Welcome!

@CloudExpo Authors: Pat Romanski, Yeshim Deniz, Liz McMillan, Elizabeth White, Zakia Bouachraoui

Related Topics: SYS-CON MEDIA

SYS-CON MEDIA: Blog Feed Post

The Endpoint Imperative: The Perimeter is Dead; Long Live the Perimeter!

Cloud, mobility and the Internet of Things have obliterated the traditional perimeter that protected organizations. The result: Higher productivity, but bigger challenges for security, data protection, and mobile device management.

This episode of the “The Endpoint Imperative” podcast series from Intel, Kevin L. Jackson and Intel’s Yasser Rasheed explore the new normal for security, with a focus on the end users.

Kevin: The topic for this episode is,"The Perimeter is Dead, Long Live the Perimeter". With me is Yasser Rasheed Director of Business Client Security with Intel. Yasser welcome back.

Yasser: Hi Kevin, happy to be back.

Kevin: This time, however, I'd like to really talk to you about this security perimeter thing. Cloud mobility and the internet things have really obliterated what I've always referred to as the wall and moat security paradigm, where working inside the enterprise was safe but working outside of the company's walls wasn't. What's pending impact of this evolution?

Yasser: You know Kevin nowadays with the cloud and mobility trends, we as end users we take our devices and work anywhere and everywhere at anytime. We take our laptops and work from home or from a coffee shop or on the go during the trip. The new shift here is really making us re-think how we protect the information that we have access to. The concept or the traditional concept of protecting at the perimeter with the traditional firewalls and gateways is really non-existent anymore. When I'm using my laptop at a coffee shop, I am no longer going through a firewall to access a cloud service. It's imperative for the industry to re-think the concept of listening at the perimeter level from a security perspective.

Kevin: Did the IT team miss the boat with getting a grip on the management of security within this new business ecosystem of today?

Yasser: From my perspective, it's not about missing the boat as much as the industry is moving and evolving very fast and IT organizations, more specifically information security organizations, need to cope with this evolution, and in certain cases may need to be ahead of it. At the same time, by the same token, that evolution is giving an advantage to the hacker community, to the bad guys really, to take advantage of the shift and attack the endpoints. Attack the end users, grab the data, steal the data or lock it in and ask for ransom.

Kevin: These new approaches to information technology have really changed the traditional workplace. Yasser how are IT leaders balancing the benefits of cloud and mobility, things like productivity and accessibility, with the obvious security challenges?


Yasser: Great question Kevin. We know that end users especially the new generations of end users focus tremendously on the ease of use and the productivity, and don't want to be burdened with additional security processes that they don't really comprehend. It's imperative for the IT leaders and information security leaders to balance end-user productivity, the simplicity of integration for IT and the productivity end-user experience for end users. The only way for the industry to evolve and achieve the right level of protection is with the right balance. This is not an easy job to do, however, it's the only way for the industry to keep moving in this direction.

Kevin: Do you have any advice on how to make security everybody's job in this new normal?

Yasser: Great question. The first thing I advise everyone is for the leaders in the IT and information security industry to educate their teams and their end users. Education is king. We need to first educate them and get them to the level of comfort with the simple attacks like phishing and how scams happen. More importantly, IT organizations and information security organizations need to focus on four priorities. The top one is identity protection. That is really protecting against identity breaches which today constitute 80% or more of the total number of breaches. The second priority is to protect the data. Data protection is really an imperative because the data is the asset that the attackers are going after. The third priority is about detecting and preventing threats, especially the new and advanced threats that we see nowadays where signature-based detection of viruses is no longer sufficient, it's necessary but insufficient. The fourth and last priority is the ability to recover quickly from an event of a breach. The breach is a matter of when it happens, not if it happens, and organizations need to be ready recover quickly to a good level of productivity. These are the four priorities that I recommend the industry to focus on, and more importantly, apply the new techniques based on hardware-based security as opposed to traditional software-based security that is no longer sufficient in this space.

Kevin: With that sound advice we've come to the end of our time for this episode. We really want to thank Yasser Rasheed with Intel for his insights and expertise.

Yasser: Thank you, Kevin, it was a pleasure to be here.

( This content is being syndicated through multiple channels. The opinions expressed are solely those of the author and do not represent the views of GovCloud Network, GovCloud Network Partners or any other corporation or organization.)





Cloud Musings
( Thank you. If you enjoyed this article, get free updates by email or RSS - © Copyright Kevin L. Jackson 2017)



Read the original blog entry...

More Stories By Kevin Jackson

Kevin Jackson, founder of the GovCloud Network, is an independent technology and business consultant specializing in mission critical solutions. He has served in various senior management positions including VP & GM Cloud Services NJVC, Worldwide Sales Executive for IBM and VP Program Management Office at JP Morgan Chase. His formal education includes MSEE (Computer Engineering), MA National Security & Strategic Studies and a BS Aerospace Engineering. Jackson graduated from the United States Naval Academy in 1979 and retired from the US Navy earning specialties in Space Systems Engineering, Airborne Logistics and Airborne Command and Control. He also served with the National Reconnaissance Office, Operational Support Office, providing tactical support to Navy and Marine Corps forces worldwide. Kevin is the founder and author of “Cloud Musings”, a widely followed blog that focuses on the use of cloud computing by the Federal government. He is also the editor and founder of “Government Cloud Computing” electronic magazine, published at Ulitzer.com. To set up an appointment CLICK HERE

CloudEXPO Stories
Containers and Kubernetes allow for code portability across on-premise VMs, bare metal, or multiple cloud provider environments. Yet, despite this portability promise, developers may include configuration and application definitions that constrain or even eliminate application portability. In this session we'll describe best practices for "configuration as code" in a Kubernetes environment. We will demonstrate how a properly constructed containerized app can be deployed to both Amazon and Azure using the Kublr platform, and how Kubernetes objects, such as persistent volumes, ingress rules, and services, can be used to abstract from the infrastructure.
Everyone wants the rainbow - reduced IT costs, scalability, continuity, flexibility, manageability, and innovation. But in order to get to that collaboration rainbow, you need the cloud! In this presentation, we'll cover three areas: First - the rainbow of benefits from cloud collaboration. There are many different reasons why more and more companies and institutions are moving to the cloud. Benefits include: cost savings (reducing on-prem infrastructure, reducing data center foot print, reducing IT support costs), enabling growth (ensuring a highly available, highly scalable infrastructure), increasing employee access & engagement (by having collaboration tools that are usable and available globally regardless of location there will be an increased connectedness amongst teams and individuals that will help increase both efficiency and productivity.)
SYS-CON Events announced today that Silicon India has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Published in Silicon Valley, Silicon India magazine is the premiere platform for CIOs to discuss their innovative enterprise solutions and allows IT vendors to learn about new solutions that can help grow their business.
We are seeing a major migration of enterprises applications to the cloud. As cloud and business use of real time applications accelerate, legacy networks are no longer able to architecturally support cloud adoption and deliver the performance and security required by highly distributed enterprises. These outdated solutions have become more costly and complicated to implement, install, manage, and maintain.SD-WAN offers unlimited capabilities for accessing the benefits of the cloud and Internet. SD-WAN helps enterprises to take advantage of the exploding landscape of cloud applications and services, due to its unique capability to support all things cloud related.
Founded in 2000, Chetu Inc. is a global provider of customized software development solutions and IT staff augmentation services for software technology providers. By providing clients with unparalleled niche technology expertise and industry experience, Chetu has become the premiere long-term, back-end software development partner for start-ups, SMBs, and Fortune 500 companies. Chetu is headquartered in Plantation, Florida, with thirteen offices throughout the U.S. and abroad.