Twitter Feed
Vivek Kundra to Speak at NRO Showcase
On the 17 & 18 June, the National Reconnaissance Office (NRO) will present the premiere Innovative Solutions Showcase. Titled “Unleashing the Crowd in the Cloud: Igniting the Innovation Insurgency“, this event…
Secure Cloud Computing on Federal News Radio
Last week the Trezza Media Group, Flyzik Group and Federal News Radio combined to produce an outstanding Federal Executive Forum on Secure Cloud Computing. Moderated by Jim Flyzik, panelist included:…
My Meeting with Mr. Vivek Kundra
Earlier this week I had the distinct pleasure and opportunity to have a private meeting with Mr. Vivek Kundra. Although my time with him and Mr. Gary Washington (OMB/Egov &IT Internal…
Comments for Mr. Kundra (Thank you for the input!)
A little over a week ago I put out a request to my readers to help me with my meeting with Vivek Kundra. The response has been awesome!! thank you…
Congratulations to Roger Baker !!
My congratulations goes out to Roger Baker ! I first met Roger a little over a year ago when he interviewed me for my present job at Dataline. At that…
NDU (IRM) and DoD CIO (NII) Co-Hosting Cloud Computing and Cyber Security Symposia
I’m proud to announce two important coming events. The Information Resources Management (IRM) College and the Office of the Assistant Secretary of Defense (Networks and Information Integration)/DOD CIO are co-hosting…
Please Help Me Plan My Meeting With Mr. Vivek Kundra !!
A couple of weeks ago, I was offered a chance to meet Mr. Vivek Kundra at the Eisenhower Executive Office Building in downtown Washington, DC. Needless to say, I was…
President Obama’s 2010 Budget Highlights Cloud Computing
President Obama’s 2010 Budget (pp. 157-158) has highlighted cloud computing as a key tool for improving innovation, efficiency and effectiveness in Federal IT. ” Cloud-computing is a convenient, on-demand model…
Federal Cloud Computing Heating Up !
As fellow blogger Reuven Cohen mentions in his post, Federal cloud computing is indeed heating up: Vivek Kundra held a US Federal Government Cloud Computing Summit yesterday The Federal CIO…
USA.gov “Flips the switch” to Cloud Computing
Last weekend, USA.gov shifted to a cloud computing platform. This move is expected to reduce infrastructure expenses by 90% and drastically improve flexibility. “‘We are flipping the switch tomorrow to…
On Tuesday, October 6th, the European Court of Justice (ECJ), invalidated the U.S./EU Safe Harbor Framework. This framework, in place since 2000, gave blanket permission to data transfers from the European Union to the United States. The ruling means that national data protection authorities can now review such data transfers on an individual basis. It also complicates many aspects of data security for any enterprises doing business across the Atlantic Ocean.
This recent ruling highlights the value of having a strong security partner shepherding your enterprise through these types of perturbations. Luckily during Dell Peak Performance in Las Vegas, I had the opportunity to discuss the importance of such a partnership with Bill Evans, senior director of product marketing for Dell’s Identity and Access Management businesses.
Kevin: Bill, thank you joining use today. What is your role at Dell?
Bill: Thank you for the invitation, Kevin. I work in the product marketing group within Dell Security. Specifically I support the Identity and Access Management product portfolio.
Kevin: Identity and Access Management is a very important aspect of cloud security. What has changed in the IDAM (identity and access management) marketplace over the past 12 months? The proliferation of devices seems to be the Achilles heel to having secure IT.
Bill: Historically, when it came to IT, everything was centralized. The mainframe, the client-server model and desktop computers were all contained within a company’s network perimeter. That perimeter is now gone and organizations are now trying to deal with an IT world that has no boundaries. A recent analyst report actually stated that identity is now the new perimeter. Protecting the network from intrusion, malware and other threats is still as important as ever. Additionally though, companies need to work harder to control access to data and applications. The focus is not only on outside hackers trying to get in but on the malicious insider as well.
Kevin: With identity and access management as the new boundary for now and into the foreseeable future, how do your customers step up to this formidable challenge?
Bill: Above all, leaders and managers need to be intelligent about the investments they make in this area. This also means avoiding reflexive “knee-jerk” reactions. The first step of the process is conducting an inventory of their current infrastructure. It’s actually impossible to protect every piece of data and frankly, they don’t need to waste money and effort trying to do so. Companies do, however, need to categorize and strongly protect data that is important. Things like personally identifiable information (PII) or healthcare records need to be isolated and surrounded with strong access controls. We call this process prioritizing the need which means developing plans that protect the most sensitive data by using the strongest operationally practical protections. Organizations are then in a position to assess available tools for implementing the needed protections. Dell’s portfolio not only provides solutions for today’s problems, but it also delivers a platform that can address future needs and challenges. Security is not a one-time project so we partner with our customers over the long haul. Making intelligent business decisions across all available technologies is key.
Kevin: You’ve outlined an approach that includes infrastructure deployment decisions in combination with a sort of data triage process. I’ve also been impressed with the breadth and depth of Dell’s security portfolio. With that said, what issues are top of mind for you and the Dell security team. Which of these issues are you planning to address over the next twelve months?
