Welcome!

@CloudExpo Authors: Liz McMillan, Zakia Bouachraoui, Yeshim Deniz, Pat Romanski, Elizabeth White

Related Topics: @CloudExpo, Cloud Security, @DXWorldExpo

@CloudExpo: Blog Post

What Anthem and Sony Could Have Done Differently By @IanKhanLive [#Cloud]

Let’s look at how to tackle security vulnerabilities from an organizational point of view rather than putting in more firewalls

What Anthem, Sony and Others Could Have Done Differently

They say that you are only as secure as your weakest firewall. But then is it just firewalls that protect our network and the information therein, or is it the framework, the policies and the processes that have cracks that let the vulnerabilities seep through?

Hackers will be hackers and you really can't blame anything on them. They are doing what they are meant to do, i.e., hack. Now that’s a completely different topic as to why unethical hacking is bad and so on. That’s next time. Right now, let’s talk about what we can do on our side. In addition to getting the best IT security systems, firewalls, more firewalls, anti-hacking everything and so on, it’s also essential that with moving times, or let’s say more intelligent hackers, we address the foundations of the problem. Here are three best practices to consider.

Take Sensitive Data Seriously
Really the first step is to take all kinds of sensitive information, be it social insurance numbers, credit cards numbers or any other kind of information you classify as highly important, sensitive, classified, not to be Sshared, I think we got the point. Customers have trusted your organization and have given you the responsibility of keeping their information safe. Let’s make sure we do everything in our power to make that happen. This is going beyond your first response planning, disaster recovery and other means to ensure the safety of this data. I'm not trying to blame anyone for not doing what they could have done, but definitely there are areas where we may underestimate the severity of the situation and as we can see, it's sometimes better to be safe than sorry. Violating customer data and privacy is breaking one of the biggest tenants in any business - Trust. They may or may not forgive you the first time, but mind you, there aren’t many chances you will have before they start moving away.

Invest in Your Processes
Making security a norm within the organization is not only at the network level. Creating the processes that pave the way for secure enterprise systems, secure collaboration, file sharing, document management, code management and more not only help enable a secure environment, but also help create a complex redundant system that works. In a large complex organization with hundreds or thousands of employees, create a hive of activity that needs to be managed and made safe. This includes simple tasks such as sharing a file with a vendor or downloading content or files from an external source as secure as possible. Of course the biggest challeng is to do this without overburdening the users and creating systems that are friendly yet rock solid secure.

Invest in the Right Solution from the Start
When looking at solutions that your teams may need, don’t fall for the quick and easy option that offers the best of everything. Instead focus on each operational element of the solution and evaluate its strengths and weaknesses individually. As an example, if you are looking at implementing an enterprise-wide solution for content management or collaboration, make sure that in addition to being a true enterprise solution, it also stands for itself when it comes to being secure, offering features that users need, being available on the deployment model you need and so on. Falling prey to solutions that seem an easy win for different segments, such as consumer-level solutions being used in the enterprise, are a vulnerability. Take inventory of all your solutions or your enterprise software footprint and take stock of all the vulnerabilities that exist within each solution. This may become a mammoth task, but may be worth your while.

Enterprise security poses a number of challenges. How are you addressing the ones in your organization? Feel free to comment.

More Stories By Ian Khan

CNN Futurist, Forbes Contributor, Author, 3 Time TEDx Speaker and Technology Futurist, over the last 20 years Ian Khan has had the privilege to serve the needs of over 5000 organizations by fueling their growth through technology solutions. He has helped a diverse set of businesses ranging from Technology Companies, Oil Companies, Power Generation & Renewables Operators, Microsoft Ecosystem Partners, SAP Customers and Partners, Healthcare Providers, Manufacturers, Facility Operators, Startups, Educational Institutions, Nonprofits & associations and more. Ian’s experiences with these organizations led him to a unique position of being able to identify the common challenges of growth for all these organizations. The bottom line as he found out, is that we all are hungry for success and want to grow and make a difference. Where we fall short is by failing to understand our environment and taking the right action within that environment. After 20 years serving the needs of the industry Ian’s natural pivot was to answer his calling and help organizations at a broader level understand what tomorrow brings. His work and study of all these organizations brought forward very unique perspectives that he now share through his work. Today, hands down, we live in the great time for humanity. Technology is a great thing, but it also has its victims. Many organizations of tomorrow will fail under the pressure of a fast changing world, much of which is fueled and driven by technology. Ian’s mission is to help organizations avoid that pitfall, and propel themselves into success in today’s era and go from digital disruption to digital transformation in the fastest and most sustainable way. This is the only way, according to him, we can together create limitless value, create solutions that are faced by us locally as well as by others around the globe, and make the world a happier place. Today Ian’s work spans working with people by delivering keynotes, consulting and by promoting his 7 –Axioms methodology through his book and workshops. He is also working on an ambitious project of releasing a documentary in spring of 2018 called Industry 4.0. Industry 4.0 will capture the thoughts and insights of some of the world’s leading thinkers and help us understand the 4th Industrial Revolution, Its Impact, and how we can all be have an opportunity to be part of the emerging future and make the right choices. For more information please visit www.iankhan.com

CloudEXPO Stories
With more than 30 Kubernetes solutions in the marketplace, it's tempting to think Kubernetes and the vendor ecosystem has solved the problem of operationalizing containers at scale or of automatically managing the elasticity of the underlying infrastructure that these solutions need to be truly scalable. Far from it. There are at least six major pain points that companies experience when they try to deploy and run Kubernetes in their complex environments. In this presentation, the speaker will detail these pain points and explain how cloud can address them.
The deluge of IoT sensor data collected from connected devices and the powerful AI required to make that data actionable are giving rise to a hybrid ecosystem in which cloud, on-prem and edge processes become interweaved. Attendees will learn how emerging composable infrastructure solutions deliver the adaptive architecture needed to manage this new data reality. Machine learning algorithms can better anticipate data storms and automate resources to support surges, including fully scalable GPU-centric compute for the most data-intensive applications. Hyperconverged systems already in place can be revitalized with vendor-agnostic, PCIe-deployed, disaggregated approach to composable, maximizing the value of previous investments.
When building large, cloud-based applications that operate at a high scale, it's important to maintain a high availability and resilience to failures. In order to do that, you must be tolerant of failures, even in light of failures in other areas of your application. "Fly two mistakes high" is an old adage in the radio control airplane hobby. It means, fly high enough so that if you make a mistake, you can continue flying with room to still make mistakes. In his session at 18th Cloud Expo, Lee Atchison, Principal Cloud Architect and Advocate at New Relic, discussed how this same philosophy can be applied to highly scaled applications, and can dramatically increase your resilience to failure.
Machine learning has taken residence at our cities' cores and now we can finally have "smart cities." Cities are a collection of buildings made to provide the structure and safety necessary for people to function, create and survive. Buildings are a pool of ever-changing performance data from large automated systems such as heating and cooling to the people that live and work within them. Through machine learning, buildings can optimize performance, reduce costs, and improve occupant comfort by sharing information within the building and with outside city infrastructure via real time shared cloud capabilities.
As Cybric's Chief Technology Officer, Mike D. Kail is responsible for the strategic vision and technical direction of the platform. Prior to founding Cybric, Mike was Yahoo's CIO and SVP of Infrastructure, where he led the IT and Data Center functions for the company. He has more than 24 years of IT Operations experience with a focus on highly-scalable architectures.