Focusing on IaaS security

The Cloud Security Alliance (CSA) has announced the formation of a new SDP for Infrastructure as a Service (IaaS) initiative. In addition, the SDP working group is hosting its fourth Hackathon throughout the RSA Conference, with a top prize of $10,000 available to the first participant to either access or disrupt a cloud-based mission critical application.

  • 8 years ago Posted in
Enterprises are rapidly embracing IaaS platforms, and many have made the strategic decision to quickly shift new development and production into these environments. While bringing many benefits, this change also brings with it many security, compliance, and business efficiency challenges – specifically around granting, controlling, and reporting on which users can access which systems and services across a network. Traditional security tools are unable to cope with the speed, scale, and complexity of this new, dynamic world, especially if organizations embrace dynamic release systems such as DevOps. As a result, security teams are unfortunately encountering familiar problems in their IaaS environments, including an inability to keep pace with a dynamic environment, users with over privileged network access, and an inability to easily perform compliance reporting. Cloud service providers are facing similar challenges with IaaS management access.
“Adopting a Software-Defined Perimeter approach can solve these problems, and enable secure, efficient, dynamic, and precise control of user access to IaaS environments,” said Kurt Glazemakers, Cryptzone CTO  and technical lead for the SDP for IaaS initiative. “With this initiative, we hope to demonstrate how an SDP can better protect IaaS services for enterprise usage, and deliver uniform, seamless protection of on-premises and IaaS resources.”
“The SDP approach allows enterprises to embrace the dynamic nature of IaaS without compromising security or compliance,” said Luciano ‘J.R.’ Santos, Executive Vice President of Research for the CSA. “By understanding and leveraging an SDP model, organizations can then enable hybrid or multi-platform clouds by abstracting provider-specific configurations, and leveraging consistent policies, identity stores, and processes across their environments.”
Goals of the Initiative include:
  • Documenting specific security, compliance, and architecture challenges that arise from enterprise adoption of IaaS
  • Exploring how an SDP solution can solve these problems
  • Providing architectural and deployment guidelines and best practices for secure IaaS, including the impact of DevOps initiatives
  • Influencing the SDP specification to address IaaS-specific requirements
Planned deliverables include:
  • Analysis and taxonomy of IaaS-specific security, network, identity, and compliance challenges
  • Explanation of how an SDP architecture can address these challenges
  • Deployment scenarios and use cases that examine aspects such as network configuration, identity management, authentication, and security groups
Ransom attacks in the cloud are a perennially popular topic of discussion in the cloud security...
Talent and training partner, mthree, which supports major global tech, banking, and business...
Cloud-native organisations to gain full understanding over every identity in the cloud, secured...
MSSPs identify regulatory compliance as additional factor as organisations seek to shift...
Orange Business (Norway), a global leader in digital services, has selected ARMO’s advanced...
Gigamon and Exclusive Networks have expanded their existing distribution partnership, broadening...
Trustwave and Cybereason have announced a definitive merger agreement offering a comprehensive and...
FortiDLP’s unified approach to data protection enables enterprise organizations to anticipate and...