by Adam Bosnian
As it has every year since its inception, the RSA Conference drew a large number of security vendors, researchers, professionals and insiders of all stripes. Not surprisingly, cloudsecurity emerged as one of the most popular themes addressed throughout the conference, partly due to the buzz and anticipation surrounding The Cloud Security Alliance Summit.That said, while the security of the cloud and other virtual environments were certainly focal points for this year’s show, several other important themes, issues and opportunities were addressed that also challenged the notion of status quo security.
As part of the mission of “Privileged Insights,” we are especially intrigued by topics that address the overarching sophistication and evolution of security threats, particularly the exploitation of privileged accounts and identities to access sensitive information. So while the CSM Summit attracted a lot of attention, and Chris Hoff, Director of Cloud and Virtualized Solutions for Cisco, delivered an insightful presentation that illuminated the importance of transparency between cloud providers and customers, it was Salesforce.com CEO Mark Benioff and Chief Trust Officer Jim Cavalieri who added a different twist to the cloud security picture—it’s not just the cloud, it’s the provider’s infrastructure that we need to worry about. Obviously, this is something that resonates well with IT security professionals.
When we examine the infrastructure of a provider’s data center, it’s realistic to expect that it could contain hundreds or thousands of servers, databases, workloads, applications, services and network devices (among other components), all exposing access points for management and control. Some of these access points are extremely powerful (i.e. privileged) while others are not. Regardless, access points should be accessed only by authorized sources. Cyber criminals understand the potential of these networks of privileged access points and by leveraging these vulnerabilities they have transformed the cyber crime frontier, as seen with many of the recent APT attacks, such as Stuxnet.
As Symantec pointed out in their presentation, the best approach to combat Stuxnet and similar attacks is a coordinated one focused on policy, protection and monitoring controls—all central tenets of privileged identity management.
Similar takeaways were found elsewhere at RSA that justify the importance of employing “privileged insights” to security intelligence. White House CIO Vivek Kundra explained some of the rationale behind the federal government’s increasing utilization of the cloud, including the importance of continuous monitoring. Cyber-Ark believes for continuous monitoring efforts to be effective, they must be properly automated by privileged session management solutions. Elsewhere, the CSA officially announced the launch of a new working group, CloudSIRT – cloud security incident and response. Interestingly, a recent survey conducted by CloudSIRT found that privileged user threats were one of the main vulnerabilities recognized by cloud adopters.
The list could go on, but we’re curious, where else did you hear insightful discussions about the power of privilege at RSA? From our perspective, it seems the discussion is now less about the education of privileged identity management technology, it’s now evolved to a need to better understand the emerging security and compliance challenges that it can proactively help solve. Do you agree?