Click here to close now.


@CloudExpo Authors: Elizabeth White, Pat Romanski, Liz McMillan, Victoria Livschitz, Ed Featherston

Blog Feed Post

Top Cloud Computing Security Issues and Solutions

cloud security threats cloud security risks cloud security issues  cloud security issues cloudave Top Cloud Computing Security Issues and SolutionsBusinesses large and small are realizing the benefits that come with cloud computing.  The scalability that allows you to easily grow (or shrink) your operation, the agility that enables you to make quick changes, the cost-effectiveness that can save you money: the cloud seems like a no-brainer.  However, with increased cloud adoption rates come increased cloud computing security issues.

According to eweek, “enterprise cloud adoption continues to grow at increasing speed and organizations recognize the productivity and cost savings that emanate from moving off an on-site legacy system to a distributed cloud environment.” The Could Security Alliance’s Notorious Nine lists top threats like abuse and nefarious use, insecure interfaces, malicious insiders, and others.

Some industry insiders weighed in on the top cloud computing security issues and their solutions.

1.       Water hole attacks

Neeraj Khandelwal of Barracuda explains “as organizations become better at fighting spam and phishing, water hole attacks are the latest tricks in the attackers’ toolkits that silently compromise all the users of these trusted web applications, via their web browsers.”

The water hole attack is a 3-step process.  First, the attacker does some reconnaissance and research on its target, in which they find trusted websites often visited by employees of the target company.  Second, attackers insert an exploit into the trusted sites.  Finally, when your employees visit the trusted site, the exploit takes advantage of their system vulnerabilities.

The solution?  Vulnerability shielding: update and patch all software regularly to limit possible access points.

2.       The government and other spies

Dave Meltzer, VP of Engineering for Tripwire and a cloud security innovator says, “If a government entity wants access to my data, at least they need to come to me and tell me they want it. Once that is moved to the cloud, all visibility to that is now lost – they go directly to the cloud provider and cut my organization out of that loop.”

To solve this, use the cloud wisely: reap its benefits, but do not let anyone (even your cloud provider) have access to your encryption keys. This is not only possible, it is a recommended best practice.  This way, even if the government requests (or otherwise gains access to) your cloud provider’s information, they still cannot get yours.

3.       Compliance with data privacy laws in multiple geographies.

Velocity Technology Solutions VPs Marcello Burgio and Jim McInnes, note “Technology – specifically the cloud – gives businesses the power to achieve a cloud that crosses borders; however, the reality is that in many cases the varied laws that must be complied with around the world can seemingly handcuff a business’s ability to take full advantage of the cloud’s innovative offering.”

The architecture of your cloud environment is key and you must understand the respective data storage regulations in the countries you operate in. In general, you must look for cloud security solutions that are compliant with regulations like HIPAA, PCI DSS, EU data protection laws, or whichever laws apply to you. In practice – encryption makes this a lot easier. Use a cloud encryption solution to show that your data never left home (at least not in a readable form). Most regulations, including the EU’s very restrictive regulations, accept that this is a good solution.

4.       Liability for Breaches

Kimberly Weber of FortyCloud, a company whose mission is to promote migration of enterprises to the public cloud, may have put it best “while you can transfer your apps and data to the cloud, you can’t transfer liability.”

Amazon Web Service’s own security center explains that the cloud provider has secured the underlying infrastructure and you, the client, must secure anything you put on the infrastructure.

What does this mean for a company who wants to migrate to the cloud, but is concerned about their liability?

It is easiest to think of it this way: while the cloud has many benefits, elimination of liability isn’t one of them.  Like you were responsible for the security of your data in the data center, you are also responsible in the virtual world.  This means you should usesplit-key encryption technologies to ensure that only you control your data.  Your cloud provider shares responsibility for the infrastructure, you are still responsible for your apps and data.

How easy or difficult is it?

Lots of good advice; how doable is it?

Find solutions that require no hardware: that is the best fit for cloud environments. Of course, the solutions must have top notch security built in. That requires innovation – the onus for that innovation should be on the security provider, not you. In short, a solution should give all the benefits and up in minutes too.

So, make sure you limit your vulnerabilities, do not let anyone have access to your encryption keys, comply with all required laws and regulations, use encryption to make your life easier, and understand that you share responsibility for liability.

The post Top Cloud Computing Security Issues and Solutions appeared first on Porticor Cloud Security.

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.

