Welcome!

Cloud Security Authors: Pat Romanski, Ambuj Kumar, Shelly Palmer, XebiaLabs Blog, Liz McMillan

Related Topics: Cloud Security, Java IoT, Industrial IoT, Containers Expo Blog, @CloudExpo, SDN Journal

Cloud Security: Article

The New Standard: Intelligence-Driven Security

Moving away from traditional/outdated strategies and embracing a unified approach

In a recent blog post, Art Coviello, the executive chairman at RSA, posed an important question. How do we move from traditional security to intelligence-driven security? In his answer he described that the quickly interdependent exchanges between parties (B2C, B2B, B2P, etc) have grown beyond the traditional means of securing the enterprise:

“IT organizations have continued to construct security infrastructures around a disintegrating perimeter of increasingly ineffective controls.”

He described a new-model of cyber-security that includes five concepts:

  1. A thorough understanding of risk
  2. The use of agile controls based on pattern recognition and predictive analytics
  3. The use of big data analytics to give context to vast streams of data to produce timely, actionable information
  4. Personnel with the right skill set to operate the systems
  5. Information sharing at scale

I have to stand up and applaud. I have been waiting for someone of Art’s stature to publicly acknowledge that the current system of security management is still rooted ostensibly in 2002 and needs to directly address the challenges of the modern enterprise.  He describes the status quo is hurting our ability to properly protect our enterprises as “not moving fast enough to make the transition.”

Now I am reading between the lines, but what I understand, he is describing REACT: A unified platform I introduced last Fall. Briefly, REACT is a cloud-based security platform that integrates several alerting, analytical and preventative tools into a central monitor and management best practice—and it does it in real time. It creates what the Exec Chair of the RSA terms “intelligent-driven security."

So, how do we move from traditional security to intelligence-driven security?

He first mentions budget as a potential hurdle; that spending has traditionally concentrated on reactive preventions that support a disappearing perimeter. I want to expand that issue in that many security professionals recognize the overall problem, but have their hands tied by limited budgets and resources Given that, they can only apply their capital expenditures towards a reduced scope of what they know as a conquerable priority. Or forced to choose between one initiative over another. That is…until they consider the cloud as a cost effective method to acquire the means to incorporate the totality of the five concepts noted above (and still not dip into CapEx!!). I have talked at length about how the cloud makes enterprise power and capabilities available, affordable and manageable to any sized organization…you simply don’t have to be Bank of America or Qualcomm to enjoy similarly capable protection. Essentially, cloud-based security gives access to all the necessary tools and capabilities to carry out Coviello’s 5 points and still have dollars left over to take me to lunch for suggesting it!

Assuming you accept the concept of cloud security and assembled the elements from SIEM, Log Management and Identity/Access Management, just having these solutions doesn’t mean you have the right visibility. The key now is to leverage the capabilities of each and let them work together to detect breaches in real time, analyze who is logging in from what devices and controlling access to assets .  This new speed of information and trans-enterprise data provides the width and breadth for a thorough understanding of risk.

This centralized approach creates the flexibility to dissect a variety of data-driven patterns; everything from traffic (specific IP addresses or devices) to user behavior (see last week’s blog about Adaptive Risk Models) to information migration, threat assessments and other predictive analytics. This gives you the ability to evolve from defensive responses to a proactive posture.

Coviello points to another deficit to making this vision a reality--that of a skills shortage. Not to belabor the point, but this is another strong reason to consider security-as-a-service. The ability to add expertise without adding headcount (and the associated costs) underscores the “doing more with less” concept favored by most CFOs.  This doesn’t even touch the issue of maintaining tribal knowledge and avoiding job fusion as these in-house “experts” get right-sized or move from one company to another. I’ll save that for another time.

