Welcome!

@CloudExpo Authors: Pat Romanski, Mehdi Daoudi, Elizabeth White, Rene Buest, Kevin Benedict

Blog Feed Post

@CloudExpo | #Cloud Security Myths: Busted

Cloud Security Cloud Encryption  cloud expo @CloudExpo | #Cloud Security Myths: BustedIn a Feb 2014 survey, 94 percent of organizations surveyed reported running applications or experimenting with infrastructure-as-a-service.[1] According to research firm Nasumi, there is over one exabyte currently stored in the cloud. An exabyte is over a billion GB.[2] Considering the amount of data in the cloud and the growing rate of adoption for sensitive use cases, it is natural that securing our data in the cloud is a concern. But, cloud security, though rightfully a central concern, should not be a hindrance to aggressively moving workloads and applications to the cloud.

In fact, there are some misconceptions about cloud security that need to be laid to rest.

Myth #1: A cloud provider’s customers can attack each other


The multi-tenant environment of cloud computing has given rise to a misconception that the provider’s many customers can access each other’s data and accounts with little effort. This is tantamount to saying that your neighbors can break into your home easier than a thief from across town.

The truth is that virtual walls segregate you from other customers. Your hypervisor is the primary separator and is extremely difficult to hack. If you add other safeguards like VLAN isolation and proper data encryption and key management, your data is completely safe from other cloud customers.

The Alert Logic State of Cloud Security Report concludes “It’s not that the cloud is inherently secure or insecure. It’s really about the quality of management applied to any IT environment.”

Myth #2: Data in the cloud in more susceptible to risk than data in the datacenter

In survey after survey, we find that the reason that cloud computing isn’t growing even faster than its staggering CAGR is companies’ security fears. But, like many fears, this one mixes legitimate concerns with ignorance. Depending on the details, data in the cloud may actually be safer than data in the datacenter.

In fact, a 2014 study found that once businesses learn about and experience cloud computing, concerns about security vanish. Close to one-third of executives and professionals who have not yet implemented cloud say security is their top concern, a number that diminishes to 13 percent of seasoned, heavy users of cloud services (and is only the fifth-ranked concern on their list).[3]

Arthur W. Coviello, Jr., Executive Chairman for RSA, puts it simply, “security concerns are really independent of the cloud. They’re just an extension of what is being dealt with in the physical infrastructure.”[4]

In many cases, the average enterprise or SME can’t keep up with all of the security controls necessary to protect data in-house. For a cloud provider, conversely, it is a core business function. They typically invest in the strongest forms of network security and detection and attain compliance certifications that reduce the risk for the data they’re tasked to protect.

If your core business isn’t preparing tax returns, you hire someone who can do it for you: someone with the right background, experience, and tools. Someone who does a better job than you could do yourself. The same applies when it comes to protecting your data: using a provider who specializes in doing so will create better results than doing it yourself.

Myth #3: Using a trusted cloud provider guarantees protection of data

The internet is filled with comparisons of the trustworthiness of cloud providers. Those researching a cloud solution are often tasked with ensuring the cloud provider conducts audits, provides certifications, complies with industry regulations, properly screens their employees, etc. While all of these elements have their place in assessing the trustworthiness of a cloud provider, they don’t completely protect your data because it is not just the cloud provider’s responsibility to protect your data.

The truth is this: whether you build your own private cloud, store your data in a public cloud, or keep your sensitive business information under your mattress, the duty to protect your data is yours alone.

Amazon Web Services (AWS) accounted for 37% of the $9 billion infrastructure as a service (IaaS) market in 2013, according to analysts from equity research firm Evercore. The IaaS market is growing by 45%, but Amazon Web Services has a growth rate of 60%.[5] AWS is currently the biggest public cloud provider. And yet, in the AWS Security Center, they clearly state “AWS has secured the underlying infrastructure and you must secure anything you put on the infrastructure.”

Because you control the security of your accounts and data, you can ensure that you still own your data – even though you are housing it in public infrastructure.

The way to ensure your data is safe in the cloud is by encryption. Encryption, and the management of encryption keys, is not just about safety, it is also about ownership. If you encrypt properly, you will own your data even though you are renting infrastructure form a cloud provider.

