Related Topics: @CloudExpo, Microservices Expo, Agile Computing, Cloud Security, @BigDataExpo, SDN Journal

@CloudExpo: Article

Cloud Computing: How Can Companies Reduce the Security Risk?

A three-step approach to navigating compliance complexities

In the last five years, organizations have increasingly embraced cloud applications to help them innovate and transform their business. Applications that automate sales processes, HR management, collaboration, email and file sharing are growing fast and enabling organizations to meet their needs in a shorter timeframe than ever before.

Cloud applications are ubiquitously employed across all industries. However, there are increased concerns about security and compliance of sensitive information, particularly in banking, insurance and in the public sector. A wide range of regulations and privacy laws make organizations directly responsible for protecting regulated information, but when this data is stored in the cloud, they have less direct control over leaks, theft or forced legal disclosure.

At the same time, leaks and thefts are occurring with increased frequency. The 2013 Verizon Data Breach Investigations Report revealed a total of 621 confirmed data breaches and over 47,000 security incidents in the last year, and a 2012 Ernst & Young survey found that only 38% of organizations implement an adequate security strategy.

A Three-Step Approach to Navigating Compliance Complexities
Though the risks - from malicious hacks to insider threats - can seem high, a holistic approach to cloud information protection can help companies reduce the risks of adopting the cloud.

First is the discovery stage. Before you can protect information in the cloud, you need to know where it is and who has access to it:

  • Who should have access to certain information and who should not?
  • What content is sensitive, proprietary, or regulated and how can it be identified?
  • Where will this data reside in the cloud, and what range of regional privacy, disclosure and other laws might apply?

Then, you need to protect the information using the correct tools:

  • Encrypt: As a baseline, unbreakable code - like military grade 256-bit AES - can scramble sensitive information into undecipherable gibberish to protect it from unauthorized viewers. Installing a cloud information protection platform at the network's edge ensures any data moving to the cloud is fully protected before it leaves the organization.
  • Retain keys: Keep the keys that encrypt and decipher information under the control of the user organization. This ensures that all information requests must involve the owner, even if information is stored on a third-party cloud.
  • Cloud data loss prevention: Customize policies on this to scan, detect and take action to protect information according to its level of sensitivity. This provides an additional level of security and control.
  • Cloud malware detection: Screen information exchanges, including external and internal user uploaded attachments, in cloud applications in real-time for virus, malware and other embedded threats.

Finally, a recent breakthrough - operations-preserving encryption - has solved encryption's longstanding problem of breaking cloud application functions. This advancement enables users to search, sort and report on encrypted data in the cloud. In addition, an open platform capable of supporting all cloud applications and integrating third-party tools provides a stable foundation for protection.

The popularity of the cloud has driven privacy laws and data residency restrictions around the world. Businesses and chief information officers need to collaborate in finding new security models to use the cloud while ensuring sensitive information is fully protected. By embracing a new ecosystem of cloud-based security solutions, businesses can safely extend their virtual security perimeter while still complying with privacy regulations.

More Stories By Pravin Kothari

Pravin Kothari is the founder and CEO of CipherCloud. He founded CipherCloud in 2010 when he recognized that while the cloud was disrupting enterprise IT with explosive growth, the security technologies had not kept pace and enterprises were losing control over their sensitive data.

Pravin is driving the rapid growth of CipherCloud by managing its business, strategy, and operations. He is a security visionary with more than 20 years of experience building industry-leading companies and bringing innovative products to market.

Pravin was the Founder & CTO of Agiliance, a leading Security Risk Management company, and Co-founder & VP Engineering of ArcSight, a leading security company, which was acquired by HP for $1.6 billion. Previously, he was Co-founder & Chief Architect at Impresse Corporation and also held technical leadership positions at Verity, Attachmate, and Tata Consultancy Services.

Pravin holds over a dozen patents in security technologies and is the inventor behind CipherCloud’s groundbreaking cloud encryption technology.

