|By Paige Leidig||
|March 11, 2014 08:00 AM EDT||
Cloud computing brings a myriad of benefits for any enterprise, but it is also a cause for concern in a world where, according to InformationWeek, cyber criminals are now targeting "any company where they can find data to resell, disrupt or exploit."
Moving your company's sensitive data into the hands of third-party cloud providers expands and complicates the risk landscape in which you operate every day.
In order to understand what concerns should be given emphasis in your cloud security strategy, you need to understand what you can't afford to lose and what can protect you.
Understanding what you can't afford to lose
Data breaches, according to the Cloud Security Alliance, are the top cloud computing security threat for 2013 and beyond. Sensitive data can be of enormous value to a hacker, so you need to consider what sensitive data you are storing in the cloud.
This might be anything a criminal can use to determine or steal someone's identity, such as personally identifiable information (PII) like full names, addresses, birth dates, some IP addresses, and online logins and passwords; and financial information such as bank account numbers and PINs. Furthermore, you should consider any confidential corporate information you might share in the cloud.
Essentially, ask yourself "What do I have that others might want?" and "What do I have that I can't afford to lose?" Data privacy regulations often demand public breach notifications in the event of a malicious data breach or inadvertent data loss - particularly if the information is in the clear.
If your security strategy fails to protect sensitive data, your enterprise could face severe consequences in terms of business and reputation loss as the result of disclosure.
Understand what can protect you if you do lose your data
Businesses migrating to the cloud should lock down any sensitive data before it leaves the premises. As the Snowden leaks indicate, third-party cloud surveillance is ubiquitous, so the more open your data and access policies are for harvesting, the greater the risks to your cloud security strategy.
Deploy an encryption scheme that provides limited, controlled, enterprise-exclusive encryption key access. When you retain exclusive control of your encryption keys, you eliminate that concern of a data breach regardless of where your data resides or how many copies of it exist.
In many jurisdictions, a breach of strongly encrypted data to which the enterprise holds the key does not require public notification.
Even the systems you and your CSPs may have in place to prevent accidental erasure of your data can pose dangers to your enterprise's data privacy.
While backups, redundancy and other failover strategies protect against data loss due to deletion or system failures, they also create extra opportunities for the theft of this data that you consider important.
Keep in mind that, if you terminate your services with a particular CSP, you can never be certain the data has been digitally destroyed.
Moving to the cloud need not be complicated. An important element is for businesses to decide what data to put in the cloud - and then to encrypt it and retain the keys.
DevOps is being widely accepted (if not fully adopted) as essential in enterprise IT. But as Enterprise DevOps gains maturity, expands scope, and increases velocity, the need for data-driven decisions across teams becomes more acute. DevOps teams in any modern business must wrangle the ‘digital exhaust’ from the delivery toolchain, "pervasive" and "cognitive" computing, APIs and services, mobile devices and applications, the Internet of Things, and now even blockchain.
Feb. 20, 2017 06:45 AM EST Reads: 165
In the first article of this three-part series on hybrid cloud security, we discussed the Shared Responsibility Model and examined how the most common attack strategies persist, are amplified, or are mitigated as assets move from data centers to the cloud. Today, we’ll look at some of the unique security challenges that are introduced by public cloud environments. While cloud computing delivers many operational, cost-saving and security benefits, it takes place in a public, shared and on-demand ...
Feb. 20, 2017 06:30 AM EST Reads: 1,070
Both SaaS vendors and SaaS buyers are going “all-in” to hyperscale IaaS platforms such as AWS, which is disrupting the SaaS value proposition. Why should the enterprise SaaS consumer pay for the SaaS service if their data is resident in adjacent AWS S3 buckets? If both SaaS sellers and buyers are using the same cloud tools, automation and pay-per-transaction model offered by IaaS platforms, then why not host the “shrink-wrapped” software in the customers’ cloud? Further, serverless computing, cl...
Feb. 20, 2017 06:00 AM EST Reads: 1,626
The Software Defined Data Center (SDDC), which enables organizations to seamlessly run in a hybrid cloud model (public + private cloud), is here to stay. IDC estimates that the software-defined networking market will be valued at $3.7 billion by 2016. Security is a key component and benefit of the SDDC, and offers an opportunity to build security 'from the ground up' and weave it into the environment from day one. In his session at 16th Cloud Expo, Reuven Harrison, CTO and Co-Founder of Tufin, ...
