Click here to close now.

Welcome!

Security Authors: Elizabeth White, Pat Romanski, Esmeralda Swartz, Peter Silva, Adam Vincent

Related Topics: Cloud Expo, MICROSERVICES, .NET, Security, Big Data Journal, @ThingsExpo

Cloud Expo: Article

What Cloud Startups Need to Know About Hunting Elephants

Large companies have several sets of requirements for solution providers that differ from smaller companies

"Cloud computing" is more than just a buzzword - it has transformed the tech industry. Having been in the business of building enterprise infrastructure for over 15 years, I've had the opportunity to witness how cloud has altered the landscape, including most recently at my company, Nexgate. It has not only ushered in a radical wave of innovation, but has also created new business models. The easily accessible and inexpensive nature of its on-demand structure has both paved the way for the rapid launch of new technologies and enabled the growth of businesses.

Yet, as with any technology, it also has its limits and risks, especially for cloud startups. If not configured well, cloud doesn't necessarily fit hand-in-hand with the needs of large enterprises. While the benefits of gaining a big customer are certainly obvious, the demands of doing so are not talked about nearly as frequently, despite that both are important. Hunting elephants is a dangerous game if you're a mouse.

Large companies have several sets of requirements for solution providers that differ from smaller companies, which aren't as concerned about security and scalability. Whereas the size of smaller companies doesn't require a focus on mitigating the risk of a high profile security breach or managing complex systems on a mass scale, for larger companies, these concerns are very real. Hence, it's not enough to just have a great product to engage on an enterprise level - large companies have dedicated security teams and requirements that you as a vendor need to work with to close the deal.

Having a disaster recovery plan in place is one of the first steps to becoming enterprise ready. Any sizeable organization is going to want assurance that in the event of a crisis, any lapse in the service you provide is going to be as brief and as painless as possible. And, furthermore, that enterprise is going to want proof to back up that assurance. That proof is called a disaster recovery plan. A disaster recovery plan specifies how your company intends to mitigate the risk of an incident resulting in downtime, as well as the processes in place for remediating and recovering from one. Given organizations' increasing dependency on information technology to run their operations, the more critical your product is to the day-to-day functioning of an enterprise, the more you must demonstrate this competency.

Creating and maintaining a disaster recovery plan is no simple task. Each employee should be trained in his or her role and responsibility in the event of a crisis or outage, and the plan should be documented and tested to ensure continuity of procedures and availability of essential resources in the event of a disaster. Your plan should specify easily executable and repeatable procedures for recovering and repairing any damaged IT resources and restoring them to operation as rapidly as possible. Be sure to include a summary of the critical assets and services, their recovery objectives, and recovery priorities, in addition to the contact information for disaster support agencies and a secondary data center service provider or other temporary means of providing service.

Security policy and practices are another prerequisite for navigating a large corporate environment. Without demonstrating the security of your product, you've effectively lost your seat at the table with enterprise companies. In today's tech-saturated world, an information security breach, hack, or hijack can cost thousands of dollars - not to mention inestimable damage to brands and consumer trust. This means an even greater burden of proof lies on vendors (and their cloud providers) as far as security is concerned to prevent such an event from happening. For example, if you're storing data on behalf of customers, are they encrypted in your database? Do you have strong access policies? Are your employees trained and certified when it comes to securing both corporate and personal accounts? If you're a web-based app, do you use a web app firewall (WAP)? Do you have IP and firewall restrictions in place from a cloud security service like Dome9? And what level of security does your cloud provider (e.g., Amazon Web Services) provide? The answers to these questions can help you structure your security policy and practices in alignment with enterprise needs.

To augment these policies and practices, you should also implement security review and testing. Policy and procedures are critical, but without confirmation and review of their execution, they only live in theory. For this reason, implementing internal and external reviews to ensure that your company, your employees, and your partners are all following your policy is critical. Ultimately, you should be able to show that you've created a process that's being applied day-to-day, which is sufficient enough to hold off socially engineered attacks and risks from phishing and malware, among other threats to your security. Allowing for third-party penetration testing is a great strategy to demonstrate your security capacity in this way. The more you can verify the process and results of that testing, the more you can prove to an enterprise that your product is effective and safe for use on a large scale.

Working with enterprise certainly has massive upsides, but with those benefits inherently comes a higher level of skepticism, scrutiny, and caution. Expect to have to prove that you can support sophisticated systems on a large scale, not only in terms of operation but also when it comes to appropriate processes, documentation, and security. The more you can anticipate enterprise needs and have the necessary procedures in place right out of the gate, the greater the level of confidence larger organizations will have in your company, and the better you can serve your customers.

