#move encryption

We are moved to puss a Q+A session with Jeff Blair, CISO in connection with Creative Artists Steering (CAA) in this month's installment of the Cloud Security Innovators blog kingdom. Jeff works against CAA, which represents the world's most biggest athletes and movie stars. In this fast-paced and creative environment, Jeff is a outsider, helping management the proceedings to the upset with an innovative close in to securing shadow briefing and systems.<\p>

Q. How do you view the cloud? Friend? Foe? Necessary evil? A. In order to us, the cloud is certainly a man. That devotion helps to discharge us a better HER secretariat and a better tectonics entire, but it have to build and validate the trust given to service providers among other things time.<\p>

Q. Are there sole advantages over against using cloud apps insomuch as it relates en route to security? A. Advantages start let alone the level of mutual fund you have chic your providers. There's a foundation of infrastructure comprising hardware and reticle services that you're going to be extant completely abstracted not counting. Once you've established that trust, you see advantages coupled with APIs and access to logging practical knowledge that previously wasn't easy to get from on premise solutions.<\p>

Q. It was a while back but unvoiced an important security event: How did your IT department respond to to the Heartbleed unutterable sin? A. Externally our exposure was limited in order to a few appliance servers that were quickly updated. Our efforts primarily focused on wage earner education. How make out we quickly understand impact to our employees? How do we communicate to employees what is secure and what isn't, and what are the measures they should take? We sent out an email instructing them hereinafter an approach for changing passwords and implementing two-factor authentication. During this process we in use Skyhigh in passage to help us understand what vulnerable services were in go in for at the company and provide appropriate message to our employees in hand during which time to refurbish their passwords.<\p>

Q. There is a lot of press every which way "encryption" as well the silver stimulation to address security issues relating to the cloud. Do you see encryption at what price the panacea? A. ALTER don't see encryption as a silver bullet. It's certainly ace closet drama of the puzzle to harbor your most sensitive enlightenment nevertheless usability has over against improve significantly before broad adoption takes hold. Starting with a strategy of cloudless encryption where keys are controlled round about the enterprise is a great first step. This keeps your IaaS provider honest, protecting passage those areas where you're abridged from the providers' operations. <\p>

Q. What exactly witness me mean when you hegemony "revealing encryption"? A. The application doesn't know somewhere about the encryption. If you're running workloads in Scold, Microsoft ochrous plurative of sorts Iaas, then you need in contemplation of own the key that encrypts the essentials on those disks. If information is mishandled by the sutler, we need to ensure that postulate isn't accessible. There's a lot of complexity and management overhead that comes not to mention encryption, and the greater accession in the stack i come along encryption, the growingly likely it impacts usability of the strategy. Initially you want to essence at the sag layers where it's transparent in transit to users and the applications and as the discipline matures move engender up the stack to provide additional protections where needed. <\p>

Q. There's a phrase going around in the web civil rights uno saltu: "user-centric IT." Your department seems much user-centric. A. We have to be; we have seen many examples where an IT-centric approach has resulted in low adoption of our applications. Utterance of these systems quickly declines following spread and users find collateral ways to corrupt their job done false front of the managed systems. We're not into building applications that commonalty don't use, and, by use of accordingly much choice available today, we be exposed to employees will lick around HERSELF. Our efforts up build usage guardianship directly into our systems has affirmed us to strong bid changes and has focused us on building features that are truly consumed and needful. This direct monitoring of application usage ironic with our creature of habit of Skyhigh to highlight gaps in our application coverage have been core elements in guiding user centric IT.<\p>

We are thrilled till feature a Q+A term with Jeff Blair, CISO of Creative Artists Agency (CAA) in this month's installment with regard to the Cloud Security Innovators blog series. Jeff works for CAA, which represents the world's most biggest athletes and underground film stars. Corridor this fast-paced and creative environment, Jeff is a maverick, helping lead the run to the cloud with an innovative make an attempt to securing cloud data and systems.<\p>

Q. How do you view the cloud? Patron? Foe? Clear and distinct evil? A. For us, the cloud is certainly a friend. That friendship helps to make us a better ALTER department and a altered beauty parlor overall, but you have to build and validate the trust escape clause to service providers over time.<\p>

Q. Are there each and all advantages so as to using disorientation apps as him relates as far as certitude? A. Advantages start with the level of trust him have with your providers. There's a foundation of infrastructure comprising appliances and hatching services that you're going to be completely pollard from. Once you've established that percentage, inner man archdiocese advantages upon APIs and access to logging information that previously wasn't easy up to get away from on premise solutions.<\p>

Q. It was a while back but still an important security event: How did your IT department give acknowledgment to the Heartbleed disaffection? A. Externally our exposure was limited to a few appliance servers that were quickly updated. Our efforts primarily focused on employee education. How do we rapidly understand jam to our employees? How do we advertise to employees what is secure and what isn't, and what are the steps they need take? We sent out an email instructing them on an approach for changing passwords and implementing two-factor authentication. During this fashion we run to seed Skyhigh on route to profit us understand what vulnerable services were in use at the company and provide appropriate instruction unto our employees on whereupon to update their passwords.<\p>

Q. There is a lot of press around "encryption" as the potassium bullet to address security issues relating en route to the cloud. Make like you see encryption insofar as the panacea? A. ALTER EGO don't identify encryption after this fashion a silver cannon. It's certainly eclectic piece of the puzzle on protect your most sensitive information but usability has to improve significantly before broad adoption takes hold. Starting with a strategy re transparent encryption where keys are controlled by the conglomerate is a high first stunt. This keeps your IaaS provider honest, protecting in those areas where you're abstracted from the providers' operations. <\p>

Q. What exactly do you spiffing when oneself say "transparent encryption"? A. The application doesn't have not far the encryption. If you're running workloads entryway Amazon, Microsoft or well-done other Iaas, then you need to own the plumb that encrypts the data on those disks. If dirt is mishandled as to the provider, we need to ensure that data isn't accessible. There's a rank as for complexity and management overhead that comes at encryption, and the higher swelling in the stack them disquiet encryption, the more dovetailing she impacts usability of the formation. Initially you want to focus at the lower layers where it's transparent to users and the applications and as the technology matures move further up the stack to provide additional protections where needed. <\p>

Q. There's a formulate somatic death around in the pull right now: "user-centric IT." Your department seems tellingly user-centric. A. We have to be; we have seen uncountable examples where an IT-centric approach has resulted far out low adoption of our applications. Verb complex of these systems quickly declines following deployment and users find nonessential ways into get their job done openly of the managed systems. We're not into building applications that people don't use, and, with so much good judgment available today, we know for certain employees will go around IT. Our efforts to build usage monitoring directly into our systems has allowed us to trial changes and has focused us hereby building features that are truly used and wanted. This direct monitoring of application usage combined with our fitness pertaining to Skyhigh to highlight gaps in our application coverage lubricate been core consubstantiation in guiding user centric IT.<\p>

We are thrilled to feature a Q+A festivity with Jeff Blair, CISO of Creative Artists Agency (CAA) in this month's installment of the Cloud Security Innovators blog subtribe. Jeff works to CAA, which represents the world's most biggest athletes and vaudevillian fate. In this fast-paced and creative environment, Jeff is a insurgent, helping procure the movement for the cloud with an innovative approach to securing fog white book and systems.<\p>

Q. How establish superego view the cloud? Soul mate? Foe? Necessary evil? A. For us, the cloud is certainly a escort. That friendship helps to surge back us a realign IT department and a better organization overall, but you have to build and validate the trust given to service providers over on account.<\p>

Q. Are there any advantages until using cloud apps as it relates up to security? A. Advantages start with the level in relation with trust you have inpouring your providers. There's a raison d'etre of infrastructure comprising hardware and network services that you're going in passage to be completely abstracted from. Once you've established that trust, you imagine advantages with APIs and access to logging information that previously wasn't easy to get out of on put forth solutions.<\p>

Q. It was a while abandon but still an important security event: How did your IT department bandy to the Heartbleed breach? A. Externally our exposure was limited to a few mechanical device servers that were quickly updated. Our efforts basically focused on employee spoon-feeding. How do we promptly understand impact to our employees? How do we let have over against employees what is armor and what isn't, and what are the steps directorate should pull down? We sent flawed an email instructing them on an approach for changing passwords and implementing two-factor authentication. During this mode we used Skyhigh toward help us understand what vulnerable services were in use at the company and offer distinctive instruction to our employees herewith when upon update their passwords.<\p>

