|By Gilad Parann-Nissany||
|September 11, 2014 06:00 PM EDT||
Cloud Security Best Practices of the Fortune 500
When you plan your migration to the cloud, and the cloud security best practices to secure it, there is no need to reinvent the wheel. Here is some advice from the Fortune 500. Use these tips to learn from others’ successes and to avoid their failures – maybe their companies can afford “valuable” learning lessons, but yours would do better heeding their advice for free.
Intel: security is a concern in both private and public clouds
Mr. Jason Waxman | General Manager | Intel | www.intel.com
The GM of Intel speaks up about the differences between data center and cloud environment. “With cloud infrastructure, servers are typically virtualized and shared across multiple lines of business or even among multiple organizations rather than dedicated to specific lines of business . . . This lack of visibility . . . has people concerned because they no longer have dedicated equipment for their line of business and instead are using shared, multi-tenant resources.”
What this means for you
Waxman is explicit that an issue exists whether you are in a private cloud or a public one. If your line of business has sensitive data, segregating your project from others, within a shared infrastructure, is your responsibility. Your IT department, or a cloud provider (AWS or VMware) may share some accountability, but you must make sure to take all necessary precautions to protect your sensitive business data. Techniques for segregating data should include segregation of network segments and encryption of data with encryption keys that are specific to a project.
HP: Regulations hold service providers more accountable
Mr. Anil Katarki | Chief Information Security Officer | HP Enterprise Services | Cybersecurity for U.S. Public Sector
HP’s CISO, Mr. Katarki, argues that “perpetual preparedness is tough to maintain” partially because we don’t “have an accurate inventory of where PII is located, transmitted, or stored.” Regulatory compliance requirements with HIPAA, PCI DSS, and other regulations continue to “hold service providers more accountable with stiff penalties for noncompliance.”
What this means for you
You can definitely learn the best practices of securing your data. The healthcare industry’s HIPAA, or the financial industry’s PCI DSS, for example, will teach you:
- Do not use vendor-supplied defaults for passwords and other security parameters.
- Use and regularly update anti-virus software.
- Protect data with encryption and protect cryptographic keys against disclosure and misuse.
- Restrict access to data by business need-to-know and assign a unique ID to each person with access.
- Track and monitor all access and regularly test security systems and processes.
IBM: Data must be protected throughout its lifecycle
Mr. Peter Evans | Director | IBM Internet Security Systems | www.ibm.com
“Today’s enterprises are looking for integrated solutions that protect the data in transit, at rest, in motion, in use, and throughout the lifecycle.”
What this means for you
It is not enough to protect your data only some of the time. For example, have you thought about protecting your online backups as much as you protect the “live” data?
Your data security lock and chain are only as strong as their weakest link and it is your responsibility to make sure no point of the data lifecycle falls victim to weak security.
Encryption has become the best practice for ensuring lifecycle protection of data. Encryption should be applied to the network, when data is in transit, through techniques such as SSL. And it should be applied to data at rest, whether it is on the current (virtual) disk or in a backup.
Unisys: Cloud security for growth and innovation
Mr. Nick Evans | Vice President and General Manager | Worldwide Enterprise Security | Unisys
“We believe that in today’s economy, security solutions must be thought of strategically and applied not only for risk mitigation but also for growth and innovation. This is a change in mind-set from the traditional view of security as a cost of doing business or “insurance,” merely an information protection issue.”
What this means for you
Cloud security certainly protects you from threats (malicious hackers, government eavesdroppers, employee oversight), but today, it goes a step beyond that. Proper cloud security enables you to reduce costs, achieve regulatory compliance and a “safe harbor,” and create a brand that is committed to securing the data of its customers.
Conclusion: what the security experts want you to know
You don’t have to be a Fortune 500 company in order to think like a Fortune 500 company. And you don’t have to spend like a Fortune 500 company to have their level of cloud security for your own apps and data. Remember (and apply!) these key principles:
- Intel wants you to know that private clouds are not a panacea. Segregating sensitive projects form others is essential (and can be achieved through encryption). In virtual environments, you need virtual walls to replace the physical separations of the data center.