For additional information about making your organization enterprise ready, check out these resources:

  1. Disaster Recovery Journal Sample Plans
  2. Cloud Security Alliance (CSA) Security Guidance
  3. AWS Security Center

More Stories By Rich Sutton

Rich Sutton is co-founder and CTO at Nexgate, a cloud-based social media compliance and security solution. Along with holding multiple patents, he has more than 15 years of experience in enterprise software and application development experience. Prior to working at Nexgate, Rich led a 50+ person engineering team building Websense’s web security product portfolio and also held senior management and technical positions at Symantec, 8e6 Technologies (now Trustwave), and eFunds (now Fidelity) building everything from SaaS applications to high-throughput network appliances, client security software, and mobile applications.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@ThingsExpo Stories
GENBAND has announced that SageNet is leveraging the Nuvia platform to deliver Unified Communications as a Service (UCaaS) to its large base of retail and enterprise customers. Nuvia’s cloud-based solution provides SageNet’s customers with a full suite of business communications and collaboration tools. Two large national SageNet retail customers have recently signed up to deploy the Nuvia platform and the company will continue to sell the service to new and existing customers. Nuvia’s capabilities include HD voice, video, multimedia messaging, mobility, conferencing, Web collaboration, deskt...
The WebRTC Summit 2014 New York, to be held June 9-11, 2015, at the Javits Center in New York, NY, announces that its Call for Papers is open. Topics include all aspects of improving IT delivery by eliminating waste through automated business models leveraging cloud technologies. WebRTC Summit is co-located with 16th International Cloud Expo, @ThingsExpo, Big Data Expo, and DevOps Summit.
SYS-CON Media announced today that @WebRTCSummit Blog, the largest WebRTC resource in the world, has been launched. @WebRTCSummit Blog offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. @WebRTCSummit Blog can be bookmarked ▸ Here @WebRTCSummit conference site can be bookmarked ▸ Here
SYS-CON Events announced today that Cisco, the worldwide leader in IT that transforms how people connect, communicate and collaborate, has been named “Gold Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Cisco makes amazing things happen by connecting the unconnected. Cisco has shaped the future of the Internet by becoming the worldwide leader in transforming how people connect, communicate and collaborate. Cisco and our partners are building the platform for the Internet of Everything by connecting the...
Wearable technology was dominant at this year’s International Consumer Electronics Show (CES) , and MWC was no exception to this trend. New versions of favorites, such as the Samsung Gear (three new products were released: the Gear 2, the Gear 2 Neo and the Gear Fit), shared the limelight with new wearables like Pebble Time Steel (the new premium version of the company’s previously released smartwatch) and the LG Watch Urbane. The most dramatic difference at MWC was an emphasis on presenting wearables as fashion accessories and moving away from the original clunky technology associated with t...
Temasys has announced senior management additions to its team. Joining are David Holloway as Vice President of Commercial and Nadine Yap as Vice President of Product. Over the past 12 months Temasys has doubled in size as it adds new customers and expands the development of its Skylink platform. Skylink leads the charge to move WebRTC, traditionally seen as a desktop, browser based technology, to become a ubiquitous web communications technology on web and mobile, as well as Internet of Things compatible devices.
SYS-CON Events announced today that robomq.io will exhibit at SYS-CON's @ThingsExpo, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. robomq.io is an interoperable and composable platform that connects any device to any application. It helps systems integrators and the solution providers build new and innovative products and service for industries requiring monitoring or intelligence from devices and sensors.
Docker is an excellent platform for organizations interested in running microservices. It offers portability and consistency between development and production environments, quick provisioning times, and a simple way to isolate services. In his session at DevOps Summit at 16th Cloud Expo, Shannon Williams, co-founder of Rancher Labs, will walk through these and other benefits of using Docker to run microservices, and provide an overview of RancherOS, a minimalist distribution of Linux designed expressly to run Docker. He will also discuss Rancher, an orchestration and service discovery platf...
SYS-CON Events announced today that Akana, formerly SOA Software, has been named “Bronze Sponsor” of SYS-CON's 16th International Cloud Expo® New York, which will take place June 9-11, 2015, at the Javits Center in New York City, NY. Akana’s comprehensive suite of API Management, API Security, Integrated SOA Governance, and Cloud Integration solutions helps businesses accelerate digital transformation by securely extending their reach across multiple channels – mobile, cloud and Internet of Things. Akana enables enterprises to share data as APIs, connect and integrate applications, drive part...
