@CloudExpo Authors: Liz McMillan, Ram Sonagara, Yeshim Deniz, Elizabeth White, Dean Madison

Related Topics: @CloudExpo, Microservices Expo, Cloud Security

@CloudExpo: Blog Post

Moving to the Cloud By @EFeatherston | @CloudExpo [#Cloud]

The cloud is no less secure than your current internal environments (for many, it may actually be more secure)

Moving to the Cloud – Can I Take My Security with Me?

You can't have a conversation about technology today without the topic of security breaches ending up front and center as a key concern. This is understandable with all the high profile breaches that have been occurring on what seems a regularly scheduled event. Anthem, the nation's second largest health insurer is the latest in a long line of high profile breaches that have occurred recently. Given the size and severity of these breaches, security is very visible on everybody's radar. This is especially true when discussing migration to the cloud. Unfortunately every breach can result in slowdowns or impediments to cloud migration plans.

The reality is breaches are not going away (see ‘The cloud, security, & breaches - Are the Barbarians at the gate?' for a discussion on that). That doesn't mean you should abandon any plans on migrating to the cloud. The cloud is no less secure than your current internal environments (for many, it may actually be more secure). As with anything else, the key to success is proper planning and designing of your solutions. Let's talk about some of the considerations that need to be addressed that can help alleviate concerns that may be raised due to the hype and emotion of the high profile breaches.

Who owns security in the cloud?
Whether your cloud migration is a SaaS solution, an in-house application migrating to an IaaS solution, or anything in between, ultimately the security of your system is your responsibility. I know there are some that may take me to task with that statement. Let me clarify by saying what that responsibility translates into. It is dependent on the type of implementation/platform being considered. SaaS solutions have security mechanisms and capabilities baked in. So it would seem that the SaaS provider is responsible for security. While they own the technical implementation, you own defining what your security requirements are for that system. Key to that is defining the SLAs you have with the SaaS provider, ensuring they meet or exceed your requirements. The SaaS provider is responsible for executing on those SLAs once they are defined. As you get further down the platform food chain towards IaaS, your responsibility and ownership grows. As well as defining the requirement, you are then responsible for defining the implementation as well.

This is no different than if these applications were in-house, and not in the cloud. Over the years you have probably had many COTS (Commercial off the Shelf) packages deployed. The security implementation is baked into those, just as in a SaaS solution, but you (hopefully) defined what the security requirements were for the package. With house developed applications, as with an IaaS implementation, you were responsible for defining the requirements as well as the technical implementation. Dealing with security concerns in the cloud is no different than dealing with security concerns internally.

One other piece of ownership that sometimes gets forgotten: security testing. No matter the platform, you should own the testing and validating of the security mechanisms in place for your cloud solution. When you define your security requirements, ensure they are measurable, and that a test plan is developed for validating those measures.

Can I take my security with me?
Absolutely. Any of the industry standard security mechanisms are available from all the major cloud providers and implementations. The cloud is not magical; it is still made of the same hardware and software systems you use on a regular basis, and the same security mechanisms are available. The question really should be: Do I want to take my security with me? As with any rationalization process (and migrating to the cloud is a rationalization process), one of the steps should always be a re-evaluation of current security mechanisms. This is an ideal time to determine if there are any new requirements (perhaps based on learnings from recent breaches for example), identify gaps, and select a solution to address those gaps.

A critical component to consider when migrating to the cloud is: How will the data be secured during the migration process? Securing the application is straightforward, as the normal considerations when developing an application apply. The difference when migrating to the cloud, specifically if migrating to a public cloud, is the security mechanisms needed to ensure the data is protected during the transfer process. This is not a step that is usually considered in standard application security mechanisms, and can result in creating a risk during the transition process. This should not be a show stopper, just ensure it is included in the plan and design.

Don't let your migrations be governed by hysteria, hype, or emotion
As I discussed in the article ‘Moving to the Cloud - Cloud Rationalization,' Rule #1 in migrating to the cloud is take the emotion out of the equation. Also avoid migrating because of the hype. Not everything should or will go to the cloud, but don't let fear and hysteria about breaches and security risks be the reason for not migrating. Do the proper planning and design, define what the security needs and risks are based on the data within the system. Not all data is created equal - some should be more secure than others. Our job as technologists is to ensure the processes are in place, and the business educated to the real vs perceived risks, so that the decisions are made based on reality and business value, not on the latest breach in the headlines.

This post is brought to you by The DNA of The Cloud, Intel and Verizon.

More Stories By Ed Featherston

Ed Featherston is VP, Principal Architect at Cloud Technology Partners. He brings 35 years of technology experience in designing, building, and implementing large complex solutions. He has significant expertise in systems integration, Internet/intranet, and cloud technologies. He has delivered projects in various industries, including financial services, pharmacy, government and retail.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

@CloudExpo Stories
The IoT Will Grow: In what might be the most obvious prediction of the decade, the IoT will continue to expand next year, with more and more devices coming online every single day. What isn’t so obvious about this prediction: where that growth will occur. The retail, healthcare, and industrial/supply chain industries will likely see the greatest growth. Forrester Research has predicted the IoT will become “the backbone” of customer value as it continues to grow. It is no surprise that retail is ...
Evan Kirstel is an internationally recognized thought leader and social media influencer in IoT (#1 in 2017), Cloud, Data Security (2016), Health Tech (#9 in 2017), Digital Health (#6 in 2016), B2B Marketing (#5 in 2015), AI, Smart Home, Digital (2017), IIoT (#1 in 2017) and Telecom/Wireless/5G. His connections are a "Who's Who" in these technologies, He is in the top 10 most mentioned/re-tweeted by CMOs and CIOs (2016) and have been recently named 5th most influential B2B marketeer in the US. H...
Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereal. Andrew's role at ConsenSys Enterprise is a mul...
The best way to leverage your Cloud Expo presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering Cloud Expo and @ThingsExpo will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at Cloud Expo. Product announcements during our show provide your company with the most reach through our targeted audiences.
DevOpsSummit New York 2018, colocated with CloudEXPO | DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City. Digital Transformation (DX) is a major focus with the introduction of DXWorldEXPO within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of bus...
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, @CloudEXPO and DXWorldEXPO are two of the most important technology events of the year. Since its launch over eight years ago, @CloudEXPO and DXWorldEXPO have presented a rock star faculty as well as showcased hundreds of sponsors and exhibitors! In this blog post, we provide 7 tips on how, as part of our world-class faculty, you can deliver one of the most popular sessions at our events. But before reading...
DXWorldEXPO LLC announced today that "Miami Blockchain Event by FinTechEXPO" has announced that its Call for Papers is now open. The two-day event will present 20 top Blockchain experts. All speaking inquiries which covers the following information can be submitted by email to [email protected] Financial enterprises in New York City, London, Singapore, and other world financial capitals are embracing a new generation of smart, automated FinTech that eliminates many cumbersome, slow, and expe...
Cloud Expo | DXWorld Expo have announced the conference tracks for Cloud Expo 2018. Cloud Expo will be held June 5-7, 2018, at the Javits Center in New York City, and November 6-8, 2018, at the Santa Clara Convention Center, Santa Clara, CA. Digital Transformation (DX) is a major focus with the introduction of DX Expo within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive ov...
DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
DXWorldEXPO | CloudEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
@DevOpsSummit New York 2018, colocated with CloudEXPO | DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's largest enterprises - and delivering real results.
Dion Hinchcliffe is an internationally recognized digital expert, bestselling book author, frequent keynote speaker, analyst, futurist, and transformation expert based in Washington, DC. He is currently Chief Strategy Officer at the industry-leading digital strategy and online community solutions firm, 7Summits.
"We started a Master of Science in business analytics - that's the hot topic. We serve the business community around San Francisco so we educate the working professionals and this is where they all want to be," explained Judy Lee, Associate Professor and Department Chair at Golden Gate University, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
DXWorldEXPO LLC announced today that Dez Blanchfield joined the faculty of CloudEXPO's "10-Year Anniversary Event" which will take place on November 11-13, 2018 in New York City. Dez is a strategic leader in business and digital transformation with 25 years of experience in the IT and telecommunications industries developing strategies and implementing business initiatives. He has a breadth of expertise spanning technologies such as cloud computing, big data and analytics, cognitive computing, m...
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to ...
Cloud-enabled transformation has evolved from cost saving measure to business innovation strategy -- one that combines the cloud with cognitive capabilities to drive market disruption. Learn how you can achieve the insight and agility you need to gain a competitive advantage. Industry-acclaimed CTO and cloud expert, Shankar Kalyana presents. Only the most exceptional IBMers are appointed with the rare distinction of IBM Fellow, the highest technical honor in the company. Shankar has also receive...
There is a huge demand for responsive, real-time mobile and web experiences, but current architectural patterns do not easily accommodate applications that respond to events in real time. Common solutions using message queues or HTTP long-polling quickly lead to resiliency, scalability and development velocity challenges. In his session at 21st Cloud Expo, Ryland Degnan, a Senior Software Engineer on the Netflix Edge Platform team, will discuss how by leveraging a reactive stream-based protocol,...
DXWorldEXPO LLC announced today that Kevin Jackson joined the faculty of CloudEXPO's "10-Year Anniversary Event" which will take place on November 11-13, 2018 in New York City. Kevin L. Jackson is a globally recognized cloud computing expert and Founder/Author of the award winning "Cloud Musings" blog. Mr. Jackson has also been recognized as a "Top 100 Cybersecurity Influencer and Brand" by Onalytica (2015), a Huffington Post "Top 100 Cloud Computing Experts on Twitter" (2013) and a "Top 50 C...
Enterprises have taken advantage of IoT to achieve important revenue and cost advantages. What is less apparent is how incumbent enterprises operating at scale have, following success with IoT, built analytic, operations management and software development capabilities - ranging from autonomous vehicles to manageable robotics installations. They have embraced these capabilities as if they were Silicon Valley startups.
Daniel Jones is CTO of EngineerBetter, helping enterprises deliver value faster. Previously he was an IT consultant, indie video games developer, head of web development in the finance sector, and an award-winning martial artist. Continuous Delivery makes it possible to exploit findings of cognitive psychology and neuroscience to increase the productivity and happiness of our teams.