Click here to close now.

Welcome!

CloudExpo® Blog Authors: Yeshim Deniz, Carmen Gonzalez, David Sprott, Elizabeth White, Liz McMillan

Related Topics: CloudExpo® Blog, Cloud Security

CloudExpo® Blog: Blog Feed Post

Why Does the Cloud Attract Hackers?

Why Does the Cloud Attract Hackers?

Cloud Security Breaches and How to Avoid Them

The cloud is expanding. More applications are being run online. More data is being stored online. More businesses are relying on public, private, and hybrid clouds for their apps, records, and backups. And more hackers are taking advantage.

Why Security Breaches Happen in the Cloud

Hackers aren’t attacking the cloud; the cloud is their access point to attack your business. CIO.com found that 85% of IT professionals are confident in the cloud provider’s ability to provide a secure environment. CompTIA’s Annual Information Security Trends found that only 29% of IT users heavily review their cloud provider’s security policies, procedures, and capabilities.

cloud security breaches cloud security best practices Cloud Key Management Cloud Encryption  infosec institute Cloud Security Breaches and How to Avoid Them

The numbers speak volumes: 85% of us are confident in the cloud provider’s ability to secure our data; yet only 29% of us heavily review that same ability. Cloud providers like Amazon Web Services and VMware are wonderful organizations who make security a top priority. However, blind trust in anyone but yourself is bad business practice. Let me explain . . .

Cloud Security Risks

The CSA’s “Notorious Nine” cloud computing threats define the risks of cloud computing. Though the list includes important considerations like data loss, account or service traffic hijacking, denial of service, and others, first on the list is data breaches.

Why Does the Cloud Attract Hackers?

Because they can easily infiltrate multiple targets. A research paper published by university computer scientists and researchers from RSA Laboratories devised a virtual machine that can extract private cryptographic keys stored on a separate virtual machine when it resides on the same piece of hardware. It can be even easier than that – if a multitenant cloud service database isn’t designed properly, a single flaw in one client’s application could allow an attacker to get at not just that client’s data, but every other clients’ data as well.

Is There a Way to Ensure Data Security in the Cloud?

There is. It takes 3 steps.

  1. Verify Cloud Provider’s Security Protocols

    Only use providers who are proactive (not reactive) about their cloud security. Amazon, VMware, and IBM are great examples. They should constantly be examining weaknesses and vulnerabilities in the platform.

    Get proof that your cloud provider’s architecture and systems have been audited, giving you peace of mind that the systems meet regulatory compliance even if you are not required to meet these regulations yourself. Ask if the cloud provider is FISMA-certified (indicating a high level of commitment to data security), and whether they are certified for compliance with PCI DSS, ISO 27001, HIPAA, and FIPS 140-2.

  2. Do Not Trust Anyone But Yourself

    Always remember, regardless of the security protocols of your cloud provider, the business that owns the data is responsible for its cloud security. Make sure you can encrypt your own data and use the industry’s strictest standards to do so. Always use split key encryption to ensure that only you have access to your data. By using this technology, even if an attacker gets in, your data will be unreadable and they can move on to someone else.

    Take your security to the next level by homomorphically encrypting your encryption keys. This way, even while keys are in use in the cloud, they cannot be hacked.

  3. Test

    Run vulnerability scans and/or full penetration tests regularly. You may even want to hire a firm to do so. This way, you can be sure that hackers cannot access your records and rest easy knowing that even if they do gain access, your encryption will render your data useless to them.

Cloud Security Breaches: Avoidance and Protection

Breaches happen every day and they are detrimental to business (just ask the CIO of Target). But that is no reason to stay earthbound and delay your migration to the cloud. First, breaches happen in datacenters too. Second, the cloud’s benefits are tremendous, and there are great providers out there and ways to avoid breaches and protect yourself in the event that a breach does occur.

The post Cloud Security Breaches and How to Avoid Them appeared first on Porticor Cloud Security.

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.

