Welcome!

Cloud Security Authors: Elizabeth White, Lisa Calkins, Mamoon Yunus, Pat Romanski, Liz McMillan

Related Topics: Cloud Security

Cloud Security: Article

Focus on Cyber-Crime Misses Real Threat

Vendors hyping cyber-crime missing potential for state sponsored threats

Security Journal on Ulitzer

Thanks to tough economic times and a generous dollop of fear-mongering from the media and opportunistic profiteers, we've all become myopically obsessed with cyber-crime.

This is not entirely a bad thing. Unless you've been living under a rock, everyone knows that technology has created unimaginable opportunity for resourceful crooks. The pitfall is in our myopia. But we've become so obsessed with cyber-crime-a "petty" offense in the grand scheme of things-that we've overlooked the bigger picture. While monetary gains are certainly a big motivator for cybercrime, increasingly cyber-criminals are acting out of political interests. Thus, it is important for IT departments to be aware that threats can come from anywhere.

A recent article in the New York Times reminded us of a conspicuously under-reported digital security threat: cyber-terrorism. Dennis Blair, the Director of National Intelligence, made the following comment in an appearance before the U.S. Congress:

"Malicious cyberactivity is occurring on an unprecedented scale with extraordinary sophistication."

U.S. Secretary of State Hillary Clinton also recently shed light on the critical nature of this global issue when she urged NATO members to modernize and strengthen their alliance to combat cyber-terrorism.

These are important reminders that all cyber-threats are not strictly for money and are certainly not all commercial. In fact, there is good reason to believe that the largest increase in systems security vulnerabilities will occur as a result of political, not criminal, activity.

Politics in this context can be defined as the creation, distribution, and maintenance of power across some group of people. On the Web, as we have seen with the alleged Chinese attacks on Google, the struggle is over the power of information.

The point is that politically motivated attacks are fundamentally different. Governments, even small ones, have vastly more resources than your average "cyber-criminal", who may actually some script-kiddie in a basement in Wisconsin. The Google attack was on a huge scale, and also highly coordinated, and was executed with, dare I say it, "military" precision.

This new brand of digital threat takes advantage of a weakness in the hierarchy of law. Most of what we're exposed to is either civil law (like lawsuits, generally) or criminal law (the kind we need police to enforce). This new form of atatck however, runs up against international law. While I am not a lawyer, the principal issues with international law are that it is both ill-defined and expensive (or impossible) to enforce.

The threat is real, and the threat is growing. Companies, organizations and governments need to be aware of commercial AND political threats to their critical digital infrastructure.

The increased nature of the geopolitical cyber-threat says something about the current, often hysterical, narrative floating around the industry about "cyber-crime". I have to admit, "cyber-crime" is getting some traction in the media, as a cyber-crime story even appeared on NPR's Fresh Air show.

Playing on the hysteria in the media, a number of competitors in our market, the Log Management space, are shamelessly hyping the dangers of cyber-crime to degrees that border on the irresponsible. Yes, it is true that we need to be aware of hackers who want to steal our data-either for monetary or political reasons. But despite what a vendor may tell you, true systems security is reliant on people, products and processes; it's not just about one single product that will magically solve all the world's security problems.

The fact of the matter is that bad things happen. You will be hacked. You may have already been hacked and not know it. A rational organization will do three things.

First, put up the best defenses you can. Make sure that you are putting the resources you already have, such as log files, to the best possible use. Start with the basics, like log management, before moving on to supplemental technologies like SIEM. Do your research and buy the best security products that suit your needs and your budget.

Second, implement the best people-processes you can. Recent studies have shown that most data-loss or security-break incidents come from people who are or have been on the inside.

Finally, you will be hacked. Accept the fact and prepare of it. Be ready to clean up and perform forensics when you do get hacked, because one way or another, it will happen.

The number and kinds of attacks on your critical IT infrastructure are increasing. While you may see attacks from one vector decrease, the number of new attack vectors in increasing. Attention by the US Government, and the Google attack from China clearly reinforce this. We must all remain vigilant, now more than ever.

More Stories By Bill Roth

Bill Roth is a Silicon Valley veteran with over 20 years in the industry. He has played numerous product marketing, product management and engineering roles at companies like BEA, Sun, Morgan Stanley, and EBay Enterprise. He was recently named one of the World's 30 Most Influential Cloud Bloggers.

