Welcome!

@CloudExpo Authors: Pat Romanski, Liz McMillan, Yeshim Deniz, Elizabeth White, Aruna Ravichandran

Related Topics: @CloudExpo, Cloud Security

@CloudExpo: Blog Post

Complex Websites Are at Increased Risk for Security Breaches By @Xeniar | @CloudExpo #Cloud

Interview with Neill Feather, President of SiteLock

Thanks for taking the time to answer my questions. Please tell us, what SiteLock is all about and what do you do?

Neill Feather: Complete website security is essential for businesses, but can be an intimidating investment. SiteLock was started in 2008 to help businesses protect their online presence with reliable, high-quality and reasonably-priced security solutions. SiteLock's website security tools find, fix and prevent potential threats, helping companies protect their data and reputations, and ensure a consistent user experience. SiteLock also offers access to 24/7 support to step in if needed, regardless of where customers are in the world.

Tell us about your recent study with Wharton Business school?

Feather: Our recent study developed by faculty from the Wharton School analyzed one million SiteLock-scanned sites from February through April 2015.  Its findings include that popularity and complexity are the two strongest indicators of probable compromise. In fact, sites with increased popularity and a high number of features were 12 times more likely to be hacked.

The most recent SiteLock study indicates key predictability factors for a possible compromise, and we feel it's important to bring these insights to the security and business communities so businesses can have as much advanced warning as possible for this eventuality businesses can no longer assume they're immune from cyber attacks. It's not a matter of if they'll be attacked: it's when."

Who is your target audience and how do you intend to reach them?

Feather: It is our goal at SiteLock to protect every website on internet.  Its a big opportunity to provide security, not just for enterprise, but the whole market--for every business out there.  SiteLock is lightweight, but robust enough to work in any environment.

You recently exhibited at the Internet Retailer Conference. Do you think e-commerce is specifically at risk?

Feather: Companies who are proactive about website security and response plans are able to recover quickly from attacks or avoid any serious impact.  Those who do not have the proper website security and response plans in place face financial impacts which averages $180k per incident and damage to their reputation that last long after the attack subsides and any technical damage is repaired.

In fact, a recent study discovered that a staggering 60% of small businesses suffering a data breach will be out of business in less than six months following an attack.

I understand your company often gets called after a breach occurs.  What do you recommend e-commerce sites to do in order to prevent a breach?  What should ideally happen before a site gets compromised?

Feather: A secure website can have a huge impact on improving each of the above compliances, while also protecting against cyber attacks. Organizations can  do a couple of things to make sure they are safe, including encrypting all customer, patient and organization data, both in transit and at rest - especially if you're using a CDN, where confidential data travels across large distances. SSL is a good way to start.

Organizations should also limit access to confidential data by setting proper access permissions for staff and third parties and enforce strong passwords for both employees and customers/patients who have access to confidential information, such as medical records.

Lastly, a website should install a Web Application Firewall (WAF) to prevent malicious traffic from visiting your website and block harmful requests, have your website scanned daily for malware and viruses, especially if you're a government or healthcare organization using proprietary web software. A website scanning solution can detect and remove threats before much damage has been done.  And always backup all data on a regular basis to minimize damages in the event of a cyber attack.

What should be part of a good emergency plan?

Feather: The 2015 Data Protection and Breach Readiness Guide was created with the help of SiteLock and over 100 other security and privacy experts. Attendees of OTA's Data Privacy & Protection Day Town Halls also contributed to the guide, which include representatives from top government agencies such as the FBI, FTC, and State Attorney General's Offices.

The guide begins by examining data breaches throughout 2014, and found that over 90% of all data breaches could have been prevented throughout the past year, with a 91% increase in targeted attacks. Furthermore, 37% of all data breaches were caused by an insider within the company.

To obtain OTA's 2015 Data Protection and Breach Readiness Guide in its entirety, which also includes additional statistics on the current state of cyber security, please visit https://otalliance.org/breach.

I'd be curious to hear any general thoughts you have on market trends in Web Security...

Feather: Did you know that more than 70% of WordPress installations are vulnerable to hacking, mainly because they're out of date? Keep your website platform installations and plugins updated with the latest patch or release so that hacker's can't find a hole in the system.

According to the National Cyber Security Alliance, 25% of small businesses falls victim to cybercrime each year. And of those, some 60 percent go out of business within six months after an attack; or  83 percent of small businesses have no formal cyber security plan, while 69 percent lack even an informal one. Meanwhile, 71 percent are dependent on the internet for daily operations, yet almost half believe data hacks are isolated incidents that won't have an impact on their business; or cyber attacks cost small and medium-size businesses an average of $188,242, and almost two-thirds of victimized companies are forced out of business within six months of being attacked. Source: National Cyber Security Alliance.) Installing a security monitoring platform for your website can detect threats in real-time, preventing them before they happen. And if a minor hack does occur, many security platforms will fix them for you.

