Welcome!

@CloudExpo Authors: Liz McMillan, Steve Wilson, Kevin Benedict, Yeshim Deniz, Elizabeth White

Blog Feed Post

Cloud Computing, the NSA, and Why Businesses Should Care

Listen: as cloud computing consultants, we drink the cloud computing koolaid. We’ve implemented cloud-based software for businesses of all sizes, across just about every industry. We’ve seen it revolutionize how businesses work.

We’ve also seen security become a very real and increasingly serious concern.

Don’t worry, it’s safe!

When we first began showing cloud-based software to clients, the idea of storing your data remotely was a new concept. Like clockwork, clients were all concerned about security. Is my data safe? What happens if the software company folds? Can we be hacked?

cloud securityLike good cloud computing consultants everywhere, we’d listen, smile, shake our heads, and explain why clients needn’t worry, how storing your data on 3rd party servers was safer than storing it locally, how Google had armed guards.

And that was all true. In many ways, top-of-class cloud-based software tools do deliver top-notch security.

But in other ways, those early clients had prescient concerns. The shift to cloud computing has – in subtle and not-so-subtle ways – followed a fundamental shift in data and how we think of property writ large.

Lets rewind….

Software-as-a-pain-in-the-ass (SAPAS)

Before Salesforce, before Google, there were local servers and hard drives. If businesses used software (and that’s a big “if”), they had it installed locally, on-site, on their own computers or servers. Barbaric, I know.

This had major disadvantages: accessing your programs if you weren’t at the office was a pain. Syncing data between workstations was a nightmare. Collaborating in real time without overwriting was impossible.

Then there were the bills. Typically, companies paid third-party consultants like us huge retainers to maintain servers, push updates, and install patches. The value-add of those consultants was technical – they operated as IT janitors, doing the dirty work that no one else wanted or knew how to. Inexplicably, this is still a viable business model.

But for many businesses, cloud computing changed all that.

Enter the cloud

With cloud computing, businesses didn’t have to worry about maintaining anything. Sign up for an account and you’re done: the vendor does all the dirty work, no middle-man necessary. Just you, your data, and your sweet, innocent software.

Other advantages followed. Because vendors no longer relied on resellers for sales, the market was flooded with new software options – and increased competition meant better, cheaper products. And because the cloud affords technical advantages (such as integrations), the feature-set deepened. What could possibly go wrong?

The fight for your data

As many, many observers predicted, data privacy and security is today a major concern for businesses. This fact is highlighted by recent revelations about the NSA’s writing backdoors into consumer software, and Target losing credit card data on tens of millions of its customers.

Used to be, we didn’t care much about that stuff. It won’t happen to you.

business hackerBut the reality is, something major has happened. Most businesses don’t have technical control of at least some – if not all – of their data anymore. Their banking data, their client data, their sales data, their documents and records – for millions of businesses, that stuff is stored on anonymous data servers and leased back.

Now, I’m not saying that’s an inherently bad thing. And it’s still true, for most businesses, that their data is safer (in some ways) now than it was when it was recorded on some dusty Exchange server in the closet.

But it’s also true that vendors, businesses, and consultants all need to do a better job of being honest about the state of software security. Too many vendors say “we use bank-grade encryption” and leave it at that. Too many clients aren’t asking the right questions. And too many consultants just don’t care.

A better way

By definition, cloud computing means a loss of some control. A relinquishing of technical reigns in return for better products. That’s just a fact.

But that doesn’t mean we can’t demand more.

Vendors should have transparent security outlines, where it’s 100% clear where your data is, what they’re doing with it, how it’s protected, and what they plan to do when something goes wrong.

Businesses should demand more. When vendors or consultants don’t address security, they should force the issue – and don’t accept anyone rolling their eyes.

Consultants should care more. They should know about SSL vs TSL; the difference between hashing and encryption; the strengths and limitations of multi-factor authentication.

This stuff is stressful to think about, but it’s super important. We’ve never had a client or a vendor suffer a data breach, but we also know it’s a lottery – and it’s up to us (and you) to mitigate risks.

VM Associates is a New York City cloud computing consulting firm. We help companies transition into newer, better, smarter software. Contact us to talk about your business, the cloud, and how we might help.

The post Cloud Computing, the NSA, and Why Businesses Should Care appeared first on VM Associates.

Read the original blog entry...

More Stories By Chris Bliss

Chris Bliss works at VM Associates, an end-user consultancy for businesses looking to move to the cloud from pre-existing legacy systems.