Context is the next hurdle. “We need context, not a list of the latest breaches – a broader and more collaborative understanding of the problems we face and the enemies,” Coviello writes. This is what a REACT unified platform promotes--situational context from a variety of endpoints, silos and sources. For instance, the system notes a series of access pings from an IP address in Sofia, Bulgaria. Is the ping by itself reason to take action? Are there employees or partners or vendors with authorized credentials in that part of the world? Is there a sales rep at a conference just trying to get his mail through a web mail server? Are they using a password that has been retired or accessing permissions that have recently been de-provisioned? Are they trying to change or modify sensitive records? There are literally dozens and dozens of variables to understand in order to make a judgment call to alert, block remediate or allow. That’s what a good correlation engine will do. It will automate the policies, score the threat and initiate the action alert based on three-dimensional results. As people trying to mess with our networks get more sophisticate, so must we.

I appreciate he notes that an attack on one of us is an attack on us all (because we are so interdependent). However, to achieve the level of sophistication required to support the is vision of an intelligence-driven security model requires one of two things…a healthy budget and the army of resources to support it…or look upwards to the cloud and take a step towards the next generation of security best practice and performance. But one way or the other, the important issue is finding a way to make intelligence-driven security become the standard.

Kevin Nikkhoo
Waiting for that call for lunch!
www.cloudaccess.com

More Stories By Kevin Nikkhoo

With more than 32 years of experience in information technology, and an extensive and successful entrepreneurial background, Kevin Nikkhoo is the CEO of the dynamic security-as-a-service startup Cloud Access. CloudAccess is at the forefront of the latest evolution of IT asset protection--the cloud.

Kevin holds a Bachelor of Science in Computer Engineering from McGill University, Master of Computer Engineering at California State University, Los Angeles, and an MBA from the University of Southern California with emphasis in entrepreneurial studies.

