the designs of malicious hackers or
overzealous government agencies.
We’re accustomed to encryption suing outcry by saying that they had then it may spend a certain amount not, will try to access the cloud data.
“in transit,” such as an SSL/TLS to follow the law. of time in an unencrypted state — If it’s encrypted and inaccessible to
connection between a user’s browser Not surprisingly, this did not sat- for example, data may be decrypted the cloud vendor, it’s probably worth-
and an e-commerce site. The cloud isfy customers. The lack of guaran- when retrieved or when being in- less to the third party as well.
complicates matters, because some teed data privacy was a deal breaker. dexed.
quantity of a cloud customer’s data Cloud vendors saw this for what it Ultimately, all private data should Proven crypto only, please
is almost always stored in the cloud,
demanding encryption “at rest” as
well. Clouds are Internet-accessible,
was — a very large existential threat
— and quickly began beefing up ex-
isting encryption services and offer-
be encrypted end to end, preferably
from the moment it is created until
the moment it is destroyed. If that’s
E ncryption solutions should use
industry-accepted, publicly
known, and reviewed ciphers. Cloud
multitenanted, accessed via shared ing new ones. Consequently, cloud not possible, get as close as you can. vendors claiming to have invented
authentication schemes, and widely customers now must contend with a Of course, all data must eventu- their own “unbreakable” ciphers
distributed (often to locations un- very quickly evolving set of encryp- ally be decrypted in order for it to should be avoided like the plague.
known and uncontrollable by the cus- tion options. be used. The question is when and Good encryption is hard and must
tomer). These attributes combine to where that decryption takes place. undergo lengthy public peer review in
make it harder to secure data for both What to look for in The closer it is to the customer’s order to be considered for protecting
the cloud vendor and the customer. cloud data encryption computers the better. It’s important data. Cipher key sizes must be suffi-
In 2013, cloud providers were giv- Encryption can never be completely to ask the cloud vendor who on staff cient to protect the data for the desired
en an added push to increase cloud unbreakable. However, it can be a can possibly see the data in an unen- length of time. Today, this typically
security. The general public was highly effective deterrent depending crypted state. Their answer should means private key sizes 256 bits or
shocked to learn that many cloud on its attributes. The following fea- be “no one” or at least “limited to a more, and public crypto key sizes of
vendors were forced, in some cases tures should be in place, document- very few.” And of course, you don’t 2048 bits (for traditional public ciphers
tens of thousands of times a year, to ed, and easily discoverable: want other cloud tenants to see your like RSA and Diffie-Hellman) and
provide customer data to request- data — and that means no shared 384 bits for public ciphers like ECC
ing legal parties, and were often End-to-end protection encryption keys between tenants. (elliptic curve cryptography).
prevented from telling customers.
Further, it was divulged that the C onfidential data must be en-
crypted at rest and in transit.
The best encryption solutions do
not let the cloud vendor ever see the Key management is crucial
NSA had the expertise and technol-
ogy to intercept the data, even when
the customer was told it was secure.
Many vendors promise this, but don’t
quite spell out what it means. Some
vendors encrypt data only when it’s
data in an unprotected state. This not
only protects both the vendor and cus-
tomer, but also significantly decreases
M any encryption solutions suc-
ceed or fail on how well they
manage the digital keys. Who creates
Cloud vendors responded to the en- stored on their hard drives, and even the chance that other parties, legal or the keys and where are they stored?
