IT Briefcase Exclusive Interview: Secure Cloud Computing with Dave Elliott, Symantec

There is no doubt that Cloud Computing, IT Security, and BYOD present a wide array of benefits and challenges to modern organizations.

In the below interview, Dave Elliott from Symantec offers expert advice for organizations interested in safely transitioning to the Cloud and overcoming security challenges associated with BYOD.

• Q. IT Security plays an inevitable role in securing Cloud Computing. What advice can you offer to businesses that are trying to move safely to the Cloud?

A. While clouds will be the norm in the not too distant future, today many cloud providers are generalists in the early stages of what will be something very different. Realizing future safe clouds requires a level of specialization in order to be successful; even the largest private companies can’t hire enough expertise to be highly confident that they’re safe. Organizations of all sizes will need a rigorous cloud approach and industry leading partners to help navigate through the cloud complexities. To achieve this safe clouds environment, the IT industry needs to enforce rigorous cloud strategies around the protection of policy, information, people and infrastructures.

Symantec recently conducted a two-prong survey at Cloud Expo to understand the behavior of employees when it comes to use of cloud applications at work. First, we asked employees, who regularly use computers for their job, a series of 10 questions about cloud applications, including email, file share, storage/backup, productivity apps and contact manager apps, and policies in the workplace. Then, we asked the same questions of IT managers/staff on-site at Cloud Expo West.

Symantec found that new cloud services are being used by employees whether IT is ready or not. IT needs to enable these cloud interactions while keeping their information, people and infrastructure protected. Symantec recommends organizations follow best practices to enable cloud services, while mitigating the new risk they pose to organizations:

• – Understand that all data is not equal. For organizations looking for a route map to get them across the minefield that is the future of IT, understanding data, its importance and risks is a good a place to start.

• – Implement policies restricting how employees can access and share sensitive data in clouds. Developing and maintaining simple policies can be a powerful step toward safe cloud application practices.

• – Educate employees on cloud policies and enforce them. By maintaining oversight, you can ensure employees know how and when to use cloud applications efficiently and securely.

• – Take a “pick one” approach. Identify what it is that users need. If users need file sharing, collaboration or social media, choose a cloud solution that addresses that need. Effectively bless it, certify it, implement controls on it, and let employees use it. Once you’ve given users what they need, lock down all competing cloud services.

• – Establish a single control point for public cloud interactions. New cloud gateway solutions can create a protective cloud wrapper above and around many clouds for organizations to protect and control their business information and people.

• Q. How can businesses today begin to overcome the security challenges that are being created through the evolution of BYOD (Bring Your Own Device)?

A. The cloud and mobile trends are being driven by user demands for convenient access to data and extreme portability.  In the past, it was fairly easy to keep corporate data protected by keeping it within an established perimeter—protected by established access controls and passwords.  That model has been blown apart as BYOD has taken over.  Add to that the accessibility and usability of file sharing services like Dropbox and you can see why this transformation has information security managers concerned.  Almost suddenly, corporate data is “in the cloud” and outside the traditional protection tools.  At the same time, highly confidential email data and files are stored on highly portable devices.  This isn’t a trend that organizations can deal with by saying “no.”  They urgently need solutions to help secure confidential data and limit access– whether it is a smartphone or tablet, the concern is real.

Symantec offers new encryption solutions to protect data stored in the cloud and to access encrypted files stored in the cloud and protect confidential email for mobile. Symantec File Share Encryption for iOS, which is mobile access for encrypted files stored in Dropbox, gives customers secure access to their information in the cloud anytime and anywhere on iOS devices. Symantec Mobile Encryption for iOS and Android solve the problem of protecting confidential email data on mobile devices as well as giving the mobile device owner the ability to compose an encrypted email (iOS only).

Symantec also offers Symantec Mobile Management to help overcome BYOD security challenges.  Symantec Mobile Management is a scalable MDM platform that enterprises can rely on to enable, secure and manage mobile devices. Symantec Mobile Management provides the scalability and robustness for enterprises to mobilize with confidence. Supports iOS, Android and Windows Phone platforms.

• Q. Where do you see Cloud Computing heading over the next 10 years?

A. In the future, clouds will be ubiquitous.  Productivity and collaboration will be the focus and security and availability will be expected and built into the foundation of clouds. There will be many clouds that are seamless, flexible and integrated

Symantec breaks down cloud barriers by providing companies with three cloud solution models and comprehensive portfolio that provides companies of all sizes a variety of cloud solutions to address their specific needs and current IT environments.

• – Consume hosted cloud services by cloud service providers. Businesses of all sizes are increasingly migrating to hosted cloud service providers for the competitive advantages that enable them to avoid expensive and complicated IT build outs and to realize improved cost-savings, IT efficiencies, scalability and market agility. Symantec partners with businesses to achieve their cloud strategies and protect the information and people integral to their business, through our current integrated services.

• – Build efficient and available private and public safe clouds. As Symantec envisions a future world of safe clouds, enterprises today seek the powerful combination of agility and efficiency, promised from cloud computing, with the visibility and control inherent to the data center. Leveraging enterprises current IT investments, Symantec helps organizations accelerate virtualization and build highly protected and compliant clouds for safe, available and resilient clouds.

