Franck Braunstedter is the Senior Manager Cyber Defense and Cloud Security at NTT Security. He recently sat down with Enterprise Times to talk about the cloud and its security challenges.
Companies are accelerating their move to the cloud but for many, the stumbling block is security. This is not about “is the cloud secure?” but how do we match our existing security with what the cloud offers.
The biggest issue that Braunstedter see is the Identity and Access Management challenge. This is primarily due to people buying in cloud services that are just username and password. Internally they would have multi-factor authentication and this creates a security gap. What makes this surprising is that Braunstedter is not talking about home grown apps but commercial SaaS. This includes Salesforce, Office 365 and many other applications.
2FA and BYOD
One challenge of two-factor authentication (2FA) is getting acceptance from users. However, as soon as a phishing attack gets access to a system through credential theft, 2FA gets the go-ahead. 2FA does not have to be intrusive. Braunstedter says that organisations can use conditional access and risk-based analytics. These validate the user across a number of measures in real-time without requiring them to input additional tokens.
With Bring Your Own Device, users are beginning to use personal apps to store data. This brings the risk of a data breach. But moving users to more secure apps is not simple. There is user resistance to being told what to do. Braunstedter also raises the questions: “Who does the evaluation? Who says that this app is more secure than this one?” This puts the security back on identity and encrypting the data.
The conversation also touched on what cloud providers deliver in terms of security. From the types of encryption for SaaS apps and data to the protection of infrastructure and IaaS. Compliance is also a serious problem and that is also where infrastructure security comes in.
To hear more of what Braunstedter had to say, listen to the podcast.
Where can I get it?
obtain it, for Android devices from play.google.com/music/podcasts
use the Enterprise Times page on Stitcher
listen to the Enterprise Times channel on Soundcloud
listen to the podcast (below) or download the podcast to your local device and then listen there.