To simply and effectively achieve encryption key management, the best practice is coupling the innovative techniques of split key encryption and homomorphic key management. They will be the assurance that no one (not even your cloud provider) can access data you store in the cloud and that everything you store in the cloud is completely safe, segregated, and protected in a way that is scalable, automated, and cost-effective.

Resources

  1. http://www.rightscale.com/blog/cloud-industry-insights/cloud-computing-trends-2014-state-cloud-survey
  2. https://www.nasuni.com/wp-content/uploads/2013/02/nasuni_infographic_the_state_of_cloud_storage_in_2013-4.jpg
  3. http://www.forbes.com/sites/joemckendrick/2014/04/03/cloud-security-fears-diminish-with-experience-survey-shows/
  4. http://www.vmware.com/files/pdf/VMware-Cloud-Security-Myths-Strategies-Uncovered-White-Paper.pdf
  5. http://www.businessinsider.com/amazon-web-services-market-share-2014-6

The post @CloudExpo | #Cloud Security Myths: Busted appeared first on Porticor Cloud Security.

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.

@CloudExpo Stories
Intelligent Automation is now one of the key business imperatives for CIOs and CISOs impacting all areas of business today. In his session at 21st Cloud Expo, Brian Boeggeman, VP Alliances & Partnerships at Ayehu, will talk about how business value is created and delivered through intelligent automation to today’s enterprises. The open ecosystem platform approach toward Intelligent Automation that Ayehu delivers to the market is core to enabling the creation of the self-driving enterprise.
"We're here to tell the world about our cloud-scale infrastructure that we have at Juniper combined with the world-class security that we put into the cloud," explained Lisa Guess, VP of Systems Engineering at Juniper Networks, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
Historically, some banking activities such as trading have been relying heavily on analytics and cutting edge algorithmic tools. The coming of age of powerful data analytics solutions combined with the development of intelligent algorithms have created new opportunities for financial institutions. In his session at 20th Cloud Expo, Sebastien Meunier, Head of Digital for North America at Chappuis Halder & Co., discussed how these tools can be leveraged to develop a lasting competitive advantage ...
WebRTC is the future of browser-to-browser communications, and continues to make inroads into the traditional, difficult, plug-in web communications world. The 6th WebRTC Summit continues our tradition of delivering the latest and greatest presentations within the world of WebRTC. Topics include voice calling, video chat, P2P file sharing, and use cases that have already leveraged the power and convenience of WebRTC.
"We're a cybersecurity firm that specializes in engineering security solutions both at the software and hardware level. Security cannot be an after-the-fact afterthought, which is what it's become," stated Richard Blech, Chief Executive Officer at Secure Channels, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
In his session at 20th Cloud Expo, Mike Johnston, an infrastructure engineer at Supergiant.io, discussed how to use Kubernetes to set up a SaaS infrastructure for your business. Mike Johnston is an infrastructure engineer at Supergiant.io with over 12 years of experience designing, deploying, and maintaining server and workstation infrastructure at all scales. He has experience with brick and mortar data centers as well as cloud providers like Digital Ocean, Amazon Web Services, and Rackspace. H...
You know you need the cloud, but you’re hesitant to simply dump everything at Amazon since you know that not all workloads are suitable for cloud. You know that you want the kind of ease of use and scalability that you get with public cloud, but your applications are architected in a way that makes the public cloud a non-starter. You’re looking at private cloud solutions based on hyperconverged infrastructure, but you’re concerned with the limits inherent in those technologies.
The question before companies today is not whether to become intelligent, it’s a question of how and how fast. The key is to adopt and deploy an intelligent application strategy while simultaneously preparing to scale that intelligence. In her session at 21st Cloud Expo, Sangeeta Chakraborty, Chief Customer Officer at Ayasdi, will provide a tactical framework to become a truly intelligent enterprise, including how to identify the right applications for AI, how to build a Center of Excellence to ...
SYS-CON Events announced today that Massive Networks will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Massive Networks mission is simple. To help your business operate seamlessly with fast, reliable, and secure internet and network solutions. Improve your customer's experience with outstanding connections to your cloud.
DevOps is under attack because developers don’t want to mess with infrastructure. They will happily own their code into production, but want to use platforms instead of raw automation. That’s changing the landscape that we understand as DevOps with both architecture concepts (CloudNative) and process redefinition (SRE). Rob Hirschfeld’s recent work in Kubernetes operations has led to the conclusion that containers and related platforms have changed the way we should be thinking about DevOps and...
From 2013, NTT Communications has been providing cPaaS service, SkyWay. Its customer’s expectations for leveraging WebRTC technology are not only typical real-time communication use cases such as Web conference, remote education, but also IoT use cases such as remote camera monitoring, smart-glass, and robotic. Because of this, NTT Communications has numerous IoT business use-cases that its customers are developing on top of PaaS. WebRTC will lead IoT businesses to be more innovative and address...
Everything run by electricity will eventually be connected to the Internet. Get ahead of the Internet of Things revolution and join Akvelon expert and IoT industry leader, Sergey Grebnov, in his session at @ThingsExpo, for an educational dive into the world of managing your home, workplace and all the devices they contain with the power of machine-based AI and intelligent Bot services for a completely streamlined experience.
Because IoT devices are deployed in mission-critical environments more than ever before, it’s increasingly imperative they be truly smart. IoT sensors simply stockpiling data isn’t useful. IoT must be artificially and naturally intelligent in order to provide more value In his session at @ThingsExpo, John Crupi, Vice President and Engineering System Architect at Greenwave Systems, will discuss how IoT artificial intelligence (AI) can be carried out via edge analytics and machine learning techn...
FinTechs use the cloud to operate at the speed and scale of digital financial activity, but are often hindered by the complexity of managing security and compliance in the cloud. In his session at 20th Cloud Expo, Sesh Murthy, co-founder and CTO of Cloud Raxak, showed how proactive and automated cloud security enables FinTechs to leverage the cloud to achieve their business goals. Through business-driven cloud security, FinTechs can speed time-to-market, diminish risk and costs, maintain continu...
SYS-CON Events announced today that GrapeUp, the leading provider of rapid product development at the speed of business, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Grape Up is a software company, specialized in cloud native application development and professional services related to Cloud Foundry PaaS. With five expert teams that operate in various sectors of the market acr...
Existing Big Data solutions are mainly focused on the discovery and analysis of data. The solutions are scalable and highly available but tedious when swapping in and swapping out occurs in disarray and thrashing takes place. The resolution for thrashing through machine learning algorithms and support nomenclature is through simple techniques. Organizations that have been collecting large customer data are increasingly seeing the need to use the data for swapping in and out and thrashing occurs ...
SYS-CON Events announced today that Datera, that offers a radically new data management architecture, has been named "Exhibitor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Datera is transforming the traditional datacenter model through modern cloud simplicity. The technology industry is at another major inflection point. The rise of mobile, the Internet of Things, data storage and Big...
As many know, the first generation of Cloud Management Platform (CMP) solutions were designed for managing virtual infrastructure (IaaS) and traditional applications. But that’s no longer enough to satisfy evolving and complex business requirements. In his session at 21st Cloud Expo, Scott Davis, Embotics CTO, will explore how next-generation CMPs ensure organizations can manage cloud-native and microservice-based application architectures, while also facilitating agile DevOps methodology. He wi...
In his opening keynote at 20th Cloud Expo, Michael Maximilien, Research Scientist, Architect, and Engineer at IBM, discussed the full potential of the cloud and social data requires artificial intelligence. By mixing Cloud Foundry and the rich set of Watson services, IBM's Bluemix is the best cloud operating system for enterprises today, providing rapid development and deployment of applications that can take advantage of the rich catalog of Watson services to help drive insights from the vast t...
For financial firms, the cloud is going to increasingly become a crucial part of dealing with customers over the next five years and beyond, particularly with the growing use and acceptance of virtual currencies. There are new data storage paradigms on the horizon that will deliver secure solutions for storing and moving sensitive financial data around the world without touching terrestrial networks. In his session at 20th Cloud Expo, Cliff Beek, President of Cloud Constellation Corporation, d...