Click here to close now.




















Welcome!

Cloud Security Authors: Cloud Best Practices Network, Pat Romanski, Elizabeth White, Liz McMillan, Tim Hinds

Related Topics: @CloudExpo, Java IoT, Microservices Expo, Linux Containers, Agile Computing, Cloud Security

@CloudExpo: Article

Cloud Security Myths: Busted

In many cases, the average enterprise or SME can't keep up with all of the security controls necessary to protect data in-house

In a Feb 2014 survey, 94 percent of organizations surveyed reported running applications or experimenting with infrastructure-as-a-service.[1] According to research firm Nasumi, there is over one exabyte currently stored in the cloud. An exabyte is over a billion GB.[2] Considering the amount of data in the cloud and the growing rate of adoption for sensitive use cases, it is natural that securing our data in the cloud is a concern. But, cloud security, though rightfully a central concern, should not be a hindrance to aggressively moving workloads and applications to the cloud.

In fact, there are some misconceptions about cloud security that need to be laid to rest.

Myth #1: A cloud provider's customers can attack each other
The multi-tenant environment of cloud computing has given rise to a misconception that the provider's many customers can access each other's data and accounts with little effort. This is tantamount to saying that your neighbors can break into your home easier than a thief from across town.

The truth is that virtual walls segregate you from other customers. Your hypervisor is the primary separator and is extremely difficult to hack. If you add other safeguards like VLAN isolation and proper data encryption and key management, your data is completely safe from other cloud customers.

The Alert Logic State of Cloud Security Report concludes "It's not that the cloud is inherently secure or insecure. It's really about the quality of management applied to any IT environment."

Myth #2: Data in the cloud in more susceptible to risk than data in the datacenter
In survey after survey, we find that the reason that cloud computing isn't growing even faster than its staggering CAGR is companies' security fears. But, like many fears, this one mixes legitimate concerns with ignorance. Depending on the details, data in the cloud may actually be safer than data in the datacenter.

In fact, a 2014 study found that once businesses learn about and experience cloud computing, concerns about security vanish. Close to one-third of executives and professionals who have not yet implemented cloud say security is their top concern, a number that diminishes to 13 percent of seasoned, heavy users of cloud services (and is only the fifth-ranked concern on their list).[3]

Arthur W. Coviello, Jr., Executive Chairman for RSA, puts it simply, "security concerns are really independent of the cloud. They're just an extension of what is being dealt with in the physical infrastructure."[4]

In many cases, the average enterprise or SME can't keep up with all of the security controls necessary to protect data in-house. For a cloud provider, conversely, it is a core business function. They typically invest in the strongest forms of network security and detection and attain compliance certifications that reduce the risk for the data they're tasked to protect.

If your core business isn't preparing tax returns, you hire someone who can do it for you: someone with the right background, experience, and tools. Someone who does a better job than you could do yourself. The same applies when it comes to protecting your data: using a provider who specializes in doing so will create better results than doing it yourself.

Myth #3: Using a trusted cloud provider guarantees protection of data
The internet is filled with comparisons of the trustworthiness of cloud providers. Those researching a cloud solution are often tasked with ensuring the cloud provider conducts audits, provides certifications, complies with industry regulations, properly screens their employees, etc. While all of these elements have their place in assessing the trustworthiness of a cloud provider, they don't completely protect your data because it is not just the cloud provider's responsibility to protect your data.

The truth is this: whether you build your own private cloud, store your data in a public cloud, or keep your sensitive business information under your mattress, the duty to protect your data is yours alone.

Amazon Web Services (AWS) accounted for 37% of the $9 billion infrastructure as a service (IaaS) market in 2013, according to analysts from equity research firm Evercore. The IaaS market is growing by 45%, but Amazon Web Services has a growth rate of 60%.[5] AWS is currently the biggest public cloud provider. And yet, in the AWS Security Center, they clearly state "AWS has secured the underlying infrastructure and you must secure anything you put on the infrastructure."

Because you control the security of your accounts and data, you can ensure that you still own your data - even though you are housing it in public infrastructure.

The way to ensure your data is safe in the cloud is by encryption. Encryption, and the management of encryption keys, is not just about safety, it is also about ownership. If you encrypt properly, you will own your data even though you are renting infrastructure form a cloud provider.

To simply and effectively achieve encryption key management, the best practice is coupling the innovative techniques of split key encryption and homomorphic key management. They will be the assurance that no one (not even your cloud provider) can access data you store in the cloud and that everything you store in the cloud is completely safe, segregated, and protected in a way that is scalable, automated, and cost-effective.