@ThingsExpo Stories
High-velocity engineering teams are applying not only continuous delivery processes, but also lessons in experimentation from established leaders like Amazon, Netflix, and Facebook. These companies have made experimentation a foundation for their release processes, allowing them to try out major feature releases and redesigns within smaller groups before making them broadly available. In his session at 21st Cloud Expo, Brian Lucas, Senior Staff Engineer at Optimizely, will discuss how by using...
In this strange new world where more and more power is drawn from business technology, companies are effectively straddling two paths on the road to innovation and transformation into digital enterprises. The first path is the heritage trail – with “legacy” technology forming the background. Here, extant technologies are transformed by core IT teams to provide more API-driven approaches. Legacy systems can restrict companies that are transitioning into digital enterprises. To truly become a lead...
SYS-CON Events announced today that CAST Software will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CAST was founded more than 25 years ago to make the invisible visible. Built around the idea that even the best analytics on the market still leave blind spots for technical teams looking to deliver better software and prevent outages, CAST provides the software intelligence that matter ...
SYS-CON Events announced today that Daiya Industry will exhibit at the Japanese Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Ruby Development Inc. builds new services in short period of time and provides a continuous support of those services based on Ruby on Rails. For more information, please visit https://github.com/RubyDevInc.
As businesses evolve, they need technology that is simple to help them succeed today and flexible enough to help them build for tomorrow. Chrome is fit for the workplace of the future — providing a secure, consistent user experience across a range of devices that can be used anywhere. In her session at 21st Cloud Expo, Vidya Nagarajan, a Senior Product Manager at Google, will take a look at various options as to how ChromeOS can be leveraged to interact with people on the devices, and formats th...
SYS-CON Events announced today that Yuasa System will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Yuasa System is introducing a multi-purpose endurance testing system for flexible displays, OLED devices, flexible substrates, flat cables, and films in smartphones, wearables, automobiles, and healthcare.
SYS-CON Events announced today that Taica will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Taica manufacturers Alpha-GEL brand silicone components and materials, which maintain outstanding performance over a wide temperature range -40C to +200C. For more information, visit http://www.taica.co.jp/english/.
Enterprises have taken advantage of IoT to achieve important revenue and cost advantages. What is less apparent is how incumbent enterprises operating at scale have, following success with IoT, built analytic, operations management and software development capabilities – ranging from autonomous vehicles to manageable robotics installations. They have embraced these capabilities as if they were Silicon Valley startups. As a result, many firms employ new business models that place enormous impor...
SYS-CON Events announced today that SourceForge has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. SourceForge is the largest, most trusted destination for Open Source Software development, collaboration, discovery and download on the web serving over 32 million viewers, 150 million downloads and over 460,000 active development projects each and every month.
SYS-CON Events announced today that Dasher Technologies will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Dasher Technologies, Inc. ® is a premier IT solution provider that delivers expert technical resources along with trusted account executives to architect and deliver complete IT solutions and services to help our clients execute their goals, plans and objectives. Since 1999, we'v...
As popularity of the smart home is growing and continues to go mainstream, technological factors play a greater role. The IoT protocol houses the interoperability battery consumption, security, and configuration of a smart home device, and it can be difficult for companies to choose the right kind for their product. For both DIY and professionally installed smart homes, developers need to consider each of these elements for their product to be successful in the market and current smart homes.
SYS-CON Events announced today that MIRAI Inc. will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MIRAI Inc. are IT consultants from the public sector whose mission is to solve social issues by technology and innovation and to create a meaningful future for people.
SYS-CON Events announced today that Massive Networks, that helps your business operate seamlessly with fast, reliable, and secure internet and network solutions, has been named "Exhibitor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. As a premier telecommunications provider, Massive Networks is headquartered out of Louisville, Colorado. With years of experience under their belt, their team of...
SYS-CON Events announced today that TidalScale, a leading provider of systems and services, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. TidalScale has been involved in shaping the computing landscape. They've designed, developed and deployed some of the most important and successful systems and services in the history of the computing industry - internet, Ethernet, operating s...
Coca-Cola’s Google powered digital signage system lays the groundwork for a more valuable connection between Coke and its customers. Digital signs pair software with high-resolution displays so that a message can be changed instantly based on what the operator wants to communicate or sell. In their Day 3 Keynote at 21st Cloud Expo, Greg Chambers, Global Group Director, Digital Innovation, Coca-Cola, and Vidya Nagarajan, a Senior Product Manager at Google, will discuss how from store operations...
Widespread fragmentation is stalling the growth of the IIoT and making it difficult for partners to work together. The number of software platforms, apps, hardware and connectivity standards is creating paralysis among businesses that are afraid of being locked into a solution. EdgeX Foundry is unifying the community around a common IoT edge framework and an ecosystem of interoperable components.
In a recent survey, Sumo Logic surveyed 1,500 customers who employ cloud services such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). According to the survey, a quarter of the respondents have already deployed Docker containers and nearly as many (23 percent) are employing the AWS Lambda serverless computing framework. It’s clear: serverless is here to stay. The adoption does come with some needed changes, within both application development and operations. Tha...
SYS-CON Events announced today that IBM has been named “Diamond Sponsor” of SYS-CON's 21st Cloud Expo, which will take place on October 31 through November 2nd 2017 at the Santa Clara Convention Center in Santa Clara, California.
In his Opening Keynote at 21st Cloud Expo, John Considine, General Manager of IBM Cloud Infrastructure, will lead you through the exciting evolution of the cloud. He'll look at this major disruption from the perspective of technology, business models, and what this means for enterprises of all sizes. John Considine is General Manager of Cloud Infrastructure Services at IBM. In that role he is responsible for leading IBM’s public cloud infrastructure including strategy, development, and offering ...
Infoblox delivers Actionable Network Intelligence to enterprise, government, and service provider customers around the world. They are the industry leader in DNS, DHCP, and IP address management, the category known as DDI. We empower thousands of organizations to control and secure their networks from the core-enabling them to increase efficiency and visibility, improve customer service, and meet compliance requirements.