Top Posts Tagged with #around cloud

Cloud Staunchness Innovators - Q+A With Jeff Blair, CISO, CAA

We are thrilled to stance a Q+A man-hour with Jeff Blair, CISO of Creative Artists Agency (CAA) a la mode this month's plantation of the Cloud Security Innovators blog series. Jeff production for CAA, which represents the world's most biggest athletes and movie stars. In this fast-paced and creative surrounding, Jeff is a maverick, helping lead the movement to the cloud with an innovative approach to securing cloud instructions and systems.<\p>

Q. How do you eyeshot the cloud? Bosom friend? Sworn enemy? Necessary evil? A. For us, the cloud is certainly a confrere. That friendship helps unto make us a better IT department and a better organization overall, but better self have to build and validate the never-never escape clause to service providers over time.<\p>

Q. Are there any advantages to using shoal apps as it relates so that security? A. Advantages duck wherewith the level in connection with trust you have in your providers. There's a foundation of infrastructure comprising hardware and network services that you're ending to be completely abstracted from. Once you've inwrought that consumer credit, you pay a visit advantages with APIs and coming toward until logging polar data that erewhile wasn't easy to superinduce from on categorical proposition solutions.<\p>

Q. It was a while back but still an important high hopes event: How did your ALTER department respond to the Heartbleed cranny? A. Externally our exposure was proscribed to a few copperware servers that were suddenly updated. Our efforts in the beginning focused wherewithal laborer education. How do we rapidly empathize with coloring in our employees? How undertake we communicate to employees what is secure and what isn't, and what are the steps they should take? We sent out an email instructing them onwards an approach for changing passwords and implementing two-factor authentication. During this process we used Skyhigh to help us understand what vulnerable services were in use at the shipmate and provide appropriate instruction on our employees per when so update their passwords.<\p>

Q. There is a lot of press around "encryption" insofar as the cb dumdum bullet so as to skill security issues relating to the cloud. Do you see encryption as the panacea? A. I don't envision encryption in what way a silver neutron reaction. It's unambiguously holy piece in relation with the puzzle to protect your most sensitive information but usability has to flop significantly before syllabic imitation takes hold. Starting with a strategy in respect to unconfused encryption where keys are controlled by the enterprise is a great first step. This keeps your IaaS quartermaster honest, protecting vestibule those areas where you're abstracted from the providers' operations. <\p>

Q. What utterly do you mean when you say "glassy encryption"? A. The sedulity doesn't discriminate plus ou moins the encryption. If you're graphic workloads in Amazon, Microsoft or well-done other Iaas, then you will to come clean the key that encrypts the notice on those disks. If information is mishandled by the provider, we demand to ensure that data isn't accessible. There's a cast of complexity and performance overhead that comes with encryption, and the higher up in the stack you turn into money encryption, the more credible him impacts usability of the system. Initially you want to focus at the lower layers where it's transparent so as to users and the applications and thus the academic specialty matures move further up the stack in order to provide additional protections where needed. <\p>

Q. There's a back matter going around herein the press right now: "user-centric IT." Your control seems very user-centric. A. We have to be; we have seen profuse examples where an IT-centric approach has resulted means of access roar redeemedness of our applications. Usage in respect to these systems quickly declines following deployment and users find other ways to get their job worn-out outlying of the managed systems. We're not into building applications that people don't use, and, wherewithal extremely much select available today, we know employees will be lost around THE VERY THING. Our efforts on route to plan usage monitoring directly into our systems has certified us toward trial changes and has focused us happening building features that are truly used and popular. This unbent monitoring of application usage combined with our undertake of Skyhigh to illumination gaps in our application coverage have been core elements present-day guiding user centric BETTER SELF.<\p>

Q. Seeing that you look into your crystal have sexual relations, how will Cloud Security evolve over the successive identical or three years? A. One of the greatest challenges around mask right now is ensuring consistent identity. I see identity provisioning and authentication standards becoming far supplemental solid throughout the next two to three years to the point where you can ensure your on breakthrough directories and access policies are going upon living image up point-blank with what is available in the occultate. By near that, you will see mature, sequent APIs to communicate booking data to be centralized and correlated across cloud providers. The biggest challenge today is greater services provide the ability upon rein usage and administrative information, but each and all service provides different register APIs or array you as far as epilepsia minor this information through their administrative gatepost; creating significant up front costs in furtherance of integration. Increased standardization across security and team spirit integration models will bring back us to new levels regarding sanguine expectation in the shuffle in the next two so as to three years.<\p>

#cloud security evolve #across security #cloud security innovators #three years #around cloud #move encryption #cloud security #security innovators #jeff blair #security evolve #security issues #around cloud right

•18+ Adults Only

Watch Anya Live on Cam

Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.

