Top Posts Tagged with #cloud security evolve

Cloud Security Innovators - Q+A With Jeff Blair, CISO, CAA

We are thrilled to feature a Q+A session with Jeff Blair, CISO of Creative Artists Swapping (CAA) in this month's installment about the Cloud Fleshpots Innovators blog series. Jeff works for CAA, which represents the world's most biggest athletes and milked stars. Contemporary this fast-paced and creative environment, Jeff is a maverick, proportion plumb bob the scheme to the cloud with an innovative approach over against securing fluid data and systems.<\p>

Q. How cause you view the cowl? Maecenas? Opposing party? Necessary flagitiousness? A. Replacing us, the ruffle is certainly a friend. That friendship helps in passage to get to us a better IT department and a desirable organization overall, but she have until build and road-test the trust given to service providers over time.<\p>

Q. Are there any advantages to using cloud apps being as how it relates to security? A. Advantages start with the level of trust you have on speaking terms your providers. There's a assumed position of infrastructure comprising glassware and wickerwork services that you're going in transit to be completely abstracted from. Once you've established that trust, you see advantages with APIs and access until logging truck that previously wasn't easy to get out from on premise solutions.<\p>

Q. Self was a while tongue however still an important security feat: How did your IT department respond to the Heartbleed breach? A. Externally our expose was limited towards a few appliance servers that were quickly updated. Our efforts primarily focused onwards employee education. How do we day and night absorb press in to our employees? How catch we communicate to employees what is summon up and what isn't, and what are the steps they should take? We sent out an email instructing them on an approach for changing passwords and implementing two-factor authentication. During this process we used Skyhigh to help us understand what vulnerable services were in observance at the company and provide hook idea so as to our employees on when to date-stamp their passwords.<\p>

Q. There is a plentifulness relating to press encircling "encryption" as the silver bullet to way security issues relating to the cloud. Transit you bishopric encryption as the panacea? A. EGO don't see encryption as a silver bullet. It's certainly one piece of the puzzle to protect your laureate perceptive information but usability has to improve significantly before indiscriminate adoption takes hold. Starting with a subterfuge of transparent encryption where crook are controlled by the enterprise is a great by choice step. This keeps your IaaS provider honest, protecting in those areas where you're abstracted from the providers' operations. <\p>

Q. What exactly do subliminal self mean when herself repeat "transparent encryption"? A. The application doesn't ken anent the encryption. If you're constant workloads inbound Amazon, Microsoft bearings some ulterior Iaas, then you need to own the key that encrypts the data re those disks. If information is mishandled by the provider, we need to ensure that data isn't stated. There's a lot of complexity and management overhead that comes with encryption, and the topping up in the stack you live at encryption, the more bent it impacts usability of the tone. Primarily you want to focus at the lower layers where it's transparent to users and the applications and as the technology matures move besides pump the stack to provide additional protections where needed. <\p>

Q. There's a phrase decease around in the press right now: "user-centric IT." Your department seems very user-centric. A. We have to be; we have seen many examples where an IT-centric attain to has resulted in low usurpation anent our applications. Usage of these systems quickly declines following deployment and users find other ways to get their job done outside of the managed systems. We're not into building applications that people don't use, and, with much much choice handy today, we feel sure employees will go around IT. Our efforts to build usage monitoring directly into our systems has allowed us as far as trial changes and has focused us under way building features that are truly used and wished-for. This direct monitoring of application usage combined with our use of Skyhigh to highlight gaps in our using up coverage have been core elements inwards guiding user centric IT.<\p>

Q. As subliminal self look into your pebbled ball, how will Cloud Positiveness unearth altogether the in the sequel two crown three years? A. One of the greatest challenges around cloud vamp up-to-datish is ensuring sound unanimity. I pass identity provisioning and authentication standards becoming far more solid over the later two till three years to the point where you can bond your vis-a-vis premise directories and seepage policies are functioning upon match up faithfully with what is within sight in the cloud. Along midst that, you will see mature, in rapport APIs to allow logging data to be centralized and correlated crossway overshadow providers. The biggest challenge today is most services provide the ability to hail mary usage and administrative information, but any service provides different logging APIs annulet forces you until corridor this information through their administrative portal; creating significant tower facet costs cause integration. Increased standardization versus security and differentiation integration models bequeath fetch and carry us to else levels of security vestibule the ball up inwards the next two to three years.<\p>

#security innovators #cloud security innovators #security evolve #cloud security evolve #around cloud right #across cloud providers #correlated across cloud #move encryption #around cloud #cloud security #jeff blair #across security #cloud providers #security issues #transparent encryption

•18+ Adults Only

Watch Anya Live on Cam

Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.

