Welcome!

Cloud Security Authors: Elizabeth White, Stefano Stabellini, Liz McMillan, Dana Gardner, Sanjay Zalavadia

Related Topics: @CloudExpo, Microservices Expo, Agile Computing, Cloud Security, @BigDataExpo, SDN Journal

@CloudExpo: Article

Cloud Computing: How Can Companies Reduce the Security Risk?

A three-step approach to navigating compliance complexities

In the last five years, organizations have increasingly embraced cloud applications to help them innovate and transform their business. Applications that automate sales processes, HR management, collaboration, email and file sharing are growing fast and enabling organizations to meet their needs in a shorter timeframe than ever before.

Cloud applications are ubiquitously employed across all industries. However, there are increased concerns about security and compliance of sensitive information, particularly in banking, insurance and in the public sector. A wide range of regulations and privacy laws make organizations directly responsible for protecting regulated information, but when this data is stored in the cloud, they have less direct control over leaks, theft or forced legal disclosure.

At the same time, leaks and thefts are occurring with increased frequency. The 2013 Verizon Data Breach Investigations Report revealed a total of 621 confirmed data breaches and over 47,000 security incidents in the last year, and a 2012 Ernst & Young survey found that only 38% of organizations implement an adequate security strategy.

A Three-Step Approach to Navigating Compliance Complexities
Though the risks - from malicious hacks to insider threats - can seem high, a holistic approach to cloud information protection can help companies reduce the risks of adopting the cloud.

First is the discovery stage. Before you can protect information in the cloud, you need to know where it is and who has access to it:

  • Who should have access to certain information and who should not?
  • What content is sensitive, proprietary, or regulated and how can it be identified?
  • Where will this data reside in the cloud, and what range of regional privacy, disclosure and other laws might apply?

Then, you need to protect the information using the correct tools:

  • Encrypt: As a baseline, unbreakable code - like military grade 256-bit AES - can scramble sensitive information into undecipherable gibberish to protect it from unauthorized viewers. Installing a cloud information protection platform at the network's edge ensures any data moving to the cloud is fully protected before it leaves the organization.
  • Retain keys: Keep the keys that encrypt and decipher information under the control of the user organization. This ensures that all information requests must involve the owner, even if information is stored on a third-party cloud.
  • Cloud data loss prevention: Customize policies on this to scan, detect and take action to protect information according to its level of sensitivity. This provides an additional level of security and control.
  • Cloud malware detection: Screen information exchanges, including external and internal user uploaded attachments, in cloud applications in real-time for virus, malware and other embedded threats.

Finally, a recent breakthrough - operations-preserving encryption - has solved encryption's longstanding problem of breaking cloud application functions. This advancement enables users to search, sort and report on encrypted data in the cloud. In addition, an open platform capable of supporting all cloud applications and integrating third-party tools provides a stable foundation for protection.

The popularity of the cloud has driven privacy laws and data residency restrictions around the world. Businesses and chief information officers need to collaborate in finding new security models to use the cloud while ensuring sensitive information is fully protected. By embracing a new ecosystem of cloud-based security solutions, businesses can safely extend their virtual security perimeter while still complying with privacy regulations.

More Stories By Pravin Kothari

Pravin Kothari is the founder and CEO of CipherCloud. He founded CipherCloud in 2010 when he recognized that while the cloud was disrupting enterprise IT with explosive growth, the security technologies had not kept pace and enterprises were losing control over their sensitive data.

Pravin is driving the rapid growth of CipherCloud by managing its business, strategy, and operations. He is a security visionary with more than 20 years of experience building industry-leading companies and bringing innovative products to market.

Pravin was the Founder & CTO of Agiliance, a leading Security Risk Management company, and Co-founder & VP Engineering of ArcSight, a leading security company, which was acquired by HP for $1.6 billion. Previously, he was Co-founder & Chief Architect at Impresse Corporation and also held technical leadership positions at Verity, Attachmate, and Tata Consultancy Services.

Pravin holds over a dozen patents in security technologies and is the inventor behind CipherCloud’s groundbreaking cloud encryption technology.

