Welcome!

@CloudExpo Authors: Elizabeth White, William Schmarzo, Pat Romanski, Liz McMillan, Kevin Benedict

Related Topics: @CloudExpo, Microservices Expo, Agile Computing, Cloud Security, @BigDataExpo, SDN Journal

@CloudExpo: Article

Cloud Computing: How Can Companies Reduce the Security Risk?

A three-step approach to navigating compliance complexities

In the last five years, organizations have increasingly embraced cloud applications to help them innovate and transform their business. Applications that automate sales processes, HR management, collaboration, email and file sharing are growing fast and enabling organizations to meet their needs in a shorter timeframe than ever before.

Cloud applications are ubiquitously employed across all industries. However, there are increased concerns about security and compliance of sensitive information, particularly in banking, insurance and in the public sector. A wide range of regulations and privacy laws make organizations directly responsible for protecting regulated information, but when this data is stored in the cloud, they have less direct control over leaks, theft or forced legal disclosure.

At the same time, leaks and thefts are occurring with increased frequency. The 2013 Verizon Data Breach Investigations Report revealed a total of 621 confirmed data breaches and over 47,000 security incidents in the last year, and a 2012 Ernst & Young survey found that only 38% of organizations implement an adequate security strategy.

A Three-Step Approach to Navigating Compliance Complexities
Though the risks - from malicious hacks to insider threats - can seem high, a holistic approach to cloud information protection can help companies reduce the risks of adopting the cloud.

First is the discovery stage. Before you can protect information in the cloud, you need to know where it is and who has access to it:

  • Who should have access to certain information and who should not?
  • What content is sensitive, proprietary, or regulated and how can it be identified?
  • Where will this data reside in the cloud, and what range of regional privacy, disclosure and other laws might apply?

Then, you need to protect the information using the correct tools:

  • Encrypt: As a baseline, unbreakable code - like military grade 256-bit AES - can scramble sensitive information into undecipherable gibberish to protect it from unauthorized viewers. Installing a cloud information protection platform at the network's edge ensures any data moving to the cloud is fully protected before it leaves the organization.
  • Retain keys: Keep the keys that encrypt and decipher information under the control of the user organization. This ensures that all information requests must involve the owner, even if information is stored on a third-party cloud.
  • Cloud data loss prevention: Customize policies on this to scan, detect and take action to protect information according to its level of sensitivity. This provides an additional level of security and control.
  • Cloud malware detection: Screen information exchanges, including external and internal user uploaded attachments, in cloud applications in real-time for virus, malware and other embedded threats.

Finally, a recent breakthrough - operations-preserving encryption - has solved encryption's longstanding problem of breaking cloud application functions. This advancement enables users to search, sort and report on encrypted data in the cloud. In addition, an open platform capable of supporting all cloud applications and integrating third-party tools provides a stable foundation for protection.

The popularity of the cloud has driven privacy laws and data residency restrictions around the world. Businesses and chief information officers need to collaborate in finding new security models to use the cloud while ensuring sensitive information is fully protected. By embracing a new ecosystem of cloud-based security solutions, businesses can safely extend their virtual security perimeter while still complying with privacy regulations.

More Stories By Pravin Kothari

Pravin Kothari is the founder and CEO of CipherCloud. He founded CipherCloud in 2010 when he recognized that while the cloud was disrupting enterprise IT with explosive growth, the security technologies had not kept pace and enterprises were losing control over their sensitive data.

Pravin is driving the rapid growth of CipherCloud by managing its business, strategy, and operations. He is a security visionary with more than 20 years of experience building industry-leading companies and bringing innovative products to market.

Pravin was the Founder & CTO of Agiliance, a leading Security Risk Management company, and Co-founder & VP Engineering of ArcSight, a leading security company, which was acquired by HP for $1.6 billion. Previously, he was Co-founder & Chief Architect at Impresse Corporation and also held technical leadership positions at Verity, Attachmate, and Tata Consultancy Services.

Pravin holds over a dozen patents in security technologies and is the inventor behind CipherCloud’s groundbreaking cloud encryption technology.

