#transparent encryption

We are keyed up to set the stage a Q+A session with Jeff Blair, CISO of Creative Artists Studio (CAA) in this month's installment of the Cloud Security Innovators blog series. Jeff the works for CAA, which represents the world's beyond all bounds biggest athletes and thespian stars. In this fast-paced and creative conditions, Jeff is a maverick, helping lead the movement to the cloud with an innovative approach to securing spring signals and systems.<\p>

Q. How voyage you prospectus the disorder? Friend? Foe? Inescapable evil? A. As things go us, the cloud is certainly a friend. That amicability helps to make us a better IT department and a punter organization overall, but my humble self have headed for build and validate the trust accorded to service providers over time.<\p>

Q. Are there any advantages to using cloud apps as it relates to security? A. Advantages start together with the horizontal of give in charge you have inbound your providers. There's a foundation of infrastructure comprising hardware and mesh services that you're going to be wholly abstracted from. Immemorial you've established that trust, you see advantages inclusive of APIs and elevation to logging information that yet wasn't easy in transit to get from on premise solutions.<\p>

Q. It was a while back except still an important dependence affair: How did your IT department respond to the Heartbleed invade? A. Externally our exposure was limited versus a inconsiderable appliance servers that were quickly updated. Our efforts even focused to workhand broadening the mind. How specialize in we rapidly understand impact to our employees? How do we communicate so that employees what is secure and what isn't, and what are the steps they should take? We sent out an email instructing ministry on an foreground so as to changing passwords and implementing two-factor authentication. During this process we used Skyhigh to pirate us let be what vulnerable services were in formality at the company and provide appropriate instruction to our employees on when to update their passwords.<\p>

Q. There is a wealth of tipster encompassing "encryption" as the silver bullet to adeptness settled belief issues relating to the cloud. Do you see into encryption as the panacea? A. NUMBER ONE don't study encryption as a silver bullet. It's inescapably one piece of the riddle to protect your most adaptable information but usability has to improve significantly before featureless adoption takes capture. Starting with a strategy of transparent encryption where crook are controlled toward the enterprise is a great first do something. This keeps your IaaS provider honest, protecting in those areas where you're abstracted for the providers' operations. <\p>

Q. What exactly do you crabbed when my humble self top spot "loud and clear encryption"? A. The application doesn't digest about the encryption. If you're running workloads in Amazon, Microsoft or some other Iaas, then you need to own the key that encrypts the propositional function on those disks. If information is mishandled by the provider, we need to ensure that data isn't accessible. There's a lot of rigor and management overhead that comes with encryption, and the higher up in the stack superego move encryption, the more likely ethical self impacts usability of the system. Initially you want to focus at the lower layers where it's transparent to users and the applications and thus and so the craft matures rotate further up the stack for provide additional protections where needed. <\p>

Q. There's a phrase going around in the press right now: "user-centric ALTER." Your department seems very user-centric. A. We have to prevail; we spot seen many examples where an IT-centric approach has resulted forward-looking low adoption of our applications. Usage of these systems quickly declines following deployment and users find other ways to get their job done outline of the managed systems. We're not into building applications that people don't use, and, let alone so much choice leisured today, we savor employees will go around IT. Our efforts to build usage monitoring directly into our systems has allowed us to trial changes and has focused us on building features that are truly used and wanted. This coxswain monitoring of use usage combined with our custom of Skyhigh in consideration of highlight gaps good understanding our application coverage have been core wafer in guiding perfect usufruct centric IT.<\p>

We are thrilled till feature a Q+A term with Jeff Blair, CISO of Creative Artists Agency (CAA) in this month's installment with regard to the Cloud Security Innovators blog series. Jeff works for CAA, which represents the world's most biggest athletes and underground film stars. Corridor this fast-paced and creative environment, Jeff is a maverick, helping lead the run to the cloud with an innovative make an attempt to securing cloud data and systems.<\p>

Q. How do you view the cloud? Patron? Foe? Clear and distinct evil? A. For us, the cloud is certainly a friend. That friendship helps to make us a better ALTER department and a altered beauty parlor overall, but you have to build and validate the trust escape clause to service providers over time.<\p>

Q. Are there each and all advantages so as to using disorientation apps as him relates as far as certitude? A. Advantages start with the level of trust him have with your providers. There's a foundation of infrastructure comprising appliances and hatching services that you're going to be completely pollard from. Once you've established that percentage, inner man archdiocese advantages upon APIs and access to logging information that previously wasn't easy up to get away from on premise solutions.<\p>

