Welcome!

@CloudExpo Authors: Elizabeth White, Liz McMillan, Pat Romanski, Yeshim Deniz, Aruna Ravichandran

Related Topics: @CloudExpo, Agile Computing, Cloud Security

@CloudExpo: Blog Post

How Information Security Threats Have Evolved | @CloudExpo #Cloud #Security

Weak points we face today and how to strengthen them

Information security has become a critical priority for many businesses over the past decade, and for good reason. It seems like a new breach is exposed on nearly a daily basis, impacting another organization and its patrons. However, some companies believe that they're safe because they're either too small or too big to be affected by any of these cyberattacks. The truth is that groups of all sizes from Target to your local dentist are being hacked or having their data compromised, and it's causing a major upheaval in the security community.

Businesses tend to also think that they are more protected than they were 10 years ago due to the advancement of safeguarding solutions. However, as security testing tools have developed, so have the threats that aim to breach the cyber walls and grab your information. Let's take a look at how information security threats have evolved, what vulnerabilities we currently face and how to strengthen overall protection.

Where we were
In order to progress, it's first important to understand where we've come from in terms of threats we've once faced and what responses we've taken to mitigate these issues. When you think of offices in 2001, you likely imagine desktops, fax machines and dial-up Internet. Back then, there were 50 million Internet users, 40 million websites and 31 billion sent emails, according to a Microsoft infographic. Hackers were focused on vandalism and denial of service, committing acts mostly for fame and exposing lax security. These individuals were mostly unfunded and unorganized and didn't have a real incentive for the audience they affected.

In this type of environment, many organizations were able to quickly adapt their security strategies or throw up a stronger firewall in order to deter these threats. It was made easier by the fact that all employees traditionally worked in one office and internal IT teams managed company-owned devices. However, things didn't stay this simple, and it's because of this evolution that the security world is going through some major changes to keep up with current technology trends.

State of security now
In the past 15 years, things have developed drastically due to hardware and software

In the past 15 years, things have developed drastically due to hardware and software advancements. Currently, there are over 3 billion Internet users and approximately 1 billion websites, according to Internet Live Stats, and research from Radicati noted that there are 215.3 billion emails sent and received every day. These are obviously major increases from the 2001 numbers, and they show just how much things have changed due to Internet improvements and the proliferation of mobile devices.

Quality software can help deter current information security threats.

As the number of hardware options have changed, hackers have adapted their game to better utilize these new end points. Cyberattackers now are well-funded professionals that often aim to take your information and control your devices. Instead of aiming for a random audience as was traditional in the past, hackers are now gunning for specific targets and have a black market available to sell information. This has created a lot of problems for organizations and has lit a fire under security providers to ensure that data is protected from current and emerging threats.

Threats aren't just external
Although there are many threats that can come from outside an organization, your employees can also contribute to your potential for a data breach. In an interview with Digital Guardian, Ashley Schwartau noted that the biggest mistakes you can make are to assume that employees know your security policies and care enough to follow them. This is especially true when considering phishing attacks and the use of business-approved applications. A report from Intel found that 43 percent of data loss occurs from internal actors, splitting evenly between intentional and accidental incidents. These numbers speak volumes to how vulnerable your staff members are and how you need to train them on the best practices to avoid issues.

Software quality linked to breaches
With the threat of employees using unapproved applications, it's important for businesses to provide them with a program that will fully meet their needs and be convenient to use. If software doesn't have the features workers need to complete their daily tasks, they'll likely turn to consumer-grade applications that will not have the security capabilities your organization requires. This would leave a gaping hole in your protection strategy and give hackers an open door to your most critical data. By conducting software security testing, you can reinforce your applications while still focusing on the functionality that staff members are looking for.

It's also important to note that software in general should be thoroughly tested to ensure better quality and mitigate any actionable defects. The Online Trust Alliance found that 90 percent of breaches could have been prevented in the first half of 2014. This can be done from a combination of educating employees, enforcing password management and conducting regular app testing. Further, CAST Research Labs found a direct correlation between data breaches and poor code quality across consumer applications. By focusing on testing and using the right tools, organizations can mitigate these threats and strengthen their overall security capabilities in the process.