to key management. When you create or detail. That’s simply the nature of the cloud. EDITORIAL
Editor in Chief
CEO
Matthew Yorke
508-766-5656
use your own encryption, it’s up to you to Eric Knorr
Executive Editor
Executive Assistant to the CEO
Nelva Riley
keep track of all encryption keys and/or pass- Encryption by a third party Galen Gruman 508-820-8105
I
Executive Editor, Test Center
words. For some this responsibility is highly n response to recent privacy violations, Doug Dineley
Managing Editor
Sales
Senior Vice President, Digital Sales
desirable. For others, key management is an many third parties now offer encryption Uyen Phan
Senior Editor
Brian Glynn
508.935.4586
unwelcome chore which, if accepted grudg- services to customers and cloud providers Jason Snyder
Editor at Large
Senior Vice President Digital / Publisher
Sean Weglage
508-820-8246
ingly, will be performed poorly. Remember: alike. Their solutions may be installed at each Paul Krill
Senior Writer CIRCULATION
If you opt for customer-side encryption you supported client end-point device, on an in- Serdar Yegulalp
East Coast Site Editor
Circulation Manager
Diana Turco
are accepting all the responsibility and ac- termediate proxy gateway, or as an additional Caroline Craig 508.820.8167
Encryption by the cloud provider — at least, when you can get your hands on
D i g i ta l S o l u t i o n s G r o u p
Lisa Blackwelder
Senior Vice President / General Manager
M ost cloud customers leave all the en- the encryption software and examine it your-
SALES Gregg Pinsky
508.271.8013
Senior Vice President Digital / Publisher
cryption to the cloud provider. Luckily, self — but you still have to take it on faith that
Sean Weglage
Editorial
508-820-8246
Senior Vice President / Chief Content Officer
cloud providers are both getting better at de- the provider has properly implemented the
Vice President, Digital Sales
John Gallant
Farrah Forbes
508.766.5426
508-202-4468
fault encryption and offering more of it. None- solution in the cloud. Account Coordinator
Christina Donahue
Events
Senior Vice President
theless, have a close look at the above “What to No matter which encryption solution type 508-620-7760
East, Southeast, IL and MI
Ellen Daly
508.935.4273
look for” section and make sure your provider you use, you need to ensure all your require- Chip Zaboroski
508-820-8279 F i n a n c e & O p e r at i o n s
can meet your requirements. ments are met and that the capabilities are East, New England, New York
Chris Rogers
Senior Vice President / COO
Matthew C. Smith
603.583.5044 508.935.4038
Some customers combine customer-ini- fully documented. It’s a big cloud out there, West / Central Human Resources
Becky Bogart
tiated encryption with encryption offered and if recent events have taught us anything, 949.713.5153 Senior Vice President
Patty Chisholm
N. CA / OR / WA
by a provider, essentially yielding double it’s that other people want to look at your data. Kristi Nelson
415.978.3313
508.935.4734
functioning, fully documented cloud encryp- Roger A. Grimes is a longtime contributing edi- © IDG Communications Inc. 2014
Marketing
tion system — ome choose to be safe instead tor to InfoWorld who posts to his Security Adviser
Vice President
Sue Yanovitch
508.935.4448
of sorry. You may trust your cloud provider, blog every Tuesday. A Principal Security Architect for
but it’s impossible to verify provider claims Microsoft, he holds over 40 certifications and has
about encryption capabilities down to the last written eight books on computer security.
Adapting Security to the 4 Cloud Computing Examples The Transformative Benefits Cloud-Based Computing 7 Elements of a Successful
Cloud in Business of Cloud Infographic: DIY vs. Outsource Cloud Strategy
Organizations are now looking Cloud computing has now The benefits of cloud are Does it make sense to build Cloud can seem as intangible
beyond traditional approaches to IT passed beyond “buzz” to become transformative because, by (or continue to build out) an IT and mercurial as its namesake.
and considering cloud computing a confirmed business option. replacing in-house infrastructure infrastructure for cloud on-site? But with a solid strategy and the
more than ever before. However, how Companies are able to leverage with a scalable and efficient Or does it make better sense to right guidance, businesses can
can the adoption of cloud technology strategic solutions in the cloud to service, they allow an IT partner with a cloud provider that confidently chart a direct course
potentially change an organization’s address crucial business issues. organization to move out of offers a fully managed solution? through migration, reaping the
security requirements and how can Here, four key issues will be a functional role based on This infographic will take you many benefits the cloud offers.
organizations adapt to address these explored: the need to optimize procurement and maintenance and through a side-by-side comparison Read this paper to learn how to
new challenges? This whitepaper costs, maximize resources, toward a leadership role founded of the key considerations. develop an effective cloud strategy.
seeks to guide IT decision increase agility, and ensure on core business initiatives.
makers towards a virtualized, recovery.
self-provisioned, and automated G DOWNLOAD HERE G DOWNLOAD HERE
environment while fully protecting G DOWNLOAD HERE
their data and applications with G DOWNLOAD HERE
secure cloud architecture.
G DOWNLOAD HERE