|By Gilad Parann-Nissany||
|September 11, 2014 06:00 PM EDT||
Cloud Security Best Practices of the Fortune 500
When you plan your migration to the cloud, and the cloud security best practices to secure it, there is no need to reinvent the wheel. Here is some advice from the Fortune 500. Use these tips to learn from others’ successes and to avoid their failures – maybe their companies can afford “valuable” learning lessons, but yours would do better heeding their advice for free.
Intel: security is a concern in both private and public clouds
Mr. Jason Waxman | General Manager | Intel | www.intel.com
The GM of Intel speaks up about the differences between data center and cloud environment. “With cloud infrastructure, servers are typically virtualized and shared across multiple lines of business or even among multiple organizations rather than dedicated to specific lines of business . . . This lack of visibility . . . has people concerned because they no longer have dedicated equipment for their line of business and instead are using shared, multi-tenant resources.”
What this means for you
Waxman is explicit that an issue exists whether you are in a private cloud or a public one. If your line of business has sensitive data, segregating your project from others, within a shared infrastructure, is your responsibility. Your IT department, or a cloud provider (AWS or VMware) may share some accountability, but you must make sure to take all necessary precautions to protect your sensitive business data. Techniques for segregating data should include segregation of network segments and encryption of data with encryption keys that are specific to a project.
HP: Regulations hold service providers more accountable
Mr. Anil Katarki | Chief Information Security Officer | HP Enterprise Services | Cybersecurity for U.S. Public Sector
HP’s CISO, Mr. Katarki, argues that “perpetual preparedness is tough to maintain” partially because we don’t “have an accurate inventory of where PII is located, transmitted, or stored.” Regulatory compliance requirements with HIPAA, PCI DSS, and other regulations continue to “hold service providers more accountable with stiff penalties for noncompliance.”
What this means for you
You can definitely learn the best practices of securing your data. The healthcare industry’s HIPAA, or the financial industry’s PCI DSS, for example, will teach you:
- Do not use vendor-supplied defaults for passwords and other security parameters.
- Use and regularly update anti-virus software.
- Protect data with encryption and protect cryptographic keys against disclosure and misuse.
- Restrict access to data by business need-to-know and assign a unique ID to each person with access.
- Track and monitor all access and regularly test security systems and processes.
IBM: Data must be protected throughout its lifecycle
Mr. Peter Evans | Director | IBM Internet Security Systems | www.ibm.com
“Today’s enterprises are looking for integrated solutions that protect the data in transit, at rest, in motion, in use, and throughout the lifecycle.”
What this means for you
It is not enough to protect your data only some of the time. For example, have you thought about protecting your online backups as much as you protect the “live” data?
Your data security lock and chain are only as strong as their weakest link and it is your responsibility to make sure no point of the data lifecycle falls victim to weak security.
Encryption has become the best practice for ensuring lifecycle protection of data. Encryption should be applied to the network, when data is in transit, through techniques such as SSL. And it should be applied to data at rest, whether it is on the current (virtual) disk or in a backup.
Unisys: Cloud security for growth and innovation
Mr. Nick Evans | Vice President and General Manager | Worldwide Enterprise Security | Unisys
“We believe that in today’s economy, security solutions must be thought of strategically and applied not only for risk mitigation but also for growth and innovation. This is a change in mind-set from the traditional view of security as a cost of doing business or “insurance,” merely an information protection issue.”
What this means for you
Cloud security certainly protects you from threats (malicious hackers, government eavesdroppers, employee oversight), but today, it goes a step beyond that. Proper cloud security enables you to reduce costs, achieve regulatory compliance and a “safe harbor,” and create a brand that is committed to securing the data of its customers.
Conclusion: what the security experts want you to know
You don’t have to be a Fortune 500 company in order to think like a Fortune 500 company. And you don’t have to spend like a Fortune 500 company to have their level of cloud security for your own apps and data. Remember (and apply!) these key principles:
- Intel wants you to know that private clouds are not a panacea. Segregating sensitive projects form others is essential (and can be achieved through encryption). In virtual environments, you need virtual walls to replace the physical separations of the data center.
- HP reminds you that regulatory requirements have lessons we can all learn from. You should implement their safeguards to protect your data.
- IBM prompts you to protect all stages in the lifecycle of your data. A hacked backup is just as dangerous as compromised “live” data.
- Unisys says that cloud security isn’t just about protection today, it is about building a future that is safe and compliant.
