ORLANDO, Fla.--The advanced, targeted nature of cyberattacks requires security to be more resilient, and enterprises can't abdicate that responsibility to cloud providers, Art Coviello, executive chairman of RSA, the safety Division of EMC Corp., said Wednesday.
Coviello mentioned changes in technology, attack trends, and elements for building a trusted cloud in a gap keynote on the Cloud Security Alliance Congress 2011, held here.
The massive changes in technology during the last 10 years, including the upward thrust of social networking, have made enterprises more open than ever before and attackers are taking advantage, he said. They're waging more targeted attacks, he said, adding that APT isn't a safety industry conspiracy to sell more products, but rather a strategy utilized by nation-state attackers that involves stealthy, persistent intelligence gathering over long periods of time.
Oftentimes, the attacker compromises one organization to infiltrate another, he said. The phishing emails utilized in the attack against RSA came from a sound organization known to RSA but were compromised.
“All folks as security professionals change the manner we expect,†Coviello said. Security has to be made resilient enough to detect attacks and mitigate damage â€" a responsibility cloud customers can't quit to their providers, he added.
The new resilient security model involves aggregating information and contextual capabilities to recover visibility, Coviello said. This visibility also includes gathering Big Data from every little thing of the enterprise, not only logs, to enable real-time analysis and a contextual view, he said. “Security must adopt a gigantic data view. … The age of giant Data has arrived in security management.â€
Enterprises intend to make sure their cloud providers have Big Data, real-time response capabilities and monitor their ongoing compliance, Coviello said.
Reaching the goal of trust within the cloud involves security becoming logical and information-centric, automated (by building security into virtualized environments), risk based and adaptive, Coviello said.
Coviello also noted security technologies â€" ones that RSA provides, naturally -- which are necessary as companies move applications and infrastructure to the cloud, including identity and access management and DLP.
Building a trusted cloud would require a more mature ecosystem of providers inclusive of a metamorphosis inside the enterprise security model, he said. “All folks listed below are liable for building the trusted cloud.â€
Earlier in his talk, Coviello said there hasn't been a single instance by which the info stolen from RSA was utilized in a successful attack. “We were in a position to see the attack in progess and get a hold of mitigating steps,†he said. “Ultimately, nobody got hurt from the attack.â€
Nessun commento:
Posta un commento
Comments links could be nofollow free