Click here to close now.

Welcome!

Cloud Expo Authors: Carmen Gonzalez, Elizabeth White, Liz McMillan, Roger Strukhoff, Pat Romanski

Blog Feed Post

Top Cloud Computing Security Issues and Solutions

cloud security threats cloud security risks cloud security issues  cloud security issues cloudave Top Cloud Computing Security Issues and SolutionsBusinesses large and small are realizing the benefits that come with cloud computing.  The scalability that allows you to easily grow (or shrink) your operation, the agility that enables you to make quick changes, the cost-effectiveness that can save you money: the cloud seems like a no-brainer.  However, with increased cloud adoption rates come increased cloud computing security issues.

According to eweek, “enterprise cloud adoption continues to grow at increasing speed and organizations recognize the productivity and cost savings that emanate from moving off an on-site legacy system to a distributed cloud environment.” The Could Security Alliance’s Notorious Nine lists top threats like abuse and nefarious use, insecure interfaces, malicious insiders, and others.

Some industry insiders weighed in on the top cloud computing security issues and their solutions.

1.       Water hole attacks

Neeraj Khandelwal of Barracuda explains “as organizations become better at fighting spam and phishing, water hole attacks are the latest tricks in the attackers’ toolkits that silently compromise all the users of these trusted web applications, via their web browsers.”

The water hole attack is a 3-step process.  First, the attacker does some reconnaissance and research on its target, in which they find trusted websites often visited by employees of the target company.  Second, attackers insert an exploit into the trusted sites.  Finally, when your employees visit the trusted site, the exploit takes advantage of their system vulnerabilities.

The solution?  Vulnerability shielding: update and patch all software regularly to limit possible access points.

2.       The government and other spies

Dave Meltzer, VP of Engineering for Tripwire and a cloud security innovator says, “If a government entity wants access to my data, at least they need to come to me and tell me they want it. Once that is moved to the cloud, all visibility to that is now lost – they go directly to the cloud provider and cut my organization out of that loop.”

To solve this, use the cloud wisely: reap its benefits, but do not let anyone (even your cloud provider) have access to your encryption keys. This is not only possible, it is a recommended best practice.  This way, even if the government requests (or otherwise gains access to) your cloud provider’s information, they still cannot get yours.

3.       Compliance with data privacy laws in multiple geographies.

Velocity Technology Solutions VPs Marcello Burgio and Jim McInnes, note “Technology – specifically the cloud – gives businesses the power to achieve a cloud that crosses borders; however, the reality is that in many cases the varied laws that must be complied with around the world can seemingly handcuff a business’s ability to take full advantage of the cloud’s innovative offering.”

The architecture of your cloud environment is key and you must understand the respective data storage regulations in the countries you operate in. In general, you must look for cloud security solutions that are compliant with regulations like HIPAA, PCI DSS, EU data protection laws, or whichever laws apply to you. In practice – encryption makes this a lot easier. Use a cloud encryption solution to show that your data never left home (at least not in a readable form). Most regulations, including the EU’s very restrictive regulations, accept that this is a good solution.

4.       Liability for Breaches

Kimberly Weber of FortyCloud, a company whose mission is to promote migration of enterprises to the public cloud, may have put it best “while you can transfer your apps and data to the cloud, you can’t transfer liability.”

Amazon Web Service’s own security center explains that the cloud provider has secured the underlying infrastructure and you, the client, must secure anything you put on the infrastructure.

What does this mean for a company who wants to migrate to the cloud, but is concerned about their liability?

It is easiest to think of it this way: while the cloud has many benefits, elimination of liability isn’t one of them.  Like you were responsible for the security of your data in the data center, you are also responsible in the virtual world.  This means you should usesplit-key encryption technologies to ensure that only you control your data.  Your cloud provider shares responsibility for the infrastructure, you are still responsible for your apps and data.

How easy or difficult is it?

Lots of good advice; how doable is it?

Find solutions that require no hardware: that is the best fit for cloud environments. Of course, the solutions must have top notch security built in. That requires innovation – the onus for that innovation should be on the security provider, not you. In short, a solution should give all the benefits and up in minutes too.

So, make sure you limit your vulnerabilities, do not let anyone have access to your encryption keys, comply with all required laws and regulations, use encryption to make your life easier, and understand that you share responsibility for liability.

The post Top Cloud Computing Security Issues and Solutions appeared first on Porticor Cloud Security.

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.

@CloudExpo Stories
P2P RTC will impact the landscape of communications, shifting from traditional telephony style communications models to OTT (Over-The-Top) cloud assisted & PaaS (Platform as a Service) communication services. The P2P shift will impact many areas of our lives, from mobile communication, human interactive web services, RTC and telephony infrastructure, user federation, security and privacy implications, business costs, and scalability. In his session at @ThingsExpo, Robin Raymond, Chief Architect...
The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long development cycles that produce software that is obsolete at launch. DevOps may be disruptive, but it is essential. The DevOps Summit at Cloud Expo – to be held June 3-5, 2015, at the Javits Center in New York City – will expand the DevOps community, enable a wide...
Enterprises are fast realizing the importance of integrating SaaS/Cloud applications, API and on-premises data and processes, to unleash hidden value. This webinar explores how managers can use a Microservice-centric approach to aggressively tackle the unexpected new integration challenges posed by proliferation of cloud, mobile, social and big data projects. Industry analyst and SOA expert Jason Bloomberg will strip away the hype from microservices, and clearly identify their advantages and d...
With worldwide spending on cloud services and infrastructure growing by 23% in 2015 to $118B, it is clear that cloud services are here to stay. Yet, the rate of cloud adoption varies by companies and markets around the world. With thousands of outages and hijacks across the Internet every day, one reason for hesitation is the faith in quality Internet performance. In his session at 16th Cloud Expo, Michael Kane, Senior Manager at Dyn, will explore how Internet performance affects your end-user...
With SaaS use rampant across organizations, how can IT departments track company data and maintain security? More and more departments are commissioning their own solutions and bypassing IT. A cloud environment is amorphous and powerful, allowing you to set up solutions for all of your user needs: document sharing and collaboration, mobile access, e-mail, even industry-specific applications. In his session at 16th Cloud Expo, Shawn Mills, President and a founder of Green House Data, will discus...
Cloud Expo, Inc. has announced today that Andi Mann returns to DevOps Summit 2015 as Conference Chair. The 4th International DevOps Summit will take place on June 9-11, 2015, at the Javits Center in New York City. "DevOps is set to be one of the most profound disruptions to hit IT in decades," said Andi Mann. "It is a natural extension of cloud computing, and I have seen both firsthand and in independent research the fantastic results DevOps delivers. So I am excited to help the great team at ...
Organizations today are confounded by an avalanche of data that needs to be processed and managed on a daily basis. Through relevant use cases and a thought-provoking dialogue on an organization’s ‘Data to Decisions’ journey, Andrew Clyne, Chief Data Officer at CenturyLink Cognilytics, will reveal in his session at Big Data Expo how your organization can monetize data as a strategic asset. State-of-the-art Big Data and Advanced Analytics capabilities provided as a managed service can enable da...
Explosive growth in connected devices. Enormous amounts of data for collection and analysis. Critical use of data for split-second decision making and actionable information. All three are factors in making the Internet of Things a reality. Yet, any one factor would have an IT organization pondering its infrastructure strategy. How should your organization enhance its IT framework to enable an Internet of Things implementation? In his session at Internet of @ThingsExpo, James Kirkland, Chief Ar...
For IoT to grow as quickly as analyst firms’ project, a lot is going to fall on developers to quickly bring applications to market. But the lack of a standard development platform threatens to slow growth and make application development more time consuming and costly, much like we’ve seen in the mobile space. In his session at @ThingsExpo, Mike Weiner is Product Manager of the Omega DevCloud with KORE Telematics Inc., will discuss the evolving requirements for developers as IoT matures and co...