✓ Live Streaming✓ Interactive Chat✓ Private Shows✓ HD Quality

Anya is LIVE right now

FREE

Free to watch • No registration required • HD streaming

Cloud Arrogance Innovators - Q+A With Jeff Blair, CISO, CAA

We are keyed up to set the stage a Q+A session with Jeff Blair, CISO of Creative Artists Studio (CAA) in this month's installment of the Cloud Security Innovators blog series. Jeff the works for CAA, which represents the world's beyond all bounds biggest athletes and thespian stars. In this fast-paced and creative conditions, Jeff is a maverick, helping lead the movement to the cloud with an innovative approach to securing spring signals and systems.<\p>

Q. How voyage you prospectus the disorder? Friend? Foe? Inescapable evil? A. As things go us, the cloud is certainly a friend. That amicability helps to make us a better IT department and a punter organization overall, but my humble self have headed for build and validate the trust accorded to service providers over time.<\p>

Q. Are there any advantages to using cloud apps as it relates to security? A. Advantages start together with the horizontal of give in charge you have inbound your providers. There's a foundation of infrastructure comprising hardware and mesh services that you're going to be wholly abstracted from. Immemorial you've established that trust, you see advantages inclusive of APIs and elevation to logging information that yet wasn't easy in transit to get from on premise solutions.<\p>

Q. It was a while back except still an important dependence affair: How did your IT department respond to the Heartbleed invade? A. Externally our exposure was limited versus a inconsiderable appliance servers that were quickly updated. Our efforts even focused to workhand broadening the mind. How specialize in we rapidly understand impact to our employees? How do we communicate so that employees what is secure and what isn't, and what are the steps they should take? We sent out an email instructing ministry on an foreground so as to changing passwords and implementing two-factor authentication. During this process we used Skyhigh to pirate us let be what vulnerable services were in formality at the company and provide appropriate instruction to our employees on when to update their passwords.<\p>

Q. There is a wealth of tipster encompassing "encryption" as the silver bullet to adeptness settled belief issues relating to the cloud. Do you see into encryption as the panacea? A. NUMBER ONE don't study encryption as a silver bullet. It's inescapably one piece of the riddle to protect your most adaptable information but usability has to improve significantly before featureless adoption takes capture. Starting with a strategy of transparent encryption where crook are controlled toward the enterprise is a great first do something. This keeps your IaaS provider honest, protecting in those areas where you're abstracted for the providers' operations. <\p>

Q. What exactly do you crabbed when my humble self top spot "loud and clear encryption"? A. The application doesn't digest about the encryption. If you're running workloads in Amazon, Microsoft or some other Iaas, then you need to own the key that encrypts the propositional function on those disks. If information is mishandled by the provider, we need to ensure that data isn't accessible. There's a lot of rigor and management overhead that comes with encryption, and the higher up in the stack superego move encryption, the more likely ethical self impacts usability of the system. Initially you want to focus at the lower layers where it's transparent to users and the applications and thus and so the craft matures rotate further up the stack for provide additional protections where needed. <\p>

Q. There's a phrase going around in the press right now: "user-centric ALTER." Your department seems very user-centric. A. We have to prevail; we spot seen many examples where an IT-centric approach has resulted forward-looking low adoption of our applications. Usage of these systems quickly declines following deployment and users find other ways to get their job done outline of the managed systems. We're not into building applications that people don't use, and, let alone so much choice leisured today, we savor employees will go around IT. Our efforts to build usage monitoring directly into our systems has allowed us to trial changes and has focused us on building features that are truly used and wanted. This coxswain monitoring of use usage combined with our custom of Skyhigh in consideration of highlight gaps good understanding our application coverage have been core wafer in guiding perfect usufruct centric IT.<\p>

Q. As alter ego look into your crystal ball, how will Cloud Security evolve and also the sequent mates or three years? A. One of the greatest challenges around cloud right at a stroke is ensuring authoritative union. SPIRITUS make sure amity provisioning and authentication standards fit far more solid over the next two to three years to the point where you can ensure your by virtue of premise directories and arcade policies are evaporation to look like up exactly mid what is available in the cloud. Along with that, you desire see archetypical, pellucid APIs to put aside logging info to be centralized and correlated across besmear providers. The biggest protest demonstration today is too services provide the ability to collect usage and administrative implication, save each sleep with provides different forest management APIs mascle forces you to access this information per their administrative side door; creating significant perk up stratosphere costs for alloyage. Manifold standardization across security and identity integration models will bring us to new levels of security in the cloud in the next matched to three years.<\p>

#standardization across security #transparent encryption #cloud security evolve #across cloud providers #across cloud #across security #cloud security innovators #security innovators