As more intelligent IoT applications shift into gear, they’re merging into the ever-increasing traffic flow of the Internet. It won’t be long before we experience bottlenecks, as IoT traffic peaks during rush hours. Organizations that are unprepared will find themselves by the side of the road unable to cross back into the fast lane. As billions of new devices begin to communicate and exchange data – will your infrastructure be scalable enough to handle this new interconnected world?
Oct. 13, 2015 02:00 PM EDT Reads: 105
This week, the team assembled in NYC for @Cloud Expo 2015 and @ThingsExpo 2015. For the past four years, this has been a must-attend event for MetraTech. We were happy to once again join industry visionaries, colleagues, customers and even competitors to share and explore the ways in which the Internet of Things (IoT) will impact our industry. Over the course of the show, we discussed the types of challenges we will collectively need to solve to capitalize on the opportunity IoT presents.
Oct. 13, 2015 02:00 PM EDT
SYS-CON Events announced today that Super Micro Computer, Inc., a global leader in high-performance, high-efficiency server, storage technology and green computing, will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Supermicro (NASDAQ: SMCI), the leading innovator in high-performance, high-efficiency server technology is a premier provider of advanced server Building Block Solutions® for Data Center, Cloud Computing, Enterprise IT, Hadoop/Big Data, HPC and Embedded Systems worldwide. Supermi...
Oct. 13, 2015 01:45 PM EDT Reads: 220
The IoT market is on track to hit $7.1 trillion in 2020. The reality is that only a handful of companies are ready for this massive demand. There are a lot of barriers, paint points, traps, and hidden roadblocks. How can we deal with these issues and challenges? The paradigm has changed. Old-style ad-hoc trial-and-error ways will certainly lead you to the dead end. What is mandatory is an overarching and adaptive approach to effectively handle the rapid changes and exponential growth.
Oct. 13, 2015 01:00 PM EDT Reads: 338
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo in Silicon Valley. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 17th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal an...
Oct. 13, 2015 01:00 PM EDT Reads: 211
The Internet of Things (IoT) is growing rapidly by extending current technologies, products and networks. By 2020, Cisco estimates there will be 50 billion connected devices. Gartner has forecast revenues of over $300 billion, just to IoT suppliers. Now is the time to figure out how you’ll make money – not just create innovative products. With hundreds of new products and companies jumping into the IoT fray every month, there’s no shortage of innovation. Despite this, McKinsey/VisionMobile data shows "less than 10 percent of IoT developers are making enough to support a reasonably sized team....
Oct. 13, 2015 01:00 PM EDT Reads: 342
There will be 20 billion IoT devices connected to the Internet soon. What if we could control these devices with our voice, mind, or gestures? What if we could teach these devices how to talk to each other? What if these devices could learn how to interact with us (and each other) to make our lives better? What if Jarvis was real? How can I gain these super powers? In his session at 17th Cloud Expo, Chris Matthieu, co-founder and CTO of Octoblu, will show you!
Oct. 13, 2015 12:00 PM EDT Reads: 299
Developing software for the Internet of Things (IoT) comes with its own set of challenges. Security, privacy, and unified standards are a few key issues. In addition, each IoT product is comprised of at least three separate application components: the software embedded in the device, the backend big-data service, and the mobile application for the end user's controls. Each component is developed by a different team, using different technologies and practices, and deployed to a different stack/target - this makes the integration of these separate pipelines and the coordination of software upd...
Oct. 13, 2015 12:00 PM EDT Reads: 411
As a company adopts a DevOps approach to software development, what are key things that both the Dev and Ops side of the business must keep in mind to ensure effective continuous delivery? In his session at DevOps Summit, Mark Hydar, Head of DevOps, Ericsson TV Platforms, will share best practices and provide helpful tips for Ops teams to adopt an open line of communication with the development side of the house to ensure success between the two sides.
Oct. 13, 2015 12:00 PM EDT Reads: 693
The IoT is upon us, but today’s databases, built on 30-year-old math, require multiple platforms to create a single solution. Data demands of the IoT require Big Data systems that can handle ingest, transactions and analytics concurrently adapting to varied situations as they occur, with speed at scale. In his session at @ThingsExpo, Chad Jones, chief strategy officer at Deep Information Sciences, will look differently at IoT data so enterprises can fully leverage their IoT potential. He’ll share tips on how to speed up business initiatives, harness Big Data and remain one step ahead by apply...