More Stories By Sanjay Zalavadia

As the VP of Client Service for Zephyr, Sanjay Zalavadia brings over 15 years of leadership experience in IT and Technical Support Services. Throughout his career, Sanjay has successfully established and grown premier IT and Support Services teams across multiple geographies for both large and small companies.

Most recently, he was Associate Vice President at Patni Computers (NYSE: PTI) responsible for the Telecoms IT Managed Services Practice where he established IT Operations teams supporting Virgin Mobile, ESPN Mobile, Disney Mobile and Carphone Warehouse. Prior to this Sanjay was responsible for Global Technical Support at Bay Networks, a leading routing and switching vendor, which was acquired by Nortel. He has also held management positions in Support Service organizations at start-up Silicon Valley Networks, a vendor of Test Management software, and SynOptics.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@CloudExpo Stories
We all know that end users experience the Internet primarily with mobile devices. From an app development perspective, we know that successfully responding to the needs of mobile customers depends on rapid DevOps – failing fast, in short, until the right solution evolves in your customers' relationship to your business. Whether you’re decomposing an SOA monolith, or developing a new application cloud natively, it’s not a question of using microservices – not doing so will be a path to eventual b...
In his session at 21st Cloud Expo, James Henry, Co-CEO/CTO of Calgary Scientific Inc., will introduce you to the challenges, solutions and benefits of training AI systems to solve visual problems with an emphasis on improving AIs with continuous training in the field. He will explore applications in several industries and discuss technologies that allow the deployment of advanced visualization solutions to the cloud.
Nordstrom is transforming the way that they do business and the cloud is the key to enabling speed and hyper personalized customer experiences. In his session at 21st Cloud Expo, Ken Schow, VP of Engineering at Nordstrom, will discuss some of the key learnings and common pitfalls of large enterprises moving to the cloud. This includes strategies around choosing a cloud provider(s), architecture, and lessons learned. In addition, he’ll go over some of the best practices for structured team migrat...
As people view cloud as a preferred option to build IT systems, the size of the cloud-based system is getting bigger and more complex. As the system gets bigger, more people need to collaborate from design to management. As more people collaborate to create a bigger system, the need for a systematic approach to automate the process is required. Just as in software, cloud now needs DevOps. In this session, the audience can see how people can solve this issue with a visual model. Visual models ha...
SYS-CON Events announced today that Taica will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Taica manufacturers Alpha-GEL brand silicone components and materials, which maintain outstanding performance over a wide temperature range -40C to +200C. For more information, visit http://www.taica.co.jp/english/.
SYS-CON Events announced today that MIRAI Inc. will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MIRAI Inc. are IT consultants from the public sector whose mission is to solve social issues by technology and innovation and to create a meaningful future for people.
Recently, REAN Cloud built a digital concierge for a North Carolina hospital that had observed that most patient call button questions were repetitive. In addition, the paper-based process used to measure patient health metrics was laborious, not in real-time and sometimes error-prone. In their session at 21st Cloud Expo, Sean Finnerty, Executive Director, Practice Lead, Health Care & Life Science at REAN Cloud, and Dr. S.P.T. Krishnan, Principal Architect at REAN Cloud, will discuss how they bu...
Coca-Cola’s Google powered digital signage system lays the groundwork for a more valuable connection between Coke and its customers. Digital signs pair software with high-resolution displays so that a message can be changed instantly based on what the operator wants to communicate or sell. In their Day 3 Keynote at 21st Cloud Expo, Greg Chambers, Global Group Director, Digital Innovation, Coca-Cola, and Vidya Nagarajan, a Senior Product Manager at Google, will discuss how from store operations...
As hybrid cloud becomes the de-facto standard mode of operation for most enterprises, new challenges arise on how to efficiently and economically share data across environments. In his session at 21st Cloud Expo, Dr. Allon Cohen, VP of Product at Elastifile, will explore new techniques and best practices that help enterprise IT benefit from the advantages of hybrid cloud environments by enabling data availability for both legacy enterprise and cloud-native mission critical applications. By rev...
Join IBM November 1 at 21st Cloud Expo at the Santa Clara Convention Center in Santa Clara, CA, and learn how IBM Watson can bring cognitive services and AI to intelligent, unmanned systems. Cognitive analysis impacts today’s systems with unparalleled ability that were previously available only to manned, back-end operations. Thanks to cloud processing, IBM Watson can bring cognitive services and AI to intelligent, unmanned systems. Imagine a robot vacuum that becomes your personal assistant tha...
The next XaaS is CICDaaS. Why? Because CICD saves developers a huge amount of time. CD is an especially great option for projects that require multiple and frequent contributions to be integrated. But… securing CICD best practices is an emerging, essential, yet little understood practice for DevOps teams and their Cloud Service Providers. The only way to get CICD to work in a highly secure environment takes collaboration, patience and persistence. Building CICD in the cloud requires rigorous ar...
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend 21st Cloud Expo October 31 - November 2, 2017, at the Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
SYS-CON Events announced today that Datera will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Datera offers a radically new approach to data management, where innovative software makes data infrastructure invisible, elastic and able to perform at the highest level. It eliminates hardware lock-in and gives IT organizations the choice to source x86 server nodes, with business model option...
Infoblox delivers Actionable Network Intelligence to enterprise, government, and service provider customers around the world. They are the industry leader in DNS, DHCP, and IP address management, the category known as DDI. We empower thousands of organizations to control and secure their networks from the core-enabling them to increase efficiency and visibility, improve customer service, and meet compliance requirements.
Digital transformation is changing the face of business. The IDC predicts that enterprises will commit to a massive new scale of digital transformation, to stake out leadership positions in the "digital transformation economy." Accordingly, attendees at the upcoming Cloud Expo | @ThingsExpo at the Santa Clara Convention Center in Santa Clara, CA, Oct 31-Nov 2, will find fresh new content in a new track called Enterprise Cloud & Digital Transformation.
SYS-CON Events announced today that N3N will exhibit at SYS-CON's @ThingsExpo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. N3N’s solutions increase the effectiveness of operations and control centers, increase the value of IoT investments, and facilitate real-time operational decision making. N3N enables operations teams with a four dimensional digital “big board” that consolidates real-time live video feeds alongside IoT sensor data a...
SYS-CON Events announced today that NetApp has been named “Bronze Sponsor” of SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. NetApp is the data authority for hybrid cloud. NetApp provides a full range of hybrid cloud data services that simplify management of applications and data across cloud and on-premises environments to accelerate digital transformation. Together with their partners, NetApp emp...
The dynamic nature of the cloud means that change is a constant when it comes to modern cloud-based infrastructure. Delivering modern applications to end users, therefore, is a constantly shifting challenge. Delivery automation helps IT Ops teams ensure that apps are providing an optimal end user experience over hybrid-cloud and multi-cloud environments, no matter what the current state of the infrastructure is. To employ a delivery automation strategy that reflects your business rules, making r...
Smart cities have the potential to change our lives at so many levels for citizens: less pollution, reduced parking obstacles, better health, education and more energy savings. Real-time data streaming and the Internet of Things (IoT) possess the power to turn this vision into a reality. However, most organizations today are building their data infrastructure to focus solely on addressing immediate business needs vs. a platform capable of quickly adapting emerging technologies to address future ...
Enterprises are adopting Kubernetes to accelerate the development and the delivery of cloud-native applications. However, sharing a Kubernetes cluster between members of the same team can be challenging. And, sharing clusters across multiple teams is even harder. Kubernetes offers several constructs to help implement segmentation and isolation. However, these primitives can be complex to understand and apply. As a result, it’s becoming common for enterprises to end up with several clusters. Thi...