@CloudExpo Stories
SYS-CON Events announced today that Machkey International Company will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Machkey provides advanced connectivity solutions for just about everyone. Businesses or individuals, Machkey is dedicated to provide high-quality and cost-effective products to meet all your needs.
Cloud computing delivers on-demand resources that provide businesses with flexibility and cost-savings. The challenge in moving workloads to the cloud has been the cost and complexity of ensuring the initial and ongoing security and regulatory (PCI, HIPAA, FFIEC) compliance across private and public clouds. Manual security compliance is slow, prone to human error, and represents over 50% of the cost of managing cloud applications. Determining how to automate cloud security compliance is critical...
SYS-CON Events announced today that VividCortex, the monitoring solution for the modern data system, will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. The database is the heart of most applications, but it’s also the part that’s hardest to scale, monitor, and optimize even as it’s growing 50% year over year. VividCortex is the first unified suite of database monitoring tools specifically desi...
SYS-CON Events announced today that Secure Infrastructure & Services will exhibit at SYS-CON's 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Secure Infrastructure & Services (SIAS) is a managed services provider of cloud computing solutions for the IBM Power Systems market. The company helps mid-market firms built on IBM hardware platforms to deploy new levels of reliable and cost-effective computing and hig...
SYS-CON Events announced today that JFrog, maker of Artifactory, the popular Binary Repository Manager, will exhibit at SYS-CON's @DevOpsSummit Silicon Valley, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Based in California, Israel and France, founded by longtime field-experts, JFrog, creator of Artifactory and Bintray, has provided the market with the first Binary Repository solution and a software distribution social platform.
SYS-CON Events announced today that Agema Systems will exhibit at the 17th International Cloud Expo®, which will take place on November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Agema Systems is the leading provider of critical white-box rack solutions to data centers through the major integrators and value added distribution channels.
SYS-CON Events announced today that Interface Masters Technologies, provider of leading network visibility and monitoring solutions, will exhibit at the 17th International CloudExpo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Interface Masters Technologies is a leading provider of high speed networking solutions focused on Gigabit, 10 Gigabit, 40 Gigabit and 100 Gigabit Ethernet network access and connectivity products. For over 20 ye...
SYS-CON Events announced today that Harbinger Systems will exhibit at SYS-CON's 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Harbinger Systems is a global company providing software technology services. Since 1990, Harbinger has developed a strong customer base worldwide. Its customers include software product companies ranging from hi-tech start-ups in Silicon Valley to leading product companies in the US a...
Interested in leveraging automation technologies and a cloud architecture to make developers more productive? Learn how PaaS can benefit your organization to help you streamline your application development, allow you to use existing infrastructure and improve operational efficiencies. Begin charting your path to PaaS with OpenShift Enterprise.
SYS-CON Events announced today that Key Information Systems, Inc. (KeyInfo), a leading cloud and infrastructure provider offering integrated solutions to enterprises, will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Key Information Systems is a leading regional systems integrator with world-class compute, storage and networking solutions and professional services for the most advanced softwa...
In recent years, at least 40% of companies using cloud applications have experienced data loss. One of the best prevention against cloud data loss is backing up your cloud data. In his General Session at 17th Cloud Expo, Bryan Forrester, Senior Vice President of Sales at eFolder, will present how organizations can use eFolder Cloudfinder to automate backups of cloud application data. He will also demonstrate how easy it is to search and restore cloud application data using Cloudfinder.
Clearly the way forward is to move to cloud be it bare metal, VMs or containers. One aspect of the current public clouds that is slowing this cloud migration is cloud lock-in. Every cloud vendor is trying to make it very difficult to move out once a customer has chosen their cloud. In his session at 17th Cloud Expo, Naveen Nimmu, CEO of Clouber, Inc., will advocate that making the inter-cloud migration as simple as changing airlines would help the entire industry to quickly adopt the cloud wit...
Organizations already struggle with the simple collection of data resulting from the proliferation of IoT, lacking the right infrastructure to manage it. They can't only rely on the cloud to collect and utilize this data because many applications still require dedicated infrastructure for security, redundancy, performance, etc. In his session at 17th Cloud Expo, Emil Sayegh, CEO of Codero Hosting, will discuss how in order to resolve the inherent issues, companies need to combine dedicated a...
SYS-CON Events announced today that ProfitBricks, the provider of painless cloud infrastructure, will exhibit at SYS-CON's 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. ProfitBricks is the IaaS provider that offers a painless cloud experience for all IT users, with no learning curve. ProfitBricks boasts flexible cloud servers and networking, an integrated Data Center Designer tool for visual control over the...
SYS-CON Events announced today that IBM Cloud Data Services has been named “Bronze Sponsor” of SYS-CON's 17th Cloud Expo, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. IBM Cloud Data Services offers a portfolio of integrated, best-of-breed cloud data services for developers focused on mobile computing and analytics use cases.
“All our customers are looking at the cloud ecosystem as an important part of their overall product strategy. Some see it evolve as a multi-cloud / hybrid cloud strategy, while others are embracing all forms of cloud offerings like PaaS, IaaS and SaaS in their solutions,” noted Suhas Joshi, Vice President – Technology, at Harbinger Group, in this exclusive Q&A with Cloud Expo Conference Chair Roger Strukhoff.
Docker is hot. However, as Docker container use spreads into more mature production pipelines, there can be issues about control of Docker images to ensure they are production-ready. Is a promotion-based model appropriate to control and track the flow of Docker images from development to production? In his session at DevOps Summit, Fred Simon, Co-founder and Chief Architect of JFrog, will demonstrate how to implement a promotion model for Docker images using a binary repository, and then show h...
Learn how Backup as a Service can help your customer base protect their data. In his session at 17th Cloud Expo, Stefaan Vervaet, Director of Strategic Alliances at HGST, will discuss the challenges of data protection in an era of exploding storage requirements, show you the benefits of a backup service for your cloud customers, and explain how the HGST Active Archive and CommVault are already enabling this service today with customer examples.
Learn how IoT, cloud, social networks and last but not least, humans, can be integrated into a seamless integration of cooperative organisms both cybernetic and biological. This has been enabled by recent advances in IoT device capabilities, messaging frameworks, presence and collaboration services, where devices can share information and make independent and human assisted decisions based upon social status from other entities. In his session at @ThingsExpo, Michael Heydt, founder of Seamless...
Culture is the most important ingredient of DevOps. The challenge for most organizations is defining and communicating a vision of beneficial DevOps culture for their organizations, and then facilitating the changes needed to achieve that. Often this comes down to an ability to provide true leadership. As a CIO, are your direct reports IT managers or are they IT leaders? The hard truth is that many IT managers have risen through the ranks based on their technical skills, not their leadership ab...