- HP reminds you that regulatory requirements have lessons we can all learn from. You should implement their safeguards to protect your data.
- IBM prompts you to protect all stages in the lifecycle of your data. A hacked backup is just as dangerous as compromised “live” data.
- Unisys says that cloud security isn’t just about protection today, it is about building a future that is safe and compliant.
"ReadyTalk is an audio and web video conferencing provider. We've really come to embrace WebRTC as the platform for our future of technology," explained Dan Cunningham, CTO of ReadyTalk, in this SYS-CON.tv interview at WebRTC Summit at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Jan. 18, 2017 12:00 AM EST Reads: 2,252
In 2014, Amazon announced a new form of compute called Lambda. We didn't know it at the time, but this represented a fundamental shift in what we expect from cloud computing. Now, all of the major cloud computing vendors want to take part in this disruptive technology. In his session at 20th Cloud Expo, John Jelinek IV, a web developer at Linux Academy, will discuss why major players like AWS, Microsoft Azure, IBM Bluemix, and Google Cloud Platform are all trying to sidestep VMs and containers...
Jan. 17, 2017 11:00 PM EST Reads: 511
IoT is at the core or many Digital Transformation initiatives with the goal of re-inventing a company's business model. We all agree that collecting relevant IoT data will result in massive amounts of data needing to be stored. However, with the rapid development of IoT devices and ongoing business model transformation, we are not able to predict the volume and growth of IoT data. And with the lack of IoT history, traditional methods of IT and infrastructure planning based on the past do not app...
Jan. 17, 2017 10:30 PM EST Reads: 676
The many IoT deployments around the world are busy integrating smart devices and sensors into their enterprise IT infrastructures. Yet all of this technology – and there are an amazing number of choices – is of no use without the software to gather, communicate, and analyze the new data flows. Without software, there is no IT. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, Dave McCarthy, Director of Products at Bsquare Corporation; Alan Williamson, Principal ...
Jan. 17, 2017 10:30 PM EST Reads: 2,336
WebRTC has had a real tough three or four years, and so have those working with it. Only a few short years ago, the development world were excited about WebRTC and proclaiming how awesome it was. You might have played with the technology a couple of years ago, only to find the extra infrastructure requirements were painful to implement and poorly documented. This probably left a bitter taste in your mouth, especially when things went wrong.
Jan. 17, 2017 09:15 PM EST Reads: 7,532
SYS-CON Media announced today that @WebRTCSummit Blog, the largest WebRTC resource in the world, has been launched. @WebRTCSummit Blog offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. @WebRTCSummit Blog can be bookmarked ▸ Here @WebRTCSummit conference site can be bookmarked ▸ Here
Jan. 17, 2017 08:00 PM EST Reads: 11,615
A critical component of any IoT project is what to do with all the data being generated. This data needs to be captured, processed, structured, and stored in a way to facilitate different kinds of queries. Traditional data warehouse and analytical systems are mature technologies that can be used to handle certain kinds of queries, but they are not always well suited to many problems, particularly when there is a need for real-time insights.
Jan. 17, 2017 06:45 PM EST Reads: 6,216
Providing secure, mobile access to sensitive data sets is a critical element in realizing the full potential of cloud computing. However, large data caches remain inaccessible to edge devices for reasons of security, size, format or limited viewing capabilities. Medical imaging, computer aided design and seismic interpretation are just a few examples of industries facing this challenge. Rather than fighting for incremental gains by pulling these datasets to edge devices, we need to embrace the i...
Jan. 17, 2017 05:15 PM EST Reads: 3,565
Web Real-Time Communication APIs have quickly revolutionized what browsers are capable of. In addition to video and audio streams, we can now bi-directionally send arbitrary data over WebRTC's PeerConnection Data Channels. With the advent of Progressive Web Apps and new hardware APIs such as WebBluetooh and WebUSB, we can finally enable users to stitch together the Internet of Things directly from their browsers while communicating privately and securely in a decentralized way.