Comments (1)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@ThingsExpo Stories
When people aren’t talking about VMs and containers, they’re talking about serverless architecture. Serverless is about no maintenance. It means you are not worried about low-level infrastructural and operational details. An event-driven serverless platform is a great use case for IoT. In his session at @ThingsExpo, Animesh Singh, an STSM and Lead for IBM Cloud Platform and Infrastructure, will detail how to build a distributed serverless, polyglot, microservices framework using open source tec...
IoT offers a value of almost $4 trillion to the manufacturing industry through platforms that can improve margins, optimize operations & drive high performance work teams. By using IoT technologies as a foundation, manufacturing customers are integrating worker safety with manufacturing systems, driving deep collaboration and utilizing analytics to exponentially increased per-unit margins. However, as Benoit Lheureux, the VP for Research at Gartner points out, “IoT project implementers often ...
Basho Technologies has announced the latest release of Basho Riak TS, version 1.3. Riak TS is an enterprise-grade NoSQL database optimized for Internet of Things (IoT). The open source version enables developers to download the software for free and use it in production as well as make contributions to the code and develop applications around Riak TS. Enhancements to Riak TS make it quick, easy and cost-effective to spin up an instance to test new ideas and build IoT applications. In addition to...
Presidio has received the 2015 EMC Partner Services Quality Award from EMC Corporation for achieving outstanding service excellence and customer satisfaction as measured by the EMC Partner Services Quality (PSQ) program. Presidio was also honored as the 2015 EMC Americas Marketing Excellence Partner of the Year and 2015 Mid-Market East Partner of the Year. The EMC PSQ program is a project-specific survey program designed for partners with Service Partner designations to solicit customer feedbac...
Machine Learning helps make complex systems more efficient. By applying advanced Machine Learning techniques such as Cognitive Fingerprinting, wind project operators can utilize these tools to learn from collected data, detect regular patterns, and optimize their own operations. In his session at 18th Cloud Expo, Stuart Gillen, Director of Business Development at SparkCognition, discussed how research has demonstrated the value of Machine Learning in delivering next generation analytics to imp...
In his general session at 18th Cloud Expo, Lee Atchison, Principal Cloud Architect and Advocate at New Relic, discussed cloud as a ‘better data center’ and how it adds new capacity (faster) and improves application availability (redundancy). The cloud is a ‘Dynamic Tool for Dynamic Apps’ and resource allocation is an integral part of your application architecture, so use only the resources you need and allocate /de-allocate resources on the fly.
It is one thing to build single industrial IoT applications, but what will it take to build the Smart Cities and truly society changing applications of the future? The technology won’t be the problem, it will be the number of parties that need to work together and be aligned in their motivation to succeed. In his Day 2 Keynote at @ThingsExpo, Henrik Kenani Dahlgren, Portfolio Marketing Manager at Ericsson, discussed how to plan to cooperate, partner, and form lasting all-star teams to change t...
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life sett...
There are several IoTs: the Industrial Internet, Consumer Wearables, Wearables and Healthcare, Supply Chains, and the movement toward Smart Grids, Cities, Regions, and Nations. There are competing communications standards every step of the way, a bewildering array of sensors and devices, and an entire world of competing data analytics platforms. To some this appears to be chaos. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, Bradley Holt, Developer Advocate a...
Connected devices and the industrial internet are growing exponentially every year with Cisco expecting 50 billion devices to be in operation by 2020. In this period of growth, location-based insights are becoming invaluable to many businesses as they adopt new connected technologies. Knowing when and where these devices connect from is critical for a number of scenarios in supply chain management, disaster management, emergency response, M2M, location marketing and more. In his session at @Th...
The cloud market growth today is largely in public clouds. While there is a lot of spend in IT departments in virtualization, these aren’t yet translating into a true “cloud” experience within the enterprise. What is stopping the growth of the “private cloud” market? In his general session at 18th Cloud Expo, Nara Rajagopalan, CEO of Accelerite, explored the challenges in deploying, managing, and getting adoption for a private cloud within an enterprise. What are the key differences between wh...
A strange thing is happening along the way to the Internet of Things, namely far too many devices to work with and manage. It has become clear that we'll need much higher efficiency user experiences that can allow us to more easily and scalably work with the thousands of devices that will soon be in each of our lives. Enter the conversational interface revolution, combining bots we can literally talk with, gesture to, and even direct with our thoughts, with embedded artificial intelligence, wh...
Cloud computing is being adopted in one form or another by 94% of enterprises today. Tens of billions of new devices are being connected to The Internet of Things. And Big Data is driving this bus. An exponential increase is expected in the amount of information being processed, managed, analyzed, and acted upon by enterprise IT. This amazing is not part of some distant future - it is happening today. One report shows a 650% increase in enterprise data by 2020. Other estimates are even higher....
SYS-CON Events announced today that Bsquare has been named “Silver Sponsor” of SYS-CON's @ThingsExpo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. For more than two decades, Bsquare has helped its customers extract business value from a broad array of physical assets by making them intelligent, connecting them, and using the data they generate to optimize business processes.
Internet of @ThingsExpo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 19th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devices - comp...
19th Cloud Expo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Meanwhile, 94% of enterpri...
The 19th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Digital Transformation, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportuni...
Internet of @ThingsExpo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with the 19th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world and ThingsExpo Silicon Valley Call for Papers is now open.
There is little doubt that Big Data solutions will have an increasing role in the Enterprise IT mainstream over time. Big Data at Cloud Expo - to be held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA - has announced its Call for Papers is open. Cloud computing is being adopted in one form or another by 94% of enterprises today. Tens of billions of new devices are being connected to The Internet of Things. And Big Data is driving this bus. An exponential increase is...
Cognitive Computing is becoming the foundation for a new generation of solutions that have the potential to transform business. Unlike traditional approaches to building solutions, a cognitive computing approach allows the data to help determine the way applications are designed. This contrasts with conventional software development that begins with defining logic based on the current way a business operates. In her session at 18th Cloud Expo, Judith S. Hurwitz, President and CEO of Hurwitz & ...