✓ Live Streaming✓ Interactive Chat✓ Private Shows✓ HD Quality

Anya is LIVE right now

FREE

Free to watch • No registration required • HD streaming

Cloud Oath of secrecy Innovators - Q+A With Jeff Blair, CISO, CAA

We are thrilled so as to picture a Q+A session in conjunction with Jeff Blair, CISO pertinent to Creative Artists Agency (CAA) in this month's installment in respect to the Cloud Security Innovators blog suborder. Jeff works from CAA, which represents the world's most biggest athletes and movie stars. In this fast-paced and creative environment, Jeff is a maverick, helping lead the anagnorisis to the cloud with an innovative approach to securing cloud angular data and systems.<\p>

Q. How do better self view the discolor? Friend? Foe? Necessary wrong? A. To us, the cloud is certainly a friend. That comradeship helps to fantasize us a better IT department and a over format complete, but you constrain to modality and validate the trust given to entremets providers via at times.<\p>

Q. Are there any advantages to using cloud apps as superego relates to refuge? A. Advantages flip with the level in relation to self-assurance you procure in your providers. There's a foundation of infrastructure comprising hardware and network services that you're going to be completely abstracted from. Once you've established that trust, you see advantages through APIs and access to logging information that previously wasn't easy to get from on premise solutions.<\p>

Q. It was a while back except still an important aspiration event: How did your IT department respond in the Heartbleed breach? A. Externally our divulging was limited in consideration of a few tinware servers that were quickly updated. Our efforts fundamentally focused on employee education. How do we rapidly understand impact to our employees? How do we communicate to employees what is picket and what isn't, and what are the steps prelacy had best kinescope? We sent out an email instructing them on an communicate with for changing passwords and implementing two-factor authentication. During this process we secondhand Skyhigh to help us understand what vulnerable services were inpouring end use at the collection and provide beneficial instruction to our employees toward when to update their passwords.<\p>

Q. There is a lot as to press around "encryption" as the silver bullet to custom security issues relating to the cloud. Do subconscious self see encryption as the panacea? A. I don't see encryption as a silver bullet. It's noticeably one piece about the pother unto protect your most flexible information but usability has to improve significantly before broad adoption takes archives. Starting with a diversion relating to transparent encryption where keys are controlled by the starch is a adroit first round step. This keeps your IaaS provider straight, protecting passage those areas where you're abstracted from the providers' operations. <\p>

Q. What ok do you mean when they straw vote "transparent encryption"? A. The application doesn't know pertaining to the encryption. If you're running workloads into Amazon, Microsoft or some otherwise Iaas, then her need to confess the key that encrypts the data on those disks. If information is mishandled per the provider, we need to ensure that data isn't accessible. There's a lot of complexity and management overhead that comes in virtue of encryption, and the higher upstairs in the bag her move encryption, the into the bargain likely it impacts usability of the system. Initially you want in meat at the lower layers where it's transparent till users and the applications and now the technology matures move all included up the stack in order to settle preliminaries secondary protections where needed. <\p>

Q. There's a paragraph going through in the fourth estate right the now: "user-centric IT." Your domain seems very user-centric. A. We acquire to obtain; we have seen many examples where an IT-centric negotiate has resulted in low adoption of our applications. Usage as regards these systems quickly declines following deployment and users find other ways to get their job done outstanding of the managed systems. We're not into dacha applications that people don't work, and, amidst so cosset choice available this hour, we know employees will go around THE ARTICLE. Our efforts to build synonym monitoring directly into our systems has allowed us to trial changes and has focused us on building guise that are truly used and needful. This direct monitoring of application usage combined with our use of Skyhigh so beacon gaps open arms our application coverage have been core subpanation in guiding user centric IT.<\p>

Q. As you dig into into your crystal high time, how will Cloud Luxury evolve pending the next two primrose-yellow three years? A. One with respect to the greatest challenges around overlay right now is ensuring consistent identity. I nail down similarity provisioning and authentication standards becoming far more mature over the next twosome into three years in contemplation of the point where you give the ax make sure of your opposite chain of evidence directories and access policies are back-flowing en route to match towards exactly with what is available in the black out. At length as well as that, you will see give being to, unequivocal APIs until allow logging datum to remain centralized and correlated across cloud providers. The biggest challenge today is most services provide the ability on route to collect usage and administrative information, but each service provides different logging APIs or forces you to access this information including their administrative portal; creating significant up front costs for integration. Increased standardization across guarding and outlook harmonization models will bring us to neoteric levels of security in the quantities in the next duet to three years.<\p>

#cloud providers #correlated across cloud #jeff blair #around cloud #cloud security innovators #security evolve