Welcome!

Cloud Expo Authors: Pat Romanski, Elizabeth White, Liz McMillan, Greg Schulz, Yeshim Deniz

Related Topics: Cloud Expo, Java, SOA & WOA, Virtualization, Web 2.0, Security

Cloud Expo: Article

A Cloud Security Conversation with the SMB

Why the cloud makes sense for companies with limited resources and modest budgets

I just got off the phone with a friend of mine. His name is AJ and he was particularly grouchy. He had just spent the last 12 work hours scouring month-old machine logs so that he could compile a quarter-end audit that met his company’s compliance requirement. AJ is the Director of IT for what would be considered an SMB. It’s a modest home warranty related company that deals with homeowner end users, finance and loan offices, mortgage companies and manufacturers. It does roughly 15-20 million in business each year and employs about 60 direct employees and maybe 100 contracted agents. AJ has a staff of three other IT professionals, but given the workload, could easily double that headcount.

AJ is very proud of his jack-of-all-IT-trades status. He is proficient at writing code as he is virtually installing access on contractor home devices or planning strategic IT footprint expansion. And it's this proficiency that has been making him grumpy. Because he can work some sort of magic with just about any application, the bosses have him wear many different hats. In fact, one of his online IT forum handles is “The Maddest Hatter.” But it is this reliance on his tribal knowledge and multidisciplinary acumen that keep the C-Levels saying “that sounds like it’s right up AJ’s alley.” AJ’s biggest problem is that there are only 24 hours in a day and he can only prioritize so many projects that are interspersed with hair-on-fire emergencies.

Now when I called AJ, it was not to sell him anything, but to see if he wanted to play a round of golf this weekend. However, the conversation soon turned dark, as he said that he would probably be in the office all weekend catching up on the work he would have been doing if not for the pesky audits.  I asked him if that were a regular happenstance, working through the weekend. He said it happened once or twice a month. If it wasn’t compliance, it was server repair, or backup tapes, or investigating why the website submission page transmits gobbledigook (his word, not mine).

“So what about your security policies?” I snuck in the question.

“What about them? Raul and Savino (his techs) usually take care of it-the provsioning, password stuff, whatever. I just step in when the feds come knocking and ask about compliance. Man PCI is just burying me.” (note...most of his company's users pay for service online using credit card--see last week's blog about PCI)

I sighed. “So you don’t know who’s accessing your network, if they’re friendlies. What they are looking at?”

“I know what you’re trying to do…you’re trying to sell me SIEM and Log Management. You know I’ve got it covered.”

“Do you? How secure are those home agents computers? Are they monitored by anything more than virus software? Do you know what sites they’re visiting, how open their networks are before they sign in an access your network? Heck are they using unsecured smartphones?”

“I know. I know. But I thought this call was about golf.”

“Just trying to help a buddy out.

I know from experience that too many SMBs do not enforce data security policies. Like AJ, they are spread too thin or don’t have the necessary budget to afford a holistic solution. Without these security controls they run the risk of losing data, stagnate employee (and agent) productivity, and open themselves up to a myriad of breaches, sabotages and carelessness. Any of which could bring their modest enterprise to a screeching halt.

For company’s like AJ’s, security-as-a-service is making more and more sense. It provides best of breed capabilities for a fraction of the cost. I told AJ that for what he pays currently in support and maintenance, I could provide an enterprise-class holistic solution-one that provides all the tools, plus 24/7 monitoring vigilance. And this is not to displace any person or process currently in house. They might have the expertise, but typically don’t have the bandwidth or the budget or the buy-in. Too many company’s like AJ’s do the bare minimum to maintain compliance, but that certainly leaves them vulnerable. In fact, the all the automated and outsourced functionalities can provide the breathing room to address not only business need and revenue generating priorities, but to allow a transformation from an infrastructure-based organization to a information-based one. AJ knows this and often crosses swords with the C-levels in that they need to upgrade security protocols because it is a matter of when (not if) a major security issue will occur and cost them not only dollars, but reputation as well.