Comments (1)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

Latest Stories
We are always online. We access our data, our finances, work, and various services on the Internet. But we live in a congested world of information in which the roads were built two decades ago. The quest for better, faster Internet routing has been around for a decade, but nobody solved this problem. We’ve seen band aid approaches like CDNs that attack a niche's slice of static content part of the Internet, but that’s it. It does not address the dynamic services-based Internet of today. It doe...
Between the mockups and specs produced by analysts, and resulting applications built by developers, there exists a gulf where projects fail, costs spiral, and applications disappoint. Methodologies like Agile attempt to address this with intensified communication, with partial success but many limitations. In his session at @DevOpsSummit at 19th Cloud Expo, Charles Kendrick, CTO at Isomorphic Software, will present a revolutionary model enabled by new technologies. Learn how business and deve...
In the 21st century, security on the Internet has become one of the most important issues. We hear more and more about cyber-attacks on the websites of large corporations, banks and even small businesses. When online we’re concerned not only for our own safety but also our privacy. We have to know that hackers usually start their preparation by investigating the private information of admins – the habits, interests, visited websites and so on. On the other hand, our own security is in danger bec...
In his session at Cloud Expo, Robert Cohen, an economist and senior fellow at the Economic Strategy Institute, will provide economic scenarios that describe how the rapid adoption of software-defined everything including cloud services, SDDC and open networking will change GDP, industry growth, productivity and jobs. This session will also include a drill down for several industries such as finance, social media, cloud service providers and pharmaceuticals.
DevOps is speeding towards the IT world like a freight train and the hype around it is deafening. There is no reason to be afraid of this change as it is the natural reaction to the agile movement that revolutionized development just a few years ago. By definition, DevOps is the natural alignment of IT performance to business profitability. The relevance of this has yet to be quantified but it has been suggested that the route to the CEO’s chair will come from the IT leaders that successfully ma...
The Internet of Things (IoT), in all its myriad manifestations, has great potential. Much of that potential comes from the evolving data management and analytic (DMA) technologies and processes that allow us to gain insight from all of the IoT data that can be generated and gathered. This potential may never be met as those data sets are tied to specific industry verticals and single markets, with no clear way to use IoT data and sensor analytics to fulfill the hype being given the IoT today.
@ThingsExpo has been named the Top 5 Most Influential M2M Brand by Onalytica in the ‘Machine to Machine: Top 100 Influencers and Brands.' Onalytica analyzed the online debate on M2M by looking at over 85,000 tweets to provide the most influential individuals and brands that drive the discussion. According to Onalytica the "analysis showed a very engaged community with a lot of interactive tweets. The M2M discussion seems to be more fragmented and driven by some of the major brands present in the...
SYS-CON Events announced today that Interface Masters Technologies, a leader in Network Visibility and Uptime Solutions, will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Interface Masters Technologies is a leading vendor in the network monitoring and high speed networking markets. Based in the heart of Silicon Valley, Interface Masters' expertise lies in Gigabit, 10 Gigabit and 40 Gigabit Eth...
As the world moves toward more DevOps and Microservices, application deployment to the cloud ought to become a lot simpler. The Microservices architecture, which is the basis of many new age distributed systems such as OpenStack, NetFlix and so on, is at the heart of Cloud Foundry - a complete developer-oriented Platform as a Service (PaaS) that is IaaS agnostic and supports vCloud, OpenStack and AWS. Serverless computing is revolutionizing computing. In his session at 19th Cloud Expo, Raghav...
Fact: storage performance problems have only gotten more complicated, as applications not only have become largely virtualized, but also have moved to cloud-based infrastructures. Storage performance in virtualized environments isn’t just about IOPS anymore. Instead, you need to guarantee performance for individual VMs, helping applications maintain performance as the number of VMs continues to go up in real time. In his session at Cloud Expo, Dhiraj Sehgal, Product and Marketing at Tintri, wil...
DevOps is being widely accepted (if not fully adopted) as essential in enterprise IT. But as Enterprise DevOps gains maturity, expands scope, and increases velocity, the need for data-driven decisions across teams becomes more acute. DevOps teams in any modern business must wrangle the ‘digital exhaust’ from the delivery toolchain, "pervasive" and "cognitive" computing, APIs and services, mobile devices and applications, the Internet of Things, and now even blockchain. In this power panel at @...
As software becomes more and more complex, we, as software developers, have been splitting up our code into smaller and smaller components. This is also true for the environment in which we run our code: going from bare metal, to VMs to the modern-day Cloud Native world of containers, schedulers and microservices. While we have figured out how to run containerized applications in the cloud using schedulers, we've yet to come up with a good solution to bridge the gap between getting your conta...
If you had a chance to enter on the ground level of the largest e-commerce market in the world – would you? China is the world’s most populated country with the second largest economy and the world’s fastest growing market. It is estimated that by 2018 the Chinese market will be reaching over $30 billion in gaming revenue alone. Admittedly for a foreign company, doing business in China can be challenging. Often changing laws, administrative regulations and the often inscrutable Chinese Interne...
Enterprise IT has been in the era of Hybrid Cloud for some time now. But it seems most conversations about Hybrid are focused on integrating AWS, Microsoft Azure, or Google ECM into existing on-premises systems. Where is all the Private Cloud? What do technology providers need to do to make their offerings more compelling? How should enterprise IT executives and buyers define their focus, needs, and roadmap, and communicate that clearly to the providers?
SYS-CON Events announced today that Streamlyzer will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Streamlyzer is a powerful analytics for video streaming service that enables video streaming providers to monitor and analyze QoE (Quality-of-Experience) from end-user devices in real time.