@CloudExpo Authors: Zakia Bouachraoui, Yeshim Deniz, Pat Romanski, Elizabeth White, Liz McMillan

Related Topics: @CloudExpo, Cloud Security

@CloudExpo: Blog Feed Post

Security Automation – A Fundamental Promise to Cloud ISVs

Software vendors that use their cloud have an intense need for security, and they need it packaged with cloud friendly APIs

In a recent conversation with a public cloud provider, the message was loud and clear. Software vendors that use their cloud have an intense need for security, and they need it packaged with cloud friendly APIs (Application Program Interfaces).

This is actually a deep point. There have been a lot of recent debates trying to define “what is cloud”, yet arguably one of the most interesting definitions requires the ability to automate the infrastructure using APIs.

Typical APIs in the cloud are web service APIs, using technologies such as XML and HTTP. But the topic is not really a technology topic – its a fundamental business model topic.

When functionality in the cloud can be automated via API, the benefit is elasticity and flexibility. Servers and storage can be added and removed at will, and the “will” is not just an administrators will but can be an automated script that modifes resources based on changing demand.

This is a Good Thing. Indeed, it is the fundamental promise of cloud technology, along with pay-as-you-go economics.

ISVs (Independent Software Vendors) understand this even more than most, since their entire business depends on the ability to use the cloud infrastructure in an automated way without human intervention.

Now mix in security. Everyone “knows” that security is the barrier to adoption in the cloud. Yet there is a dearth of cloud-friendly security solutions out there. To be truly cloud friendly, a security solution must have APIs that allow:

  • Start, stop, restart, and termination of security functionality
  • Attaching security functionality to a specific cloud storage resource, e.g. to a virtual disk
  • Modifying access control rules for the storage
  • Locking (and unlocking) access to data
  • Managing alerts and reports, and routing them to appropriate management applications.
  • Managing encryption keys associated with the secured storage (such keys, by the way, cannot be stored in the virtual cloud environment, but that’s a different story).

A few security specialists have started to notice this, notably Porticor. Such API-driven automation allows dealing with the security barrier while respecting the fundamental cloud model.

No wonder our friends in the cloud provision community see this as a high priority.

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.

CloudEXPO Stories
Digital Transformation (DX) is a major focus with the introduction of DXWorldEXPO within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throughout enterprises of all sizes. We are offering early bird savings on all ticket types where you can save significant amount of money by purchasing your conference tickets today.
This is going to be a live demo on a production ready CICD pipeline which automate the deployment of application onto AWS ECS and Fargate. The same pipeline will automate deployment into various environment such as Test, UAT, and Prod. The pipeline will go through various stages such as source, build, test, approval, UAT stage, Prod stage. The demo will utilize only AWS services including AWS CodeCommit, Codebuild, code pipeline, Elastic container service (ECS), ECR, and Fargate.
SAP is the world leader in enterprise applications in terms of software and software-related service revenue. Based on market capitalization, we are the world's third largest independent software manufacturer. Harness the power of your data and accelerate trusted outcome-driven innovation by developing intelligent and live solutions for real-time decisions and actions on a single data copy. Support next-generation transactional and analytical processing with a broad set of advanced analytics - run securely across hybrid and multicloud environments.
Cloud-enabled transformation has evolved from cost saving measure to business innovation strategy -- one that combines the cloud with cognitive capabilities to drive market disruption. Learn how you can achieve the insight and agility you need to gain a competitive advantage. Industry-acclaimed CTO and cloud expert, Shankar Kalyana presents. Only the most exceptional IBMers are appointed with the rare distinction of IBM Fellow, the highest technical honor in the company. Shankar has also received the prestigious Outstanding Technical Achievement Award three times - an accomplishment befitting only the most innovative thinkers. Shankar Kalyana is among the most respected strategists in the global technology industry. As CTO, with over 32 years of IT experience, Mr. Kalyana has architected, designed, developed, and implemented custom and packaged software solutions across a vast spectrum o...
Despite being the market leader, we recognized the need to transform and reinvent our business at Dynatrace, before someone else disrupted the market. Over the course of three years, we changed everything - our technology, our culture and our brand image. In this session we'll discuss how we navigated through our own innovator's dilemma, and share takeaways from our experience that you can apply to your own organization.