Event Recording

Security Improvement Through Visibility of Changes in Hybrid/Multi-Cloud Environments


Log in and watch the full video!

Performing accidentally wrong or intentionally bad configuration changes by administrators, scripts or systems can lead to serious security vulnerabilities or unintentional visibility or leakage of data. This applies to on-premises systems, but especially to systems and applications in cloud environments.
With a comprehensive change auditing and reporting in hybrid environments, such critical changes and conditions can be quickly identified and remediated.
This session will deal with this topic in general and with a solution approach in particular.

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Register  
Subscribe to become a client
Choose a package  
And of course, thank you very much for joining this session. Yeah. How can you improve the security in cloud environments? Through visibility? We have heard in, in, in the other sessions, strategies, tools, or, or the, the, the general idea to use cloud or storage in the cloud to store data important data of, of, of the companies. And also let's say how to manage the permissions, the access rights and so on. That's that's okay. That's, that's, that's clear. The problem is that we have so many external systems. We have administrators who do changes. We have scripts in place, and sometimes yeah, it happens that the scripts went wrong. The administrator is not a hundred percent focused on, on, on, on things, what he must do and our approach or the approach is to have an external auditing system in place, which gives you the information, what changes are made and the ability to roll it back.
So the, the idea behind is not to, to change the, the, the way how you manage these, these areas. It's only an independent to have an independent system who is able to give you the information, the important information, because yeah, we, we all know, we all know the consequences. If data important data, internal data, mostly or internal data becomes visible to yeah. To public, we are using the public cloud changes, accidentally made changes, wrong changes, whatever to public cloud means the data is public. And this, the, the, the possible consequences we all know can be loss of reputation. It can be loss of technical advantage or loss of money. Of course. So our approach is to improve the visibility in changes here, you can see three examples. These are real examples we have seen in the last 12 month, an example, three of them for different, for different companies, different areas.
And, but, and of course, different different applications, SharePoint, one drive teams, channels, and so on. But at the end, it's storing important data in the cloud and through whatever changes this data was for seconds, for minutes, for hours available through the public cloud, to public people. And, and because, because of this, it's we think, and the feedback from our customers, we think it is it's really important to have the ability, an external system in place, a passive system in place who makes the changes visible very easily, very fast. And of course have the ability to, to, yeah, roll it back to do an undo of this, to make it clear. We don't want to change the current implementation of how you manage these systems. We only bring additional information to you to see what happened.
We are still in a, in a process to go from yeah, old environments, let's say on-premise only environments to the cloud. And because of this, we have additional challenges. The volume of changes we have now, not only one system or one area to manage, we have more areas. We have Microsoft cloud, we have Amazon cloud and so on. So it brings us a highly, an additional volume of changes and the transparency, transparency of, of these multiple yeah. Areas. It's very hard to manage to, to, to get an overview of these changes in a very easy, very fast way. At the end, we are responsible, different people are responsible for the security, for the data, for, for, yeah. For the it infrastructure. And with these additional tools with this additional solution, the approach is to make it easier to make it more visible. When you, when you think about the information on this, on this slide, the slide before it's, it's, it's, it's really interesting that multiple departments, multiple administrators, multiple people are, yeah.
Must, must provide, must be provided by, by, by this information. We, we, we don't have only the security part. We have the operations part. So the management part who are doing this, this, these, these kind of changes and yeah. Must in, yeah. In a worst case, roll back do make an undo of these changes, the security part, the, the, the C the so manager and so on, they are responsible to, for the security, but also for reporting security reporting. And we have the, the, the auditors, let's say the external people, which are not so hundred percent focused on the data, on the technical data, more abstract data, but they must do for compliance reasons. They must do reporting. So, and because we have very deep technical people in place, we have not so technical people who, who must use or who needs the data. It's important to have a solution in place, which brings the data in the format that people understand really detailed, fine grain data, technical data, but also abstracted data. Let's say the data in a human readable format to understand, to be understandable by, by, by these people. And this is one thing we are focusing with our solution with signal apps.
The other thing is it's important to have one solution in place, which fulfills all the requirements. So not to have a, a, a solution collecting the data, storing the data like the theme systems, for example, it's good to have theme systems, but they are not focusing only on changes we are, or this approach is to focus on only on, on, on changes. Let's say to, to collect the data, to do a realtime collection real time. It's important because as I said, when you, when, when the wrong or bad change happened, and the data is visible through to, to, to public, it's important to see change, to identify the change and roll it back, because maybe it was a, it was a wrong change.
And yeah, sometimes seconds more sec seconds are very problematic. It's very important to have the data on the fly, to have the ability to make the changes, to undo the changes. Because in one example, for, for example, if you, if you, if you have important internal data regarding, regarding financial things, think about a second of availability of the data in the internet can crash. Yeah. Stock exchange and, and so on. So it's, it's, it's important to fulfill the, the, the complete way from collection to the reporting to alerting very fast to store the data, of course, because for long time, because of compliance reporting purposes, but also the translation. So the ability to show the data is a raw data for technicians, but also in plain language for non technicians. So, so at the end, it's important to have this, these kind of, of, of tools of solutions available. But yeah, we are not alone. These solutions are not alone in the marketplace, as I said, SIM systems are already used. So it's also important to have yeah. APIs or, or connectors available to transport these specific information, these specific alerts to other systems. So to integrate this system, this solution in the whole yeah. World of, of existing solutions, and that's an approach we have at signal labs. And at the end, I want to invite you to our booth. We have our booth directly here in, in the center of, of, of, of this area.
I invite you to learn more about our approach, our solution signal auditor platform, and yeah. With a little bit of, of luck. Yeah. You can, you can take part of our, in our revel and yeah. Win a drone. So again, thank you very much for your attendance. Hope this brings a little bit more ideals in this direction to you and yeah. See you at our booth.

Stay Connected

KuppingerCole on social media

Related Videos

Event Recording

Cyber Hygiene Is the Backbone of an IAM Strategy

When speaking about cybersecurity, Hollywood has made us think of hooded figures in a dark alley and real-time cyber defense while typing at the speed of light. However, proper cyber security means, above all, good, clean and clear security practices that happen before-hand and all day,…

Event Recording

The Blueprint for a Cyber-Safe Society: How Denmark provided eIDs to citizens and business

Implementing digital solutions enabling only using validated digital identities as the foundation for all other IAM and cybersecurity measures is the prerequisite to establish an agile ecosystem of commerce and corporation governed by security, protection, management of…

Event Recording

Effects of Malware Hunting in Cloud Environments

Webinar Recording

Advanced Authorization in a Web 3.0 World

Business and just about every other kind of interaction is moving online, with billions of people, connected devices, machines, and bots sharing data via the internet. Consequently, managing who and what has access to what in what context, is extremely challenging. Business success depends…

Webinar Recording

A Winning Strategy for Consumer Identity & Access Management

Success in digital business depends largely on meeting customers’ ever-increasing expectations of convenience and security at every touchpoint. Finding the best strategy to achieve the optimal balance between security and convenience without compromising on either is crucial, but can…

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00