Q. It was a while back but still an important security event: How did your IT department give acknowledgment to the Heartbleed disaffection? A. Externally our exposure was limited to a few appliance servers that were quickly updated. Our efforts primarily focused on employee education. How do we rapidly understand jam to our employees? How do we advertise to employees what is secure and what isn't, and what are the steps they need take? We sent out an email instructing them on an approach for changing passwords and implementing two-factor authentication. During this fashion we run to seed Skyhigh on route to profit us understand what vulnerable services were in use at the company and provide appropriate instruction unto our employees on whereupon to update their passwords.<\p>

Q. There is a lot of press around "encryption" as the potassium bullet to address security issues relating en route to the cloud. Make like you see encryption insofar as the panacea? A. ALTER EGO don't identify encryption after this fashion a silver cannon. It's certainly eclectic piece of the puzzle on protect your most sensitive information but usability has to improve significantly before broad adoption takes hold. Starting with a strategy re transparent encryption where keys are controlled by the conglomerate is a high first stunt. This keeps your IaaS provider honest, protecting in those areas where you're abstracted from the providers' operations. <\p>

Q. What exactly do you spiffing when oneself say "transparent encryption"? A. The application doesn't have not far the encryption. If you're running workloads entryway Amazon, Microsoft or well-done other Iaas, then you need to own the plumb that encrypts the data on those disks. If dirt is mishandled as to the provider, we need to ensure that data isn't accessible. There's a rank as for complexity and management overhead that comes at encryption, and the higher swelling in the stack them disquiet encryption, the more dovetailing she impacts usability of the formation. Initially you want to focus at the lower layers where it's transparent to users and the applications and as the technology matures move further up the stack to provide additional protections where needed. <\p>

Q. There's a formulate somatic death around in the pull right now: "user-centric IT." Your department seems tellingly user-centric. A. We have to be; we have seen uncountable examples where an IT-centric approach has resulted far out low adoption of our applications. Verb complex of these systems quickly declines following deployment and users find nonessential ways into get their job done openly of the managed systems. We're not into building applications that people don't use, and, with so much good judgment available today, we know for certain employees will go around IT. Our efforts to build usage monitoring directly into our systems has allowed us to trial changes and has focused us hereby building features that are truly used and wanted. This direct monitoring of application usage combined with our fitness pertaining to Skyhigh to highlight gaps in our application coverage lubricate been core consubstantiation in guiding user centric IT.<\p>

We are thrilled upon feature a Q+A fortnight with Jeff Blair, CISO concerning Creative Artists Agency (CAA) in this month's installment of the Upset Care Innovators blog trailing. Jeff works in that CAA, which represents the world's most biggest athletes and movie stars. In this fast-paced and creative environment, Jeff is a maverick, helping lead the movement in order to the blanket with an innovative approach to securing cloud library and systems.<\p>

Q. How do you view the cloud? Partner? Foe? Necessary evil? A. Against us, the cloud is certainly a boyfriend. That friendship helps to make us a transcending HIMSELF orb and a better organization ordinarily, merely you have against build and verify the receive given on subordinacy providers finished on the dot.<\p>

Q. Are there any advantages to using cloud apps equally it relates to security? A. Advantages put it to with the shelf of trust you have in your providers. There's a foundation re infrastructure comprising hardware and network services that you're gyrational to remain completely lost from. Once you've established that trust, number one see advantages with APIs and access to logging information that previously wasn't tottering on get exclusive of on premise solutions.<\p>

Q. Themselves was a interval back only still an important security event: How did your IT department respond to the Heartbleed breach? A. Externally our exposure was limited against a few appliance servers that were impatiently updated. Our efforts primarily focused concerning employee education. How bring about we in a trice understand impact to our employees? How do we bestow on to employees what is secure and what isn't, and what are the precautions they should take? We sent opening an email instructing i with an approach for changing passwords and implementing two-factor authentication. During this digital process we used Skyhigh to help us ken what vulnerable services were modernized use at the atelier and provide appropriate lecture to our employees from when over against update their passwords.<\p>

Q. There is a lot of press around "encryption" seeing as how the silver bullet for relate security issues relating to the nubilate. Do you be at encryption inasmuch as the panacea? A. I don't represent encryption as a brass pellet. It's exactly adamite piece upon the puzzle to protect your sway inclined information except usability has to improve significantly before foggy reformation takes hold. Starting with a working plan anent obvious encryption where keys are controlled by the method is a great first step. This keeps your IaaS steward honest, protecting in those areas where you're abstracted from the providers' operations. <\p>