Feb. 20, 2017 05:30 AM EST Reads: 4,577
WebRTC is the future of browser-to-browser communications, and continues to make inroads into the traditional, difficult, plug-in web communications world. The 6th WebRTC Summit continues our tradition of delivering the latest and greatest presentations within the world of WebRTC. Topics include voice calling, video chat, P2P file sharing, and use cases that have already leveraged the power and convenience of WebRTC.
Feb. 20, 2017 05:15 AM EST
Information technology (IT) advances are transforming the way we innovate in business, thereby disrupting the old guard and their predictable status-quo. It’s creating global market turbulence. Industries are converging, and new opportunities and threats are emerging, like never before. So, how are savvy chief information officers (CIOs) leading this transition? Back in 2015, the IBM Institute for Business Value conducted a market study that included the findings from over 1,800 CIO interviews ...
Feb. 20, 2017 05:15 AM EST Reads: 1,348
With the proliferation of both SQL and NoSQL databases, organizations can now target specific fit-for-purpose database tools for their different application needs regarding scalability, ease of use, ACID support, etc. Platform as a Service offerings make this even easier now, enabling developers to roll out their own database infrastructure in minutes with minimal management overhead. However, this same amount of flexibility also comes with the challenges of picking the right tool, on the right ...
Feb. 20, 2017 03:30 AM EST Reads: 6,147
“We're a global managed hosting provider. Our core customer set is a U.S.-based customer that is looking to go global,” explained Adam Rogers, Managing Director at ANEXIA, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Feb. 20, 2017 03:15 AM EST Reads: 1,339
In today's uber-connected, consumer-centric, cloud-enabled, insights-driven, multi-device, global world, the focus of solutions has shifted from the product that is sold to the person who is buying the product or service. Enterprises have rebranded their business around the consumers of their products. The buyer is the person and the focus is not on the offering. The person is connected through multiple devices, wearables, at home, on the road, and in multiple locations, sometimes simultaneously...
Feb. 20, 2017 02:00 AM EST Reads: 6,105
Security, data privacy, reliability and regulatory compliance are critical factors when evaluating whether to move business applications from in-house client hosted environments to a cloud platform. In her session at 18th Cloud Expo, Vandana Viswanathan, Associate Director at Cognizant, In this session, will provide an orientation to the five stages required to implement a cloud hosted solution validation strategy.
Feb. 20, 2017 02:00 AM EST Reads: 4,156
China Unicom exhibit at the 19th International Cloud Expo, which took place at the Santa Clara Convention Center in Santa Clara, CA, in November 2016. China United Network Communications Group Co. Ltd ("China Unicom") was officially established in 2009 on the basis of the merger of former China Netcom and former China Unicom. China Unicom mainly operates a full range of telecommunications services including mobile broadband (GSM, WCDMA, LTE FDD, TD-LTE), fixed-line broadband, ICT, data communica...
Feb. 20, 2017 01:00 AM EST Reads: 833
"We host and fully manage cloud data services, whether we store, the data, move the data, or run analytics on the data," stated Kamal Shannak, Senior Development Manager, Cloud Data Services, IBM, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Feb. 20, 2017 01:00 AM EST Reads: 5,215
All organizations that did not originate this moment have a pre-existing culture as well as legacy technology and processes that can be more or less amenable to DevOps implementation. That organizational culture is influenced by the personalities and management styles of Executive Management, the wider culture in which the organization is situated, and the personalities of key team members at all levels of the organization. This culture and entrenched interests usually throw a wrench in the work...
Feb. 20, 2017 12:45 AM EST Reads: 2,400
Zerto exhibited at SYS-CON's 18th International Cloud Expo®, which took place at the Javits Center in New York City, NY, in June 2016. Zerto is committed to keeping enterprise and cloud IT running 24/7 by providing innovative, simple, reliable and scalable business continuity software solutions. Through the Zerto Cloud Continuity Platform™, organizations can seamlessly move and protect virtualized workloads between public, private and hybrid clouds. The company’s flagship product, Zerto Virtual...
Feb. 20, 2017 12:15 AM EST Reads: 972
As businesses adopt functionalities in cloud computing, it’s imperative that IT operations consistently ensure cloud systems work correctly – all of the time, and to their best capabilities. In his session at @BigDataExpo, Bernd Harzog, CEO and founder of OpsDataStore, will present an industry answer to the common question, “Are you running IT operations as efficiently and as cost effectively as you need to?” He will expound on the industry issues he frequently came up against as an analyst, and...
Feb. 20, 2017 12:00 AM EST Reads: 1,415