Comments (1)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@CloudExpo Stories
SYS-CON Events announced today that Dataloop.IO, an innovator in cloud IT-monitoring whose products help organizations save time and money, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Dataloop.IO is an emerging software company on the cutting edge of major IT-infrastructure trends including cloud computing and microservices. The company, founded in the UK but now based in San Fra...
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life sett...
Fact: storage performance problems have only gotten more complicated, as applications not only have become largely virtualized, but also have moved to cloud-based infrastructures. Storage performance in virtualized environments isn’t just about IOPS anymore. Instead, you need to guarantee performance for individual VMs, helping applications maintain performance as the number of VMs continues to go up in real time. In his session at Cloud Expo, Dhiraj Sehgal, Product and Marketing at Tintri, sha...
20th Cloud Expo, taking place June 6-8, 2017, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy.
Whether your IoT service is connecting cars, homes, appliances, wearable, cameras or other devices, one question hangs in the balance – how do you actually make money from this service? The ability to turn your IoT service into profit requires the ability to create a monetization strategy that is flexible, scalable and working for you in real-time. It must be a transparent, smoothly implemented strategy that all stakeholders – from customers to the board – will be able to understand and comprehe...
An IoT product’s log files speak volumes about what’s happening with your products in the field, pinpointing current and potential issues, and enabling you to predict failures and save millions of dollars in inventory. But until recently, no one knew how to listen. In his session at @ThingsExpo, Dan Gettens, Chief Research Officer at OnProcess, discussed recent research by Massachusetts Institute of Technology and OnProcess Technology, where MIT created a new, breakthrough analytics model for ...
DevOps is being widely accepted (if not fully adopted) as essential in enterprise IT. But as Enterprise DevOps gains maturity, expands scope, and increases velocity, the need for data-driven decisions across teams becomes more acute. DevOps teams in any modern business must wrangle the ‘digital exhaust’ from the delivery toolchain, "pervasive" and "cognitive" computing, APIs and services, mobile devices and applications, the Internet of Things, and now even blockchain. In this power panel at @...
More and more brands have jumped on the IoT bandwagon. We have an excess of wearables – activity trackers, smartwatches, smart glasses and sneakers, and more that track seemingly endless datapoints. However, most consumers have no idea what “IoT” means. Creating more wearables that track data shouldn't be the aim of brands; delivering meaningful, tangible relevance to their users should be. We're in a period in which the IoT pendulum is still swinging. Initially, it swung toward "smart for smar...
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place June 6-8, 2017, at the Javits Center in New York City, New York, is co-located with 20th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry p...
@DevOpsSummit at Cloud taking place June 6-8, 2017, at Javits Center, New York City, is co-located with the 20th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long developm...
"We build IoT infrastructure products - when you have to integrate different devices, different systems and cloud you have to build an application to do that but we eliminate the need to build an application. Our products can integrate any device, any system, any cloud regardless of protocol," explained Peter Jung, Chief Product Officer at Pulzze Systems, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
"We are an all-flash array storage provider but our focus has been on VM-aware storage specifically for virtualized applications," stated Dhiraj Sehgal of Tintri in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Internet of @ThingsExpo has announced today that Chris Matthieu has been named tech chair of Internet of @ThingsExpo 2017 New York The 7th Internet of @ThingsExpo will take place on June 6-8, 2017, at the Javits Center in New York City, New York. Chris Matthieu is the co-founder and CTO of Octoblu, a revolutionary real-time IoT platform recently acquired by Citrix. Octoblu connects things, systems, people and clouds to a global mesh network allowing users to automate and control design flo...
In addition to all the benefits, IoT is also bringing new kind of customer experience challenges - cars that unlock themselves, thermostats turning houses into saunas and baby video monitors broadcasting over the internet. This list can only increase because while IoT services should be intuitive and simple to use, the delivery ecosystem is a myriad of potential problems as IoT explodes complexity. So finding a performance issue is like finding the proverbial needle in the haystack.
Between 2005 and 2020, data volumes will grow by a factor of 300 – enough data to stack CDs from the earth to the moon 162 times. This has come to be known as the ‘big data’ phenomenon. Unfortunately, traditional approaches to handling, storing and analyzing data aren’t adequate at this scale: they’re too costly, slow and physically cumbersome to keep up. Fortunately, in response a new breed of technology has emerged that is cheaper, faster and more scalable. Yet, in meeting these new needs they...
Data is the fuel that drives the machine learning algorithmic engines and ultimately provides the business value. In his session at 20th Cloud Expo, Ed Featherston, director/senior enterprise architect at Collaborative Consulting, will discuss the key considerations around quality, volume, timeliness, and pedigree that must be dealt with in order to properly fuel that engine.
When it comes to cloud computing, the ability to turn massive amounts of compute cores on and off on demand sounds attractive to IT staff, who need to manage peaks and valleys in user activity. With cloud bursting, the majority of the data can stay on premises while tapping into compute from public cloud providers, reducing risk and minimizing need to move large files. In his session at 18th Cloud Expo, Scott Jeschonek, Director of Product Management at Avere Systems, discussed the IT and busin...
According to Forrester Research, every business will become either a digital predator or digital prey by 2020. To avoid demise, organizations must rapidly create new sources of value in their end-to-end customer experiences. True digital predators also must break down information and process silos and extend digital transformation initiatives to empower employees with the digital resources needed to win, serve, and retain customers.
The WebRTC Summit New York, to be held June 6-8, 2017, at the Javits Center in New York City, NY, announces that its Call for Papers is now open. Topics include all aspects of improving IT delivery by eliminating waste through automated business models leveraging cloud technologies. WebRTC Summit is co-located with 20th International Cloud Expo and @ThingsExpo. WebRTC is the future of browser-to-browser communications, and continues to make inroads into the traditional, difficult, plug-in web co...
The Internet of Things (IoT) promises to simplify and streamline our lives by automating routine tasks that distract us from our goals. This promise is based on the ubiquitous deployment of smart, connected devices that link everything from industrial control systems to automobiles to refrigerators. Unfortunately, comparatively few of the devices currently deployed have been developed with an eye toward security, and as the DDoS attacks of late October 2016 have demonstrated, this oversight can ...