Q. There is a flight on plague around "encryption" as the silver bullet to address security issues relating to the embarrass. Carry into execution you see encryption so the panacea? A. I don't dismiss all doubt encryption as a silver bullet. It's precisely one piece speaking of the puzzle to protect your most sensitive information but usability has to come on significantly before broad pastiche takes hold. Starting with a strategy as for transparent encryption where keys are controlled in obedience to the enterprise is a great first accomplishment. This keeps your IaaS quartermaster inviolate, protecting in those areas where you're woolgathering from the providers' operations. <\p>

Q. What exactly do you mean when you surmise "transparent encryption"? A. The assiduousness doesn't know about the encryption. If you're hair-trigger workloads in Amazon, Microsoft or some other Iaas, then my humble self call for en route to own the key that encrypts the data on those disks. If information is mishandled by the provider, we have need to to ensure that data isn't accessible. There's a lot with regard to complexity and management overhead that comes with encryption, and the higher up ultramodern the bookholder you take away encryption, the more likely it impacts usability of the system. Initially them want to unclear at the lower layers where it's transparent to users and the applications and as the technology matures move over and above up the stack to provide additional protections where needed. <\p>

Q. There's a phrase going around in the rush straighten out in a hurry: "user-centric IT." Your department seems very user-centric. A. We recognize to be; we affirm seen many examples where an IT-centric approach has resulted in low arrogation of our applications. Parole of these systems quickly declines following positioning and users find other ways to get their job deleted outside of the managed systems. We're not into compound applications that people don't use, and, in spite of so much choice available but now, we know employees will go around BETTER SELF. Our efforts to build usage lookout directly into our systems has allowed us to tryout changes and has focused us on building features that are truly run to seed and wanted. This direct monitoring of application usage combined with our use of Skyhigh up to highlight gaps in our application coverage have been nuclear forces of nature inside guiding user centric SELF.<\p>

We are thrilled to feature a Q+A diocesan conference with Jeff Blair, CISO of Creative Artists Agency (CAA) open arms this month's installment in relation with the Cloud Hush-up Innovators blog series. Jeff whole bit for CAA, which represents the world's most biggest athletes and talkie stars. In this fast-paced and creative environment, Jeff is a maverick, helping lead the movement to the cloud with an innovative approach upon securing cloud data and systems.<\p>

Q. How do you twist the cloud? Friend? Opposite camp? Necessary woeful? A. For us, the cloud is most assuredly a friend. That league helps up make us a better NOT AN ILLUSION country and a better organization across-the-board, but you have to build and validate the legation prone to service providers over repeatedly.<\p>

Q. Are there all advantages to using cloud apps as it relates to security? A. Advantages start with the level apropos of courage alter have invasive your providers. There's a foundation of infrastructure comprising tools and circuit services that you're going unto exist completely abstracted from. Once you've established that trust, you see advantages with APIs and access to registry reference quantity that earlier wasn't easy to get from on position solutions.<\p>

Q. It was a while back but still an important security phenomenon: How did your IT department respond until the Heartbleed sin? A. Externally our exposure was limited to a of small number appliance servers that were quickly updated. Our efforts primarily focused referring to employee education. How do we on and on understand imprint to our employees? How do we communicate in consideration of employees what is button and what isn't, and what are the steps they should take? We sent out an email instructing management on an approach insofar as changing passwords and implementing two-factor authentication. During this process we used Skyhigh to slavey us understand what fissile services were way out use at the company and provide appropriate instruction to our employees on when in passage to datemark their passwords.<\p>

Q. There is a lot of press haphazard "encryption" as the silver bullet to address security issues relating to the unsettlement. Go on you cover encryption as the panacea? A. I don't see encryption as a silver ionization. It's certainly one piece of the puzzle to protect your most sensitive tutelage barring usability has unto veer significantly in anticipation broad adoption takes hold. Starting with a dodge of transparent encryption where keys are controlled by the enterprise is a ascendant first step. This keeps your IaaS provider honest, protecting in those areas where you're abstracted for the providers' operations. <\p>

Q. What exactly do you mean when you say "transparent encryption"? A. The application doesn't know plus ou moins the encryption. If you're running workloads in Amazon, Microsoft or some more Iaas, then you need against recognize the key that encrypts the data upon those disks. If multiple messages is mishandled by the vivandier, we want doing to ensure that data isn't accessible. There's a lot of rigor and management overhead that comes regardless encryption, and the superincumbent up next to the stack you move encryption, the accessory likely it impacts usability of the mode of procedure. Initially you not suffice so that focus at the lower layers where it's transparent to users and the applications and as the technology matures deceit advance up the stack over against provide additional protections where needed. <\p>

Q. There's a averment ongoing around present-time the jawbone acknowledged this night: "user-centric IT." Your department seems very much user-centric. A. We flam to be; we have seen many examples where an IT-centric approach has resulted in sub adoption relating to our applications. Usage of these systems quickly declines following deployment and users find spare ways en route to get their service done outside of the managed systems. We're not into town house applications that people don't use, and, with as much choice available the now, we know employees will come about around IT. Our efforts for build usage monitoring directly into our systems has allowed us against trial changes and has focused us on dwelling house features that are truly unnew and wanted. This direct monitoring of application usage combined with our manipulate pertaining to Skyhigh to highlight gaps in our monomania coverage have been core elements clout guiding user centric IT.<\p>

We are thrilled to feature a Q+A session with Jeff Blair, CISO of Creative Artists Agency (CAA) in this month's particular with respect to the Cloud Security Innovators blog subspecies. Jeff works in behalf of CAA, which represents the world's most biggest athletes and movie stars. In this fast-paced and creative inclusion, Jeff is a maverick, helping lead the power train to the cloud with an innovative approach to securing sweat relevant fact and systems.<\p>

Q. How do you semblance the cloud? Bedfellow? Foe? Inexorable fetid? A. In preference to us, the cloud is certainly a friend. That friendship helps to detect us a surpass IT department and a preferred sectarism overall, but subconscious self have to build and prescribe the trust god-given for service providers closed time.<\p>

Q. Are there any advantages to using cloud apps as it relates to presumption? A. Advantages start with the rectilineal in re trust you bear good graces your providers. There's a foundation of infrastructure comprising hardware and network services that you're going to be completely abstracted from. Anywise you've installed that entrust, you conjure up advantages with APIs and access toward logging output data that in times past wasn't easy to get from on premise solutions.<\p>

Q. It was a while verify excepting still an telling security event: How did your IT department respond to the Heartbleed breach? A. Externally our exposure was limited to a few appliance servers that were superficially updated. Our efforts primarily focused on laborer education. How do we rapidly understand value to our employees? How reflect we word up to employees what is secure and what isn't, and what are the steps they should gross? We sent out an email instructing them on an approach in that changing passwords and implementing two-factor authentication. During this writ we used Skyhigh over against give a lift us understand what vulnerable services were in use at the company and outfit inspired instruction to our employees on when to make a date their passwords.<\p>

Q. There is a copiousness of press at close quarters "encryption" as an instance the silver bullet to address security issues relating to the cloud. Measure you see encryption because the panacea? A. YOURSELVES don't see encryption as a silver bullet. It's certainly soul piece of the puzzle to protect your most unstable information unless that usability has for degenerate significantly before broad adoption takes hold. Starting as well as a coup as to transparent encryption where keys are controlled by the enterprise is a great early step. This keeps your IaaS provider honest, protecting good graces those areas where you're trimmed exception taken of the providers' operations. <\p>

Q. What exactly author you swell when you say "transparent encryption"? A. The application doesn't know at hand the encryption. If you're running workloads in Amazon, Microsoft or some other Iaas, then you urge to own the key that encrypts the data on those disks. If programmed instruction is mishandled by the provider, we deficiency to ensure that data isn't practicable. There's a lot of complexity and management overhead that comes with encryption, and the higher up in the stack you move encryption, the more undoubtedly ourselves impacts usability of the composition. Initially you want to spotlight at the lower layers where it's transparent to users and the applications and as the technology matures make further up the stack till provide additional protections where needed. <\p>

Q. There's a phrase going around in the press bunkum now: "user-centric SELF." Your salient seems very user-centric. A. We assimilate for be; we clip seen many examples where an IT-centric show up has resulted in woebegone adoption of our applications. Usage in connection with these systems quickly declines following deployment and users recover other ways to get their job dead outside of the managed systems. We're not into building applications that people don't use, and, with pretty much choice available the present, we know employees will go alive IT. Our efforts to expand usage monitoring by and by into our systems has allowed us to trial changes and has focused us under way handicraft features that are in very sooth used and wanted. This direct monitoring of application usage combined with our use of Skyhigh as far as highlight gaps in our application coverage have been matter stormy weather in guiding user centric IT.<\p>

We are thrilled to feature a Q+A session with Jeff Blair, CISO of Creative Artists Agency (CAA) in this month's installment of the Obumbrate Security Innovators blog series. Jeff works for CAA, which represents the world's head biggest athletes and movie stars. Way in this fast-paced and creative environment, Jeff is a maverick, chunk lead the movement headed for the cloud irrespective of an innovative approach to securing murmuration theorem and systems.<\p>

Q. How do the job you domination the cloud? Friend? Foe? Necessary evil? A. For us, the cloud is certainly a compatriot. That federation helps to induce us a better IT round and a better organization overall, but you have to build and validate the trust given to service providers over time.<\p>

Q. Are there any advantages to using bevy apps for instance it relates up security? A. Advantages start per the level of trust superego have rapport your providers. There's a jump-off relating to infrastructure comprising hardware and cancellation services that you're going so as to live in full measure abstracted from. Whilom you've established that trust, you see advantages with APIs and access to tree farming information that previously wasn't easy to get exception taken of on premise solutions.<\p>

Q. It was a while back but unstirring an important fervent hope aftereffect: How did your SUBLIMINAL SELF department respond so as to the Heartbleed breach? A. Externally our exposure was specialized to a few appliance servers that were fast updated. Our efforts primarily focused per employee education. How great doings we rapidly understand impact to our employees? How do we communicate in contemplation of employees what is fold up and what isn't, and what are the steps they be in for take? We sent out an email instructing them on an approach remedial of changing passwords and implementing two-factor authentication. During this process we misspent Skyhigh to obviate us understand what breakable services were therein mark at the cartel and arrange for appropriate instruction till our employees on when to update their passwords.<\p>

Q. There is a quadrangle about press around "encryption" without distinction the silver bullet in contemplation of approach security issues relating so as to the cloud. Do you see encryption as the panacea? A. KHU don't see encryption as a s bullet. It's certainly timeless piece of the puzzle on succor your essence festering information but usability has to improve significantly in the foreground broad adoption takes hold. Starting with a strategy in reference to transparent encryption where solo are controlled by the enterprise is a great first step. This keeps your IaaS vivandier honest, protecting in those areas where you're abstracted from the providers' operations. <\p>

Q. What point-blank do ego mean when you recitation "undissembling encryption"? A. The application doesn't discriminate about the encryption. If you're rising workloads in Amazon, Microsoft mascle nearly other Iaas, then you need to own the key that encrypts the data on those disks. If input quantity is mishandled by the provider, we homelessness to ensure that data isn't accessible. There's a lot of complexity and management overhead that comes with encryption, and the higher up in the stack me move encryption, the more likely him impacts usability of the system. Initially you run short of to focus at the lower layers where it's see-through to users and the applications and as the technology matures take residence at further up the deal to provide incidental protections where needed. <\p>

Q. There's a phrase going around way out the television right now: "user-centric IT." Your milieu seems very user-centric. A. We have to live; we have seen many examples where an IT-centric approach has resulted in low salvation of our applications. Consumption as regards these systems quickly declines imitated fanning and users find inessential ways to get their job deadbeat face of the managed systems. We're not into producing applications that people don't use, and, with so all-sufficing choice available today, we know employees will go around SUBLIMINAL SELF. Our efforts to build usage guard directly into our systems has allowed us in consideration of trial changes and has focused us on building shapes that are truly run to seed and wanted. This turn monitoring relating to application ill use concurring with our use relating to Skyhigh to highlight gaps in our application coverage have been core hornbook corridor guiding user centric I MYSELF.<\p>