|By Paige Leidig||
|March 11, 2014 08:00 AM EDT||
Cloud computing brings a myriad of benefits for any enterprise, but it is also a cause for concern in a world where, according to InformationWeek, cyber criminals are now targeting "any company where they can find data to resell, disrupt or exploit."
Moving your company's sensitive data into the hands of third-party cloud providers expands and complicates the risk landscape in which you operate every day.
In order to understand what concerns should be given emphasis in your cloud security strategy, you need to understand what you can't afford to lose and what can protect you.
Understanding what you can't afford to lose
Data breaches, according to the Cloud Security Alliance, are the top cloud computing security threat for 2013 and beyond. Sensitive data can be of enormous value to a hacker, so you need to consider what sensitive data you are storing in the cloud.
This might be anything a criminal can use to determine or steal someone's identity, such as personally identifiable information (PII) like full names, addresses, birth dates, some IP addresses, and online logins and passwords; and financial information such as bank account numbers and PINs. Furthermore, you should consider any confidential corporate information you might share in the cloud.
Essentially, ask yourself "What do I have that others might want?" and "What do I have that I can't afford to lose?" Data privacy regulations often demand public breach notifications in the event of a malicious data breach or inadvertent data loss - particularly if the information is in the clear.
If your security strategy fails to protect sensitive data, your enterprise could face severe consequences in terms of business and reputation loss as the result of disclosure.
Understand what can protect you if you do lose your data
Businesses migrating to the cloud should lock down any sensitive data before it leaves the premises. As the Snowden leaks indicate, third-party cloud surveillance is ubiquitous, so the more open your data and access policies are for harvesting, the greater the risks to your cloud security strategy.
Deploy an encryption scheme that provides limited, controlled, enterprise-exclusive encryption key access. When you retain exclusive control of your encryption keys, you eliminate that concern of a data breach regardless of where your data resides or how many copies of it exist.
In many jurisdictions, a breach of strongly encrypted data to which the enterprise holds the key does not require public notification.
Even the systems you and your CSPs may have in place to prevent accidental erasure of your data can pose dangers to your enterprise's data privacy.
While backups, redundancy and other failover strategies protect against data loss due to deletion or system failures, they also create extra opportunities for the theft of this data that you consider important.
Keep in mind that, if you terminate your services with a particular CSP, you can never be certain the data has been digitally destroyed.
Moving to the cloud need not be complicated. An important element is for businesses to decide what data to put in the cloud - and then to encrypt it and retain the keys.
Redis is not only the fastest database, but it is the most popular among the new wave of databases running in containers. Redis speeds up just about every data interaction between your users or operational systems. In his session at 19th Cloud Expo, Dave Nielsen, Developer Advocate, Redis Labs, will share the functions and data structures used to solve everyday use cases that are driving Redis' popularity.
Jul. 30, 2016 07:30 PM EDT Reads: 1,752
I wanted to gather all of my Internet of Things (IOT) blogs into a single blog (that I could later use with my University of San Francisco (USF) Big Data “MBA” course). However as I started to pull these blogs together, I realized that my IOT discussion lacked a vision; it lacked an end point towards which an organization could drive their IOT envisioning, proof of value, app dev, data engineering and data science efforts. And I think that the IOT end point is really quite simple…
Jul. 30, 2016 07:30 PM EDT Reads: 1,314
Internet of @ThingsExpo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with the 19th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world and ThingsExpo Silicon Valley Call for Papers is now open.
Jul. 30, 2016 07:00 PM EDT Reads: 2,768
You think you know what’s in your data. But do you? Most organizations are now aware of the business intelligence represented by their data. Data science stands to take this to a level you never thought of – literally. The techniques of data science, when used with the capabilities of Big Data technologies, can make connections you had not yet imagined, helping you discover new insights and ask new questions of your data. In his session at @ThingsExpo, Sarbjit Sarkaria, data science team lead ...
Jul. 30, 2016 05:00 PM EDT Reads: 1,300
To leverage Continuous Delivery, enterprises must consider impacts that span functional silos, as well as applications that touch older, slower moving components. Managing the many dependencies can cause slowdowns. See how to achieve continuous delivery in the enterprise.