Bill: That’s really a great question. The thing we’re looking at very closely right now is the impact that security has on user productivity. To be honest, on a scale from one to 10, a security and risk professional wants to turn the security dial up to 11. They want to secure everything with multiple credentials that all have very long passwords. Users don’t tend to like that approach, so if you go down that implementation path, people will generally avoid the issue by going around what they perceive as a “security hurdle”. This isn’t good for anybody, including the company.
So what we’re doing is applying some new technology that we refer to as the Dell Security Analytics Engine. Though the use of Dell’s uniquely broad security portfolio, the security analytics engine can enable context-aware security. This capability collects data in real-time from multiple security assets deployed across an enterprise. We can pull information from the Dell laptop as a managed or unmanaged device. We also extract data from the Sonicwall firewall on who is accessing what type of data from where. Data from Dell Secureworks also compares the scenario with blacklists and known threat signatures. All this information is then combined to deliver a context derived risk score to the Dell One Identity Cloud Access Manager. The access manager can then make a real-time decision on that connection.
Let me give you an example. If I log in on a Monday morning at 8:30 a.m. from the office with correct credentials, it’s a pretty safe bet that I am who I claim to be. On the other hand, this week I’m in Las Vegas at Peak Performance and will probably log in from my hotel room tonight at 9:00 p.m. The security analytic engine would flag that as being an unusual occurrence and Cloud Access Manager would interpret the higher risk score as a cue for stepping up authentication requirements. This, for instance, may mean using a one-time authentication token. If my credentials were subsequently used to login at on a Sunday at 2 a.m. from North Korea, the system would read that as a probable attack and block the transaction. The challenge is in finding that right balance between tight security and user productivity. Nine times out of 10, username and password is good enough. That tenth time, however, a little extra precaution is warranted. Users are generally willing to accept a security related inconvenience every once in a while so they won’t try to circumvent the controls. So in effect, the security team can adjust the security dials in real time.
Kevin: This seems to be a more balanced approach to security. At Dell Peak Performance we heard that enterprises have suffered over $600B in cybersecurity losses this year against just a $200B investment to protect against these losses. That doesn’t sound like a balance at all. What should senior decision makers and IT professionals learn from this statistic?
Bill: This really indicates how tough security decisions can be. While enterprises today are spending more money on security, they are also feeling worse about their security posture. Knee-jerk reactions contribute to this dichotomy. Executives, with the best of intentions but focused on addressing singular security issues, serially purchase disparate security products. These types of actions eventually lead to a patchwork of siloed security solutions. Between each of these perfectly effective solutions, however, you will find security gaps through which threats can invalidate a security strategy. As discussed earlier, we strongly recommend targeting a long-term goal with the understanding that the company cannot solve every security problem in one day. Success in this game requires partnering with a vendor that can not only address today’s issues, but also work with you to leverage a coordinated investments over time.
Kevin: With respect to identity and access management, are any specific industry verticals better positioned for this type of balanced approach? Are there any industry specific insights that you can share with us?
Bill: There is an interesting dynamic in play when it comes to user behavior and industry related expectations. While no one industry is easier or harder when it comes to data protection, they all have specific requirements related to their industry’s business model. While the requirements within industries like banking and finance are certainly different than those in healthcare, they all deal with the challenge of balancing security with the desired consumer community experience. In private, management will demand two-factor authentication throughout their respective user communities, but why hasn’t this proven control been broadly implemented? Multifactor authentication isn’t being widely used in the consumer space because of its intrusive impact on the consumer experience. A prospective customer’s decision to bank with Company A or Company B may ultimately be driven by how easy it is to get account information through a smartphone application. Daily decisions of this type forces a constant balancing between security and business needs. As consumers, we decide with our buying actions whether to accept the cost of improved security. Eventually, those same consumers will need to stand-up and state through their buying actions a willingness to pay for more robust security. We advise organizations to act smart by optionally offering enhanced security, now, because over time, all organizations will be moving in that direction.
Kevin: Do you have any final recommendations for the CEO dealing with this dilemma?
Bill: I would counsel all CEOs to start with research. You need to understand your infrastructure, thoroughly understand your threats and attack surfaces and plan for the long term. This will pay high dividends when selecting a security partner that can serve your needs as they morph and change over the long haul.
Kevin: Thank you, Bill, for your words of wisdom.
Bill: You’re welcome Kevin.
This post was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies.
( Thank you. If you enjoyed this article, get free updates by email or RSS – © Copyright Kevin L. Jackson 2015)
Cloud Computing
- CPUcoin Expands CPU/GPU Power Sharing with Cudo Ventures Enterprise Network Partnership
- CPUcoin Expands CPU/GPU Power Sharing with Cudo Ventures Enterprise Network Partnership
- Route1 Announces Q2 2019 Financial Results
- CPUcoin Expands CPU/GPU Power Sharing with Cudo Ventures Enterprise Network Partnership
- ChannelAdvisor to Present at the D.A. Davidson 18th Annual Technology Conference
Cybersecurity
- Route1 Announces Q2 2019 Financial Results
- FIRST US BANCSHARES, INC. DECLARES CASH DIVIDEND
- Business Continuity Management Planning Solution Market is Expected to Grow ~ US$ 1.6 Bn by the end of 2029 - PMR
- Atos delivers Quantum-Learning-as-a-Service to Xofia to enable artificial intelligence solutions
- New Ares IoT Botnet discovered on Android OS based Set-Top Boxes