Recently I was invited to participant in brainstorming dealing with the definition of “CSO 2.0”, where the main point that were selected to be discussed and examined are as follows:
· What is Public cloud for Information Security Managers?
· Traditional Security in the Cloud
· Innovation & security, Better together?
However I couldn’t attend this meeting, never the less I’m sharing my thoughts
When using public clued services, web Security should be set in layered formation, in 3 layers to be exact. First layer, at the campus and branch office protecting the internal connected users. Second layer on the network for mobile users and those that are at home. Third layer at the public cloud itself protecting the access to cloud data centers.
Any solution that is used should be comprehensive and include deep visibility into the content and control (like done in QoS platforms), anti-malware / infection detection and URL filtering as well as protecting the public cloud and the network infrastructure from DDOS attacks.
Although the threat landscape rapidly changes, threat protection need to retain the current solutions and practices and to add new and innovative solutions that proof their effectiveness rather than jumping into protections against future threat that might or might not come true.
Should it be single vendor solutions or each segment beast of bread… more to follow…