Move from reactive to proactive cloud management in a heterogeneous cloud infrastructure. In his session at 16th Cloud Expo, Manoj Khabe, Innovative Solution-Focused Transformation Leader at Vicom Computer Services, Inc., will show how to replace a help desk-centric approach with an ITIL-based service model and service-centric CMDB that’s tightly integrated with an event and incident management platform. Learn how to expand the scope of operations management to service management. He will al...
There is no question that the cloud is where businesses want to host data. Until recently hypervisor virtualization was the most widely used method in cloud computing. Recently virtual containers have been gaining in popularity, and for good reason. In the debate between virtual machines and containers, the latter have been seen as the new kid on the block – and like other emerging technology have had some initial shortcomings. However, the container space has evolved drastically since coming on...
Mobile commerce traffic is surpassing desktop, yet less than 20% of sales in the U.S. are mobile commerce sales. In his session at 15th Cloud Expo, Dan Franklin, Segment Manager, Commerce, at Verizon Digital Media Services, defined mobile devices and discussed how next generation means simplification. It means taking your digital content and turning it into instantly gratifying experiences.
Software Development Solution category in The 2015 American Business Awards, and will ultimately be a Gold, Silver, or Bronze Stevie® Award winner in the program. More than 3,300 nominations from organizations of all sizes and in virtually every industry were submitted this year for consideration. "We are honored to be recognized as a leader in the software development industry by the Stevie Awards judges," said Steve Brodie, CEO of Electric Cloud. "We introduced ElectricFlow and our Deploy app...
What do a firewall and a fortress have in common? They are no longer strong enough to protect the valuables housed inside. Like the walls of an old fortress, the cracks in the firewall are allowing the bad guys to slip in - unannounced and unnoticed. By the time these thieves get in, the damage is already done and the network is already compromised. Intellectual property is easily slipped out the back door leaving no trace of forced entry. If we want to reign in on these cybercriminals, it's hig...
SYS-CON Events announced today that DragonGlass, an enterprise search platform, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. After eleven years of designing and building custom applications, OpenCrowd has launched DragonGlass, a cloud-based platform that enables the development of search-based applications. These are a new breed of applications that utilize a search index as their backbone for data...
Converging digital disruptions is creating a major sea change - Cisco calls this the Internet of Everything (IoE). IoE is the network connection of People, Process, Data and Things, fueled by Cloud, Mobile, Social, Analytics and Security, and it represents a $19Trillion value-at-stake over the next 10 years. In her keynote at @ThingsExpo, Manjula Talreja, VP of Cisco Consulting Services, will discuss IoE and the enormous opportunities it provides to public and private firms alike. She will shar...
Container frameworks, such as Docker, provide a variety of benefits, including density of deployment across infrastructure, convenience for application developers to push updates with low operational hand-holding, and a fairly well-defined deployment workflow that can be orchestrated. Container frameworks also enable a DevOps approach to application development by cleanly separating concerns between operations and development teams. But running multi-container, multi-server apps with containers ...
The time is ripe for high speed resilient software defined storage solutions with unlimited scalability. ISS has been working with the leading open source projects and developed a commercial high performance solution that is able to grow forever without performance limitations. In his session at DevOps Summit, Alex Gorbachev, President of Intelligent Systems Services Inc., will share foundation principles of Ceph architecture, as well as the design to deliver this storage to traditional SAN st...
In their general session at 16th Cloud Expo, Michael Piccininni, Global Account Manager – Cloud SP at EMC Corporation, and Mike Dietze, Regional Director at Windstream Hosted Solutions, will review next generation cloud services, including the Windstream-EMC Tier Storage solutions, and discuss how to increase efficiencies, improve service delivery and enhance corporate cloud solution development. Speaker Bios Michael Piccininni is Global Account Manager – Cloud SP at EMC Corporation. He has b...
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo in Silicon Valley. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 17th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading in...