EUC Use Cases: Secure Hybrid Cloud
Whenever I talk to security vendors and others about where security is going, or more to the point, should go, I draw out a use case I have developed over the years. It has grown and changed as the concept of the secure hybrid cloud has developed and expanded. The example I use demonstrates the need for policy not only to cover the data and systems, but also to follow the user as they access the data. The entry point to any secure hybrid cloud is the user. Where that user goes tells us how they touch and access data. We may want a security context around the data, but how that context should react depends on how, from where, with what, when, and hopefully why the data is accessed.
I will state up front that without proper classification, as in knowledge about the sensitivity of the data we wish to secure, the entire concept of data-centric security falls apart. The number of controls we wish to apply to data depends entirely on the classification of the data. Therefore, if you have not already done so, you need to develop a formal plan that classifies your data into at least two categories: data that is public and data that is private. Not all data is the same.
To read the complete article, CLICK HERE
NOTE: This column was originally published in The Virtualization Practice Newsletter.