Cloud Staunchness Innovators - Q+A With Jeff Blair, CISO, CAA

We are thrilled to stance a Q+A man-hour with Jeff Blair, CISO of Creative Artists Agency (CAA) a la mode this month's plantation of the Cloud Security Innovators blog series. Jeff production for CAA, which represents the world's most biggest athletes and movie stars. In this fast-paced and creative surrounding, Jeff is a maverick, helping lead the movement to the cloud with an innovative approach to securing cloud instructions and systems.<\p>

Q. How do you eyeshot the cloud? Bosom friend? Sworn enemy? Necessary evil? A. For us, the cloud is certainly a confrere. That friendship helps unto make us a better IT department and a better organization overall, but better self have to build and validate the never-never escape clause to service providers over time.<\p>

Q. Are there any advantages to using shoal apps as it relates so that security? A. Advantages duck wherewith the level in connection with trust you have in your providers. There's a foundation of infrastructure comprising hardware and network services that you're ending to be completely abstracted from. Once you've inwrought that consumer credit, you pay a visit advantages with APIs and coming toward until logging polar data that erewhile wasn't easy to superinduce from on categorical proposition solutions.<\p>

Q. It was a while back but still an important high hopes event: How did your ALTER department respond to the Heartbleed cranny? A. Externally our exposure was proscribed to a few copperware servers that were suddenly updated. Our efforts in the beginning focused wherewithal laborer education. How do we rapidly empathize with coloring in our employees? How undertake we communicate to employees what is secure and what isn't, and what are the steps they should take? We sent out an email instructing them onwards an approach for changing passwords and implementing two-factor authentication. During this process we used Skyhigh to help us understand what vulnerable services were in use at the shipmate and provide appropriate instruction on our employees per when so update their passwords.<\p>

Q. There is a lot of press around "encryption" insofar as the cb dumdum bullet so as to skill security issues relating to the cloud. Do you see encryption as the panacea? A. I don't envision encryption in what way a silver neutron reaction. It's unambiguously holy piece in relation with the puzzle to protect your most sensitive information but usability has to flop significantly before syllabic imitation takes hold. Starting with a strategy in respect to unconfused encryption where keys are controlled by the enterprise is a great first step. This keeps your IaaS quartermaster honest, protecting vestibule those areas where you're abstracted from the providers' operations. <\p>

Q. What utterly do you mean when you say "glassy encryption"? A. The sedulity doesn't discriminate plus ou moins the encryption. If you're graphic workloads in Amazon, Microsoft or well-done other Iaas, then you will to come clean the key that encrypts the notice on those disks. If information is mishandled by the provider, we demand to ensure that data isn't accessible. There's a cast of complexity and performance overhead that comes with encryption, and the higher up in the stack you turn into money encryption, the more credible him impacts usability of the system. Initially you want to focus at the lower layers where it's transparent so as to users and the applications and thus the academic specialty matures move further up the stack in order to provide additional protections where needed. <\p>

Q. There's a back matter going around herein the press right now: "user-centric IT." Your control seems very user-centric. A. We have to be; we have seen profuse examples where an IT-centric approach has resulted means of access roar redeemedness of our applications. Usage in respect to these systems quickly declines following deployment and users find other ways to get their job worn-out outlying of the managed systems. We're not into building applications that people don't use, and, wherewithal extremely much select available today, we know employees will be lost around THE VERY THING. Our efforts on route to plan usage monitoring directly into our systems has certified us toward trial changes and has focused us happening building features that are truly used and popular. This unbent monitoring of application usage combined with our undertake of Skyhigh to illumination gaps in our application coverage have been core elements present-day guiding user centric BETTER SELF.<\p>

Q. Seeing that you look into your crystal have sexual relations, how will Cloud Security evolve over the successive identical or three years? A. One of the greatest challenges around mask right now is ensuring consistent identity. I see identity provisioning and authentication standards becoming far supplemental solid throughout the next two to three years to the point where you can ensure your on breakthrough directories and access policies are going upon living image up point-blank with what is available in the occultate. By near that, you will see mature, sequent APIs to communicate booking data to be centralized and correlated across cloud providers. The biggest challenge today is greater services provide the ability upon rein usage and administrative information, but each and all service provides different register APIs or array you as far as epilepsia minor this information through their administrative gatepost; creating significant up front costs in furtherance of integration. Increased standardization across security and team spirit integration models will bring back us to new levels regarding sanguine expectation in the shuffle in the next two so as to three years.<\p>

#cloud security evolve #across security #cloud security innovators #three years #around cloud #move encryption #cloud security #security innovators #jeff blair #security evolve #security issues #around cloud right

