Hacking campaign targets organizations through DNS hijacking attacks
infosec

Hacking campaign targets organizations through DNS hijacking attacks

Recently, a new hacking campaign, called "Sea Turtle", was launched, targeting public and private players. The characteristic...
Read More
infosec

Is the privacy of the iPhone real?

A unique ID is enabled by default on every iPhone that is available on the market, allowing advertisers to watch ...
Read More
infosec

WiFi Finder: Leak over 2 million Wi-Fi network passwords

WiFi Finder, an Android app installed by more than 100.000 users on Google Play, has leaked over ...
Read More
infosec

Cryptocurrency: Types of crime and ways of protection

When we talk about cryptocurrency always comes to our minds and crime, especially electronic crime. Cryptos are vulnerable ...
Read More
infosec tweaks

5 key steps for greater security of a data center

Data Center: We all know so far that Cloud technology has changed our lives. The cloud is here for ...
Read More
Latest Posts

Weather forecast: Clouds. Expansion of Clouds security is foreseen

clouds

clouds: As more and more companies are exploring and adopting SaaS (Software as Service) solutions for their technological needs, IT Security groups are struggling to keep clouds safe against possible leaks in the existing security system. To look at the good side, these organizations have very strong safety fundamentals for internal applications. But the challenge lies in being able to expand the security umbrella beyond the internal environments, clouds. Practically this will be implemented by creating a "hybrid solution" in part SaaS and partly hosted.

As an ancillary tool for IT organizations to better understand a cloud environment, Identropy has taken care of the "Practical SaaS Security Stack". Consists of six key key elements and related technologies which form the basis for extending the traditional internal security model into an environment based on cloud, not a replacement for the existing solutions, not a parallel solution, instead a real extension or integration of the current security solution that your company has already implemented.

In this article we will explore the forces behind the SaaS Security Stack.

  1. Discovery SaaS

What's in there clouds; The first question that needs to be asked is necessary. What is the level of risk associated with each different solution in cloud. A file at box.com e.g. can have a different risk than a file at rent-a-share.com.

  1. Identity Management cloud

The point here is to extend and integrate the right people with the correct access, at the right time, this function, that is to your applications using the cloud. This component maintains improved efficiency and compliance with regulations concerning the provision of new employees / contractors, new transfers and assignments, reductions in transfers and termination of duties as well as access management and renewal of certifications.

  1. Data loss prevention (Data Loss Prevention DLP)

The same care is taken with the content of data sent by e-mail outside of the company, the DLP can monitor data that leaves your environment for clouded applications that have not yet been discovered.

  1. Clouds SSO / Authentication

How many times do we need to solve / expand the sign on? Large 80 computers, 90 networks, 2000 internal applications, and now-based applications clouds. Just as in previous issues, we just deal with numbers of passwords and therefore with the numbers of the fields where these passwords should be assigned. One-way identification with a password, a second identification method called the two factor authentication and eventually the multi-authentication method or multi factor authentication, which is the ultimate goal.

  1. Encryption / Tokenization

This is the latest security for your data. Most companies use it encryption only for inactive data. Possibly some forms of active data within the hosted IT environment may have already been considered as well. With the SaaS applications in the game, your data will always be inactive, then active and then inactive again.

  1. SaaS Identity Activity Monitoring

The SaaS management process will really determine how and when to scan for new SaaS applications as well as how to identify and categorize them. The SaaS Identity Activity Monitoring takes the user activity report to a level further specifying who has access to what specific data element, what it did with that data, who it shared, when, etc. Then check and record that the employee entered in that URL address and shared the file at a specific date, from a specific location and IP address. Excellent;

Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *