Welcome!

@CloudExpo Authors: Elizabeth White, Liz McMillan, Todd Matters, Harry Trott, Pat Romanski

Related Topics: @CloudExpo, Agile Computing, Cloud Security

@CloudExpo: Blog Post

How Information Security Threats Have Evolved | @CloudExpo #Cloud #Security

Weak points we face today and how to strengthen them

Information security has become a critical priority for many businesses over the past decade, and for good reason. It seems like a new breach is exposed on nearly a daily basis, impacting another organization and its patrons. However, some companies believe that they're safe because they're either too small or too big to be affected by any of these cyberattacks. The truth is that groups of all sizes from Target to your local dentist are being hacked or having their data compromised, and it's causing a major upheaval in the security community.

Businesses tend to also think that they are more protected than they were 10 years ago due to the advancement of safeguarding solutions. However, as security testing tools have developed, so have the threats that aim to breach the cyber walls and grab your information. Let's take a look at how information security threats have evolved, what vulnerabilities we currently face and how to strengthen overall protection.

Where we were
In order to progress, it's first important to understand where we've come from in terms of threats we've once faced and what responses we've taken to mitigate these issues. When you think of offices in 2001, you likely imagine desktops, fax machines and dial-up Internet. Back then, there were 50 million Internet users, 40 million websites and 31 billion sent emails, according to a Microsoft infographic. Hackers were focused on vandalism and denial of service, committing acts mostly for fame and exposing lax security. These individuals were mostly unfunded and unorganized and didn't have a real incentive for the audience they affected.

In this type of environment, many organizations were able to quickly adapt their security strategies or throw up a stronger firewall in order to deter these threats. It was made easier by the fact that all employees traditionally worked in one office and internal IT teams managed company-owned devices. However, things didn't stay this simple, and it's because of this evolution that the security world is going through some major changes to keep up with current technology trends.

State of security now
In the past 15 years, things have developed drastically due to hardware and software

In the past 15 years, things have developed drastically due to hardware and software advancements. Currently, there are over 3 billion Internet users and approximately 1 billion websites, according to Internet Live Stats, and research from Radicati noted that there are 215.3 billion emails sent and received every day. These are obviously major increases from the 2001 numbers, and they show just how much things have changed due to Internet improvements and the proliferation of mobile devices.

Quality software can help deter current information security threats.

As the number of hardware options have changed, hackers have adapted their game to better utilize these new end points. Cyberattackers now are well-funded professionals that often aim to take your information and control your devices. Instead of aiming for a random audience as was traditional in the past, hackers are now gunning for specific targets and have a black market available to sell information. This has created a lot of problems for organizations and has lit a fire under security providers to ensure that data is protected from current and emerging threats.

Threats aren't just external
Although there are many threats that can come from outside an organization, your employees can also contribute to your potential for a data breach. In an interview with Digital Guardian, Ashley Schwartau noted that the biggest mistakes you can make are to assume that employees know your security policies and care enough to follow them. This is especially true when considering phishing attacks and the use of business-approved applications. A report from Intel found that 43 percent of data loss occurs from internal actors, splitting evenly between intentional and accidental incidents. These numbers speak volumes to how vulnerable your staff members are and how you need to train them on the best practices to avoid issues.

Software quality linked to breaches
With the threat of employees using unapproved applications, it's important for businesses to provide them with a program that will fully meet their needs and be convenient to use. If software doesn't have the features workers need to complete their daily tasks, they'll likely turn to consumer-grade applications that will not have the security capabilities your organization requires. This would leave a gaping hole in your protection strategy and give hackers an open door to your most critical data. By conducting software security testing, you can reinforce your applications while still focusing on the functionality that staff members are looking for.

It's also important to note that software in general should be thoroughly tested to ensure better quality and mitigate any actionable defects. The Online Trust Alliance found that 90 percent of breaches could have been prevented in the first half of 2014. This can be done from a combination of educating employees, enforcing password management and conducting regular app testing. Further, CAST Research Labs found a direct correlation between data breaches and poor code quality across consumer applications. By focusing on testing and using the right tools, organizations can mitigate these threats and strengthen their overall security capabilities in the process.

More Stories By Sanjay Zalavadia

As the VP of Client Service for Zephyr, Sanjay Zalavadia brings over 15 years of leadership experience in IT and Technical Support Services. Throughout his career, Sanjay has successfully established and grown premier IT and Support Services teams across multiple geographies for both large and small companies.

