|By Gilad Parann-Nissany||
|September 11, 2014 06:00 PM EDT||
Cloud Security Best Practices of the Fortune 500
When you plan your migration to the cloud, and the cloud security best practices to secure it, there is no need to reinvent the wheel. Here is some advice from the Fortune 500. Use these tips to learn from others’ successes and to avoid their failures – maybe their companies can afford “valuable” learning lessons, but yours would do better heeding their advice for free.
Intel: security is a concern in both private and public clouds
Mr. Jason Waxman | General Manager | Intel | www.intel.com
The GM of Intel speaks up about the differences between data center and cloud environment. “With cloud infrastructure, servers are typically virtualized and shared across multiple lines of business or even among multiple organizations rather than dedicated to specific lines of business . . . This lack of visibility . . . has people concerned because they no longer have dedicated equipment for their line of business and instead are using shared, multi-tenant resources.”
What this means for you
Waxman is explicit that an issue exists whether you are in a private cloud or a public one. If your line of business has sensitive data, segregating your project from others, within a shared infrastructure, is your responsibility. Your IT department, or a cloud provider (AWS or VMware) may share some accountability, but you must make sure to take all necessary precautions to protect your sensitive business data. Techniques for segregating data should include segregation of network segments and encryption of data with encryption keys that are specific to a project.
HP: Regulations hold service providers more accountable
Mr. Anil Katarki | Chief Information Security Officer | HP Enterprise Services | Cybersecurity for U.S. Public Sector
HP’s CISO, Mr. Katarki, argues that “perpetual preparedness is tough to maintain” partially because we don’t “have an accurate inventory of where PII is located, transmitted, or stored.” Regulatory compliance requirements with HIPAA, PCI DSS, and other regulations continue to “hold service providers more accountable with stiff penalties for noncompliance.”
What this means for you
You can definitely learn the best practices of securing your data. The healthcare industry’s HIPAA, or the financial industry’s PCI DSS, for example, will teach you:
- Do not use vendor-supplied defaults for passwords and other security parameters.
- Use and regularly update anti-virus software.
- Protect data with encryption and protect cryptographic keys against disclosure and misuse.
- Restrict access to data by business need-to-know and assign a unique ID to each person with access.
- Track and monitor all access and regularly test security systems and processes.
IBM: Data must be protected throughout its lifecycle
Mr. Peter Evans | Director | IBM Internet Security Systems | www.ibm.com
“Today’s enterprises are looking for integrated solutions that protect the data in transit, at rest, in motion, in use, and throughout the lifecycle.”
What this means for you
It is not enough to protect your data only some of the time. For example, have you thought about protecting your online backups as much as you protect the “live” data?
Your data security lock and chain are only as strong as their weakest link and it is your responsibility to make sure no point of the data lifecycle falls victim to weak security.
Encryption has become the best practice for ensuring lifecycle protection of data. Encryption should be applied to the network, when data is in transit, through techniques such as SSL. And it should be applied to data at rest, whether it is on the current (virtual) disk or in a backup.
Unisys: Cloud security for growth and innovation
Mr. Nick Evans | Vice President and General Manager | Worldwide Enterprise Security | Unisys
“We believe that in today’s economy, security solutions must be thought of strategically and applied not only for risk mitigation but also for growth and innovation. This is a change in mind-set from the traditional view of security as a cost of doing business or “insurance,” merely an information protection issue.”
What this means for you
Cloud security certainly protects you from threats (malicious hackers, government eavesdroppers, employee oversight), but today, it goes a step beyond that. Proper cloud security enables you to reduce costs, achieve regulatory compliance and a “safe harbor,” and create a brand that is committed to securing the data of its customers.
Conclusion: what the security experts want you to know
You don’t have to be a Fortune 500 company in order to think like a Fortune 500 company. And you don’t have to spend like a Fortune 500 company to have their level of cloud security for your own apps and data. Remember (and apply!) these key principles:
- Intel wants you to know that private clouds are not a panacea. Segregating sensitive projects form others is essential (and can be achieved through encryption). In virtual environments, you need virtual walls to replace the physical separations of the data center.
