Enterprise Cloud Computing
A Fistful of Fears: Our Top Five Security Issues
The industry as a whole does seem to have formed a rough consensus as to what our top security priorities are now
May. 1, 2012 09:30 AM
If you work in information technology and you passed through the city of London over the last week it would have been hard not to notice the InfoSec IT security conference being held at the Earl's Court exhibition center.
Logically of course, certain themes and trends came out of this event, which (at a macroeconomic level at least) may provide some insight for chief information officers trying to analyse the state of their current security operation as they try to quantify the vulnerabilities that they may be harboring within their firm's operational structure.
Whether we are all genuinely on the same page technologically, or whether our social media streams are now so inextricably interconnected is hard to say - but the industry as a whole does seem to have formed a rough consensus as to what our top security priorities are now.
Let us try and summarize...
Cloud based risks - As any cloud vendor/hosting provider will tell you, the cloud itself is not inherently insecure; the risk factor here is simply a question of what type of data you decide to host inside a virtualized hosted environment (i.e., mission-critical or less sensitive) and what encryption mechanisms you place over it.
Despite this "essential truism" there is disquiet, discord and discomfort among many companies considering cloud migration procedures stemming from security fears, real or perceived.
Privacy-related risks - Sir Tim Berners-Lee has called for web companies like Facebook and Google to stop profiteering (as he puts it) from selling information people don't even know these companies have. At the same time, business interaction networks company Axway has revealed findings that show that since April 2010, 35% of complaints to the Information Commissioner Office (ICO) involved disclosure of personal data and security breaches despite Data Protection Act (DPA) penalties and the threat of prosecution that corporations face.
According to Axway's John Thielens, "Alarming as that figure is, it comes as no surprise that consumers in the UK are uniting in voicing their concerns about how their personal identifiable information is being leaked by trusted private and public organizations without their knowledge. Conversely, and of heightened concern, is that the average data breach costs UK companies £79 per record, of which £37 equates to indirect costs - such as loyal customer defection and brand erosion."
Mobile related risks - Okay so who wants to say it first? Bring Your Own Device is the most pertinent mobile-related IT security risk and threat at the moment. This is of course brought about by the so-called consumerization of IT where users takes their own high-end smartphones, tablets and laptops into the work environment and connect them (wired or wirelessly) to the corporate network in an unsecured and unmanaged manner.
You can expect to see more and more "solutions" directly addressing this issue, especially as users need to use these devices to remotely synchronize data with the corporate network when they are on the move.
Advanced persistent threats - Common understanding of the problem of advanced persistent threats is that a wide range of attack techniques and vectors (advanced) will be used for a period of consistent activity focused on a specific target (persistent) to produce an attack to compromise and damage (threaten) a commercial firm's or a public body's data stack.
Security intelligence and deep analytics - Some (but not all) of the problem here is at the application development level as we start to drill down into exactly what data sources individual applications use to execute. HP Fortify Software security consultant Lucas von Stockhausen has said that with HP Fortify Solutions developers have the possibility to test their code for security vulnerabilities before going live. This can be carried out either locally on their desktops, centrally on a build server, or in the cloud.
"With this approach developers get all the information to fix the issues and deliver secure code for desktop, server, web and mobile applications. Together with the industry-proven Software Security Assurance (SSA) methodology, HP can integrate this seamlessly into the existing development processes without security becoming a burden for the developer," said Stockhausen.
So if April was the month for security awareness, then let's hope that May and onwards are the months of security competency for companies in all verticals and of all shapes and sizes.
• • •
This post was first published on the Enterprise CIO Forum.
Reader Feedback: Page 1 of 1
Virtualization Articles & Feature Stories
Latest Virtualization Conference News
Best Recent Articles on Cloud Computing & Big Data Topics
As we enter a new year, it is time to look back over the past year and resolve to improve upon it. In 2014, we will see more service providers resolve to add more personalization in enterprise technology. Below are seven predictions about what will drive this trend toward personalization.
IT organizations face a growing demand for faster innovation and new applications to support emerging opportunities in social, mobile, growth markets, Big Data analytics, mergers and acquisitions, strategic partnerships, and more. This is great news because it shows that IT continues to be a key stakeholder in delivering business service innovation. However, it also means that IT must deliver new innovation despite flat budgets, while maintaining existing services that grow more complex every day.
Cloud computing is transforming the way businesses think about and leverage technology. As a result, the general understanding of cloud computing has come a long way in a short time. However, there are still many misconceptions about what cloud computing is and what it can do for businesses that adopt this game-changing computing model. In this exclusive Q&A with Cloud Expo Conference Chair Jeremy Geelan, Rex Wang, Vice President of Product Marketing at Oracle, discusses and dispels some of the common myths about cloud computing that still exist today.