47% of American adults had their personal information exposed by hackers. SSL certificates encrypt online business transactions to protect both the business and the consumer from hacking. Did you know that only 30% of businesses have a website or data recovery solution in place? There are many free or affordable solutions that can automate the task for you, so that you don't lose precious company and customer data in the event of a hack.

Who are your competitors?

Feather: We often compete with Akami, Qualys, TrustWave and AlertLogic

How do you differentiate from your competitors?

Feather: No other competitors have a full product suite like Sitelock that can do real-time monitoring and both scan and automatically fix problems.

Who founded the company, when? What can you tell me about the story of the company's founding?

Feather: SiteLock Initially went to market with a lightweight solution for small business, but we've grown to work with large businesses, Fortune 500 companies and are currently the exclusive security provider for Web.com, GoDaddy, and Deluxe.com.  We are cloud based, can scale quickly and work with five million sites.

What is your distribution model? Where to buy your product?

Feather: SiteLock is in the cloud and can be purchased at www.sitelock.com.  We eventually hope to have SiteLock bundled with every new purchase of a website.

Partnerships, collaborations or affiliations: Neill Feather is on the board at OTA (Online Trust Alliance) where SiteLock is on its Honor Roll.

Feather: SiteLock is honored to be included in the OTA Honor Roll and to further the mission of customer protection. SiteLock and the OTA are strong proponents of educating businesses and, collectively, we hope to share best practices to thwart the rising number of dangerous and malicious cyber criminal efforts.

Other industry affiliations include APWG, Stop Badware and StaySafeOnline.org.

Partners include GoDaddy, Lycos, Network Solutions, 1&1, eNom, OpenSRS, iPower, iPage, HostPapa and HostGator.

SiteLock, the Global Leader in business website security solutions, is the only web security solution to offer complete, cloud-based website protection. Its 360-degree monitoring finds and fixes threats, prevents future attacks, accelerates website performance and meets PCI compliance standards for businesses of all sizes. Founded in 2008, the company currently protects over 1.5 million users worldwide. For more information, please visit sitelock.com.

More Stories By Xenia von Wedel

Xenia von Wedel is a Tech blogger and Enterprise Media Consultant in Mountain View, serving clients in a variety of industries worldwide. She is focused on thought leadership content creation and syndication, media outreach and strategy. She mainly writes about Enterprise, B2B solutions, social media and open source software, but throws the occasional oddball into the mix. Buy her a coffee if you like her article: http://xeniar.tip.me