SYS-CON Events announced today that Vitria Technology, Inc. will exhibit at SYS-CON’s @ThingsExpo, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Vitria will showcase the company’s new IoT Analytics Platform through live demonstrations at booth #330. Vitria’s IoT Analytics Platform, fully integrated and powered by an operational intelligence engine, enables customers to rapidly build and operationalize advanced analytics to deliver timely business outcomes for use cases across the industrial, enterprise, and consumer segments.
SYS-CON Events announced today that Solgenia will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY, and the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Solgenia is the global market leader in Cloud Collaboration and Cloud Infrastructure software solutions. Designed to “Bridge the Gap” between Personal and Professional Social, Mobile and Cloud user experiences, our solutions help large and medium-sized organizations dr...
SYS-CON Events announced today that Liaison Technologies, a leading provider of data management and integration cloud services and solutions, has been named "Silver Sponsor" of SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York, NY. Liaison Technologies is a recognized market leader in providing cloud-enabled data integration and data management solutions to break down complex information barriers, enabling enterprises to make smarter decisions, faster.
Cloud is not a commodity. And no matter what you call it, computing doesn’t come out of the sky. It comes from physical hardware inside brick and mortar facilities connected by hundreds of miles of networking cable. And no two clouds are built the same way. SoftLayer gives you the highest performing cloud infrastructure available. One platform that takes data centers around the world that are full of the widest range of cloud computing options, and then integrates and automates everything. Join SoftLayer on June 9 at 16th Cloud Expo to learn about IBM Cloud's SoftLayer platform, explore se...
@ThingsExpo has been named the Top 5 Most Influential M2M Brand by Onalytica in the ‘Machine to Machine: Top 100 Influencers and Brands.' Onalytica analyzed the online debate on M2M by looking at over 85,000 tweets to provide the most influential individuals and brands that drive the discussion. According to Onalytica the "analysis showed a very engaged community with a lot of interactive tweets. The M2M discussion seems to be more fragmented and driven by some of the major brands present in the M2M space. This really allows some room for influential individuals to create more high value inter...
The world's leading Cloud event, Cloud Expo has launched Microservices Journal on the SYS-CON.com portal, featuring over 19,000 original articles, news stories, features, and blog entries. DevOps Journal is focused on this critical enterprise IT topic in the world of cloud computing. Microservices Journal offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. Follow new article posts on Twitter at @MicroservicesE
SYS-CON Events announced today the IoT Bootcamp – Jumpstart Your IoT Strategy, being held June 9–10, 2015, in conjunction with 16th Cloud Expo and Internet of @ThingsExpo at the Javits Center in New York City. This is your chance to jumpstart your IoT strategy. Combined with real-world scenarios and use cases, the IoT Bootcamp is not just based on presentations but includes hands-on demos and walkthroughs. We will introduce you to a variety of Do-It-Yourself IoT platforms including Arduino, Raspberry Pi, BeagleBone, Spark and Intel Edison. You will also get an overview of cloud technologies s...
SYS-CON Events announced today that SafeLogic has been named “Bag Sponsor” of SYS-CON's 16th International Cloud Expo® New York, which will take place June 9-11, 2015, at the Javits Center in New York City, NY. SafeLogic provides security products for applications in mobile and server/appliance environments. SafeLogic’s flagship product CryptoComply is a FIPS 140-2 validated cryptographic engine designed to secure data on servers, workstations, appliances, mobile devices, and in the Cloud.
Containers and microservices have become topics of intense interest throughout the cloud developer and enterprise IT communities. Accordingly, attendees at the upcoming 16th Cloud Expo at the Javits Center in New York June 9-11 will find fresh new content in a new track called PaaS | Containers & Microservices Containers are not being considered for the first time by the cloud community, but a current era of re-consideration has pushed them to the top of the cloud agenda. With the launch of Docker's initial release in March of 2013, interest was revved up several notches. Then late last...
SOA Software has changed its name to Akana. With roots in Web Services and SOA Governance, Akana has established itself as a leader in API Management and is expanding into cloud integration as an alternative to the traditional heavyweight enterprise service bus (ESB). The company recently announced that it achieved more than 90% year-over-year growth. As Akana, the company now addresses the evolution and diversification of SOA, unifying security, management, and DevOps across SOA, APIs, microservices, and more.
After making a doctor’s appointment via your mobile device, you receive a calendar invite. The day of your appointment, you get a reminder with the doctor’s location and contact information. As you enter the doctor’s exam room, the medical team is equipped with the latest tablet containing your medical history – he or she makes real time updates to your medical file. At the end of your visit, you receive an electronic prescription to your preferred pharmacy and can schedule your next appointment.