- HP reminds you that regulatory requirements have lessons we can all learn from. You should implement their safeguards to protect your data.
- IBM prompts you to protect all stages in the lifecycle of your data. A hacked backup is just as dangerous as compromised “live” data.
- Unisys says that cloud security isn’t just about protection today, it is about building a future that is safe and compliant.
SYS-CON Events announced today that CA Technologies has been named “Platinum Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business – from apparel to energy – is being rewritten by software. From ...
Mar. 23, 2017 04:15 AM EDT Reads: 874
Web Real-Time Communication APIs have quickly revolutionized what browsers are capable of. In addition to video and audio streams, we can now bi-directionally send arbitrary data over WebRTC's PeerConnection Data Channels. With the advent of Progressive Web Apps and new hardware APIs such as WebBluetooh and WebUSB, we can finally enable users to stitch together the Internet of Things directly from their browsers while communicating privately and securely in a decentralized way.
Mar. 23, 2017 03:00 AM EDT Reads: 5,311
SYS-CON Events announced today that HTBase will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. HTBase (Gartner 2016 Cool Vendor) delivers a Composable IT infrastructure solution architected for agility and increased efficiency. It turns compute, storage, and fabric into fluid pools of resources that are easily composed and re-composed to meet each application’s needs. With HTBase, companies can quickly prov...
Mar. 23, 2017 02:15 AM EDT Reads: 2,253
SYS-CON Events announced today that Outlyer, a monitoring service for DevOps and operations teams, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Outlyer is a monitoring service for DevOps and Operations teams running Cloud, SaaS, Microservices and IoT deployments. Designed for today's dynamic environments that need beyond cloud-scale monitoring, we make monitoring effortless so you ...
Mar. 23, 2017 02:00 AM EDT Reads: 3,645
SYS-CON Events announced today that MobiDev, a client-oriented software development company, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MobiDev is a software company that develops and delivers turn-key mobile apps, websites, web services, and complex softw...
Mar. 23, 2017 01:15 AM EDT Reads: 3,287
In his General Session at 17th Cloud Expo, Bruce Swann, Senior Product Marketing Manager for Adobe Campaign, explored the key ingredients of cross-channel marketing in a digital world. Learn how the Adobe Marketing Cloud can help marketers embrace opportunities for personalized, relevant and real-time customer engagement across offline (direct mail, point of sale, call center) and digital (email, website, SMS, mobile apps, social networks, connected objects).
Mar. 22, 2017 11:00 PM EDT Reads: 2,936
SYS-CON Events announced today that Hitrons Solutions will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Hitrons Solutions Inc. is distributor in the North American market for unique products and services of small and medium-size businesses, including cloud services and solutions, SEO marketing platforms, and mobile applications.
Mar. 22, 2017 10:15 PM EDT Reads: 3,245
With the introduction of IoT and Smart Living in every aspect of our lives, one question has become relevant: What are the security implications? To answer this, first we have to look and explore the security models of the technologies that IoT is founded upon. In his session at @ThingsExpo, Nevi Kaja, a Research Engineer at Ford Motor Company, will discuss some of the security challenges of the IoT infrastructure and relate how these aspects impact Smart Living. The material will be delivered i...
Mar. 22, 2017 10:15 PM EDT Reads: 1,705
Your homes and cars can be automated and self-serviced. Why can't your storage? From simply asking questions to analyze and troubleshoot your infrastructure, to provisioning storage with snapshots, recovery and replication, your wildest sci-fi dream has come true. In his session at @DevOpsSummit at 20th Cloud Expo, Dan Florea, Director of Product Management at Tintri, will provide a ChatOps demo where you can talk to your storage and manage it from anywhere, through Slack and similar services ...
