Welcome!

IBM Cloud Authors: Derek Weeks, Yeshim Deniz, Kevin Jackson, Pat Romanski, Liz McMillan

Related Topics: @BigDataExpo, @CloudExpo, Cloud Security

@BigDataExpo: Blog Feed Post

Cloud Security - 'Best Practices of the Fortune 500'

Here is some advice from the Fortune 500

Cloud Security Best Practices of the Fortune 500

enterprise encryption cloud security best practices Cloud Encryption  cloud security best practices Cloud Security Best Practices of the Fortune 500

When you plan your migration to the cloud, and the cloud security best practices to secure it, there is no need to reinvent the wheel.  Here is some advice from the Fortune 500. Use these tips to learn from others’ successes and to avoid their failures – maybe their companies can afford “valuable” learning lessons, but yours would do better heeding their advice for free.

Intel: security is a concern in both private and public clouds

enterprise encryption cloud security best practices Cloud Encryption  Intel cloud security best practices Cloud Security Best Practices of the Fortune 500Mr. Jason Waxman | General Manager | Intel | www.intel.com

The GM of Intel speaks up about the differences between data center and cloud environment.With cloud infrastructure, servers are typically virtualized and shared across multiple lines of business or even among multiple organizations rather than dedicated to specific lines of business . . . This lack of visibility . . . has people concerned because they no longer have dedicated equipment for their line of business and instead are using shared, multi-tenant resources.”

What this means for you

Waxman is explicit that an issue exists whether you are in a private cloud or a public one. If your line of business has sensitive data, segregating your project from others, within a shared infrastructure, is your responsibility. Your IT department, or a cloud provider (AWS or VMware) may share some accountability, but you must make sure to take all necessary precautions to protect your sensitive business data.  Techniques for segregating data should include segregation of network segments and encryption of data with encryption keys that are specific to a project.


HP: Regulations hold service providers more accountable

enterprise encryption cloud security best practices Cloud Encryption  HP cloud security best practices Cloud Security Best Practices of the Fortune 500Mr. Anil Katarki | Chief Information Security Officer | HP Enterprise Services | Cybersecurity for U.S. Public Sector

HP’s CISO, Mr. Katarki, argues that “perpetual preparedness is tough to maintain” partially because we don’t “have an accurate inventory of where PII is located, transmitted, or stored.” Regulatory compliance requirements with HIPAA, PCI DSS, and other regulations continue to “hold service providers more accountable with stiff penalties for noncompliance.”

What this means for you

You can definitely learn the best practices of securing your data. The healthcare industry’s HIPAA, or the financial industry’s PCI DSS, for example, will teach you:

  • Do not use vendor-supplied defaults for passwords and other security parameters.
  • Use and regularly update anti-virus software.
  • Protect data with encryption and protect cryptographic keys against disclosure and misuse.
  • Restrict access to data by business need-to-know and assign a unique ID to each person with access.
  • Track and monitor all access and regularly test security systems and processes.

IBM: Data must be protected throughout its lifecycle

enterprise encryption cloud security best practices Cloud Encryption  IBM cloud security best practices Cloud Security Best Practices of the Fortune 500Mr. Peter Evans | Director | IBM Internet Security Systems | www.ibm.com

“Today’s enterprises are looking for integrated solutions that protect the data in transit, at rest, in motion, in use, and throughout the lifecycle.”

What this means for you

It is not enough to protect your data only some of the time.  For example, have you thought about protecting your online backups as much as you protect the “live” data?

Your data security lock and chain are only as strong as their weakest link and it is your responsibility to make sure no point of the data lifecycle falls victim to weak security.

Encryption has become the best practice for ensuring lifecycle protection of data. Encryption should be applied to the network, when data is in transit, through techniques such as SSL. And it should be applied to data at rest, whether it is on the current (virtual) disk or in a backup.


