Image source: Flickr CC user Rina Pitucci
Security has become the biggest worry the IT world faces. With a growing number of high-profile breaches and no end in sight, we thought it wise to examine the security issues that concern IT professionals most, ensuring our products are still addressing the security and compliance needs of businesses using virtual systems.
IT’s Biggest Concerns
First up is a Bitglass survey, showing that misuse of employee credentials and improper access controls are top concerns for businesses – even more so than concerns of malware and hacking. There’s good reason for these concerns, considering both the Sony and Anthem intrusions were the result of stolen credentials.
The same survey addressed the risks to company data. Of the 1,010 respondents, 63% said that unauthorized access to sensitive company data was the number one greatest risk to their organizations. Hijacking of accounts (61%) and malicious insiders (43%) rounded out the top three risks to company data.
How Companies Are Protecting Their Data
To address these risks, companies are turning to a new philosophy in security. In the survey, 65 percent of responders said data encryption is the most effective tool for data protection. 68 percent believe a perimeter-based approach is no longer effective. We couldn’t agree more.
Sooner or later, the perimeter will be breached. If data is better protected, those unauthorized users who breach the network still have many other hurdles to overcome before they can access data. When used correctly, HyTrust tools ensure these intruders never make it to sensitive or regulated data.
CSA Report Offers a Slightly Different Perspective
Another survey from Cloud Security Alliance (CSA) offers a slightly different perspective. The biggest data protection problems identified, listed by level of importance, were:
- Data breaches
- Data loss
- Account hijacking
- Insecure application program interfaces (APIs)
- Malicious insiders
- Abuse of cloud services
- Insufficient due diligence
No matter which data threats are of biggest concern to your particular organization, when it comes to protecting data, HyTrust can help with our CloudControl and DataControl software products. Here’s how HyTrust addresses each of IT’s biggest data security concerns:
- Hijacked Accounts/Misuse of Employee Credentials – Two-factor authentication combines something you know—like a password—with something you have, such as a token. This simple security measure drastically reduces the chance of an outsider breaching insider credentials. Secondary authorization (also called ‘the two-person rule’) can ensure that no one person is able to make certain changes – such as move 100 virtual machines to untrusted servers without the approval of a manager. HyTrust CloudControl supports both these capabilities for virtualized server environments.
- Improper Access Controls – To be truly effective, access controls must be initiated on a granular level. By providing these highly configurable controls, HyTrust gives you the power to create a true multi-tenant private cloud, keeping administrators within their swim lanes to ensure compliance and prevent accidental misconfiguration that can result in application or data center downtime. In addition, our monitoring and alert systems ensure that changes to these controls don’t go unnoticed.
- Unauthorized Access to Sensitive Company Data – Whether it is customer credit card data, identity information, or even trade secrets, data is the new currency. HyTrust DataControl makes it possible to easily encrypt sensitive or regulated workloads from the virtual machine, ensuring the data is secure from the time the VM is created, wherever it travels, until it is securely decommissioned. Even if you are leveraging public cloud infrastructure as a service like AWS or vCloud Air, DataControl secures your data, and YOU keep the encryption keys, not your service provider.
- Malicious Insiders/Abuse of Cloud Services – A malicious administrator can overcome two-factor authentication. But he can’t escape the eyes of properly implemented monitoring and alert systems. HyTrust’s detailed logging system provides uncommon visibility into the actions of administrators, letting you can see unusual activity so you can investigate. In addition, secondary authorization features ensure that sensitive actions never execute without the approval of a designated second person.
- Insufficient Due Diligence – Compliance is a major data concern, especially in the cloud. By offering monitoring tools that alert you to platform and hypervisor configuration changes, you remain compliant at all times. Encryption key management tools allow you to secure data at the drive level and keep encryption keys under your control, ensuring you maintain due diligence at all times.
HyTrust Tools Protect Modern Data Infrastructures
Most of IT’s biggest concerns have to do with controlling data in the dynamic and mobile cloud. That’s why HyTrust tools focus on providing a high level of control, protecting both data and access. With our CloudControl and DataControl products, you can offer high-level protections that are easier to maintain over time and help you remain compliant with data security regulatory requirements. Contact us to find out more.