Philip Lieberman, founder and President of Lieberman Software – the privileged identity management specialist – says that providing cloud-based security systems is a complex process, as when high numbers of users are involved, commercial software to support the deployment of these type of IT security systems is very thin on the ground.
Because of this, he says, a fundamental shift in users’ approach to security has to take place.
“When it comes to software applications, most people use a GUI interface. But what do you when the number of machines is so great that you cannot physically sit down enough people – in front of the consoles required – to remediate a given problem?”
And this situation, he told ITSP, is compounded by the fact that hackers and nation states are using automation to break into systems.
Speaking with ITSP in our latest security audiocast, Lieberman says that this is a pretty severe security problem in that you simply cannot counter automated hacking systems using manual systems of this type.
“We have developed a new type of security protocol in which the application becomes a platform. We have developed security as a platform,” he explained.
Lieberman says that the idea of remediation – after the fact – means that you have to turn your software solution inside out when developing it for a cloud-computing environment that services a great many users.
It’s at this point, he adds, that it becomes apparent that humans are not longer running your software product – your product, he explained, is being managed by computers.
“[Obviously] you have a GUI interface for exception issues. But other automated processes are handled via a Web interface that achieves greater scale and better coverage,” he said.
This, says Lieberman, is what orchestration is about – automated security then becomes part of the provisioning model.
The complexity of the situation is compounded, he went on to say, by the fact that there are no commercial solutions at the higher level of cloud deployments – meaning that you then need to develop your own applications.
As a result of these challenges, Lieberman says he and his team started developing commercial cloud solutions that can operate at these very large scales.
For more on Lieberman’s discussion on the complexities of developing security software for a large-scale cloud deployment, please listen to the latest ITSP audiocast here…