Posts Tagged ‘begin cloud security’

BeyondTrust announced it was awarded U.S. patent number 8,006,088 covering key technologies that allow administrator privileges to be limited on a per-application basis on Microsoft Windows computers.

BeyondTrust is committed to innovation and thought leadership in the privileged identity management market, demonstrated by this latest patent, said John Mutch, CEO at BeyondTrust. The patent, which makes claims in connection with our technology for granting and removing user rights on a per-application basis, demonstrates our clear leadership in this market, and proves we are ahead of the competition in technology innovation and the fight against insider threats.

The patent covers the technology in BeyondTrust’s PowerBroker Desktops product for the network-based management of application security by modifying a Windows security token on a per-application basis. Specifically, the patent covers the methods by which PowerBroker Desktops modifies application security tokens by adding or removing permissions or privileges from the security token on a per-process basis, based on a set of rules that are enforced by an agent on the client.

Today’s marketplace is growing increasingly competitive with the introduction of new technologies almost daily, and the most successful businesses will be those that leverage their intellectual property to give customers the assurances they need when buying new products and services, continued Mutch. BeyondTrust has a number of patents covering our technology, and we are anticipating strong revenue growth as IT departments increasingly adopt the least privilege model of defending against insider threats.

Demand for Windows privilege management in particular is growing rapidly as more IT departments look for ways to mitigate insider threats (as well as reducing external threats from hacking or malware) as part of their Windows 7 deployments.

Here’s more information about the patent.

Trust, security and privacy are three terms that surface quickly when people are discussing cloud computing. A survey, reported on by McAfee here and done by IDC showed more than 85 percent of Software-as-a-Service users were uncomfortable adopting cloud services because of security concerns. For those in construction, architecture and engineering the stakes are high.

From the cloud computing trust perspective AEC firms are concerned about uptime, file availability and bandwidth, not to mention the need for some reassurance that the company housing the data and providing the links is in business for the long haul.

But it’s the security and privacy implications of cloud computing that make those in construction businesses shiver the most. Security of files and documents that hold sensitive company and customer information is of top concern. Especially with companies in the AEC industries, the types of files where the information may be stored are expansive. Email, memos, images and contract documents might seem innocuous on the surface, but when you scrutinize them closely there are many opportunities for information compromise.

Where privacy is concerned there are compliance regulations that have to be followed, and for companies doing business across national borders the complexity of managing the privacy needs of the information gets increasingly difficult. Governments, standards organizations and computer software and hardware associations are grappling with the issues of trust, security and privacy for the cloud.

Data Security Policy

One key player is the Cloud Security Alliance that includes individuals, corporations and industry groups organized into chapters.

The U.S. Federal government has stepped up to the plate and thrown its weight behind the cloud computing concept. The recently appointed federal CIO, Vivek Kundra, is bullish on getting the government out of data center operations and on to the cloud provided by outsiders. Classified data will be handled on a platform designed by NASA called Nebula.

The National Institute of Standards and Technology (NIST) released a draft of its “Guide to Security for Full Virtualization Technologies,” July 21, 2010. In brief the recommendations outlined in the press release were:

• Secure all elements of a full virtualization solution and maintain their security;
• Restrict and protect administrator access to the virtualization solution;
• Ensure that the hypervisor, the central program that runs the virtual environment, is properly secured; and
• Carefully plan the security for a full virtualization solution before installing, configuring and deploying it.

Brian Anderson, chief marketing officer for BeyondTrust, a solutions provider for privilege authorization management, access control and security solutions for virtualization and cloud computing environments suggests attending to security in this order:

• Be sure data is encrypted
• Provide transmission security
• Maintain physical security of devices holding data
• Use secure authentication to ensure the identities of those with access
• Give the least amount of authorization to administrators as possible

You can also download the Cloud Security Alliance’s “Cloud Security Guide,” for very in-depth cloud security guidance and advice on the right questions to ask of cloud providers and managed security services.