Most recently, he was Associate Vice President at Patni Computers (NYSE: PTI) responsible for the Telecoms IT Managed Services Practice where he established IT Operations teams supporting Virgin Mobile, ESPN Mobile, Disney Mobile and Carphone Warehouse. Prior to this Sanjay was responsible for Global Technical Support at Bay Networks, a leading routing and switching vendor, which was acquired by Nortel. He has also held management positions in Support Service organizations at start-up Silicon Valley Networks, a vendor of Test Management software, and SynOptics.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@CloudExpo Stories
You know you need the cloud, but you’re hesitant to simply dump everything at Amazon since you know that not all workloads are suitable for cloud. You know that you want the kind of ease of use and scalability that you get with public cloud, but your applications are architected in a way that makes the public cloud a non-starter. You’re looking at private cloud solutions based on hyperconverged infrastructure, but you’re concerned with the limits inherent in those technologies.
"Loom is applying artificial intelligence and machine learning into the entire log analysis process, from start to finish and at the end you will get a human touch,” explained Sabo Taylor Diab, Vice President, Marketing at Loom Systems, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
@DevOpsSummit at Cloud Expo taking place Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center, Santa Clara, CA, is co-located with the 21st International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is ...
SYS-CON Events announced today that Datanami has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Datanami is a communication channel dedicated to providing insight, analysis and up-to-the-minute information about emerging trends and solutions in Big Data. The publication sheds light on all cutting-edge technologies including networking, storage and applications, and the...
SYS-CON Events announced today that EnterpriseTech has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. EnterpriseTech is a professional resource for news and intelligence covering the migration of high-end technologies into the enterprise and business-IT industry, with a special focus on high-tech solutions in new product development, workload management, increased effi...
For organizations that have amassed large sums of software complexity, taking a microservices approach is the first step toward DevOps and continuous improvement / development. Integrating system-level analysis with microservices makes it easier to change and add functionality to applications at any time without the increase of risk. Before you start big transformation projects or a cloud migration, make sure these changes won’t take down your entire organization.
Cloud promises the agility required by today’s digital businesses. As organizations adopt cloud based infrastructures and services, their IT resources become increasingly dynamic and hybrid in nature. Managing these require modern IT operations and tools. In his session at 20th Cloud Expo, Raj Sundaram, Senior Principal Product Manager at CA Technologies, will discuss how to modernize your IT operations in order to proactively manage your hybrid cloud and IT environments. He will be sharing bes...
A look across the tech landscape at the disruptive technologies that are increasing in prominence and speculate as to which will be most impactful for communications – namely, AI and Cloud Computing. In his session at 20th Cloud Expo, Curtis Peterson, VP of Operations at RingCentral, highlighted the current challenges of these transformative technologies and shared strategies for preparing your organization for these changes. This “view from the top” outlined the latest trends and developments i...
Automation is enabling enterprises to design, deploy, and manage more complex, hybrid cloud environments. Yet the people who manage these environments must be trained in and understanding these environments better than ever before. A new era of analytics and cognitive computing is adding intelligence, but also more complexity, to these cloud environments. How smart is your cloud? How smart should it be? In this power panel at 20th Cloud Expo, moderated by Conference Chair Roger Strukhoff, paneli...
Hardware virtualization and cloud computing allowed us to increase resource utilization and increase our flexibility to respond to business demand. Docker Containers are the next quantum leap - Are they?! Databases always represented an additional set of challenges unique to running workloads requiring a maximum of I/O, network, CPU resources combined with data locality.
SYS-CON Events announced today that MobiDev, a client-oriented software development company, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MobiDev is a software company that develops and delivers turn-key mobile apps, websites, web services, and complex software systems for startups and enterprises. Since 2009 it has grown from a small group of passionate engineers and business...
SYS-CON Events announced today that GrapeUp, the leading provider of rapid product development at the speed of business, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Grape Up is a software company, specialized in cloud native application development and professional services related to Cloud Foundry PaaS. With five expert teams that operate in various sectors of the market acr...
SYS-CON Events announced today that Ayehu will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on October 31 - November 2, 2017 at the Santa Clara Convention Center in Santa Clara California. Ayehu provides IT Process Automation & Orchestration solutions for IT and Security professionals to identify and resolve critical incidents and enable rapid containment, eradication, and recovery from cyber security breaches. Ayehu provides customers greater control over IT infras...
Artificial intelligence, machine learning, neural networks. We’re in the midst of a wave of excitement around AI such as hasn’t been seen for a few decades. But those previous periods of inflated expectations led to troughs of disappointment. Will this time be different? Most likely. Applications of AI such as predictive analytics are already decreasing costs and improving reliability of industrial machinery. Furthermore, the funding and research going into AI now comes from a wide range of com...
In this presentation, Striim CTO and founder Steve Wilkes will discuss practical strategies for counteracting fraud and cyberattacks by leveraging real-time streaming analytics. In his session at @ThingsExpo, Steve Wilkes, Founder and Chief Technology Officer at Striim, will provide a detailed look into leveraging streaming data management to correlate events in real time, and identify potential breaches across IoT and non-IoT systems throughout the enterprise. Strategies for processing massive ...
SYS-CON Events announced today that SourceForge has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. SourceForge is the largest, most trusted destination for Open Source Software development, collaboration, discovery and download on the web serving over 32 million viewers, 150 million downloads and over 460,000 active development projects each and every month.
"Our strategy is to focus on the hyperscale providers - AWS, Azure, and Google. Over the last year we saw that a lot of developers need to learn how to do their job in the cloud and we see this DevOps movement that we are catering to with our content," stated Alessandro Fasan, Head of Global Sales at Cloud Academy, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We focus on composable infrastructure. Composable infrastructure has been named by companies like Gartner as the evolution of the IT infrastructure where everything is now driven by software," explained Bruno Andrade, CEO and Founder of HTBase, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
SYS-CON Events announced today that Conference Guru has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. A valuable conference experience generates new contacts, sales leads, potential strategic partners and potential investors; helps gather competitive intelligence and even provides inspiration for new products and services. Conference Guru works with conference organi...
SYS-CON Events announced today that Cloud Academy named "Bronze Sponsor" of 21st International Cloud Expo which will take place October 31 - November 2, 2017 at the Santa Clara Convention Center in Santa Clara, CA. Cloud Academy is the industry’s most innovative, vendor-neutral cloud technology training platform. Cloud Academy provides continuous learning solutions for individuals and enterprise teams for Amazon Web Services, Microsoft Azure, Google Cloud Platform, and the most popular cloud com...