You should not put things in the cloud unless you can secure them there at least as good as a highly competent professional would have if they had that asset on premise.
Cloud hosted assets have additional risks.
- Counterparty risk
- Additional outage and accessibility risk
- You have less control
- You have less security over the human or governmental access to your content
- Zero 4th Amendment protections over that data. It's fully subject to FISA searches that the provider is required to never tell you about.
Also do NOT get sucked into the scam that cloud hosting servers is more secure than if you did them on premise or somehow more cost effective. That is sheer lunacy.
SaaS can be more cost effective and more secure. Look at Office 365 as an example. That is clearly more secure, more cost effective, and more value than a premise Exchange server. SalesForce could be better for you than running your own CRM, but then you are also fully open to their crazy policies which could rip the rug out from under one of your most business critical systems.
There is no one right answer 100% of the time. Context and artistry of security strategy are exceedingly important.
This show is about these things as well as what you must have in place to have premise hosted secure assets. I describe a Tier0 asset scenario in specific and what can easily undermine it.
Premise hosted password managers
It is worth noting that extremely high functionality privileged access management and identity management systems are available in a premise hosted format which are a perpetual licensing model with very low annual software maintenance fees. These systems are exceptionally valuable to IT departments and QPC has extensive experience in these platforms. They are an exceptional value to IT management functions and IT departments.
However, most organizations, even those with full-time IT departments, will not meet the requirements for self-hosting. Why? In order for a self-hosted password management system to be successful, it relies upon many factors which must be in place and be fully executed with extremely high levels of skill and security. This level of skill is outside of the technical skill level of nearly all IT departments of companies with less than 5000 employees.
If the requirements are not fully met continually for the life of use of the platform, the platform and its contents are likely to be compromised. A compromise could consist of the data exfiltration of the entire password vault database which would be catastrophic to the organization.
Baseline requirements for premise password managers
- Extremely tight supply chain risk network layer security rules and management
- Ability to do offline upgrades for all software and systems involved
- Extremely adept underlying server, network, power infrastructure management
- Rapid patch management within 48 hours or less
- Always on scanning for vulnerability assessment backed by active monitoring and remediation
- Active monitoring
- Multiple first line backups per day with multiple encrypted offsite backups per day
- Two physically disparate sites with significant server, network, power infrastructure with automatic backup generator service and redundant internet
- Proficiency at managing SQL server replication over WAN links in an active/active SQL server configuration
- Proficiency at maintaining active/active application server configurations and automatic failover network configurations
- Absolute rigorous discipline to adhere to documented standards for vault creation, password management system administration, application updates, database system updates, OS updates, third party app updates, network layer security management across the entire internal and site-to-site connected networks
Any laxity in the discipline of the IT personnel managing the system will cause it to fail to deliver the security profile required for critical assets.
- Minimum of two servers involved with the addition of more servers if internet facing roles such as mobile access are desired
- IT personnel’s ability to implement and maintain complex privileged access management systems
- Regular security compliance and audit report reviews. This will require a CISO and/or compliance officer with significant technical skill.