|By Pravin Kothari||
|July 29, 2013 07:45 AM EDT||
In the last five years, organizations have increasingly embraced cloud applications to help them innovate and transform their business. Applications that automate sales processes, HR management, collaboration, email and file sharing are growing fast and enabling organizations to meet their needs in a shorter timeframe than ever before.
Cloud applications are ubiquitously employed across all industries. However, there are increased concerns about security and compliance of sensitive information, particularly in banking, insurance and in the public sector. A wide range of regulations and privacy laws make organizations directly responsible for protecting regulated information, but when this data is stored in the cloud, they have less direct control over leaks, theft or forced legal disclosure.
At the same time, leaks and thefts are occurring with increased frequency. The 2013 Verizon Data Breach Investigations Report revealed a total of 621 confirmed data breaches and over 47,000 security incidents in the last year, and a 2012 Ernst & Young survey found that only 38% of organizations implement an adequate security strategy.
A Three-Step Approach to Navigating Compliance Complexities
Though the risks - from malicious hacks to insider threats - can seem high, a holistic approach to cloud information protection can help companies reduce the risks of adopting the cloud.
First is the discovery stage. Before you can protect information in the cloud, you need to know where it is and who has access to it:
- Who should have access to certain information and who should not?
- What content is sensitive, proprietary, or regulated and how can it be identified?
- Where will this data reside in the cloud, and what range of regional privacy, disclosure and other laws might apply?
Then, you need to protect the information using the correct tools:
- Encrypt: As a baseline, unbreakable code - like military grade 256-bit AES - can scramble sensitive information into undecipherable gibberish to protect it from unauthorized viewers. Installing a cloud information protection platform at the network's edge ensures any data moving to the cloud is fully protected before it leaves the organization.
- Retain keys: Keep the keys that encrypt and decipher information under the control of the user organization. This ensures that all information requests must involve the owner, even if information is stored on a third-party cloud.
- Cloud data loss prevention: Customize policies on this to scan, detect and take action to protect information according to its level of sensitivity. This provides an additional level of security and control.
- Cloud malware detection: Screen information exchanges, including external and internal user uploaded attachments, in cloud applications in real-time for virus, malware and other embedded threats.
Finally, a recent breakthrough - operations-preserving encryption - has solved encryption's longstanding problem of breaking cloud application functions. This advancement enables users to search, sort and report on encrypted data in the cloud. In addition, an open platform capable of supporting all cloud applications and integrating third-party tools provides a stable foundation for protection.
The popularity of the cloud has driven privacy laws and data residency restrictions around the world. Businesses and chief information officers need to collaborate in finding new security models to use the cloud while ensuring sensitive information is fully protected. By embracing a new ecosystem of cloud-based security solutions, businesses can safely extend their virtual security perimeter while still complying with privacy regulations.
Both SaaS vendors and SaaS buyers are going “all-in” to hyperscale IaaS platforms such as AWS, which is disrupting the SaaS value proposition. Why should the enterprise SaaS consumer pay for the SaaS service if their data is resident in adjacent AWS S3 buckets? If both SaaS sellers and buyers are using the same cloud tools, automation and pay-per-transaction model offered by IaaS platforms, then why not host the “shrink-wrapped” software in the customers’ cloud? Further, serverless computing, cl...
Feb. 20, 2017 06:00 AM EST Reads: 1,608
The Software Defined Data Center (SDDC), which enables organizations to seamlessly run in a hybrid cloud model (public + private cloud), is here to stay. IDC estimates that the software-defined networking market will be valued at $3.7 billion by 2016. Security is a key component and benefit of the SDDC, and offers an opportunity to build security 'from the ground up' and weave it into the environment from day one. In his session at 16th Cloud Expo, Reuven Harrison, CTO and Co-Founder of Tufin, ...
Feb. 20, 2017 05:30 AM EST Reads: 4,574
WebRTC is the future of browser-to-browser communications, and continues to make inroads into the traditional, difficult, plug-in web communications world. The 6th WebRTC Summit continues our tradition of delivering the latest and greatest presentations within the world of WebRTC. Topics include voice calling, video chat, P2P file sharing, and use cases that have already leveraged the power and convenience of WebRTC.
Feb. 20, 2017 05:15 AM EST
Information technology (IT) advances are transforming the way we innovate in business, thereby disrupting the old guard and their predictable status-quo. It’s creating global market turbulence. Industries are converging, and new opportunities and threats are emerging, like never before. So, how are savvy chief information officers (CIOs) leading this transition? Back in 2015, the IBM Institute for Business Value conducted a market study that included the findings from over 1,800 CIO interviews ...