@CloudExpo Stories
Historically, some banking activities such as trading have been relying heavily on analytics and cutting edge algorithmic tools. The coming of age of powerful data analytics solutions combined with the development of intelligent algorithms have created new opportunities for financial institutions. In his session at 20th Cloud Expo, Sebastien Meunier, Head of Digital for North America at Chappuis Halder & Co., discussed how these tools can be leveraged to develop a lasting competitive advantage ...
SYS-CON Events announced today that Dasher Technologies will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Dasher Technologies, Inc. ® is a premier IT solution provider that delivers expert technical resources along with trusted account executives to architect and deliver complete IT solutions and services to help our clients execute their goals, plans and objectives. Since 1999, we'v...
There is only one world-class Cloud event on earth, and that is Cloud Expo – which returns to Silicon Valley for the 21st Cloud Expo at the Santa Clara Convention Center, October 31 - November 2, 2017. Every Global 2000 enterprise in the world is now integrating cloud computing in some form into its IT development and operations. Midsize and small businesses are also migrating to the cloud in increasing numbers. Companies are each developing their unique mix of cloud technologies and service...
For financial firms, the cloud is going to increasingly become a crucial part of dealing with customers over the next five years and beyond, particularly with the growing use and acceptance of virtual currencies. There are new data storage paradigms on the horizon that will deliver secure solutions for storing and moving sensitive financial data around the world without touching terrestrial networks. In his session at 20th Cloud Expo, Cliff Beek, President of Cloud Constellation Corporation, d...
SYS-CON Events announced today that IBM has been named “Diamond Sponsor” of SYS-CON's 21st Cloud Expo, which will take place on October 31 through November 2nd 2017 at the Santa Clara Convention Center in Santa Clara, California.
Blockchain is a shared, secure record of exchange that establishes trust, accountability and transparency across business networks. Supported by the Linux Foundation's open source, open-standards based Hyperledger Project, Blockchain has the potential to improve regulatory compliance, reduce cost as well as advance trade. Are you curious about how Blockchain is built for business? In her session at 21st Cloud Expo, René Bostic, Technical VP of the IBM Cloud Unit in North America, will discuss th...
SYS-CON Events announced today that Datera, that offers a radically new data management architecture, has been named "Exhibitor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Datera is transforming the traditional datacenter model through modern cloud simplicity. The technology industry is at another major inflection point. The rise of mobile, the Internet of Things, data storage and Big...
SYS-CON Events announced today that Akvelon will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Akvelon is a business and technology consulting firm that specializes in applying cutting-edge technology to problems in fields as diverse as mobile technology, sports technology, finance, and healthcare.
WebRTC is great technology to build your own communication tools. It will be even more exciting experience it with advanced devices, such as a 360 Camera, 360 microphone, and a depth sensor camera. In his session at @ThingsExpo, Masashi Ganeko, a manager at INFOCOM Corporation, will introduce two experimental projects from his team and what they learned from them. "Shotoku Tamago" uses the robot audition software HARK to track speakers in 360 video of a remote party. "Virtual Teleport" uses a...
SYS-CON Events announced today that Datera will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Datera offers a radically new approach to data management, where innovative software makes data infrastructure invisible, elastic and able to perform at the highest level. It eliminates hardware lock-in and gives IT organizations the choice to source x86 server nodes, with business model option...
When shopping for a new data processing platform for IoT solutions, many development teams want to be able to test-drive options before making a choice. Yet when evaluating an IoT solution, it’s simply not feasible to do so at scale with physical devices. Building a sensor simulator is the next best choice; however, generating a realistic simulation at very high TPS with ease of configurability is a formidable challenge. When dealing with multiple application or transport protocols, you would be...
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, Cloud Expo and @ThingsExpo are two of the most important technology events of the year. Since its launch over eight years ago, Cloud Expo and @ThingsExpo have presented a rock star faculty as well as showcased hundreds of sponsors and exhibitors! In this blog post, I provide 7 tips on how, as part of our world-class faculty, you can deliver one of the most popular sessions at our events. But before reading the...
In his session at 21st Cloud Expo, Carl J. Levine, Senior Technical Evangelist for NS1, will objectively discuss how DNS is used to solve Digital Transformation challenges in large SaaS applications, CDNs, AdTech platforms, and other demanding use cases. Carl J. Levine is the Senior Technical Evangelist for NS1. A veteran of the Internet Infrastructure space, he has over a decade of experience with startups, networking protocols and Internet infrastructure, combined with the unique ability to it...
Internet of @ThingsExpo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devic...
SYS-CON Events announced today that CA Technologies has been named "Platinum Sponsor" of SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business - from apparel to energy - is being rewritten by software. From planning to development to management to security, CA creates software that fuels transformation for companies in the applic...
As DevOps methodologies expand their reach across the enterprise, organizations face the daunting challenge of adapting related cloud strategies to ensure optimal alignment, from managing complexity to ensuring proper governance. How can culture, automation, legacy apps and even budget be reexamined to enable this ongoing shift within the modern software factory?
SYS-CON Events announced today that Elastifile will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Elastifile Cloud File System (ECFS) is software-defined data infrastructure designed for seamless and efficient management of dynamic workloads across heterogeneous environments. Elastifile provides the architecture needed to optimize your hybrid cloud environment, by facilitating efficient...
“Why didn’t testing catch this” must become “How did this make it to testing?” Traditional quality teams are the crutch and excuse keeping organizations from making the necessary investment in people, process, and technology to accelerate test automation. Just like societies that did not build waterways because the labor to keep carrying the water was so cheap, we have created disincentives to automate. In her session at @DevOpsSummit at 20th Cloud Expo, Anne Hungate, President of Daring System...
"Cloud computing is certainly changing how people consume storage, how they use it, and what they use it for. It's also making people rethink how they architect their environment," stated Brad Winett, Senior Technologist for DDN Storage, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
SYS-CON Events announced today that GrapeUp, the leading provider of rapid product development at the speed of business, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Grape Up is a software company, specialized in cloud native application development and professional services related to Cloud Foundry PaaS. With five expert teams that operate in various sectors of the market acr...