Welcome!

@CloudExpo Authors: Elizabeth White, Liz McMillan, Roger Strukhoff, Pat Romanski, Harry Trott

Related Topics: @CloudExpo, Cloud Security

@CloudExpo: Blog Feed Post

Why Does the Cloud Attract Hackers?

Why Does the Cloud Attract Hackers?

Cloud Security Breaches and How to Avoid Them

The cloud is expanding. More applications are being run online. More data is being stored online. More businesses are relying on public, private, and hybrid clouds for their apps, records, and backups. And more hackers are taking advantage.

Why Security Breaches Happen in the Cloud

Hackers aren’t attacking the cloud; the cloud is their access point to attack your business. CIO.com found that 85% of IT professionals are confident in the cloud provider’s ability to provide a secure environment. CompTIA’s Annual Information Security Trends found that only 29% of IT users heavily review their cloud provider’s security policies, procedures, and capabilities.

cloud security breaches cloud security best practices Cloud Key Management Cloud Encryption  infosec institute Cloud Security Breaches and How to Avoid Them

The numbers speak volumes: 85% of us are confident in the cloud provider’s ability to secure our data; yet only 29% of us heavily review that same ability. Cloud providers like Amazon Web Services and VMware are wonderful organizations who make security a top priority. However, blind trust in anyone but yourself is bad business practice. Let me explain . . .

Cloud Security Risks

The CSA’s “Notorious Nine” cloud computing threats define the risks of cloud computing. Though the list includes important considerations like data loss, account or service traffic hijacking, denial of service, and others, first on the list is data breaches.

Why Does the Cloud Attract Hackers?

Because they can easily infiltrate multiple targets. A research paper published by university computer scientists and researchers from RSA Laboratories devised a virtual machine that can extract private cryptographic keys stored on a separate virtual machine when it resides on the same piece of hardware. It can be even easier than that – if a multitenant cloud service database isn’t designed properly, a single flaw in one client’s application could allow an attacker to get at not just that client’s data, but every other clients’ data as well.

Is There a Way to Ensure Data Security in the Cloud?

There is. It takes 3 steps.

  1. Verify Cloud Provider’s Security Protocols

    Only use providers who are proactive (not reactive) about their cloud security. Amazon, VMware, and IBM are great examples. They should constantly be examining weaknesses and vulnerabilities in the platform.

    Get proof that your cloud provider’s architecture and systems have been audited, giving you peace of mind that the systems meet regulatory compliance even if you are not required to meet these regulations yourself. Ask if the cloud provider is FISMA-certified (indicating a high level of commitment to data security), and whether they are certified for compliance with PCI DSS, ISO 27001, HIPAA, and FIPS 140-2.

  2. Do Not Trust Anyone But Yourself

    Always remember, regardless of the security protocols of your cloud provider, the business that owns the data is responsible for its cloud security. Make sure you can encrypt your own data and use the industry’s strictest standards to do so. Always use split key encryption to ensure that only you have access to your data. By using this technology, even if an attacker gets in, your data will be unreadable and they can move on to someone else.

    Take your security to the next level by homomorphically encrypting your encryption keys. This way, even while keys are in use in the cloud, they cannot be hacked.

  3. Test

    Run vulnerability scans and/or full penetration tests regularly. You may even want to hire a firm to do so. This way, you can be sure that hackers cannot access your records and rest easy knowing that even if they do gain access, your encryption will render your data useless to them.

Cloud Security Breaches: Avoidance and Protection

Breaches happen every day and they are detrimental to business (just ask the CIO of Target). But that is no reason to stay earthbound and delay your migration to the cloud. First, breaches happen in datacenters too. Second, the cloud’s benefits are tremendous, and there are great providers out there and ways to avoid breaches and protect yourself in the event that a breach does occur.

The post Cloud Security Breaches and How to Avoid Them appeared first on Porticor Cloud Security.

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.