Feb. 20, 2017 05:15 AM EST Reads: 1,335
DevOps is being widely accepted (if not fully adopted) as essential in enterprise IT. But as Enterprise DevOps gains maturity, expands scope, and increases velocity, the need for data-driven decisions across teams becomes more acute. DevOps teams in any modern business must wrangle the ‘digital exhaust’ from the delivery toolchain, "pervasive" and "cognitive" computing, APIs and services, mobile devices and applications, the Internet of Things, and now even blockchain.
Feb. 20, 2017 04:30 AM EST Reads: 150
With the proliferation of both SQL and NoSQL databases, organizations can now target specific fit-for-purpose database tools for their different application needs regarding scalability, ease of use, ACID support, etc. Platform as a Service offerings make this even easier now, enabling developers to roll out their own database infrastructure in minutes with minimal management overhead. However, this same amount of flexibility also comes with the challenges of picking the right tool, on the right ...
Feb. 20, 2017 03:30 AM EST Reads: 6,145
“We're a global managed hosting provider. Our core customer set is a U.S.-based customer that is looking to go global,” explained Adam Rogers, Managing Director at ANEXIA, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Feb. 20, 2017 03:15 AM EST Reads: 1,336
Security, data privacy, reliability and regulatory compliance are critical factors when evaluating whether to move business applications from in-house client hosted environments to a cloud platform. In her session at 18th Cloud Expo, Vandana Viswanathan, Associate Director at Cognizant, In this session, will provide an orientation to the five stages required to implement a cloud hosted solution validation strategy.
Feb. 20, 2017 02:00 AM EST Reads: 4,156
In today's uber-connected, consumer-centric, cloud-enabled, insights-driven, multi-device, global world, the focus of solutions has shifted from the product that is sold to the person who is buying the product or service. Enterprises have rebranded their business around the consumers of their products. The buyer is the person and the focus is not on the offering. The person is connected through multiple devices, wearables, at home, on the road, and in multiple locations, sometimes simultaneously...
Feb. 20, 2017 02:00 AM EST Reads: 6,102
"We host and fully manage cloud data services, whether we store, the data, move the data, or run analytics on the data," stated Kamal Shannak, Senior Development Manager, Cloud Data Services, IBM, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Feb. 20, 2017 01:00 AM EST Reads: 5,214
China Unicom exhibit at the 19th International Cloud Expo, which took place at the Santa Clara Convention Center in Santa Clara, CA, in November 2016. China United Network Communications Group Co. Ltd ("China Unicom") was officially established in 2009 on the basis of the merger of former China Netcom and former China Unicom. China Unicom mainly operates a full range of telecommunications services including mobile broadband (GSM, WCDMA, LTE FDD, TD-LTE), fixed-line broadband, ICT, data communica...
Feb. 20, 2017 01:00 AM EST Reads: 832
All organizations that did not originate this moment have a pre-existing culture as well as legacy technology and processes that can be more or less amenable to DevOps implementation. That organizational culture is influenced by the personalities and management styles of Executive Management, the wider culture in which the organization is situated, and the personalities of key team members at all levels of the organization. This culture and entrenched interests usually throw a wrench in the work...
Feb. 20, 2017 12:45 AM EST Reads: 2,395
Zerto exhibited at SYS-CON's 18th International Cloud Expo®, which took place at the Javits Center in New York City, NY, in June 2016. Zerto is committed to keeping enterprise and cloud IT running 24/7 by providing innovative, simple, reliable and scalable business continuity software solutions. Through the Zerto Cloud Continuity Platform™, organizations can seamlessly move and protect virtualized workloads between public, private and hybrid clouds. The company’s flagship product, Zerto Virtual...
Feb. 20, 2017 12:15 AM EST Reads: 971
As businesses adopt functionalities in cloud computing, it’s imperative that IT operations consistently ensure cloud systems work correctly – all of the time, and to their best capabilities. In his session at @BigDataExpo, Bernd Harzog, CEO and founder of OpsDataStore, will present an industry answer to the common question, “Are you running IT operations as efficiently and as cost effectively as you need to?” He will expound on the industry issues he frequently came up against as an analyst, and...
Feb. 20, 2017 12:00 AM EST Reads: 1,415
WebRTC is about the data channel as much as about video and audio conferencing. However, basically all commercial WebRTC applications have been built with a focus on audio and video. The handling of “data” has been limited to text chat and file download – all other data sharing seems to end with screensharing. What is holding back a more intensive use of peer-to-peer data? In her session at @ThingsExpo, Dr Silvia Pfeiffer, WebRTC Applications Team Lead at National ICT Australia, looked at differ...
Feb. 19, 2017 10:30 PM EST Reads: 6,156