Tightening Cloud Security with Role Segmentation and Isolation

By Dustin Larmeir, TierPoint Systems Engineer

Securing the perimeter of a cloud is critical to help protect against network infiltration, but it’s key to remember that perimeter defense represents only a single layer of cloud security. What happens when someone gets past that layer of defense?

A lot of malware will communicate to external systems, passing traffic back and forth. As a result, once it infiltrates a cloud, the malicious script or controller can then ex-filtrate confidential data. That is, unless we architect network security to protect against that outcome.

In fact, with security protocols and technologies smartly designed and implemented, even when a threat actor gets inside and plants a piece of malware, it’s often possible to prevent it from getting data out. Continue reading

Reflecting on Research about Breach Recovery Costs

By Nick Molina, TierPoint IT Engineer

In the last few weeks, Kaspersky Lab generated a lot of attention from their study about the costs of a security breach, finding that it costs double to recover if virtual infrastructure is affected. You can read their report. Some of the resulting screaming headlines came across like an indictment of virtualization itself. It has moved me to chime in with a point that seems to be missing: It is largely not virtualization’s fault.

hackerYes, there are many factors that drive up breach recovery costs. One that has been overlooked in the Kaspersky report discussion is virtual machine (VM) sprawl. With VMs, it is easy to set them and forget them. They can live on even without patching or OS updates, whereas their physical counterparts more frequently tend to get decommissioned or upgraded over time. Malware loves these unpatched and neglected VMs because they provide an easier point of entry into your network and can lie in wait until they are ready to do the voodoo that they do.

Although a diligent IT team with some automation can limit sprawl, sprawl is a big problem that can substantially impact risks and recovery costs. When conducting an analysis like this, you cannot ignore people and processes as part of your evaluation. Continue reading

FAQ Friday: PCI DSS Compliance and SMBs

By Steve Sims, CISSP, TierPoint Sales Engineer

Customers frequently ask many questions about compliance in the cloud. In particular, SMBs often ask us how they can be compliant with the Payment Card Industry Data Security Standard (PCI DSS) even if they are not required to be. Every day, we share compliance advice and educate customers about selecting the right type of infrastructure solution (e.g. private or public cloud) for compliance and at what cost.

Recently, we teamed up with Fortinet, one of our technology partners, to host a forum in Seattle and Spokane addressing several security issues: Here are some highlights from our discussion: Continue reading