Unisys: Cloud security for growth and innovation

enterprise encryption cloud security best practices Cloud Encryption  Unisys cloud security best practices Cloud Security Best Practices of the Fortune 500Mr. Nick Evans | Vice President and General Manager | Worldwide Enterprise Security | Unisys

“We believe that in today’s economy, security solutions must be thought of strategically and applied not only for risk mitigation but also for growth and innovation. This is a change in mind-set from the traditional view of security as a cost of doing business or “insurance,” merely an information protection issue.”

What this means for you

Cloud security certainly protects you from threats (malicious hackers, government eavesdroppers, employee oversight), but today, it goes a step beyond that.  Proper cloud security enables you to reduce costs, achieve regulatory compliance and a “safe harbor,” and create a brand that is committed to securing the data of its customers.


Conclusion: what the security experts want you to know

You don’t have to be a Fortune 500 company in order to think like a Fortune 500 company.  And you don’t have to spend like a Fortune 500 company to have their level of cloud security for your own apps and data. Remember (and apply!) these key principles:

  1. Intel wants you to know that private clouds are not a panacea. Segregating sensitive projects form others is essential (and can be achieved through encryption).  In virtual environments, you need virtual walls to replace the physical separations of the data center.
  2. HP reminds you that regulatory requirements have lessons we can all learn from. You should implement their safeguards to protect your data.
  3. IBM prompts you to protect all stages in the lifecycle of your data.  A hacked backup is just as dangerous as compromised “live” data.
  4. Unisys says that cloud security isn’t just about protection today, it is about building a future that is safe and compliant.

The post Cloud Security Best Practices of the Fortune 500 appeared first on Porticor Cloud Security.

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.