Cloud-based security is not just a benefit for SMBs.  The residual benefit of cloud security is that IT no longer has to be in the Identity Management business, but still reap all the benefits and efficiencies. No more time dedicated to resetting passwords or setting up role based access every time someone is hired, fired or moved. It doesn’t have to be in the log monitoring business, but still is effectively and securely protected from intrusion and attack with 24/7/365 monitoring. IT department is no longer a compiler of data, but a conduit of information and evaluator of compliance audits and reports that meet the various industry standards and government requirements.

The good news is AJ is slotting cloud security migration for his 2013 budget. So I just may let him win the next time we hit the links…but don’t tell him that!

More Stories By Kevin Nikkhoo

With more than 32 years of experience in information technology, and an extensive and successful entrepreneurial background, Kevin Nikkhoo is the CEO of the dynamic security-as-a-service startup Cloud Access. CloudAccess is at the forefront of the latest evolution of IT asset protection--the cloud.

Kevin holds a Bachelor of Science in Computer Engineering from McGill University, Master of Computer Engineering at California State University, Los Angeles, and an MBA from the University of Southern California with emphasis in entrepreneurial studies.

@CloudExpo Stories
In her General Session at 15th Cloud Expo, Anne Plese, Senior Consultant, Cloud Product Marketing, at Verizon Enterprise, focused on finding the right mix of renting vs. buying Oracle capacity to scale to meet business demands, and offer validated Oracle database TCO models for Oracle development and testing environments. Anne Plese is a marketing and technology enthusiast/realist with over 19+ years in high tech. At Verizon Enterprise, she focuses on driving growth for the Verizon Cloud platfo...
The Internet of Things will put IT to its ultimate test by creating infinite new opportunities to digitize products and services, generate and analyze new data to improve customer satisfaction, and discover new ways to gain a competitive advantage across nearly every industry. In order to help corporate business units to capitalize on the rapidly evolving IoT opportunities, IT must stand up to a new set of challenges. In his session at @ThingsExpo, Jeff Kaplan, Managing Director of THINKstrateg...
SYS-CON Events announced today Isomorphic Software, the global leader in high-end, web-based business applications, will exhibit at SYS-CON's DevOps Summit 2015 New York, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Isomorphic Software is the global leader in high-end, web-based business applications. We develop, market, and support the SmartClient & Smart GWT HTML5/Ajax platform, combining the productivity and performance of traditional desktop software ...
The Internet of Things is tied together with a thin strand that is known as time. Coincidentally, at the core of nearly all data analytics is a timestamp. When working with time series data there are a few core principles that everyone should consider, especially across datasets where time is the common boundary. In his session at Internet of @ThingsExpo, Jim Scott, Director of Enterprise Strategy & Architecture at MapR Technologies, discussed single-value, geo-spatial, and log time series dat...
DevOps Summit 2015 New York, co-located with the 16th International Cloud Expo - to be held June 9-11, 2015, at the Javits Center in New York City, NY - announces that it is now accepting Keynote Proposals. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long development cycles that produce software that is obsolete...
There's Big Data, then there's really Big Data from the Internet of Things. IoT is evolving to include many data possibilities like new types of event, log and network data. The volumes are enormous, generating tens of billions of logs per day, which raise data challenges. Early IoT deployments are relying heavily on both the cloud and managed service providers to navigate these challenges. In her session at Big Data Expo®, Hannah Smalltree, Director at Treasure Data, discussed how IoT, Big D...
SYS-CON Events announced today that Gridstore™, the leader in hyper-converged infrastructure purpose-built to optimize Microsoft workloads, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Gridstore™ is the leader in hyper-converged infrastructure purpose-built for Microsoft workloads and designed to accelerate applications in virtualized environments. Gridstore’s hyper-converged infrastructure is the ...
The 4th International DevOps Summit, co-located with16th International Cloud Expo – being held June 9-11, 2015, at the Javits Center in New York City, NY – announces that its Call for Papers is now open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's large...
The Internet of Things promises to transform businesses (and lives), but navigating the business and technical path to success can be difficult to understand. In his session at @ThingsExpo, Sean Lorenz, Technical Product Manager for Xively at LogMeIn, demonstrated how to approach creating broadly successful connected customer solutions using real world business transformation studies including New England BioLabs and more.
DevOps Summit 2015 New York, co-located with the 16th International Cloud Expo - to be held June 9-11, 2015, at the Javits Center in New York City, NY - announces that it is now accepting Keynote Proposals. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long development cycles that produce software that is obsolete...
Explosive growth in connected devices. Enormous amounts of data for collection and analysis. Critical use of data for split-second decision making and actionable information. All three are factors in making the Internet of Things a reality. Yet, any one factor would have an IT organization pondering its infrastructure strategy. How should your organization enhance its IT framework to enable an Internet of Things implementation? In his session at Internet of @ThingsExpo, James Kirkland, Chief Ar...
Connected devices and the Internet of Things are getting significant momentum in 2014. In his session at Internet of @ThingsExpo, Jim Hunter, Chief Scientist & Technology Evangelist at Greenwave Systems, examined three key elements that together will drive mass adoption of the IoT before the end of 2015. The first element is the recent advent of robust open source protocols (like AllJoyn and WebRTC) that facilitate M2M communication. The second is broad availability of flexible, cost-effective ...
Scott Jenson leads a project called The Physical Web within the Chrome team at Google. Project members are working to take the scalability and openness of the web and use it to talk to the exponentially exploding range of smart devices. Nearly every company today working on the IoT comes up with the same basic solution: use my server and you'll be fine. But if we really believe there will be trillions of these devices, that just can't scale. We need a system that is open a scalable and by using ...
"SAP had made a big transition into the cloud as we believe it has significant value for our customers, drives innovation and is easy to consume. When you look at the SAP portfolio, SAP HANA is the underlying platform and it powers all of our platforms and all of our analytics," explained Thorsten Leiduck, VP ISVs & Digital Commerce at SAP, in this SYS-CON.tv interview at 15th Cloud Expo, held Nov 4-6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
SAP is delivering break-through innovation combined with fantastic user experience powered by the market-leading in-memory technology, SAP HANA. In his General Session at 15th Cloud Expo, Thorsten Leiduck, VP ISVs & Digital Commerce, SAP, discussed how SAP and partners provide cloud and hybrid cloud solutions as well as real-time Big Data offerings that help companies of all sizes and industries run better. SAP launched an application challenge to award the most innovative SAP HANA and SAP HANA...
Fundamentally, SDN is still mostly about network plumbing. While plumbing may be useful to tinker with, what you can do with your plumbing is far more intriguing. A rigid interpretation of SDN confines it to Layers 2 and 3, and that's reasonable. But SDN opens opportunities for novel constructions in Layers 4 to 7 that solve real operational problems in data centers. "Data center," in fact, might become anachronistic - data is everywhere, constantly on the move, seemingly always overflowing. Net...
What do a firewall and a fortress have in common? They are no longer strong enough to protect the valuables housed inside. Like the walls of an old fortress, the cracks in the firewall are allowing the bad guys to slip in - unannounced and unnoticed. By the time these thieves get in, the damage is already done and the network is already compromised. Intellectual property is easily slipped out the back door leaving no trace of forced entry. If we want to reign in on these cybercriminals, it's hig...
How do APIs and IoT relate? The answer is not as simple as merely adding an API on top of a dumb device, but rather about understanding the architectural patterns for implementing an IoT fabric. There are typically two or three trends: Exposing the device to a management framework Exposing that management framework to a business centric logic Exposing that business layer and data to end users. This last trend is the IoT stack, which involves a new shift in the separation of what stuff happe...
The definition of IoT is not new, in fact it’s been around for over a decade. What has changed is the public's awareness that the technology we use on a daily basis has caught up on the vision of an always on, always connected world. If you look into the details of what comprises the IoT, you’ll see that it includes everything from cloud computing, Big Data analytics, “Things,” Web communication, applications, network, storage, etc. It is essentially including everything connected online from ha...
The security devil is always in the details of the attack: the ones you've endured, the ones you prepare yourself to fend off, and the ones that, you fear, will catch you completely unaware and defenseless. The Internet of Things (IoT) is nothing if not an endless proliferation of details. It's the vision of a world in which continuous Internet connectivity and addressability is embedded into a growing range of human artifacts, into the natural world, and even into our smartphones, appliances, a...