@CloudExpo Stories
SaaS companies can greatly expand revenue potential by pushing beyond their own borders. The challenge is how to do this without degrading service quality. In his session at 18th Cloud Expo, Adam Rogers, Managing Director at Anexia, discussed how IaaS providers with a global presence and both virtual and dedicated infrastructure can help companies expand their service footprint with low “go-to-market” costs.
IoT offers a value of almost $4 trillion to the manufacturing industry through platforms that can improve margins, optimize operations & drive high performance work teams. By using IoT technologies as a foundation, manufacturing customers are integrating worker safety with manufacturing systems, driving deep collaboration and utilizing analytics to exponentially increased per-unit margins. However, as Benoit Lheureux, the VP for Research at Gartner points out, “IoT project implementers often ...
It's easy to assume that your app will run on a fast and reliable network. The reality for your app's users, though, is often a slow, unreliable network with spotty coverage. What happens when the network doesn't work, or when the device is in airplane mode? You get unhappy, frustrated users. An offline-first app is an app that works, without error, when there is no network connection. In his session at 18th Cloud Expo, Bradley Holt, a Developer Advocate with IBM Cloud Data Services, discussed...
University of Colorado Athletics has selected FORTRUST, Colorado’s only Tier III Gold certified data center, as their official data center and colocation services provider, FORTRUST announced today. A nationally recognized and prominent collegiate athletics program, CU provides a high quality and comprehensive student-athlete experience. The program sponsors 17 varsity teams and in their history, the Colorado Buffaloes have collected an impressive 28 national championships. Maintaining uptime...
Basho Technologies has announced the latest release of Basho Riak TS, version 1.3. Riak TS is an enterprise-grade NoSQL database optimized for Internet of Things (IoT). The open source version enables developers to download the software for free and use it in production as well as make contributions to the code and develop applications around Riak TS. Enhancements to Riak TS make it quick, easy and cost-effective to spin up an instance to test new ideas and build IoT applications. In addition to...
As organizations shift towards IT-as-a-service models, the need for managing and protecting data residing across physical, virtual, and now cloud environments grows with it. Commvault can ensure protection, access and E-Discovery of your data – whether in a private cloud, a Service Provider delivered public cloud, or a hybrid cloud environment – across the heterogeneous enterprise. In his general session at 18th Cloud Expo, Randy De Meno, Chief Technologist - Windows Products and Microsoft Part...
Presidio has received the 2015 EMC Partner Services Quality Award from EMC Corporation for achieving outstanding service excellence and customer satisfaction as measured by the EMC Partner Services Quality (PSQ) program. Presidio was also honored as the 2015 EMC Americas Marketing Excellence Partner of the Year and 2015 Mid-Market East Partner of the Year. The EMC PSQ program is a project-specific survey program designed for partners with Service Partner designations to solicit customer feedbac...
Edge Hosting has announced a partnership with and the availability of CloudFlare, a web application firewall, CDN and DDoS mitigation service. “This partnership enhances Edge Hosting’s world class, perimeter layer, application (layer 7) defensive mechanism,” said Mark Houpt, Edge Hosting CISO. “The goal was to enable a new layer of customer controlled defense and compliance through the application of DDoS filters and mitigations, the web application firewall (WAF) feature and the added benefit ...
Machine Learning helps make complex systems more efficient. By applying advanced Machine Learning techniques such as Cognitive Fingerprinting, wind project operators can utilize these tools to learn from collected data, detect regular patterns, and optimize their own operations. In his session at 18th Cloud Expo, Stuart Gillen, Director of Business Development at SparkCognition, discussed how research has demonstrated the value of Machine Learning in delivering next generation analytics to imp...
In his general session at 18th Cloud Expo, Lee Atchison, Principal Cloud Architect and Advocate at New Relic, discussed cloud as a ‘better data center’ and how it adds new capacity (faster) and improves application availability (redundancy). The cloud is a ‘Dynamic Tool for Dynamic Apps’ and resource allocation is an integral part of your application architecture, so use only the resources you need and allocate /de-allocate resources on the fly.
It is one thing to build single industrial IoT applications, but what will it take to build the Smart Cities and truly society changing applications of the future? The technology won’t be the problem, it will be the number of parties that need to work together and be aligned in their motivation to succeed. In his Day 2 Keynote at @ThingsExpo, Henrik Kenani Dahlgren, Portfolio Marketing Manager at Ericsson, discussed how to plan to cooperate, partner, and form lasting all-star teams to change t...
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life sett...
Digital Initiatives create new ways of conducting business, which drive the need for increasingly advanced security and regulatory compliance challenges with exponentially more damaging consequences. In the BMC and Forbes Insights Survey in 2016, 97% of executives said they expect a rise in data breach attempts in the next 12 months. Sixty percent said operations and security teams have only a general understanding of each other’s requirements, resulting in a “SecOps gap” leaving organizations u...
There are several IoTs: the Industrial Internet, Consumer Wearables, Wearables and Healthcare, Supply Chains, and the movement toward Smart Grids, Cities, Regions, and Nations. There are competing communications standards every step of the way, a bewildering array of sensors and devices, and an entire world of competing data analytics platforms. To some this appears to be chaos. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, Bradley Holt, Developer Advocate a...
You are moving to the Cloud. The question is not if, it’s when. Now that your competitors are in the cloud and lapping you, your “when” better hurry up and get here. But saying and doing are two different things. In his session at @DevOpsSummit at 18th Cloud Expo, Robert Reeves, CTO of Datical, explained how DevOps can be your onramp to the cloud. By adopting simple, platform independent DevOps strategies, you can accelerate your move to the cloud. Spoiler Alert: He also makes sure you don’t...
Creating replica copies to tolerate a certain number of failures is easy, but very expensive at cloud-scale. Conventional RAID has lower overhead, but it is limited in the number of failures it can tolerate. And the management is like herding cats (overseeing capacity, rebuilds, migrations, and degraded performance). Download Slide Deck: ▸ Here In his general session at 18th Cloud Expo, Scott Cleland, Senior Director of Product Marketing for the HGST Cloud Infrastructure Business Unit, discusse...
Connected devices and the industrial internet are growing exponentially every year with Cisco expecting 50 billion devices to be in operation by 2020. In this period of growth, location-based insights are becoming invaluable to many businesses as they adopt new connected technologies. Knowing when and where these devices connect from is critical for a number of scenarios in supply chain management, disaster management, emergency response, M2M, location marketing and more. In his session at @Th...
The cloud market growth today is largely in public clouds. While there is a lot of spend in IT departments in virtualization, these aren’t yet translating into a true “cloud” experience within the enterprise. What is stopping the growth of the “private cloud” market? In his general session at 18th Cloud Expo, Nara Rajagopalan, CEO of Accelerite, explored the challenges in deploying, managing, and getting adoption for a private cloud within an enterprise. What are the key differences between wh...
"A lot of times people will come to us and have a very diverse set of requirements or very customized need and we'll help them to implement it in a fashion that you can't just buy off of the shelf," explained Nick Rose, CTO of Enzu, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
More and more companies are looking to microservices as an architectural pattern for breaking apart applications into more manageable pieces so that agile teams can deliver new features quicker and more effectively. What this pattern has done more than anything to date is spark organizational transformations, setting the foundation for future application development. In practice, however, there are a number of considerations to make that go beyond simply “build, ship, and run,” which changes ho...