@ThingsExpo Stories
In his session at @ThingsExpo, Eric Lachapelle, CEO of the Professional Evaluation and Certification Board (PECB), provided an overview of various initiatives to certify the security of connected devices and future trends in ensuring public trust of IoT. Eric Lachapelle is the Chief Executive Officer of the Professional Evaluation and Certification Board (PECB), an international certification body. His role is to help companies and individuals to achieve professional, accredited and worldwide re...
The current age of digital transformation means that IT organizations must adapt their toolset to cover all digital experiences, beyond just the end users’. Today’s businesses can no longer focus solely on the digital interactions they manage with employees or customers; they must now contend with non-traditional factors. Whether it's the power of brand to make or break a company, the need to monitor across all locations 24/7, or the ability to proactively resolve issues, companies must adapt to...
IoT solutions exploit operational data generated by Internet-connected smart “things” for the purpose of gaining operational insight and producing “better outcomes” (for example, create new business models, eliminate unscheduled maintenance, etc.). The explosive proliferation of IoT solutions will result in an exponential growth in the volume of IoT data, precipitating significant Information Governance issues: who owns the IoT data, what are the rights/duties of IoT solutions adopters towards t...
With the introduction of IoT and Smart Living in every aspect of our lives, one question has become relevant: What are the security implications? To answer this, first we have to look and explore the security models of the technologies that IoT is founded upon. In his session at @ThingsExpo, Nevi Kaja, a Research Engineer at Ford Motor Company, discussed some of the security challenges of the IoT infrastructure and related how these aspects impact Smart Living. The material was delivered interac...
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend 21st Cloud Expo October 31 - November 2, 2017, at the Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
No hype cycles or predictions of zillions of things here. IoT is big. You get it. You know your business and have great ideas for a business transformation strategy. What comes next? Time to make it happen. In his session at @ThingsExpo, Jay Mason, Associate Partner at M&S Consulting, presented a step-by-step plan to develop your technology implementation strategy. He discussed the evaluation of communication standards and IoT messaging protocols, data analytics considerations, edge-to-cloud tec...
When growing capacity and power in the data center, the architectural trade-offs between server scale-up vs. scale-out continue to be debated. Both approaches are valid: scale-out adds multiple, smaller servers running in a distributed computing model, while scale-up adds fewer, more powerful servers that are capable of running larger workloads. It’s worth noting that there are additional, unique advantages that scale-up architectures offer. One big advantage is large memory and compute capacity...
New competitors, disruptive technologies, and growing expectations are pushing every business to both adopt and deliver new digital services. This ‘Digital Transformation’ demands rapid delivery and continuous iteration of new competitive services via multiple channels, which in turn demands new service delivery techniques – including DevOps. In this power panel at @DevOpsSummit 20th Cloud Expo, moderated by DevOps Conference Co-Chair Andi Mann, panelists examined how DevOps helps to meet the de...
The Internet giants are fully embracing AI. All the services they offer to their customers are aimed at drawing a map of the world with the data they get. The AIs from these companies are used to build disruptive approaches that cannot be used by established enterprises, which are threatened by these disruptions. However, most leaders underestimate the effect this will have on their businesses. In his session at 21st Cloud Expo, Rene Buest, Director Market Research & Technology Evangelism at Ara...
"When we talk about cloud without compromise what we're talking about is that when people think about 'I need the flexibility of the cloud' - it's the ability to create applications and run them in a cloud environment that's far more flexible,” explained Matthew Finnie, CTO of Interoute, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
Artificial intelligence, machine learning, neural networks. We’re in the midst of a wave of excitement around AI such as hasn’t been seen for a few decades. But those previous periods of inflated expectations led to troughs of disappointment. Will this time be different? Most likely. Applications of AI such as predictive analytics are already decreasing costs and improving reliability of industrial machinery. Furthermore, the funding and research going into AI now comes from a wide range of com...
Internet of @ThingsExpo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devic...
SYS-CON Events announced today that MobiDev, a client-oriented software development company, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MobiDev is a software company that develops and delivers turn-key mobile apps, websites, web services, and complex software systems for startups and enterprises. Since 2009 it has grown from a small group of passionate engineers and business...
SYS-CON Events announced today that GrapeUp, the leading provider of rapid product development at the speed of business, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Grape Up is a software company, specialized in cloud native application development and professional services related to Cloud Foundry PaaS. With five expert teams that operate in various sectors of the market acr...
SYS-CON Events announced today that Ayehu will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on October 31 - November 2, 2017 at the Santa Clara Convention Center in Santa Clara California. Ayehu provides IT Process Automation & Orchestration solutions for IT and Security professionals to identify and resolve critical incidents and enable rapid containment, eradication, and recovery from cyber security breaches. Ayehu provides customers greater control over IT infras...
In this presentation, Striim CTO and founder Steve Wilkes will discuss practical strategies for counteracting fraud and cyberattacks by leveraging real-time streaming analytics. In his session at @ThingsExpo, Steve Wilkes, Founder and Chief Technology Officer at Striim, will provide a detailed look into leveraging streaming data management to correlate events in real time, and identify potential breaches across IoT and non-IoT systems throughout the enterprise. Strategies for processing massive ...
SYS-CON Events announced today that Cloud Academy named "Bronze Sponsor" of 21st International Cloud Expo which will take place October 31 - November 2, 2017 at the Santa Clara Convention Center in Santa Clara, CA. Cloud Academy is the industry’s most innovative, vendor-neutral cloud technology training platform. Cloud Academy provides continuous learning solutions for individuals and enterprise teams for Amazon Web Services, Microsoft Azure, Google Cloud Platform, and the most popular cloud com...
In his session at Cloud Expo, Alan Winters, an entertainment executive/TV producer turned serial entrepreneur, presented a success story of an entrepreneur who has both suffered through and benefited from offshore development across multiple businesses: The smart choice, or how to select the right offshore development partner Warning signs, or how to minimize chances of making the wrong choice Collaboration, or how to establish the most effective work processes Budget control, or how to ma...
SYS-CON Events announced today that Enzu will exhibit at SYS-CON's 21st Int\ernational Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Enzu’s mission is to be the leading provider of enterprise cloud solutions worldwide. Enzu enables online businesses to use its IT infrastructure to their competitive advantage. By offering a suite of proven hosting and management services, Enzu wants companies to focus on the core of their ...
We build IoT infrastructure products - when you have to integrate different devices, different systems and cloud you have to build an application to do that but we eliminate the need to build an application. Our products can integrate any device, any system, any cloud regardless of protocol," explained Peter Jung, Chief Product Officer at Pulzze Systems, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA