Welcome!

@CloudExpo Authors: Kevin Benedict, Liz McMillan, Lori MacVittie, Elizabeth White, Pat Romanski

Related Topics: Microservices Expo, Industrial IoT, Containers Expo Blog, Agile Computing, @CloudExpo, Cloud Security

Microservices Expo: Blog Feed Post

You’ll Shoot Your Eye Out…

It is a good reminder from a security perspective

…is probably one of the most memorable lines of any Holiday Classic.  Of course I’m referring to A Christmas Story, where a young Ralphie tries to convince his parents, teachers and Santa that the Red Ryder BB Gun is the perfect present.  I don’t know of there was a warning label on the 1940’s edition box but it is a good reminder from a security perspective that often we, meaning humans, are our own worst enemy when it comes to protecting ourselves.  Every year about 100 or so homes  burn down due to fried turkeys.  A frozen one with ice crystals straight in or the ever famous too much oil that overflows and toasts everything it touches.  Even with the warnings and precautions, humans still take the risk.  Warning: You can get burned badly.

As if the RSA breach wasn’t warning enough about the perils of falling for a phishing scam, we now learn that the South Carolina Department of Revenue breach was also due to an employee, and it only takes one, clicking a malicious email link.  That curiosity lead to over 3.8 million Social Security numbers, 3.3 million bank accounts, thousands of credit cards along with 1.9 million dependant’s information being exposed.  While the single click started it all, 2-factor authentication was not required and the stored info was not encrypted, so there is a lot of human error to go around.  Plus a lot of blame being tossed back and forth – another well used human trait – deflection.  Warning: Someone else may not protect your information.

While working the SharePoint Conference 2012 in Vegas a couple weeks ago, I came across a interesting kiosk where it allows you to take a picture and post online for free to any number of social media sites.  It says ‘Post a picture online for free.’ but there didn’t seem to be a Warning: ‘You are also about to potentially share your sensitive social media credentials or email, which might also be tied to your bank account, into this freestanding machine that you know nothing about.’  I’m sure if that was printed somewhere, betters would think twice about that risk.  If you prefer not to enter social media info, you can always have the image emailed to you (to then share) but that also (obviously) requires you to enter that information.  While logon info might not be stored, email is.  Yet another reason to get a throw away email address.  I’m always amazed at all the ways various companies try to make it so easy for us to offer up our information…and many of us do without considering the risks.  In 2010, there were a number of photo kiosks that were spreading malware.  Warning: They are computers after all and connected to the internet.

Insider threats are also getting a lot of attention these days with some statistics indicating that 33% of malicious or criminal attacks are from insiders.  In August, an insider at Saudi Aramco released a virus that infected about 75% of the employee desktops.  It is considered one of the most destructive computer sabotages inflicted upon a private company.  And within the last 2 days, we’ve learned that the White House issued an Executive Order to all government agencies informing them of new standards and best practices around gathering, analyzing and responding to insider threats.  This could be actual malicious, disgruntled employees, those influenced by a get rich quick scheme from an outsider or just ‘compromised’ employees, like getting a USB from a friend and inserting it into your work computer.  It could even be simple misuse by accident.  In any event, intellectual property or personally identifiable information is typically the target.  Warning: Not everyone is a saint.

The Holidays are still Happy but wear your safety glasses, don’t click questionable links even from friends, don’t enter your logon credentials into a stray kiosk and a third of your staff is a potential threat.  And if you are in NYC for the holidays, a limited run of "Ralphie to the Rescue!" A Christmas Story, The Musical is playing at the Lunt-Fontanne Theatre until Dec 30th.

ps

References

 

 

 

 

Technorati Tags: F5, smartphone, insiders, byod, Pete Silva, security, business, education, technology, a christmas story, threat,mobile device, kiosk, malware, iPhone, web, internet, phishing

 

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_facebook[1] o_twitter[1] o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]


Read the original blog entry...

More Stories By Peter Silva

Peter is an F5 evangelist for security, IoT, mobile and core. His background in theatre brings the slightly theatrical and fairly technical together to cover training, writing, speaking, along with overall product evangelism for F5. He's also produced over 350 videos and recorded over 50 audio whitepapers. After working in Professional Theatre for 10 years, Peter decided to change careers. Starting out with a small VAR selling Netopia routers and the Instant Internet box, he soon became one of the first six Internet Specialists for AT&T managing customers on the original ATT WorldNet network.

Now having his Telco background he moved to Verio to focus on access, IP security along with web hosting. After losing a deal to Exodus Communications (now Savvis) for technical reasons, the customer still wanted Peter as their local SE contact so Exodus made him an offer he couldn’t refuse. As only the third person hired in the Midwest, he helped Exodus grow from an executive suite to two enormous datacenters in the Chicago land area working with such customers as Ticketmaster, Rolling Stone, uBid, Orbitz, Best Buy and others.

Writer, speaker and Video Host, he's also been in such plays as The Glass Menagerie, All’s Well That Ends Well, Cinderella and others.

@CloudExpo Stories
Extracting business value from Internet of Things (IoT) data doesn’t happen overnight. There are several requirements that must be satisfied, including IoT device enablement, data analysis, real-time detection of complex events and automated orchestration of actions. Unfortunately, too many companies fall short in achieving their business goals by implementing incomplete solutions or not focusing on tangible use cases. In his general session at @ThingsExpo, Dave McCarthy, Director of Products...
Amazon has gradually rolled out parts of its IoT offerings in the last year, but these are just the tip of the iceberg. In addition to optimizing their back-end AWS offerings, Amazon is laying the ground work to be a major force in IoT – especially in the connected home and office. Amazon is extending its reach by building on its dominant Cloud IoT platform, its Dash Button strategy, recently announced Replenishment Services, the Echo/Alexa voice recognition control platform, the 6-7 strategic...
Aspose.Total for .NET is the most complete package of all file format APIs for .NET as offered by Aspose. It empowers developers to create, edit, render, print and convert between a wide range of popular document formats within any .NET, C#, ASP.NET and VB.NET applications. Aspose compiles all .NET APIs on a daily basis to ensure that it contains the most up to date versions of each of Aspose .NET APIs. If a new .NET API or a new version of existing APIs is released during the subscription peri...
Verizon Communications Inc. (NYSE, Nasdaq: VZ) and Yahoo! Inc. (Nasdaq: YHOO) have entered into a definitive agreement under which Verizon will acquire Yahoo's operating business for approximately $4.83 billion in cash, subject to customary closing adjustments. Yahoo informs, connects and entertains a global audience of more than 1 billion monthly active users** -- including 600 million monthly active mobile users*** through its search, communications and digital content products. Yahoo also co...
Ixia (Nasdaq: XXIA) has announced that NoviFlow Inc.has deployed IxNetwork® to validate the company’s designs and accelerate the delivery of its proven, reliable products. Based in Montréal, NoviFlow Inc. supports network carriers, hyperscale data center operators, and enterprises seeking greater network control and flexibility, network scalability, and the capacity to handle extremely large numbers of flows, while maintaining maximum network performance. To meet these requirements, NoviFlow in...
As companies gain momentum, the need to maintain high quality products can outstrip their development team’s bandwidth for QA. Building out a large QA team (whether in-house or outsourced) can slow down development and significantly increases costs. This eBook takes QA profiles from 5 companies who successfully scaled up production without building a large QA team and includes: What to consider when choosing CI/CD tools How culture and communication can make or break implementation
"There's a growing demand from users for things to be faster. When you think about all the transactions or interactions users will have with your product and everything that is between those transactions and interactions - what drives us at Catchpoint Systems is the idea to measure that and to analyze it," explained Leo Vasiliou, Director of Web Performance Engineering at Catchpoint Systems, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York Ci...
Redis is not only the fastest database, but it is the most popular among the new wave of databases running in containers. Redis speeds up just about every data interaction between your users or operational systems. In his session at 19th Cloud Expo, Dave Nielsen, Developer Advocate, Redis Labs, will share the functions and data structures used to solve everyday use cases that are driving Redis' popularity.
UpGuard has become a member of the Center for Internet Security (CIS), and will continue to help businesses expand visibility into their cyber risk by providing hardening benchmarks to all customers. By incorporating these benchmarks, UpGuard's CSTAR solution builds on its lead in providing the most complete assessment of both internal and external cyber risk. CIS benchmarks are a widely accepted set of hardening guidelines that have been publicly available for years. Numerous solutions exist t...
Choosing the right cloud for your workloads is a balancing act that can cost your organization time, money and aggravation - unless you get it right the first time. Economics, speed, performance, accessibility, administrative needs and security all play a vital role in dictating your approach to the cloud. Without knowing the right questions to ask, you could wind up paying for capacity you'll never need or underestimating the resources required to run your applications.
SYS-CON Events announced today that LeaseWeb USA, a cloud Infrastructure-as-a-Service (IaaS) provider, will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. LeaseWeb is one of the world's largest hosting brands. The company helps customers define, develop and deploy IT infrastructure tailored to their exact business needs, by combining various kinds cloud solutions.
Adding public cloud resources to an existing application can be a daunting process. The tools that you currently use to manage the software and hardware outside the cloud aren’t always the best tools to efficiently grow into the cloud. All of the major configuration management tools have cloud orchestration plugins that can be leveraged, but there are also cloud-native tools that can dramatically improve the efficiency of managing your application lifecycle. In his session at 18th Cloud Expo, ...
The competitive landscape of the global cloud computing market in the healthcare industry is crowded due to the presence of a large number of players. The large number of participants has led to the fragmented nature of the market. Some of the major players operating in the global cloud computing market in the healthcare industry are Cisco Systems Inc., Carestream Health Inc., Carecloud Corp., AGFA Healthcare, IBM Corp., Cleardata Networks, Merge Healthcare Inc., Microsoft Corp., Intel Corp., an...
SYS-CON Events announced today the Kubernetes and Google Container Engine Workshop, being held November 3, 2016, in conjunction with @DevOpsSummit at 19th Cloud Expo at the Santa Clara Convention Center in Santa Clara, CA. This workshop led by Sebastian Scheele introduces participants to Kubernetes and Google Container Engine (GKE). Through a combination of instructor-led presentations, demonstrations, and hands-on labs, students learn the key concepts and practices for deploying and maintainin...
Using new techniques of information modeling, indexing, and processing, new cloud-based systems can support cloud-based workloads previously not possible for high-throughput insurance, banking, and case-based applications. In his session at 18th Cloud Expo, John Newton, CTO, Founder and Chairman of Alfresco, described how to scale cloud-based content management repositories to store, manage, and retrieve billions of documents and related information with fast and linear scalability. He addres...
Is your aging software platform suffering from technical debt while the market changes and demands new solutions at a faster clip? It’s a bold move, but you might consider walking away from your core platform and starting fresh. ReadyTalk did exactly that. In his General Session at 19th Cloud Expo, Michael Chambliss, Head of Engineering at ReadyTalk, will discuss why and how ReadyTalk diverted from healthy revenue and over a decade of audio conferencing product development to start an innovati...
Ovum, a leading technology analyst firm, has published an in-depth report, Ovum Decision Matrix: Selecting a DevOps Release Management Solution, 2016–17. The report focuses on the automation aspects of DevOps, Release Management and compares solutions from the leading vendors.
Continuous testing helps bridge the gap between developing quickly and maintaining high quality products. But to implement continuous testing, CTOs must take a strategic approach to building a testing infrastructure and toolset that empowers their team to move fast. Download our guide to laying the groundwork for a scalable continuous testing strategy.
It’s 2016: buildings are smart, connected and the IoT is fundamentally altering how control and operating systems work and speak to each other. Platforms across the enterprise are networked via inexpensive sensors to collect massive amounts of data for analytics, information management, and insights that can be used to continuously improve operations. In his session at @ThingsExpo, Brian Chemel, Co-Founder and CTO of Digital Lumens, will explore: The benefits sensor-networked systems bring to ...
SYS-CON Events announced today that Venafi, the Immune System for the Internet™ and the leading provider of Next Generation Trust Protection, will exhibit at @DevOpsSummit at 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Venafi is the Immune System for the Internet™ that protects the foundation of all cybersecurity – cryptographic keys and digital certificates – so they can’t be misused by bad guys in attacks...