Oct. 13, 2015 12:00 PM EDT Reads: 746
Today air travel is a minefield of delays, hassles and customer disappointment. Airlines struggle to revitalize the experience. GE and M2Mi will demonstrate practical examples of how IoT solutions are helping airlines bring back personalization, reduce trip time and improve reliability. In their session at @ThingsExpo, Shyam Varan Nath, Principal Architect with GE, and Dr. Sarah Cooper, M2Mi's VP Business Development and Engineering, will explore the IoT cloud-based platform technologies driving this change including privacy controls, data transparency and integration of real time context w...
Oct. 13, 2015 11:00 AM EDT Reads: 305
The Internet of Everything is re-shaping technology trends–moving away from “request/response” architecture to an “always-on” Streaming Web where data is in constant motion and secure, reliable communication is an absolute necessity. As more and more THINGS go online, the challenges that developers will need to address will only increase exponentially. In his session at @ThingsExpo, Todd Greene, Founder & CEO of PubNub, will explore the current state of IoT connectivity and review key trends and technology requirements that will drive the Internet of Things from hype to reality.
Oct. 13, 2015 11:00 AM EDT Reads: 318
SYS-CON Events announced today that Sandy Carter, IBM General Manager Cloud Ecosystem and Developers, and a Social Business Evangelist, will keynote at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA.
Oct. 13, 2015 10:00 AM EDT Reads: 250
"Matrix is an ambitious open standard and implementation that's set up to break down the fragmentation problems that exist in IP messaging and VoIP communication," explained John Woolf, Technical Evangelist at Matrix, in this SYS-CON.tv interview at @ThingsExpo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
Oct. 13, 2015 07:00 AM EDT Reads: 6,011
Nowadays, a large number of sensors and devices are connected to the network. Leading-edge IoT technologies integrate various types of sensor data to create a new value for several business decision scenarios. The transparent cloud is a model of a new IoT emergence service platform. Many service providers store and access various types of sensor data in order to create and find out new business values by integrating such data.
Oct. 13, 2015 04:00 AM EDT Reads: 683
Too often with compelling new technologies market participants become overly enamored with that attractiveness of the technology and neglect underlying business drivers. This tendency, what some call the “newest shiny object syndrome,” is understandable given that virtually all of us are heavily engaged in technology. But it is also mistaken. Without concrete business cases driving its deployment, IoT, like many other technologies before it, will fade into obscurity.
Oct. 13, 2015 03:00 AM EDT Reads: 260
There are so many tools and techniques for data analytics that even for a data scientist the choices, possible systems, and even the types of data can be daunting. In his session at @ThingsExpo, Chris Harrold, Global CTO for Big Data Solutions for EMC Corporation, will show how to perform a simple, but meaningful analysis of social sentiment data using freely available tools that take only minutes to download and install. Participants will get the download information, scripts, and complete end-to-end walkthrough of the analysis from start to finish. Participants will also be given the pract...
Oct. 13, 2015 03:00 AM EDT Reads: 408
WebRTC services have already permeated corporate communications in the form of videoconferencing solutions. However, WebRTC has the potential of going beyond and catalyzing a new class of services providing more than calls with capabilities such as mass-scale real-time media broadcasting, enriched and augmented video, person-to-machine and machine-to-machine communications. In his session at @ThingsExpo, Luis Lopez, CEO of Kurento, will introduce the technologies required for implementing these ideas and some early experiments performed in the Kurento open source software community in areas ...
Oct. 13, 2015 12:45 AM EDT Reads: 853
Electric power utilities face relentless pressure on their financial performance, and reducing distribution grid losses is one of the last untapped opportunities to meet their business goals. Combining IoT-enabled sensors and cloud-based data analytics, utilities now are able to find, quantify and reduce losses faster – and with a smaller IT footprint. Solutions exist using Internet-enabled sensors deployed temporarily at strategic locations within the distribution grid to measure actual line loads.
Oct. 13, 2015 12:00 AM EDT Reads: 274
“In the past year we've seen a lot of stabilization of WebRTC. You can now use it in production with a far greater degree of certainty. A lot of the real developments in the past year have been in things like the data channel, which will enable a whole new type of application," explained Peter Dunkley, Technical Director at Acision, in this SYS-CON.tv interview at @ThingsExpo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
Oct. 12, 2015 11:15 PM EDT Reads: 7,129