Jul. 30, 2016 04:30 PM EDT Reads: 576
WebRTC is bringing significant change to the communications landscape that will bridge the worlds of web and telephony, making the Internet the new standard for communications. Cloud9 took the road less traveled and used WebRTC to create a downloadable enterprise-grade communications platform that is changing the communication dynamic in the financial sector. In his session at @ThingsExpo, Leo Papadopoulos, CTO of Cloud9, discussed the importance of WebRTC and how it enables companies to focus...
Jul. 30, 2016 04:30 PM EDT Reads: 1,121
"My role is working with customers, helping them go through this digital transformation. I spend a lot of time talking to banks, big industries, manufacturers working through how they are integrating and transforming their IT platforms and moving them forward," explained William Morrish, General Manager Product Sales at Interoute, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Jul. 30, 2016 04:30 PM EDT Reads: 2,271
Up until last year, enterprises that were looking into cloud services usually undertook a long-term pilot with one of the large cloud providers, running test and dev workloads in the cloud. With cloud’s transition to mainstream adoption in 2015, and with enterprises migrating more and more workloads into the cloud and in between public and private environments, the single-provider approach must be revisited. In his session at 18th Cloud Expo, Yoav Mor, multi-cloud solution evangelist at Cloudy...
Jul. 30, 2016 04:15 PM EDT Reads: 635
Aspose.Total for .NET is the most complete package of all file format APIs for .NET as offered by Aspose. It empowers developers to create, edit, render, print and convert between a wide range of popular document formats within any .NET, C#, ASP.NET and VB.NET applications. Aspose compiles all .NET APIs on a daily basis to ensure that it contains the most up to date versions of each of Aspose .NET APIs. If a new .NET API or a new version of existing APIs is released during the subscription peri...
Jul. 30, 2016 02:30 PM EDT Reads: 1,064
Security, data privacy, reliability, and regulatory compliance are critical factors when evaluating whether to move business applications from in-house, client-hosted environments to a cloud platform. Quality assurance plays a vital role in ensuring that the appropriate level of risk assessment, verification, and validation takes place to ensure business continuity during the migration to a new cloud platform.
Jul. 30, 2016 02:00 PM EDT Reads: 533
SYS-CON Events announced today that 910Telecom will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Housed in the classic Denver Gas & Electric Building, 910 15th St., 910Telecom is a carrier-neutral telecom hotel located in the heart of Denver. Adjacent to CenturyLink, AT&T, and Denver Main, 910Telecom offers connectivity to all major carriers, Internet service providers, Internet backbones and ...
Jul. 30, 2016 01:30 PM EDT Reads: 979
Ovum, a leading technology analyst firm, has published an in-depth report, Ovum Decision Matrix: Selecting a DevOps Release Management Solution, 2016–17. The report focuses on the automation aspects of DevOps, Release Management and compares solutions from the leading vendors.
Jul. 30, 2016 01:00 PM EDT Reads: 1,858
Continuous testing helps bridge the gap between developing quickly and maintaining high quality products. But to implement continuous testing, CTOs must take a strategic approach to building a testing infrastructure and toolset that empowers their team to move fast. Download our guide to laying the groundwork for a scalable continuous testing strategy.
Jul. 30, 2016 01:00 PM EDT Reads: 2,130
Adding public cloud resources to an existing application can be a daunting process. The tools that you currently use to manage the software and hardware outside the cloud aren’t always the best tools to efficiently grow into the cloud. All of the major configuration management tools have cloud orchestration plugins that can be leveraged, but there are also cloud-native tools that can dramatically improve the efficiency of managing your application lifecycle. In his session at 18th Cloud Expo, ...
Jul. 30, 2016 12:00 PM EDT Reads: 1,365
SYS-CON Events announced today that LeaseWeb USA, a cloud Infrastructure-as-a-Service (IaaS) provider, will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. LeaseWeb is one of the world's largest hosting brands. The company helps customers define, develop and deploy IT infrastructure tailored to their exact business needs, by combining various kinds cloud solutions.
Jul. 30, 2016 11:30 AM EDT Reads: 1,409