@ThingsExpo Stories
SYS-CON Events announced today that Massive Networks will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Massive Networks mission is simple. To help your business operate seamlessly with fast, reliable, and secure internet and network solutions. Improve your customer's experience with outstanding connections to your cloud.
Everything run by electricity will eventually be connected to the Internet. Get ahead of the Internet of Things revolution and join Akvelon expert and IoT industry leader, Sergey Grebnov, in his session at @ThingsExpo, for an educational dive into the world of managing your home, workplace and all the devices they contain with the power of machine-based AI and intelligent Bot services for a completely streamlined experience.
Because IoT devices are deployed in mission-critical environments more than ever before, it’s increasingly imperative they be truly smart. IoT sensors simply stockpiling data isn’t useful. IoT must be artificially and naturally intelligent in order to provide more value In his session at @ThingsExpo, John Crupi, Vice President and Engineering System Architect at Greenwave Systems, will discuss how IoT artificial intelligence (AI) can be carried out via edge analytics and machine learning techn...
When shopping for a new data processing platform for IoT solutions, many development teams want to be able to test-drive options before making a choice. Yet when evaluating an IoT solution, it’s simply not feasible to do so at scale with physical devices. Building a sensor simulator is the next best choice; however, generating a realistic simulation at very high TPS with ease of configurability is a formidable challenge. When dealing with multiple application or transport protocols, you would be...
SYS-CON Events announced today that Datera, that offers a radically new data management architecture, has been named "Exhibitor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Datera is transforming the traditional datacenter model through modern cloud simplicity. The technology industry is at another major inflection point. The rise of mobile, the Internet of Things, data storage and Big...
SYS-CON Events announced today that GrapeUp, the leading provider of rapid product development at the speed of business, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Grape Up is a software company, specialized in cloud native application development and professional services related to Cloud Foundry PaaS. With five expert teams that operate in various sectors of the market acr...
In the enterprise today, connected IoT devices are everywhere – both inside and outside corporate environments. The need to identify, manage, control and secure a quickly growing web of connections and outside devices is making the already challenging task of security even more important, and onerous. In his session at @ThingsExpo, Rich Boyer, CISO and Chief Architect for Security at NTT i3, discussed new ways of thinking and the approaches needed to address the emerging challenges of security i...
In his opening keynote at 20th Cloud Expo, Michael Maximilien, Research Scientist, Architect, and Engineer at IBM, discussed the full potential of the cloud and social data requires artificial intelligence. By mixing Cloud Foundry and the rich set of Watson services, IBM's Bluemix is the best cloud operating system for enterprises today, providing rapid development and deployment of applications that can take advantage of the rich catalog of Watson services to help drive insights from the vast t...
SYS-CON Events announced today that CA Technologies has been named "Platinum Sponsor" of SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business - from apparel to energy - is being rewritten by software. From planning to development to management to security, CA creates software that fuels transformation for companies in the applic...
There is only one world-class Cloud event on earth, and that is Cloud Expo – which returns to Silicon Valley for the 21st Cloud Expo at the Santa Clara Convention Center, October 31 - November 2, 2017. Every Global 2000 enterprise in the world is now integrating cloud computing in some form into its IT development and operations. Midsize and small businesses are also migrating to the cloud in increasing numbers. Companies are each developing their unique mix of cloud technologies and service...
WebRTC is great technology to build your own communication tools. It will be even more exciting experience it with advanced devices, such as a 360 Camera, 360 microphone, and a depth sensor camera. In his session at @ThingsExpo, Masashi Ganeko, a manager at INFOCOM Corporation, will introduce two experimental projects from his team and what they learned from them. "Shotoku Tamago" uses the robot audition software HARK to track speakers in 360 video of a remote party. "Virtual Teleport" uses a...
Recently, IoT seems emerging as a solution vehicle for data analytics on real-world scenarios from setting a room temperature setting to predicting a component failure of an aircraft. Compared with developing an application or deploying a cloud service, is an IoT solution unique? If so, how? How does a typical IoT solution architecture consist? And what are the essential components and how are they relevant to each other? How does the security play out? What are the best practices in formulating...
Internet of @ThingsExpo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devic...
An increasing number of companies are creating products that combine data with analytical capabilities. Running interactive queries on Big Data requires complex architectures to store and query data effectively, typically involving data streams, an choosing efficient file format/database and multiple independent systems that are tied together through custom-engineered pipelines. In his session at @BigDataExpo at @ThingsExpo, Tomer Levi, a senior software engineer at Intel’s Advanced Analytics ...
In his session at @ThingsExpo, Arvind Radhakrishnen discussed how IoT offers new business models in banking and financial services organizations with the capability to revolutionize products, payments, channels, business processes and asset management built on strong architectural foundation. The following topics were covered: How IoT stands to impact various business parameters including customer experience, cost and risk management within BFS organizations.
SYS-CON Events announced today that Elastifile will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Elastifile Cloud File System (ECFS) is software-defined data infrastructure designed for seamless and efficient management of dynamic workloads across heterogeneous environments. Elastifile provides the architecture needed to optimize your hybrid cloud environment, by facilitating efficient...
SYS-CON Events announced today that Golden Gate University will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Since 1901, non-profit Golden Gate University (GGU) has been helping adults achieve their professional goals by providing high quality, practice-based undergraduate and graduate educational programs in law, taxation, business and related professions. Many of its courses are taug...
"We provide IoT solutions. We provide the most compatible solutions for many applications. Our solutions are industry agnostic and also protocol agnostic," explained Richard Han, Head of Sales and Marketing and Engineering at Systena America, in this SYS-CON.tv interview at @ThingsExpo, held June 6-8, 2017, at the Javits Center in New York City, NY.
SYS-CON Events announced today that DXWorldExpo has been named “Global Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Digital Transformation is the key issue driving the global enterprise IT business. Digital Transformation is most prominent among Global 2000 enterprises and government institutions.
21st International Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Me...