Welcome!

@CloudExpo Authors: Elizabeth White, Liz McMillan, Pat Romanski, David Paquette, Dana Gardner

Blog Feed Post

Top Cloud Computing Security Issues and Solutions

cloud security threats cloud security risks cloud security issues  cloud security issues cloudave Top Cloud Computing Security Issues and SolutionsBusinesses large and small are realizing the benefits that come with cloud computing.  The scalability that allows you to easily grow (or shrink) your operation, the agility that enables you to make quick changes, the cost-effectiveness that can save you money: the cloud seems like a no-brainer.  However, with increased cloud adoption rates come increased cloud computing security issues.

According to eweek, “enterprise cloud adoption continues to grow at increasing speed and organizations recognize the productivity and cost savings that emanate from moving off an on-site legacy system to a distributed cloud environment.” The Could Security Alliance’s Notorious Nine lists top threats like abuse and nefarious use, insecure interfaces, malicious insiders, and others.

Some industry insiders weighed in on the top cloud computing security issues and their solutions.

1.       Water hole attacks

Neeraj Khandelwal of Barracuda explains “as organizations become better at fighting spam and phishing, water hole attacks are the latest tricks in the attackers’ toolkits that silently compromise all the users of these trusted web applications, via their web browsers.”

The water hole attack is a 3-step process.  First, the attacker does some reconnaissance and research on its target, in which they find trusted websites often visited by employees of the target company.  Second, attackers insert an exploit into the trusted sites.  Finally, when your employees visit the trusted site, the exploit takes advantage of their system vulnerabilities.

The solution?  Vulnerability shielding: update and patch all software regularly to limit possible access points.

2.       The government and other spies

Dave Meltzer, VP of Engineering for Tripwire and a cloud security innovator says, “If a government entity wants access to my data, at least they need to come to me and tell me they want it. Once that is moved to the cloud, all visibility to that is now lost – they go directly to the cloud provider and cut my organization out of that loop.”

To solve this, use the cloud wisely: reap its benefits, but do not let anyone (even your cloud provider) have access to your encryption keys. This is not only possible, it is a recommended best practice.  This way, even if the government requests (or otherwise gains access to) your cloud provider’s information, they still cannot get yours.

3.       Compliance with data privacy laws in multiple geographies.

Velocity Technology Solutions VPs Marcello Burgio and Jim McInnes, note “Technology – specifically the cloud – gives businesses the power to achieve a cloud that crosses borders; however, the reality is that in many cases the varied laws that must be complied with around the world can seemingly handcuff a business’s ability to take full advantage of the cloud’s innovative offering.”

The architecture of your cloud environment is key and you must understand the respective data storage regulations in the countries you operate in. In general, you must look for cloud security solutions that are compliant with regulations like HIPAA, PCI DSS, EU data protection laws, or whichever laws apply to you. In practice – encryption makes this a lot easier. Use a cloud encryption solution to show that your data never left home (at least not in a readable form). Most regulations, including the EU’s very restrictive regulations, accept that this is a good solution.

4.       Liability for Breaches

Kimberly Weber of FortyCloud, a company whose mission is to promote migration of enterprises to the public cloud, may have put it best “while you can transfer your apps and data to the cloud, you can’t transfer liability.”

Amazon Web Service’s own security center explains that the cloud provider has secured the underlying infrastructure and you, the client, must secure anything you put on the infrastructure.

What does this mean for a company who wants to migrate to the cloud, but is concerned about their liability?

It is easiest to think of it this way: while the cloud has many benefits, elimination of liability isn’t one of them.  Like you were responsible for the security of your data in the data center, you are also responsible in the virtual world.  This means you should usesplit-key encryption technologies to ensure that only you control your data.  Your cloud provider shares responsibility for the infrastructure, you are still responsible for your apps and data.

How easy or difficult is it?

Lots of good advice; how doable is it?

Find solutions that require no hardware: that is the best fit for cloud environments. Of course, the solutions must have top notch security built in. That requires innovation – the onus for that innovation should be on the security provider, not you. In short, a solution should give all the benefits and up in minutes too.

So, make sure you limit your vulnerabilities, do not let anyone have access to your encryption keys, comply with all required laws and regulations, use encryption to make your life easier, and understand that you share responsibility for liability.

The post Top Cloud Computing Security Issues and Solutions appeared first on Porticor Cloud Security.

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.