• – Extend into safe cloud applications and storage by third-party cloud providers. For enterprises extending their IT investments to private and public clouds for cloud applications, storage and virtualized environments, Symantec enables organizations to achieve increased protection, visibility and control of their information. This improved information management provides better insight and audit reporting to efficiently meet compliance and data privacy requirements.

• Q. What current products and services are being offered by Symantec to help organizations take a holistic approach to secure Cloud Computing?

A. To support its vision of many connected clouds that are safe, agile and efficient, there are three cloud solution models (explained in the previous answer), that include products and services to help companies successfully migrate into safe clouds.

• – Consume Clouds: Symantec.cloud services provide essential protection while virtually eliminating the need to manage hardware and software on site. In addition, Symantec Endpoint Protection Small Business Edition 2013 offers simple, fast and effective protection against viruses and malware. It is available as a cloud-managed service, or an on-premise management application depending upon the needs of the small business.

• – Build Clouds: To build efficient and available private and public safe clouds, Symantec offers Cloud Protection for Service Providers Comprehensive protection (formerly Scan Engine), and Resilient Clouds with Veritas Cluster Server, Veritas Operations Manager, Virtual Business Services. Symantec also offers Cloud Smart Training for partners.

• – Extend into Clouds: To extend into safe cloud applications and third-party storage, Symantec O3 is a cloud information protection platform that provides context-based access control, information security and information management “as a service” for users of cloud applications and services. It supports any endpoint, including mobile. It provides compliance information for access and information events that supports audits and forensics.  Symantec File Share Encryption gives organizations the ability to automatically encrypt all files that their users store on Dropbox. It supplements Dropbox’s native encryption.

• – Symantec also offers partners and customers Cloud Security Essentials Training and ‘Safe Cloud Now’ Event Series.

In addition, Symantec recently announced Norton Zone for consumers, a new secure file sharing service that allows users to safely access, sync and share photos, videos and documents from any of their PC, Mac, Android or iOS devices.

• Q. Can you please give us a few “real life” examples of how Symantec O3 is working for organizations today?

A. Symantec customer, Citizens Business Bank, sees cloud services as a major advantage for their business, associates, partners, and customers. Symantec provides them with the expertise, cloud training and integrated safe cloud solutions, leveraging their infrastructures, to deliver on their cloud strategies.

As with Citizens Business Bank, Symantec O3 enables its partners and customers to embrace the business agility and cost advantages of the cloud.  O3 offers a single point of identity and access control, and related policies, for cloud apps for all endpoints. O3 is also easily integrated with existing identity stores, various cloud app authentication and a simple cloud single-sign on for user.

• Q. How else is Symantec working to help organizations retain control over securing data, while at the same time allowing business units the freedom to access the information they need to properly expedite their daily tasks?

A. According to a survey conducted by Symantec and the Cloud Security Alliance (CSA) at the CSA Summit earlier this year, more than half of organizations indicate they are less than somewhat prepared to secure public cloud services.

In short, what this survey reveals is that it’s important to have your own security for the cloud but that IT staff  are not yet well prepared to secure the cloud. IT staff needs cloud security training.

The leadership needed to secure the cloud requires standardized training and skills that will enable IT staff to confidently move into the cloud. The CSA’s Certificate of Cloud Security Knowledge (CCSK) provides IT security professionals with the knowledge and hands-on experience they need to effectively protect their companies’ data in the cloud. Symantec has partnered with the CSA to deliver training for the CCSK exam to prepare IT pros.

Symantec knows the importance of effectively managing information, no matter where it resides. Our customers are also dealing with the challenges of information sprawl as organizations increase the level of information stored and accessed outside of the firewall.

Customers want control of their information, but they also need to be compliant with industry regulations. Symantec Control Compliance Suite 11 allows CISOs to communicate IT risk in business-relevant terms, prioritize remediation efforts based on a composite view of risk, and automate assessment processes to improve your overall security and compliance posture.

In addition to Control Compliance Suite 11, Symantec enables IT to gain insight and control, while easing data management through products like O3. In fact, Symantec is integrating O3 throughout the company.  Symantec is protecting information that its employees are storing, managing and accessing through cloud services.

Dave Elliott is responsible for Global Cloud Marketing at Symantec. In his role, he drives market strategy for security and availability solutions from Symantec designed to help companies that build or use cloud services. Mr. Elliott was an early advocate of cloud computing while at Sun Microsystems in the 1990s and has spent his career helping companies understand and embrace emerging technologies.

Prior to Symantec, Elliott served as vice president of marketing at Arkeia Software, an innovator in information protection for virtual and cloud environments. Earlier, Mr. Elliott was responsible for Strategic Development for Iomega Corporations’ PSS Business Unit, where he drove strategy, OEM and alliance partnerships. Before that, he was with enterprise software vendor Blue Martini Software where he helped lead the marketing and business development efforts through a successful IPO. Mr. Elliott also spent several years consulting with technology companies on strategy and marketing while with the high tech strategy practice of management consulting firm A.T. Kearney. Early in his career, Mr. Elliott co-founded and was VP of Sales & Marketing for software training firm Advanced Knowledge Systems (AKS).

Mr. Elliott holds an MBA from the University of California at Berkeley’s Haas School of Business, and a BA in Economics from the University of California, San Diego.