Mar. 22, 2017 06:15 PM EDT Reads: 3,936
SYS-CON Events announced today that Cloudistics, an on-premises cloud computing company, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Cloudistics delivers a complete public cloud experience with composable on-premises infrastructures to medium and large enterprises. Its software-defined technology natively converges network, storage, compute, virtualization, and management into a ...
Mar. 22, 2017 03:45 PM EDT Reads: 1,178
Keeping pace with advancements in software delivery processes and tooling is taxing even for the most proficient organizations. Point tools, platforms, open source and the increasing adoption of private and public cloud services requires strong engineering rigor - all in the face of developer demands to use the tools of choice. As Agile has settled in as a mainstream practice, now DevOps has emerged as the next wave to improve software delivery speed and output. To make DevOps work, organization...
Mar. 22, 2017 03:30 PM EDT Reads: 818
My team embarked on building a data lake for our sales and marketing data to better understand customer journeys. This required building a hybrid data pipeline to connect our cloud CRM with the new Hadoop Data Lake. One challenge is that IT was not in a position to provide support until we proved value and marketing did not have the experience, so we embarked on the journey ourselves within the product marketing team for our line of business within Progress. In his session at @BigDataExpo, Sum...
Mar. 22, 2017 02:45 PM EDT Reads: 2,228
SYS-CON Events announced today that Ocean9will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Ocean9 provides cloud services for Backup, Disaster Recovery (DRaaS) and instant Innovation, and redefines enterprise infrastructure with its cloud native subscription offerings for mission critical SAP workloads.
Mar. 22, 2017 02:00 PM EDT Reads: 1,379
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm.
Mar. 22, 2017 02:00 PM EDT Reads: 920
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend @CloudExpo | @ThingsExpo, June 6-8, 2017, at the Javits Center in New York City, NY and October 31 - November 2, 2017, Santa Clara Convention Center, CA. Learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
Mar. 22, 2017 01:30 PM EDT Reads: 8,137
SYS-CON Events announced today that T-Mobile will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. As America's Un-carrier, T-Mobile US, Inc., is redefining the way consumers and businesses buy wireless services through leading product and service innovation. The Company's advanced nationwide 4G LTE network delivers outstanding wireless experiences to 67.4 million customers who are unwilling to compromise on ...
Mar. 22, 2017 12:00 PM EDT Reads: 1,413
SYS-CON Events announced today that SoftLayer, an IBM Company, has been named “Gold Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. SoftLayer, an IBM Company, provides cloud infrastructure as a service from a growing number of data centers and network points of presence around the world. SoftLayer’s customers range from Web startups to global enterprises.
Mar. 22, 2017 11:45 AM EDT Reads: 654
SYS-CON Events announced today that CrowdReviews.com has been named “Media Sponsor” of SYS-CON's 20th International Cloud Expo, which will take place on June 6–8, 2017, at the Javits Center in New York City, NY. CrowdReviews.com is a transparent online platform for determining which products and services are the best based on the opinion of the crowd. The crowd consists of Internet users that have experienced products and services first-hand and have an interest in letting other potential buyers...
Mar. 22, 2017 11:00 AM EDT Reads: 3,277
The taxi industry never saw Uber coming. Startups are a threat to incumbents like never before, and a major enabler for startups is that they are instantly “cloud ready.” If innovation moves at the pace of IT, then your company is in trouble. Why? Because your data center will not keep up with frenetic pace AWS, Microsoft and Google are rolling out new capabilities In his session at 20th Cloud Expo, Don Browning, VP of Cloud Architecture at Turner, will posit that disruption is inevitable for c...
Mar. 22, 2017 10:30 AM EDT Reads: 1,590
SYS-CON Events announced today that Infranics will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Since 2000, Infranics has developed SysMaster Suite, which is required for the stable and efficient management of ICT infrastructure. The ICT management solution developed and provided by Infranics continues to add intelligence to the ICT infrastructure through the IMC (Infra Management Cycle) based on mathemat...
Mar. 22, 2017 09:15 AM EDT Reads: 2,325