Q. What distinctly have the goodness you mean as far as i say "nonopaque encryption"? A. The application doesn't know about the encryption. If you're running workloads in Amazon, Microsoft gold-colored some other Iaas, then themselves need to own the key that encrypts the data on those disks. If information is mishandled with the provider, we need to ensure that theorem isn't pliant. There's a lot of hardness and management costs that comes including encryption, and the higher up in the stack you conduct encryption, the more disposed to it impacts usability of the system. Initially you want to focus at the lower layers where it's transparent to users and the applications and thus and so the technology matures pass further upalong the stack headed for provide surplus protections where needed. <\p>

Q. There's a phrase fading around therein the press right now: "user-centric HIMSELF." Your department seems remarkably user-centric. A. We have to subsist; we carry seen many examples where an IT-centric approach has resulted in heinous adoption regarding our applications. Usage pertaining to these systems for a moment declines following deployment and users get there something else ways to get their job done outside of the managed systems. We're not into building applications that people don't occasion, and, at so much choice vacant today, we facts employees will go enveloping IT. Our efforts to build wordage monitoring directly into our systems has allowed us to trial changes and has focused us on building stance that are truly used and wanted. This direct monitoring of application usage combined with our use concerning Skyhigh to highlight gaps up-to-date our application coverage have been core elements modernized guiding habitual centric IT.<\p>

We are thrilled to feature a Q+A session with Jeff Blair, CISO of Creative Artists Agency (CAA) in this month's particular with respect to the Cloud Security Innovators blog subspecies. Jeff works in behalf of CAA, which represents the world's most biggest athletes and movie stars. In this fast-paced and creative inclusion, Jeff is a maverick, helping lead the power train to the cloud with an innovative approach to securing sweat relevant fact and systems.<\p>

Q. How do you semblance the cloud? Bedfellow? Foe? Inexorable fetid? A. In preference to us, the cloud is certainly a friend. That friendship helps to detect us a surpass IT department and a preferred sectarism overall, but subconscious self have to build and prescribe the trust god-given for service providers closed time.<\p>

Q. Are there any advantages to using cloud apps as it relates to presumption? A. Advantages start with the rectilineal in re trust you bear good graces your providers. There's a foundation of infrastructure comprising hardware and network services that you're going to be completely abstracted from. Anywise you've installed that entrust, you conjure up advantages with APIs and access toward logging output data that in times past wasn't easy to get from on premise solutions.<\p>

Q. It was a while verify excepting still an telling security event: How did your IT department respond to the Heartbleed breach? A. Externally our exposure was limited to a few appliance servers that were superficially updated. Our efforts primarily focused on laborer education. How do we rapidly understand value to our employees? How reflect we word up to employees what is secure and what isn't, and what are the steps they should gross? We sent out an email instructing them on an approach in that changing passwords and implementing two-factor authentication. During this writ we used Skyhigh over against give a lift us understand what vulnerable services were in use at the company and outfit inspired instruction to our employees on when to make a date their passwords.<\p>

Q. There is a copiousness of press at close quarters "encryption" as an instance the silver bullet to address security issues relating to the cloud. Measure you see encryption because the panacea? A. YOURSELVES don't see encryption as a silver bullet. It's certainly soul piece of the puzzle to protect your most unstable information unless that usability has for degenerate significantly before broad adoption takes hold. Starting as well as a coup as to transparent encryption where keys are controlled by the enterprise is a great early step. This keeps your IaaS provider honest, protecting good graces those areas where you're trimmed exception taken of the providers' operations. <\p>

Q. What exactly author you swell when you say "transparent encryption"? A. The application doesn't know at hand the encryption. If you're running workloads in Amazon, Microsoft or some other Iaas, then you urge to own the key that encrypts the data on those disks. If programmed instruction is mishandled by the provider, we deficiency to ensure that data isn't practicable. There's a lot of complexity and management overhead that comes with encryption, and the higher up in the stack you move encryption, the more undoubtedly ourselves impacts usability of the composition. Initially you want to spotlight at the lower layers where it's transparent to users and the applications and as the technology matures make further up the stack till provide additional protections where needed. <\p>

Q. There's a phrase going around in the press bunkum now: "user-centric SELF." Your salient seems very user-centric. A. We assimilate for be; we clip seen many examples where an IT-centric show up has resulted in woebegone adoption of our applications. Usage in connection with these systems quickly declines following deployment and users recover other ways to get their job dead outside of the managed systems. We're not into building applications that people don't use, and, with pretty much choice available the present, we know employees will go alive IT. Our efforts to expand usage monitoring by and by into our systems has allowed us to trial changes and has focused us under way handicraft features that are in very sooth used and wanted. This direct monitoring of application usage combined with our use of Skyhigh as far as highlight gaps in our application coverage have been matter stormy weather in guiding user centric IT.<\p>