Information Security

Defending the digital infrastructure


How to best employ cloud-based security services

The cloud-based security services market is booming, as enterprises adopt email, Web security, and identity and access management SaaS. How can CISOs best combine cloud-based security controls with on-premises security programs? This Beyond the Page looks at the latest cloud security services and best practices.

Information Security MagazineThe cloud-based security services market is estimated to boom soon, and reach $3.1 billion in 2015. Enterprise adoption of cloud-based email, Web security and identity and access management SaaS are a big part of the growth. The question for information security pros is how to take best advantage of cloud-based security controls and get these cloud-based services to work in conjunction with on-premises security programs? How are cloud-based security services affecting managed security service models? This Beyond the Page looks at the latest cloud security services available and reviews the best practices for proper governance.



Six strategies CIOs use for hybrid cloud security
David Strom presents six strategies CIOs are using as their companies migrate to hybrid cloud-based security services. Corporate executives in charge of data security are finding the best protection strategy involves cloud-first security tools, says Strom. It's key, too, he says, that security teams be part of the cloud-strategy conversation up front and not simply "swoop down" at the end with rules and restrictions.

Strom advises that security teams promote both multifactor authentication and single sign-on, among other things. Such features of cloud-based security services will help employees reach the applications and data they need without compromising the safety of corporate assets.


Security via hybrid cloud services becomes reality
The traditional moat between the enterprise and the cloud is disappearing and companies are embracing the use of the hybrid cloud. This means new models, or at least new contexts, for security must be adopted, says security expert and journalist David Strom. In this feature he explores five ways he sees CIOs and others tackling the issue of security in the hybrid cloud era.

Among the best practices Strom reviews are increased user education and improved authentication methods. Encryption, too, has an important role. Strom reviews these and several other ways that enterprises are making the move to the cloud without compromising corporate security, and also preparing for coming technological advances such as microsegmentation. Read the full feature on hybrid cloud security services here.

Tech Tip

How to use single sign-on with Microsoft Azure AD
One way to secure both data and applications via the hybrid cloud is to use the single sign-on (SSO) feature in Microsoft's Azure Active Directory (AD). If you’re already using Azure cloud, SSO allows users to keep a single common identity across both the cloud-based security service and on-premises software. Setting up SSO should be simple but setting up the access control can be tricky and many people get lost in what author David Strom calls the Azure "hall of mirrors."

This tip takes readers step by step through the process of setting up SSO with Azure AD. It covers issues like using multifactor authentication and also reviews the Azure AD pricing options. Readers of this tip will be able to establish SSO for their employees and thus increase the security for corporate data and applications. Click here to read the rest of Strom’s advice on using Azure AD’s SSO feature.

About the Author

David Strom is an expert on network and Internet technologies and has written and spoken extensively on topics such as VoIP, convergence, email, cloud computing, network management, Internet applications, wireless and Web services for more than 25 years. Strom was the founding editor-in-chief of Network Computing magazine and has run various print and online publications including Tom' and His work can be found at and on Twitter @dstrom.

Article 2 of 3

Next Steps

Read the full September edition of Information Security magazine

Dig Deeper on Hybrid and Private Cloud Computing Security

Get More Information Security

Access to all of our back issues View All