Welcome!

@CloudExpo Authors: Yeshim Deniz, Pat Romanski, Janakiram MSV, Liz McMillan, Carmen Gonzalez

Blog Feed Post

Top Cloud Computing Security Issues and Solutions

cloud security threats cloud security risks cloud security issues  cloud security issues cloudave Top Cloud Computing Security Issues and SolutionsBusinesses large and small are realizing the benefits that come with cloud computing.  The scalability that allows you to easily grow (or shrink) your operation, the agility that enables you to make quick changes, the cost-effectiveness that can save you money: the cloud seems like a no-brainer.  However, with increased cloud adoption rates come increased cloud computing security issues.

According to eweek, “enterprise cloud adoption continues to grow at increasing speed and organizations recognize the productivity and cost savings that emanate from moving off an on-site legacy system to a distributed cloud environment.” The Could Security Alliance’s Notorious Nine lists top threats like abuse and nefarious use, insecure interfaces, malicious insiders, and others.

Some industry insiders weighed in on the top cloud computing security issues and their solutions.

1.       Water hole attacks

Neeraj Khandelwal of Barracuda explains “as organizations become better at fighting spam and phishing, water hole attacks are the latest tricks in the attackers’ toolkits that silently compromise all the users of these trusted web applications, via their web browsers.”

The water hole attack is a 3-step process.  First, the attacker does some reconnaissance and research on its target, in which they find trusted websites often visited by employees of the target company.  Second, attackers insert an exploit into the trusted sites.  Finally, when your employees visit the trusted site, the exploit takes advantage of their system vulnerabilities.

The solution?  Vulnerability shielding: update and patch all software regularly to limit possible access points.

2.       The government and other spies

Dave Meltzer, VP of Engineering for Tripwire and a cloud security innovator says, “If a government entity wants access to my data, at least they need to come to me and tell me they want it. Once that is moved to the cloud, all visibility to that is now lost – they go directly to the cloud provider and cut my organization out of that loop.”

To solve this, use the cloud wisely: reap its benefits, but do not let anyone (even your cloud provider) have access to your encryption keys. This is not only possible, it is a recommended best practice.  This way, even if the government requests (or otherwise gains access to) your cloud provider’s information, they still cannot get yours.

3.       Compliance with data privacy laws in multiple geographies.

Velocity Technology Solutions VPs Marcello Burgio and Jim McInnes, note “Technology – specifically the cloud – gives businesses the power to achieve a cloud that crosses borders; however, the reality is that in many cases the varied laws that must be complied with around the world can seemingly handcuff a business’s ability to take full advantage of the cloud’s innovative offering.”

The architecture of your cloud environment is key and you must understand the respective data storage regulations in the countries you operate in. In general, you must look for cloud security solutions that are compliant with regulations like HIPAA, PCI DSS, EU data protection laws, or whichever laws apply to you. In practice – encryption makes this a lot easier. Use a cloud encryption solution to show that your data never left home (at least not in a readable form). Most regulations, including the EU’s very restrictive regulations, accept that this is a good solution.

4.       Liability for Breaches

Kimberly Weber of FortyCloud, a company whose mission is to promote migration of enterprises to the public cloud, may have put it best “while you can transfer your apps and data to the cloud, you can’t transfer liability.”

Amazon Web Service’s own security center explains that the cloud provider has secured the underlying infrastructure and you, the client, must secure anything you put on the infrastructure.

What does this mean for a company who wants to migrate to the cloud, but is concerned about their liability?

It is easiest to think of it this way: while the cloud has many benefits, elimination of liability isn’t one of them.  Like you were responsible for the security of your data in the data center, you are also responsible in the virtual world.  This means you should usesplit-key encryption technologies to ensure that only you control your data.  Your cloud provider shares responsibility for the infrastructure, you are still responsible for your apps and data.

How easy or difficult is it?

Lots of good advice; how doable is it?

Find solutions that require no hardware: that is the best fit for cloud environments. Of course, the solutions must have top notch security built in. That requires innovation – the onus for that innovation should be on the security provider, not you. In short, a solution should give all the benefits and up in minutes too.

So, make sure you limit your vulnerabilities, do not let anyone have access to your encryption keys, comply with all required laws and regulations, use encryption to make your life easier, and understand that you share responsibility for liability.

The post Top Cloud Computing Security Issues and Solutions appeared first on Porticor Cloud Security.

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.

