Scott Kaine on Cloud Access Management

Scott Kaine joined Delta Risk LLC as CEO in July of 2015 with more than 20 years of experience working in technology, security and the commercial sector. Before joining Delta Risk, Scott served as president of Cyveillance, a QinetiQ company and leading provider of cyber intelligence solutions. In this role, Kaine helped drive the company to profitability for the first time since company inception and transform Cyveillance into one of the leading cyber threat intelligence firms in today’s competitive market. Prior to joining Cyveillance, Scott was senior vice president of CA, Inc. where he led the strategy efforts for the Identity and Access Management business at CA Technologies. Prior to CA Technologies, Scott held various management positions for both Fortune 500 and startup companies, including Booz Allen Hamilton and VeriSign, Inc.Scott holds a Bachelor of Science Degree from the United States Military Academy at West Point and served in the United States Army as an Intelligence Officer in both Europe and North American theaters. He is active in coaching basketball and soccer in Northern Virginia. 

LIFARS: Tell us some background on you and how you got where you are today. 

Scott:  I started my career in the military and took my first job in the commercial world managing global voice and data networks for F100 companies. From there I was fortunate to work for Network Solutions, which at the time had the exclusive contract with the U.S. Department of Commerce to run the Domain Name System for the Internet. After several engineering positions, I migrated to the marketing and sales side of the house with large and small companies, including VeriSign, Booz Allen Hamilton, and Cyveillance.  In all these companies, I developed a passion for two things: 1) stopping bad guys from doing harm on the Internet and 2) surrounding myself with people who share that same passion. As the CEO of Delta Risk, I’m fortunate to work with an incredibly talented team of professionals each day. 

LIFARS: Could you briefly tell us what cloud access management is? Is it similar to Identity Access Management (IAM)? 

Scott:  Identity and access management is defined by the governance and business requirements related to the authentication and authorization of users to applications, digital infrastructure, and data. As many enterprises (both large and small) are moving their data centers and applications to the cloud, identity becomes the perimeter. The challenge is that cloud providers don’t provide the same level of visibility as traditional “in-house” information technology assets. This lack of visibility related to who is accessing the cloud – or attempting to access it – and what are they accessing, is justified by many organizations as being the cloud provider’s responsibility to manage. We at Delta Risk feel that cloud applications should receive the same level of scrutiny as traditional technology assets, particularly when it comes to insider threat programs. Cloud access management gives you controls and visibility to the cloud applications your enterprise uses. 

LIFARS:  What is the industry’s biggest concern about cloud access management?  

Scott:  Lack of control. Whether it is information related to access to the corporate Twitter account, visibility into usage of Amazon Web Services (AWS), or understanding information flow in and out of a company using Office 365, the common concern is a general sense of loss of control. Many of the leading cloud application providers offer log information in various formats, which is useful to gain an understanding of who is coming in and going out of your corporate doors. The challenge is the need to dedicate resources to keep tabs on all these platforms that offer different ways of consuming information to gauge your organization’s risk.   

We have many clients, and know of many in the industry, who are currently managing dozens of cloud environments using various portals. This makes it very difficult to monitor and control access. Whether it is the removal of employee accounts who have left the company, or not understanding the frequency of administrative logins, the challenge of protecting the enterprise from risk in cloud environments is only getting more complex.   

LIFARS: How do you think we can protect and manage our data that is moving to cloud? 

Scott: The fundamentals are no different whether it is cloud or “in-house”. The use of encryption coupled with a focus on best practices for an identity and access management program are the best ingredients to manage information flows to and from the cloud. While having both would be ideal, focusing in on at least one of these areas will result in ignorantly reduced risk for an enterprise. Like any business decision, costs and priorities will drive the solution set to identify and protect business critical assets. The cloud is an extension of the enterprise and should be treated no differently than the days of running servers in the back rooms of your building. Knowing and effectively controlling those that access and the associated permissions of your applications in the cloud is manageable, it is just a function of spending the time to align IT needs with business priorities. With the projections from many leading analysts regarding the use of the cloud in the next decade, the time is now. 

Join Delta Risk on Thursday, May 11 for the complimentary webinar, “Who’s in Your Cloud? Gaining Visibility Into Your Network and Critical Assets.” Register: https://delta-risk.net/resources/webinars/