@CloudExpo Stories
DevOps Summit at Cloud Expo New York is offering a limited time FREE "Expo Plus" registration option in New York. On site registration price of $1,95 will be set to 'free' for delegates who register during special offer. To take advantage of this opportunity, attendees can use the coupon code, and secure their registration to attend all keynotes, @DevOpsSummit sessions at Cloud Expo, expo floor, and SYS-CON.tv power panels. Special FREE registration givess access to all Containers and Microservi...
DevOps Summit, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 17th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long developmen...
"We have developers who are really passionate about getting their code out to customers, no matter what, in the shortest possible time. Operations are very focused on procedures and policies," explained Stan Klimoff, CTO of Qubell, in this SYS-CON.tv interview at DevOps Summit, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
SYS-CON Events announced today that the "First Containers & Microservices Conference" will take place June 9-11, 2015, at the Javits Center in New York City. The “Second Containers & Microservices Conference” will take place November 3-5, 2015, at Santa Clara Convention Center, Santa Clara, CA. Containers and microservices have become topics of intense interest throughout the cloud developer and enterprise IT communities.
“We help people build clusters, in the classical sense of the cluster. We help people put a full stack on top of every single one of those machines. We do the full bare metal install," explained Greg Bruno, Vice President of Engineering and co-founder of StackIQ, in this SYS-CON.tv interview at 15th Cloud Expo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
ThingsExpo New York is offering a limited time FREE "Expo Plus" registration option in New York. On site registration price of $1,95 will be set to 'free' for delegates who register during special offer. To take advantage of this opportunity, attendees can use the coupon code, and secure their registration to attend all keynotes, ThingsExpo sessions, expo floor, and SYS-CON.tv power panels. Special FREE registration givess access to all DevOps, Containers and Microservices sessions as well. Regi...
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo in Silicon Valley. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 17th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading in...
"Verizon offers public cloud, virtual private cloud as well as private cloud on-premises - many different alternatives. Verizon's deep knowledge in applications and the fact that we are responsible for applications that make call outs to other systems. Those systems and those resources may not be in Verizon Cloud, we understand at the end of the day it's going to be federated," explained Anne Plese, Senior Consultant, Cloud Product Marketing at Verizon Enterprise, in this SYS-CON.tv interview at...
Health care systems across the globe are under enormous strain, as facilities reach capacity and costs continue to rise. M2M and the Internet of Things have the potential to transform the industry through connected health solutions that can make care more efficient while reducing costs. In fact, Vodafone's annual M2M Barometer Report forecasts M2M applications rising to 57 percent in health care and life sciences by 2016. Lively is one of Vodafone's health care partners, whose solutions enable o...
SYS-CON Events announced today that the "First Containers & Microservices Conference" will take place June 9-11, 2015, at the Javits Center in New York City. The “Second Containers & Microservices Conference” will take place November 3-5, 2015, at Santa Clara Convention Center, Santa Clara, CA. Containers and microservices have become topics of intense interest throughout the cloud developer and enterprise IT communities.
Akana, a leading provider of API Management, API Security and Cloud Integration solutions, announced that it is introducing DevOps automation to the API lifecycle. New capabilities in Akana's API Management platform significantly reduce the time required to update API definitions and versions. DevOps teams will be able to work faster in designing and developing APIs, as well as managing them at runtime and publishing them to a portal.
SYS-CON Events announced today that SUSE, a pioneer in open source software, will exhibit at SYS-CON's DevOps Summit 2015 New York, which will take place June 9-11, 2015, at the Javits Center in New York City, NY. SUSE provides reliable, interoperable Linux, cloud infrastructure and storage solutions that give enterprises greater control and flexibility. More than 20 years of engineering excellence, exceptional service and an unrivaled partner ecosystem power the products and support that help ...
“DevOps is really about the business. The business is under pressure today, competitively in the marketplace to respond to the expectations of the customer. The business is driving IT and the problem is that IT isn't responding fast enough," explained Mark Levy, Senior Product Marketing Manager at Serena Software, in this SYS-CON.tv interview at DevOps Summit, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
Growth hacking is common for startups to make unheard-of progress in building their business. Career Hacks can help Geek Girls and those who support them (yes, that's you too, Dad!) to excel in this typically male-dominated world. Get ready to learn the facts: Is there a bias against women in the tech / developer communities? Why are women 50% of the workforce, but hold only 24% of the STEM or IT positions? Some beginnings of what to do about it!
IndependenceIT has been selected by nGenx to power Windows-based DaaS and application delivery on Google Compute Engine to support the delivery of GoldMine Cloud software. For independent software vendors (ISVs) like GoldMine, this expands the theater of operations to increase revenue opportunities while reducing software management and maintenance liabilities. IndependenceIT was selected by application and desktop pioneer, nGenx, to deliver its “Bring Your Own Cloud” strategy to GoldMine and o...
"ElasticBox is an enterprise company that makes it very easy for developers and IT ops to collaborate to develop, build and deploy applications on any cloud - private, public or hybrid," stated Monish Sharma, VP of Customer Success at ElasticBox, in this SYS-CON.tv interview at DevOps Summit, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
SYS-CON Events announced today DevOps.com will exhibit at SYS-CON's DevOps Summit 2015 New York, which will take place June 9-11, 2015, at the Javits Center in New York City, NY. Launched in 2014, DevOps.com has quickly established itself as an indispensable resource for DevOps education and community building. DevOps.com make it their mission to cover all aspects of DevOps – philosophy, tools, business impact, best practices and more.
17th Cloud Expo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Meanwhile, 94% of enterprises a...
Imagine a world where targeting, attribution, and analytics are just as intrinsic to the physical world as they currently are to display advertising. Advances in technologies and changes in consumer behavior have opened the door to a whole new category of personalized marketing experience based on direct interactions with products. The products themselves now have a voice. What will they say? Who will control it? And what does it take for brands to win in this new world? In his session at @Thi...
"Vormetric is a data security company. We secure information at rest and our customers are some of the largest organizations in the world. The threats that are coming around today are either from state-sponsored activities and organized crime, and the intent is to steal information," explained Derek Tumulak, Vice President of Product Management at Vormetric, in this SYS-CON.tv interview at Cloud Expo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.