@CloudExpo Stories
@GonzalezCarmen has been ranked the Number One Influencer and @ThingsExpo has been named the Number One Brand in the “M2M 2016: Top 100 Influencers and Brands” by Analytic. Onalytica analyzed tweets over the last 6 months mentioning the keywords M2M OR “Machine to Machine.” They then identified the top 100 most influential brands and individuals leading the discussion on Twitter.
Automation is enabling enterprises to design, deploy, and manage more complex, hybrid cloud environments. Yet the people who manage these environments must be trained in and understanding these environments better than ever before. A new era of analytics and cognitive computing is adding intelligence, but also more complexity, to these cloud environments. How smart is your cloud? How smart should it be? In this power panel at 20th Cloud Expo, moderated by Conference Chair Roger Strukhoff, pane...
SYS-CON Events announced today that Twistlock, the leading provider of cloud container security solutions, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Twistlock is the industry's first enterprise security suite for container security. Twistlock's technology addresses risks on the host and within the application of the container, enabling enterprises to consistently enforce security policies, monitor...
@ThingsExpo has been named the Most Influential ‘Smart Cities - IIoT' Account and @BigDataExpo has been named fourteenth by Right Relevance (RR), which provides curated information and intelligence on approximately 50,000 topics. In addition, Right Relevance provides an Insights offering that combines the above Topics and Influencers information with real time conversations to provide actionable intelligence with visualizations to enable decision making. The Insights service is applicable to eve...
Multiple data types are pouring into IoT deployments. Data is coming in small packages as well as enormous files and data streams of many sizes. Widespread use of mobile devices adds to the total. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists will look at the tools and environments that are being put to use in IoT deployments, as well as the team skills a modern enterprise IT shop needs to keep things running, get a handle on all this data, and deli...
While some vendors scramble to create and sell you a fancy solution for monitoring your spanking new Amazon Lambdas, hear how you can do it on the cheap using just built-in Java APIs yourself. By exploiting a little-known fact that Lambdas aren’t exactly single threaded, you can effectively identify hot spots in your serverless code. In his session at 20th Cloud Expo, David Martin, Principal Product Owner at CA Technologies, will give a live demonstration and code walkthrough, showing how to o...
SYS-CON Events announced today that Grape Up will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct. 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Grape Up is a software company specializing in cloud native application development and professional services related to Cloud Foundry PaaS. With five expert teams that operate in various sectors of the market across the U.S. and Europe, Grape Up works with a variety of customers from emergi...
SYS-CON Events announced today that T-Mobile will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. As America's Un-carrier, T-Mobile US, Inc., is redefining the way consumers and businesses buy wireless services through leading product and service innovation. The Company's advanced nationwide 4G LTE network delivers outstanding wireless experiences to 67.4 million customers who are unwilling to compromise on ...
SYS-CON Events announced today that Hitachi Data Systems, a wholly owned subsidiary of Hitachi LTD., will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City. Hitachi Data Systems (HDS) will be featuring the Hitachi Content Platform (HCP) portfolio. This is the industry’s only offering that allows organizations to bring together object storage, file sync and share, cloud storage gateways, and sophisticated search an...
Developers want to create better apps faster. Static clouds are giving way to scalable systems, with dynamic resource allocation and application monitoring. You won't hear that chant from users on any picket line, but helping developers to create better apps faster is the mission of Lee Atchison, principal cloud architect and advocate at New Relic Inc., based in San Francisco. His singular job is to understand and drive the industry in the areas of cloud architecture, microservices, scalability ...
SYS-CON Events announced today that CollabNet, a global leader in enterprise software development, release automation and DevOps solutions, will be a Bronze Sponsor of SYS-CON's 20th International Cloud Expo®, taking place from June 6-8, 2017, at the Javits Center in New York City, NY. CollabNet offers a broad range of solutions with the mission of helping modern organizations deliver quality software at speed. The company’s latest innovation, the DevOps Lifecycle Manager (DLM), supports Value S...
Bert Loomis was a visionary. This general session will highlight how Bert Loomis and people like him inspire us to build great things with small inventions. In their general session at 19th Cloud Expo, Harold Hannon, Architect at IBM Bluemix, and Michael O'Neill, Strategic Business Development at Nvidia, discussed the accelerating pace of AI development and how IBM Cloud and NVIDIA are partnering to bring AI capabilities to "every day," on-demand. They also reviewed two "free infrastructure" pr...
With billions of sensors deployed worldwide, the amount of machine-generated data will soon exceed what our networks can handle. But consumers and businesses will expect seamless experiences and real-time responsiveness. What does this mean for IoT devices and the infrastructure that supports them? More of the data will need to be handled at - or closer to - the devices themselves.
Blockchain is a shared, secure record of exchange that establishes trust, accountability and transparency across supply chain networks. Supported by the Linux Foundation's open source, open-standards based Hyperledger Project, Blockchain has the potential to improve regulatory compliance, reduce cost and time for product recall as well as advance trade. Are you curious about Blockchain and how it can provide you with new opportunities for innovation and growth? In her session at 20th Cloud Exp...
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm.
Most technology leaders, contemporary and from the hardware era, are reshaping their businesses to do software in the hope of capturing value in IoT. Although IoT is relatively new in the market, it has already gone through many promotional terms such as IoE, IoX, SDX, Edge/Fog, Mist Compute, etc. Ultimately, irrespective of the name, it is about deriving value from independent software assets participating in an ecosystem as one comprehensive solution.
SYS-CON Events announced today that CA Technologies has been named "Platinum Sponsor" of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, New York, and 21st International Cloud Expo, which will take place in November in Silicon Valley, California.
New competitors, disruptive technologies, and growing expectations are pushing every business to both adopt and deliver new digital services. This ‘Digital Transformation’ demands rapid delivery and continuous iteration of new competitive services via multiple channels, which in turn demands new service delivery techniques – including DevOps. In this power panel at @DevOpsSummit 20th Cloud Expo, moderated by DevOps Conference Co-Chair Andi Mann, panelists will examine how DevOps helps to meet th...
SYS-CON Events announced today that Hitachi, the leading provider the Internet of Things and Digital Transformation, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Hitachi Data Systems, a wholly owned subsidiary of Hitachi, Ltd., offers an integrated portfolio of services and solutions that enable digital transformation through enhanced data management, governance, mobility and analytics. We help globa...
@DevOpsSummit has been named the ‘Top DevOps Influencer' by iTrend. iTred processes millions of conversations, tweets, interactions, news articles, press releases, blog posts - and extract meaning form them and analyzes mobile and desktop software platforms used to communicate, various metadata (such as geo location), and automation tools. In overall placement, @DevOpsSummit ranked as the number one ‘DevOps Influencer' followed by @CloudExpo at third, and @MicroservicesE at 24th.