@CloudExpo Stories
The next XaaS is CICDaaS. Why? Because CICD saves developers a huge amount of time. CD is an especially great option for projects that require multiple and frequent contributions to be integrated. But… securing CICD best practices is an emerging, essential, yet little understood practice for DevOps teams and their Cloud Service Providers. The only way to get CICD to work in a highly secure environment takes collaboration, patience and persistence. Building CICD in the cloud requires rigorous a...
SYS-CON Events announced today that IBM has been named “Diamond Sponsor” of SYS-CON's 21st Cloud Expo, which will take place on October 31 through November 2nd 2017 at the Santa Clara Convention Center in Santa Clara, California.
In his Opening Keynote at 21st Cloud Expo, John Considine, General Manager of IBM Cloud Infrastructure, will lead you through the exciting evolution of the cloud. He'll look at this major disruption from the perspective of technology, business models, and what this means for enterprises of all sizes. John Considine is General Manager of Cloud Infrastructure Services at IBM. In that role he is responsible for leading IBM’s public cloud infrastructure including strategy, development, and offering ...
SYS-CON Events announced today that N3N will exhibit at SYS-CON's @ThingsExpo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. N3N’s solutions increase the effectiveness of operations and control centers, increase the value of IoT investments, and facilitate real-time operational decision making. N3N enables operations teams with a four dimensional digital “big board” that consolidates real-time live video feeds alongside IoT sensor data a...
Gemini is Yahoo’s native and search advertising platform. To ensure the quality of a complex distributed system that spans multiple products and components and across various desktop websites and mobile app and web experiences – both Yahoo owned and operated and third-party syndication (supply), with complex interaction with more than a billion users and numerous advertisers globally (demand) – it becomes imperative to automate a set of end-to-end tests 24x7 to detect bugs and regression. In th...
In a recent survey, Sumo Logic surveyed 1,500 customers who employ cloud services such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). According to the survey, a quarter of the respondents have already deployed Docker containers and nearly as many (23 percent) are employing the AWS Lambda serverless computing framework. It’s clear: serverless is here to stay. The adoption does come with some needed changes, within both application development and operations. Tha...
SYS-CON Events announced today that Avere Systems, a leading provider of enterprise storage for the hybrid cloud, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Avere delivers a more modern architectural approach to storage that doesn't require the overprovisioning of storage capacity to achieve performance, overspending on expensive storage media for inactive data or the overbui...
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend 21st Cloud Expo October 31 - November 2, 2017, at the Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
Companies are harnessing data in ways we once associated with science fiction. Analysts have access to a plethora of visualization and reporting tools, but considering the vast amount of data businesses collect and limitations of CPUs, end users are forced to design their structures and systems with limitations. Until now. As the cloud toolkit to analyze data has evolved, GPUs have stepped in to massively parallel SQL, visualization and machine learning.
We all know that end users experience the Internet primarily with mobile devices. From an app development perspective, we know that successfully responding to the needs of mobile customers depends on rapid DevOps – failing fast, in short, until the right solution evolves in your customers' relationship to your business. Whether you’re decomposing an SOA monolith, or developing a new application cloud natively, it’s not a question of using microservices – not doing so will be a path to eventual b...
Smart cities have the potential to change our lives at so many levels for citizens: less pollution, reduced parking obstacles, better health, education and more energy savings. Real-time data streaming and the Internet of Things (IoT) possess the power to turn this vision into a reality. However, most organizations today are building their data infrastructure to focus solely on addressing immediate business needs vs. a platform capable of quickly adapting emerging technologies to address future ...
The dynamic nature of the cloud means that change is a constant when it comes to modern cloud-based infrastructure. Delivering modern applications to end users, therefore, is a constantly shifting challenge. Delivery automation helps IT Ops teams ensure that apps are providing an optimal end user experience over hybrid-cloud and multi-cloud environments, no matter what the current state of the infrastructure is. To employ a delivery automation strategy that reflects your business rules, making r...
Digital transformation is changing the face of business. The IDC predicts that enterprises will commit to a massive new scale of digital transformation, to stake out leadership positions in the "digital transformation economy." Accordingly, attendees at the upcoming Cloud Expo | @ThingsExpo at the Santa Clara Convention Center in Santa Clara, CA, Oct 31-Nov 2, will find fresh new content in a new track called Enterprise Cloud & Digital Transformation.
Most technology leaders, contemporary and from the hardware era, are reshaping their businesses to do software. They hope to capture value from emerging technologies such as IoT, SDN, and AI. Ultimately, irrespective of the vertical, it is about deriving value from independent software applications participating in an ecosystem as one comprehensive solution. In his session at @ThingsExpo, Kausik Sridhar, founder and CTO of Pulzze Systems, will discuss how given the magnitude of today's applicati...
SYS-CON Events announced today that NetApp has been named “Bronze Sponsor” of SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. NetApp is the data authority for hybrid cloud. NetApp provides a full range of hybrid cloud data services that simplify management of applications and data across cloud and on-premises environments to accelerate digital transformation. Together with their partners, NetApp emp...
Enterprises are adopting Kubernetes to accelerate the development and the delivery of cloud-native applications. However, sharing a Kubernetes cluster between members of the same team can be challenging. And, sharing clusters across multiple teams is even harder. Kubernetes offers several constructs to help implement segmentation and isolation. However, these primitives can be complex to understand and apply. As a result, it’s becoming common for enterprises to end up with several clusters. Thi...
As popularity of the smart home is growing and continues to go mainstream, technological factors play a greater role. The IoT protocol houses the interoperability battery consumption, security, and configuration of a smart home device, and it can be difficult for companies to choose the right kind for their product. For both DIY and professionally installed smart homes, developers need to consider each of these elements for their product to be successful in the market and current smart homes.
Widespread fragmentation is stalling the growth of the IIoT and making it difficult for partners to work together. The number of software platforms, apps, hardware and connectivity standards is creating paralysis among businesses that are afraid of being locked into a solution. EdgeX Foundry is unifying the community around a common IoT edge framework and an ecosystem of interoperable components.
Join IBM November 1 at 21st Cloud Expo at the Santa Clara Convention Center in Santa Clara, CA, and learn how IBM Watson can bring cognitive services and AI to intelligent, unmanned systems. Cognitive analysis impacts today’s systems with unparalleled ability that were previously available only to manned, back-end operations. Thanks to cloud processing, IBM Watson can bring cognitive services and AI to intelligent, unmanned systems. Imagine a robot vacuum that becomes your personal assistant th...
Containers are rapidly finding their way into enterprise data centers, but change is difficult. How do enterprises transform their architecture with technologies like containers without losing the reliable components of their current solutions? In his session at @DevOpsSummit at 21st Cloud Expo, Tony Campbell, Director, Educational Services at CoreOS, will explore the challenges organizations are facing today as they move to containers and go over how Kubernetes applications can deploy with lega...