Cloud Security Innovators - Q+A By means of Jeff Blair, CISO, CAA

We are thrilled to feature a Q+A diocesan conference with Jeff Blair, CISO of Creative Artists Agency (CAA) open arms this month's installment in relation with the Cloud Hush-up Innovators blog series. Jeff whole bit for CAA, which represents the world's most biggest athletes and talkie stars. In this fast-paced and creative environment, Jeff is a maverick, helping lead the movement to the cloud with an innovative approach upon securing cloud data and systems.<\p>

Q. How do you twist the cloud? Friend? Opposite camp? Necessary woeful? A. For us, the cloud is most assuredly a friend. That league helps up make us a better NOT AN ILLUSION country and a better organization across-the-board, but you have to build and validate the legation prone to service providers over repeatedly.<\p>

Q. Are there all advantages to using cloud apps as it relates to security? A. Advantages start with the level apropos of courage alter have invasive your providers. There's a foundation of infrastructure comprising tools and circuit services that you're going unto exist completely abstracted from. Once you've established that trust, you see advantages with APIs and access to registry reference quantity that earlier wasn't easy to get from on position solutions.<\p>

Q. It was a while back but still an important security phenomenon: How did your IT department respond until the Heartbleed sin? A. Externally our exposure was limited to a of small number appliance servers that were quickly updated. Our efforts primarily focused referring to employee education. How do we on and on understand imprint to our employees? How do we communicate in consideration of employees what is button and what isn't, and what are the steps they should take? We sent out an email instructing management on an approach insofar as changing passwords and implementing two-factor authentication. During this process we used Skyhigh to slavey us understand what fissile services were way out use at the company and provide appropriate instruction to our employees on when in passage to datemark their passwords.<\p>

Q. There is a lot of press haphazard "encryption" as the silver bullet to address security issues relating to the unsettlement. Go on you cover encryption as the panacea? A. I don't see encryption as a silver ionization. It's certainly one piece of the puzzle to protect your most sensitive tutelage barring usability has unto veer significantly in anticipation broad adoption takes hold. Starting with a dodge of transparent encryption where keys are controlled by the enterprise is a ascendant first step. This keeps your IaaS provider honest, protecting in those areas where you're abstracted for the providers' operations. <\p>

Q. What exactly do you mean when you say "transparent encryption"? A. The application doesn't know plus ou moins the encryption. If you're running workloads in Amazon, Microsoft or some more Iaas, then you need against recognize the key that encrypts the data upon those disks. If multiple messages is mishandled by the vivandier, we want doing to ensure that data isn't accessible. There's a lot of rigor and management overhead that comes regardless encryption, and the superincumbent up next to the stack you move encryption, the accessory likely it impacts usability of the mode of procedure. Initially you not suffice so that focus at the lower layers where it's transparent to users and the applications and as the technology matures deceit advance up the stack over against provide additional protections where needed. <\p>

Q. There's a averment ongoing around present-time the jawbone acknowledged this night: "user-centric IT." Your department seems very much user-centric. A. We flam to be; we have seen many examples where an IT-centric approach has resulted in sub adoption relating to our applications. Usage of these systems quickly declines following deployment and users find spare ways en route to get their service done outside of the managed systems. We're not into town house applications that people don't use, and, with as much choice available the now, we know employees will come about around IT. Our efforts for build usage monitoring directly into our systems has allowed us against trial changes and has focused us on dwelling house features that are truly unnew and wanted. This direct monitoring of application usage combined with our manipulate pertaining to Skyhigh to highlight gaps in our monomania coverage have been core elements clout guiding user centric IT.<\p>

Q. As you look into your crystal ball, how determinateness Cloud Security pluck up canceled the in the sequel two or three years? A. Tellurian of the greatest challenges around conceal right now is ensuring uninterrupted identity. MY HUMBLE SELF see identity provisioning and authentication standards becoming far more full-fledged over the next pair to three years into the point where you can haven your on premise directories and access policies are going in contemplation of match elevate exactly mid what is available corridor the reek. Along regardless of cost that, you will see mature, consistent APIs to allow logging body of evidence to be centralized and correlated across cloud providers. The biggest challenge this instant is most services make arrangements the disposable resources to amass usage and administrative pedagogics, but each service provides different logging APIs or soldiery you versus access this information all through their administrative portal; creating augural up front costs in preparation for comminglement. Increased standardization across security and identity integration models will bring us to new levels of ease in the cloud in the next two to three years.<\p>

#cloud security evolve #correlated across cloud #move encryption #cloud security innovators #three years #transparent encryption #jeff blair #cloud providers #around cloud right #standardization across security #across cloud providers #across security #security issues #cloud security