@CloudExpo Stories
The 19th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Digital Transformation, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportuni...
Using new techniques of information modeling, indexing, and processing, new cloud-based systems can support cloud-based workloads previously not possible for high-throughput insurance, banking, and case-based applications. In his session at 18th Cloud Expo, John Newton, CTO, Founder and Chairman of Alfresco, described how to scale cloud-based content management repositories to store, manage, and retrieve billions of documents and related information with fast and linear scalability. He addres...
Data is the fuel that drives the machine learning algorithmic engines and ultimately provides the business value. In his session at Cloud Expo, Ed Featherston, a director and senior enterprise architect at Collaborative Consulting, will discuss the key considerations around quality, volume, timeliness, and pedigree that must be dealt with in order to properly fuel that engine.
Aspose.Total for .NET is the most complete package of all file format APIs for .NET as offered by Aspose. It empowers developers to create, edit, render, print and convert between a wide range of popular document formats within any .NET, C#, ASP.NET and VB.NET applications. Aspose compiles all .NET APIs on a daily basis to ensure that it contains the most up to date versions of each of Aspose .NET APIs. If a new .NET API or a new version of existing APIs is released during the subscription peri...
SYS-CON Events announced today that 910Telecom will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Housed in the classic Denver Gas & Electric Building, 910 15th St., 910Telecom is a carrier-neutral telecom hotel located in the heart of Denver. Adjacent to CenturyLink, AT&T, and Denver Main, 910Telecom offers connectivity to all major carriers, Internet service providers, Internet backbones and ...
DevOps at Cloud Expo, taking place Nov 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 19th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long dev...
Amazon has gradually rolled out parts of its IoT offerings in the last year, but these are just the tip of the iceberg. In addition to optimizing their back-end AWS offerings, Amazon is laying the ground work to be a major force in IoT – especially in the connected home and office. Amazon is extending its reach by building on its dominant Cloud IoT platform, its Dash Button strategy, recently announced Replenishment Services, the Echo/Alexa voice recognition control platform, the 6-7 strategic...
19th Cloud Expo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Meanwhile, 94% of enterpri...
Akana has announced the availability of version 8 of its API Management solution. The Akana Platform provides an end-to-end API Management solution for designing, implementing, securing, managing, monitoring, and publishing APIs. It is available as a SaaS platform, on-premises, and as a hybrid deployment. Version 8 introduces a lot of new functionality, all aimed at offering customers the richest API Management capabilities in a way that is easier than ever for API and app developers to use.
Personalization has long been the holy grail of marketing. Simply stated, communicate the most relevant offer to the right person and you will increase sales. To achieve this, you must understand the individual. Consequently, digital marketers developed many ways to gather and leverage customer information to deliver targeted experiences. In his session at @ThingsExpo, Lou Casal, Founder and Principal Consultant at Practicala, discussed how the Internet of Things (IoT) has accelerated our abil...
With so much going on in this space you could be forgiven for thinking you were always working with yesterday’s technologies. So much change, so quickly. What do you do if you have to build a solution from the ground up that is expected to live in the field for at least 5-10 years? This is the challenge we faced when we looked to refresh our existing 10-year-old custom hardware stack to measure the fullness of trash cans and compactors.
SYS-CON Events announced today that Isomorphic Software will exhibit at DevOps Summit at 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Isomorphic Software provides the SmartClient HTML5/AJAX platform, the most advanced technology for building rich, cutting-edge enterprise web applications for desktop and mobile. SmartClient combines the productivity and performance of traditional desktop software with the simp...
The emerging Internet of Everything creates tremendous new opportunities for customer engagement and business model innovation. However, enterprises must overcome a number of critical challenges to bring these new solutions to market. In his session at @ThingsExpo, Michael Martin, CTO/CIO at nfrastructure, outlined these key challenges and recommended approaches for overcoming them to achieve speed and agility in the design, development and implementation of Internet of Everything solutions wi...
Cloud computing is being adopted in one form or another by 94% of enterprises today. Tens of billions of new devices are being connected to The Internet of Things. And Big Data is driving this bus. An exponential increase is expected in the amount of information being processed, managed, analyzed, and acted upon by enterprise IT. This amazing is not part of some distant future - it is happening today. One report shows a 650% increase in enterprise data by 2020. Other estimates are even higher....
Internet of @ThingsExpo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 19th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devices - comp...
Qosmos has announced new milestones in the detection of encrypted traffic and in protocol signature coverage. Qosmos latest software can accurately classify traffic encrypted with SSL/TLS (e.g., Google, Facebook, WhatsApp), P2P traffic (e.g., BitTorrent, MuTorrent, Vuze), and Skype, while preserving the privacy of communication content. These new classification techniques mean that traffic optimization, policy enforcement, and user experience are largely unaffected by encryption. In respect wit...
"My role is working with customers, helping them go through this digital transformation. I spend a lot of time talking to banks, big industries, manufacturers working through how they are integrating and transforming their IT platforms and moving them forward," explained William Morrish, General Manager Product Sales at Interoute, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Internet of @ThingsExpo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with the 19th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world and ThingsExpo Silicon Valley Call for Papers is now open.
To leverage Continuous Delivery, enterprises must consider impacts that span functional silos, as well as applications that touch older, slower moving components. Managing the many dependencies can cause slowdowns. See how to achieve continuous delivery in the enterprise.
Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more business becomes digital the more stakeholders are interested in this data including how it relates to business. Some of these people have never used a monitoring tool before. They have a question on their mind like “How is my application doing” but no id...