Jan. 17, 2017 04:45 PM EST Reads: 3,053
Fifty billion connected devices and still no winning protocols standards. HTTP, WebSockets, MQTT, and CoAP seem to be leading in the IoT protocol race at the moment but many more protocols are getting introduced on a regular basis. Each protocol has its pros and cons depending on the nature of the communications. Does there really need to be only one protocol to rule them all? Of course not. In his session at @ThingsExpo, Chris Matthieu, co-founder and CTO of Octoblu, walked through how Octob...
Jan. 17, 2017 04:30 PM EST Reads: 2,906
The Internet of Things can drive efficiency for airlines and airports. In their session at @ThingsExpo, Shyam Varan Nath, Principal Architect with GE, and Sudip Majumder, senior director of development at Oracle, discussed the technical details of the connected airline baggage and related social media solutions. These IoT applications will enhance travelers' journey experience and drive efficiency for the airlines and the airports.
Jan. 17, 2017 04:15 PM EST Reads: 1,980
SYS-CON Events announced today that Catchpoint, a leading digital experience intelligence company, has been named “Silver Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Catchpoint Systems is a leading Digital Performance Analytics company that provides unparalleled insight into your customer-critical services to help you consistently deliver an amazing customer experience. Designed for digital business, C...
Jan. 17, 2017 02:30 PM EST Reads: 1,743
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place June 6-8, 2017, at the Javits Center in New York City, New York, is co-located with 20th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry p...
Jan. 17, 2017 02:15 PM EST Reads: 3,637
In his General Session at 17th Cloud Expo, Bruce Swann, Senior Product Marketing Manager for Adobe Campaign, explored the key ingredients of cross-channel marketing in a digital world. Learn how the Adobe Marketing Cloud can help marketers embrace opportunities for personalized, relevant and real-time customer engagement across offline (direct mail, point of sale, call center) and digital (email, website, SMS, mobile apps, social networks, connected objects).
Jan. 17, 2017 02:00 PM EST Reads: 5,379
Things are changing so quickly in IoT that it would take a wizard to predict which ecosystem will gain the most traction. In order for IoT to reach its potential, smart devices must be able to work together. Today, there are a slew of interoperability standards being promoted by big names to make this happen: HomeKit, Brillo and Alljoyn. In his session at @ThingsExpo, Adam Justice, vice president and general manager of Grid Connect, will review what happens when smart devices don’t work togethe...
Jan. 17, 2017 01:45 PM EST Reads: 272
"Tintri was started in 2008 with the express purpose of building a storage appliance that is ideal for virtualized environments. We support a lot of different hypervisor platforms from VMware to OpenStack to Hyper-V," explained Dan Florea, Director of Product Management at Tintri, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Jan. 17, 2017 12:45 PM EST Reads: 4,479
"There's a growing demand from users for things to be faster. When you think about all the transactions or interactions users will have with your product and everything that is between those transactions and interactions - what drives us at Catchpoint Systems is the idea to measure that and to analyze it," explained Leo Vasiliou, Director of Web Performance Engineering at Catchpoint Systems, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York Ci...
Jan. 17, 2017 12:45 PM EST Reads: 5,557
The 20th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held June 6-8, 2017, at the Javits Center in New York City, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Containers, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal ...
Jan. 17, 2017 12:45 PM EST Reads: 5,065
20th Cloud Expo, taking place June 6-8, 2017, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy.
Jan. 17, 2017 11:45 AM EST Reads: 4,196
SYS-CON Events announced today that Super Micro Computer, Inc., a global leader in Embedded and IoT solutions, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 7-9, 2017, at the Javits Center in New York City, NY. Supermicro (NASDAQ: SMCI), the leading innovator in high-performance, high-efficiency server technology, is a premier provider of advanced server Building Block Solutions® for Data Center, Cloud Computing, Enterprise IT, Hadoop/Big Data, HPC and E...
Jan. 17, 2017 11:45 AM EST Reads: 5,721