close icon
Home Page
Products

Products

PAM logo
Privileged Access Management
PEM logo
Endpoint Privilege Management
PPA logo
Automation
Industries

Industries

school_line
Education
bank_line
Finance
government_line
Government and Defence
hospital_line
Healthcare
computer_line
IT Operations
settings_5_line
Industrial Control Systems
briefcase_line
Legal
store_2_line
Retail
Partners

Partners

Resellers and Distributors
Partner marketing support
Partner opportunity
Resources

Resources

tool_line
Free Tools
bookmark_line
Blog
file_search_line
Case Studies
usb_line
PAM Integrations
video_line
Videos
Webinars
paper_line
White Papers
book_2_line
Osirium University
news_line
Documentation
Company

Company

IDcard_line
About
news_line
News & Events
Team
Software reviews gold medal
See the report
search_3_line
BOOK A DEMO
All posts
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
18
March 2019

Thoughts on Cloud and Cyber Security Expo 2019

Mark Warren

I’ve just returned from this year’s Cloud & Cyber Security Expo and, finally, recovering enough to start putting together some thoughts about what I saw at the show.

The most obvious first thoughts were about the scale of the event. It’s co-located with five other events ranging from Blockchain to Data Centres. More than once I got lost in the labyrinth of the exhibition hall to suddenly find myself surrounded by UPS power systems or fuel filtration devices. It all appealed to my inner-geek but wasn’t quite what I was expecting. I certainly exceeded my step count each day!

Cyber-security and DevOps

The Osirium stand was right on the boundary of the Cybersecurity and DevOps areas. A very meaningful and suitable position as it turns out. A lot of the discussion in the DevOps Expo conference program was about building security into the development & release pipeline. Security was also a hot topic in the Cloud conference program.

It’s no surprise. While the initial flurry around GDPR may be settling down now, it helped all organisations focus their minds on what they’re doing to protect their customers, staff, partners, and corporations.

There’s certainly some good work going on in the DevOps arena from the likes of Docker, GitLab and GitHub to build security into their toolchains and processes. They all put “Identity Management” or “Secrets Management” in their slides. However, it seemed to me like none of them address the challenges of separating developers and code from the services they need to be able to do their work.

For example, there are still real risks around building weak security into the code in the early stages of development. That might get a prototype running or push an “MVP” release to early adopters. Unfortunately, the time never seems right to re-architect the connections to ensure those dev/test accounts don’t end up in Production systems.

I discussed some of these issues in a recent blog post: Privileged Access Management and the secret to CI and DevOps Success.

The solution for secure DevOps – Privileged Access Management (PAM)

There is a solution though: Privileged Access Management. Some vendors that offer “password vaults” which have some limited isolation of users and passwords but they’re only a partial solution. Osirium’s CTO, Andy Harris, talked about these issues in a session added to the agenda at the last minute.

We’ll be talking about the solution a lot in the coming weeks. The key solution is to make Privileged Access Management a trivial service to add to your apps and pipelines. He showed how Osirium are using this technology to build a new, unique IT Operations automation solution (you can find out more about Automation here).

You can see more about moving beyond PAM to Privileged Robotic Process Automation in Andy’s blog post: The Journey Through PAM, PTM and onto RPA.

PAM is still under-understood and under-valued

Osirium Co-Founder and Services Director, Kev Pearce, presented twice about ensuring the right people have the right level of access to the right systems at the right time. Both sessions were well attended and the questions asked showed that there’s still a lack of understanding about PAM (this might help: Why SysAdmins Would Choose Osirium).

Conversations at the Osirium stand reinforced this and showed there is a huge interest in learning more on the topic.

In summary, I found it a fascinating show. It was a great chance to catch up with old friends and, most importantly, get insights into the security challenges facing developers and cloud service providers. The good news is that Osirium is well placed to help.

‍

Related Topics

Privileged Access Management
Manager
Identity & Access Management
all posts
Top
Home Page
cyber essentials certified badge
Industries
EducationFinanceGovernment and DefenceHealthcareIT OperationsIndustrial Control SystemsLegalRetail
Company
AboutTeamBoard of DirectorsInvestor HubJob Opportunities
Resources
Free ToolsBlogPAM IntegrationsVideosWebinarsWhitepapersDatasheetsDocumentationCase Studies
Support
Support PortalOsirium University
© 2023 OSIRIUM. All rights reserved.
AccessibilityPrivacy PolicyEULATerms of ServiceSitemap