Despite the economy, cloud computing is doing well. Gartner estimates the cloud market will double by 2016 to $206 billion. The time for dabbling in the cloud is over! The 14th International Cloud Expo, co-located with 5th International Big Data Expo and 3rd International SDN Expo, to be held June 10-12, 2014, at the Javits Center in New York City, N.Y. announces that its Call for Papers is now open. Topics include all aspects of providing or using massively scalable IT-related capabilities as a service using Internet technologies (see suggested topics below). Cloud computing helps IT cut infrastructure costs while adding new features and services to grow core businesses. Clouds can help grow margins as costs are cut back but service offerings are expanded. Help plant your flag in the fast-expanding business opportunity that is The Cloud, Big Data and Software-Defined Networking: submit your speaking proposal today!
What do you get when you combine Big Data technologies….like Pig and Hive? A flying pig? No, you get a “Logical Data Warehouse.” In 2012, Infochimps (now CSC) leveraged its early use of stream processing, NoSQLs, and Hadoop to create a design pattern which combined real-time, ad-hoc, and batch analytics. This concept of combining the best-in-breed Big Data technologies will continue to advance across the industry until the entire legacy (and proprietary) data infrastructure stack will be replaced with a new (and open) one.
While unprecedented technological advances have been made in healthcare in areas such as genomics, digital imaging and Health Information Systems, access to this information has been not been easy for both the healthcare provider and the patient themselves. Regulatory compliance and controls, information lock-in in proprietary Electronic Health Record systems and security concerns have made it difficult to share data across health care providers.
Cloud Expo, Inc. has announced today that Vanessa Alvarez has been named conference chair of Cloud Expo® 2014. 14th International Cloud Expo will take place on June 10-12, 2014, at the Javits Center in New York City, New York, and 15th International Cloud Expo® will take place on November 4-6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
12th International Cloud Expo, held on June 10–13, 2013 at the Javits Center in New York City, featured four content-packed days with a rich array of sessions about the business and technical value of cloud computing led by exceptional speakers from every sector of the cloud computing ecosystem. The Cloud Expo series is the fastest-growing Enterprise IT event in the past 10 years, devoted to every aspect of delivering massively scalable enterprise IT as a service.
Ulitzer.com announced "the World's 30 most influential Cloud bloggers," who collectively generated more than 24 million Ulitzer page views. Ulitzer's annual "most influential Cloud bloggers" list was announced at Cloud Expo, which drew more delegates than all other Cloud-related events put together worldwide. "The world's 50 most influential Cloud bloggers 2010" list will be announced at the Cloud Expo 2010 East, which will take place April 19-21, 2010, at the Jacob Javitz Convention Center, in New York City, with more than 5,000 expected to attend.
It's a simple fact that the better sales reps understand their prospects' intentions, preferences and pain points during calls, the more business they'll close. Each day, as your prospects interact with websites and social media platforms, their behavioral data profile is expanding. It's now possible to gain unprecedented insight into prospects' content preferences, product needs and budget. We hear a lot about how valuable Big Data is to sales and marketing teams. But data itself is only valuable when it's part of a bigger story, made visible in the right context.
Cloud Expo, Inc. has announced today that Larry Carvalho has been named Tech Chair of Cloud Expo® 2014. 14th International Cloud Expo will take place on June 10-12, 2014, at the Javits Center in New York City, New York, and 15th International Cloud Expo® will take place on November 4-6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
Everyone talks about a cloud-first or mobile-first strategy. It's the trend du jour, and for good reason as these innovative technologies have revolutionized an industry and made savvy companies a lot of money. But consider for a minute what's emerging with the Age of Context and the Internet of Things. Devices, interfaces, everyday objects are becoming endowed with computing smarts. This is creating an unprecedented focus on the Application Programming Interface (API) as developers seek to connect these devices and interfaces to create new supporting services and hybrids. I call this trend the move toward an API-first business model and strategy.
We live in a world that requires us to compete on our differential use of time and information, yet only a fraction of information workers today have access to the analytical capabilities they need to make better decisions. Now, with the advent of a new generation of embedded business intelligence (BI) platforms, cloud developers are disrupting the world of analytics. They are using these new BI platforms to inject more intelligence into the applications business people use every day. As a result, data-driven decision-making is finally on track to become the rule, not the exception.
Virtualization Blogs Live