Recently
I was invited to participant in brainstorming dealing with the definition of “CSO
2.0”, where the main point that were selected to be discussed and examined are
as follows:
·
What is Public cloud for Information Security Managers?
·
Traditional Security in the Cloud
·
Innovation & security, Better together?
However
I couldn’t attend this meeting, never the less I’m sharing my thoughts
When
using public clued services, web Security should be set in layered formation, in
3 layers to be exact. First layer, at the campus and branch office protecting
the internal connected users. Second layer on the network for mobile users and
those that are at home. Third layer at the public cloud itself protecting the
access to cloud data centers.
Any solution
that is used should be comprehensive and include deep visibility into the content
and control (like done in QoS platforms), anti-malware / infection detection and
URL filtering as well as protecting the public cloud and the network
infrastructure from DDOS attacks.
Although the threat
landscape rapidly changes, threat protection need to retain the current
solutions and practices and to add new and innovative solutions that proof their
effectiveness rather than jumping into protections against future threat that
might or might not come true.
Should
it be single vendor solutions or each segment beast of bread… more to follow…
