Welcome!

@CloudExpo Authors: Elizabeth White, Kelly Burford, Karthick Viswanathan, Xenia von Wedel, Yeshim Deniz

Related Topics: @CloudExpo, Microservices Expo, Open Source Cloud, Containers Expo Blog, Cloud Security

@CloudExpo: Article

A Fistful of Fears: Our Top Five Security Issues

The industry as a whole does seem to have formed a rough consensus as to what our top security priorities are now

If you work in information technology and you passed through the city of London over the last week it would have been hard not to notice the InfoSec IT security conference being held at the Earl's Court exhibition center.

Logically of course, certain themes and trends came out of this event, which (at a macroeconomic level at least) may provide some insight for chief information officers trying to analyse the state of their current security operation as they try to quantify the vulnerabilities that they may be harboring within their firm's operational structure.

Whether we are all genuinely on the same page technologically, or whether our social media streams are now so inextricably interconnected is hard to say - but the industry as a whole does seem to have formed a rough consensus as to what our top security priorities are now.

Let us try and summarize...

Cloud based risks - As any cloud vendor/hosting provider will tell you, the cloud itself is not inherently insecure; the risk factor here is simply a question of what type of data you decide to host inside a virtualized hosted environment (i.e., mission-critical or less sensitive) and what encryption mechanisms you place over it.

Despite this "essential truism" there is disquiet, discord and discomfort among many companies considering cloud migration procedures stemming from security fears, real or perceived.

Privacy-related risks - Sir Tim Berners-Lee has called for web companies like Facebook and Google to stop profiteering (as he puts it) from selling information people don't even know these companies have. At the same time, business interaction networks company Axway has revealed findings that show that since April 2010, 35% of complaints to the Information Commissioner Office (ICO) involved disclosure of personal data and security breaches despite Data Protection Act (DPA) penalties and the threat of prosecution that corporations face.

According to Axway's John Thielens, "Alarming as that figure is, it comes as no surprise that consumers in the UK are uniting in voicing their concerns about how their personal identifiable information is being leaked by trusted private and public organizations without their knowledge. Conversely, and of heightened concern, is that the average data breach costs UK companies £79 per record, of which £37 equates to indirect costs - such as loyal customer defection and brand erosion."

Mobile related risks - Okay so who wants to say it first? Bring Your Own Device is the most pertinent mobile-related IT security risk and threat at the moment. This is of course brought about by the so-called consumerization of IT where users takes their own high-end smartphones, tablets and laptops into the work environment and connect them (wired or wirelessly) to the corporate network in an unsecured and unmanaged manner.

You can expect to see more and more "solutions" directly addressing this issue, especially as users need to use these devices to remotely synchronize data with the corporate network when they are on the move.

Advanced persistent threats - Common understanding of the problem of advanced persistent threats is that a wide range of attack techniques and vectors (advanced) will be used for a period of consistent activity focused on a specific target (persistent) to produce an attack to compromise and damage (threaten) a commercial firm's or a public body's data stack.

Security intelligence and deep analytics - Some (but not all) of the problem here is at the application development level as we start to drill down into exactly what data sources individual applications use to execute. HP Fortify Software security consultant Lucas von Stockhausen has said that with HP Fortify Solutions developers have the possibility to test their code for security vulnerabilities before going live. This can be carried out either locally on their desktops, centrally on a build server, or in the cloud.

"With this approach developers get all the information to fix the issues and deliver secure code for desktop, server, web and mobile applications. Together with the industry-proven Software Security Assurance (SSA) methodology, HP can integrate this seamlessly into the existing development processes without security becoming a burden for the developer," said Stockhausen.

So if April was the month for security awareness, then let's hope that May and onwards are the months of security competency for companies in all verticals and of all shapes and sizes.

•   •   •

This post was first published on the Enterprise CIO Forum.

