After a trying day at the Security Operations Center (SOC), a Privileged Access Management (PAM) super-admin just wants to have a nice cup of tea and a few minutes relaxing in front of the television before turning in for the night. But, as he dozes and slips into an InfoSec fever dream, he desperately seeks entertainment, flipping through the channels, returning again and again to the classic “New Rules” segment of “Real Time with Bill Maher.”
Misappropriation of user identity is one of the root causes of many serious cybersecurity incidents. The threat can appear as a malicious actor impersonating an authorized system user, a hacker creating a fictitious user account, or a legitimate user taking improper actions. In each case, security managers may have trouble detecting the actions of an ill-intentioned user or they discover the problem after the fact.
Amazon Web Services (AWS) present a good news story for service providers, but security challenges remain. AWS gives service providers a way to grow their businesses without having to deal with many of the hassles and costs of maintaining a cloud infrastructure. A Managed Security Services Provider (MSSP), for instance, can let AWS do the heavy lifting for them, supplying an essentially infinitely scalable infrastructure.
Microsoft Azure offers broad, exciting new capabilities for enterprise IT. The new Azure IoT Hub, which enables large-scale deployment of Internet of Things devices, is just one example. The IoT Hub, however, presents a number of challenges, such as security monitoring on Azure.
Confidence in cloud security is growing. According to the Ponemon Institute’s 2018 Global Cloud Data Security Study, the percent of IT managers who feel that it is difficult to secure confidential or sensitive information in the cloud has fallen from 60% in 2016 to 49% today. That trend notwithstanding, many in the industry still feel cloud security is difficult to achieve. The same study reveals that 71% of IT managers believe is more difficult to apply conventional information security in the cloud computing environment, while 51% think it is more difficult to control or restrict end-user access.