More Stories By Adrian Bridgwater

Adrian Bridgwater is a freelance journalist and corporate content creation specialist focusing on cross platform software application development as well as all related aspects software engineering, project management and technology as a whole.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@CloudExpo Stories
Leading companies, from the Global Fortune 500 to the smallest companies, are adopting hybrid cloud as the path to business advantage. Hybrid cloud depends on cloud services and on-premises infrastructure working in unison. Successful implementations require new levels of data mobility, enabled by an automated and seamless flow across on-premises and cloud resources. In his general session at 21st Cloud Expo, Greg Tevis, an IBM Storage Software Technical Strategist and Customer Solution Architec...
The cloud era has reached the stage where it is no longer a question of whether a company should migrate, but when. Enterprises have embraced the outsourcing of where their various applications are stored and who manages them, saving significant investment along the way. Plus, the cloud has become a defining competitive edge. Companies that fail to successfully adapt risk failure. The media, of course, continues to extol the virtues of the cloud, including how easy it is to get there. Migrating...
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settle...
The use of containers by developers -- and now increasingly IT operators -- has grown from infatuation to deep and abiding love. But as with any long-term affair, the honeymoon soon leads to needing to live well together ... and maybe even getting some relationship help along the way. And so it goes with container orchestration and automation solutions, which are rapidly emerging as the means to maintain the bliss between rapid container adoption and broad container use among multiple cloud host...
Blockchain is a shared, secure record of exchange that establishes trust, accountability and transparency across business networks. Supported by the Linux Foundation's open source, open-standards based Hyperledger Project, Blockchain has the potential to improve regulatory compliance, reduce cost as well as advance trade. Are you curious about how Blockchain is built for business? In her session at 21st Cloud Expo, René Bostic, Technical VP of the IBM Cloud Unit in North America, discussed the b...
Blockchain. A day doesn’t seem to go by without seeing articles and discussions about the technology. According to PwC executive Seamus Cushley, approximately $1.4B has been invested in blockchain just last year. In Gartner’s recent hype cycle for emerging technologies, blockchain is approaching the peak. It is considered by Gartner as one of the ‘Key platform-enabling technologies to track.’ While there is a lot of ‘hype vs reality’ discussions going on, there is no arguing that blockchain is b...
Imagine if you will, a retail floor so densely packed with sensors that they can pick up the movements of insects scurrying across a store aisle. Or a component of a piece of factory equipment so well-instrumented that its digital twin provides resolution down to the micrometer.
"IBM is really all in on blockchain. We take a look at sort of the history of blockchain ledger technologies. It started out with bitcoin, Ethereum, and IBM evaluated these particular blockchain technologies and found they were anonymous and permissionless and that many companies were looking for permissioned blockchain," stated René Bostic, Technical VP of the IBM Cloud Unit in North America, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Conventi...
While some developers care passionately about how data centers and clouds are architected, for most, it is only the end result that matters. To the majority of companies, technology exists to solve a business problem, and only delivers value when it is solving that problem. 2017 brings the mainstream adoption of containers for production workloads. In his session at 21st Cloud Expo, Ben McCormack, VP of Operations at Evernote, discussed how data centers of the future will be managed, how the p...
As DevOps methodologies expand their reach across the enterprise, organizations face the daunting challenge of adapting related cloud strategies to ensure optimal alignment, from managing complexity to ensuring proper governance. How can culture, automation, legacy apps and even budget be reexamined to enable this ongoing shift within the modern software factory? In her Day 2 Keynote at @DevOpsSummit at 21st Cloud Expo, Aruna Ravichandran, VP, DevOps Solutions Marketing, CA Technologies, was jo...
"Since we launched LinuxONE we learned a lot from our customers. More than anything what they responded to were some very unique security capabilities that we have," explained Mark Figley, Director of LinuxONE Offerings at IBM, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
When shopping for a new data processing platform for IoT solutions, many development teams want to be able to test-drive options before making a choice. Yet when evaluating an IoT solution, it’s simply not feasible to do so at scale with physical devices. Building a sensor simulator is the next best choice; however, generating a realistic simulation at very high TPS with ease of configurability is a formidable challenge. When dealing with multiple application or transport protocols, you would be...
Nordstrom is transforming the way that they do business and the cloud is the key to enabling speed and hyper personalized customer experiences. In his session at 21st Cloud Expo, Ken Schow, VP of Engineering at Nordstrom, discussed some of the key learnings and common pitfalls of large enterprises moving to the cloud. This includes strategies around choosing a cloud provider(s), architecture, and lessons learned. In addition, he covered some of the best practices for structured team migration an...
In his session at 21st Cloud Expo, Raju Shreewastava, founder of Big Data Trunk, provided a fun and simple way to introduce Machine Leaning to anyone and everyone. He solved a machine learning problem and demonstrated an easy way to be able to do machine learning without even coding. Raju Shreewastava is the founder of Big Data Trunk (www.BigDataTrunk.com), a Big Data Training and consulting firm with offices in the United States. He previously led the data warehouse/business intelligence and B...
Smart cities have the potential to change our lives at so many levels for citizens: less pollution, reduced parking obstacles, better health, education and more energy savings. Real-time data streaming and the Internet of Things (IoT) possess the power to turn this vision into a reality. However, most organizations today are building their data infrastructure to focus solely on addressing immediate business needs vs. a platform capable of quickly adapting emerging technologies to address future ...
In his general session at 21st Cloud Expo, Greg Dumas, Calligo’s Vice President and G.M. of US operations, discussed the new Global Data Protection Regulation and how Calligo can help business stay compliant in digitally globalized world. Greg Dumas is Calligo's Vice President and G.M. of US operations. Calligo is an established service provider that provides an innovative platform for trusted cloud solutions. Calligo’s customers are typically most concerned about GDPR compliance, application p...
You know you need the cloud, but you’re hesitant to simply dump everything at Amazon since you know that not all workloads are suitable for cloud. You know that you want the kind of ease of use and scalability that you get with public cloud, but your applications are architected in a way that makes the public cloud a non-starter. You’re looking at private cloud solutions based on hyperconverged infrastructure, but you’re concerned with the limits inherent in those technologies.
Is advanced scheduling in Kubernetes achievable?Yes, however, how do you properly accommodate every real-life scenario that a Kubernetes user might encounter? How do you leverage advanced scheduling techniques to shape and describe each scenario in easy-to-use rules and configurations? In his session at @DevOpsSummit at 21st Cloud Expo, Oleg Chunikhin, CTO at Kublr, answered these questions and demonstrated techniques for implementing advanced scheduling. For example, using spot instances and co...
DevOps is under attack because developers don’t want to mess with infrastructure. They will happily own their code into production, but want to use platforms instead of raw automation. That’s changing the landscape that we understand as DevOps with both architecture concepts (CloudNative) and process redefinition (SRE). Rob Hirschfeld’s recent work in Kubernetes operations has led to the conclusion that containers and related platforms have changed the way we should be thinking about DevOps and...
The need for greater agility and scalability necessitated the digital transformation in the form of following equation: monolithic to microservices to serverless architecture (FaaS). To keep up with the cut-throat competition, the organisations need to update their technology stack to make software development their differentiating factor. Thus microservices architecture emerged as a potential method to provide development teams with greater flexibility and other advantages, such as the abili...