Resources

  1. http://www.rightscale.com/blog/cloud-industry-insights/cloud-computing-trends-2014-state-cloud-survey
  2. https://www.nasuni.com/wp-content/uploads/2013/02/nasuni_infographic_the_state_of_cloud_storage_in_2013-4.jpg
  3. http://www.forbes.com/sites/joemckendrick/2014/04/03/cloud-security-fears-diminish-with-experience-survey-shows/
  4. http://www.vmware.com/files/pdf/VMware-Cloud-Security-Myths-Strategies-Uncovered-White-Paper.pdf
  5. http://www.businessinsider.com/amazon-web-services-market-share-2014-6

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@ThingsExpo Stories
A producer of the first smartphones and tablets, presenter Lee M. Williams will talk about how he is now applying his experience in mobile technology to the design and development of the next generation of Environmental and Sustainability Services at ETwater. In his session at @ThingsExpo, Lee Williams, COO of ETwater, will talk about how he is now applying his experience in mobile technology to the design and development of the next generation of Environmental and Sustainability Services at ETwater.
WebRTC has had a real tough three or four years, and so have those working with it. Only a few short years ago, the development world were excited about WebRTC and proclaiming how awesome it was. You might have played with the technology a couple of years ago, only to find the extra infrastructure requirements were painful to implement and poorly documented. This probably left a bitter taste in your mouth, especially when things went wrong.
SYS-CON Events announced today that IceWarp will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. IceWarp, the leader of cloud and on-premise messaging, delivers secured email, chat, documents, conferencing and collaboration to today's mobile workforce, all in one unified interface
With the proliferation of connected devices underpinning new Internet of Things systems, Brandon Schulz, Director of Luxoft IoT – Retail, will be looking at the transformation of the retail customer experience in brick and mortar stores in his session at @ThingsExpo. Questions he will address include: Will beacons drop to the wayside like QR codes, or be a proximity-based profit driver? How will the customer experience change in stores of all types when everything can be instrumented and analyzed? As an area of investment, how might a retail company move towards an innovation methodolo...
The Internet of Things (IoT) is about the digitization of physical assets including sensors, devices, machines, gateways, and the network. It creates possibilities for significant value creation and new revenue generating business models via data democratization and ubiquitous analytics across IoT networks. The explosion of data in all forms in IoT requires a more robust and broader lens in order to enable smarter timely actions and better outcomes. Business operations become the key driver of IoT applications and projects. Business operations, IT, and data scientists need advanced analytics t...
Consumer IoT applications provide data about the user that just doesn’t exist in traditional PC or mobile web applications. This rich data, or “context,” enables the highly personalized consumer experiences that characterize many consumer IoT apps. This same data is also providing brands with unprecedented insight into how their connected products are being used, while, at the same time, powering highly targeted engagement and marketing opportunities. In his session at @ThingsExpo, Nathan Treloar, President and COO of Bebaio, will explore examples of brands transforming their businesses by t...
SYS-CON Events announced today that Pythian, a global IT services company specializing in helping companies leverage disruptive technologies to optimize revenue-generating systems, has been named “Bronze Sponsor” of SYS-CON's 17th Cloud Expo, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Founded in 1997, Pythian is a global IT services company that helps companies compete by adopting disruptive technologies such as cloud, Big Data, advanced analytics, and DevOps to advance innovation and increase agility. Specializing in designing, imple...
While many app developers are comfortable building apps for the smartphone, there is a whole new world out there. In his session at @ThingsExpo, Narayan Sainaney, Co-founder and CTO of Mojio, will discuss how the business case for connected car apps is growing and, with open platform companies having already done the heavy lifting, there really is no barrier to entry.
SYS-CON Events announced today that HPM Networks will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. For 20 years, HPM Networks has been integrating technology solutions that solve complex business challenges. HPM Networks has designed solutions for both SMB and enterprise customers throughout the San Francisco Bay Area.
Through WebRTC, audio and video communications are being embedded more easily than ever into applications, helping carriers, enterprises and independent software vendors deliver greater functionality to their end users. With today’s business world increasingly focused on outcomes, users’ growing calls for ease of use, and businesses craving smarter, tighter integration, what’s the next step in delivering a richer, more immersive experience? That richer, more fully integrated experience comes about through a Communications Platform as a Service which allows for messaging, screen sharing, video...
SYS-CON Events announced today that Micron Technology, Inc., a global leader in advanced semiconductor systems, will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Micron’s broad portfolio of high-performance memory technologies – including DRAM, NAND and NOR Flash – is the basis for solid state drives, modules, multichip packages and other system solutions. Backed by more than 35 years of technology leadership, Micron's memory solutions enable the world's most innovative computing, consumer,...
As more intelligent IoT applications shift into gear, they’re merging into the ever-increasing traffic flow of the Internet. It won’t be long before we experience bottlenecks, as IoT traffic peaks during rush hours. Organizations that are unprepared will find themselves by the side of the road unable to cross back into the fast lane. As billions of new devices begin to communicate and exchange data – will your infrastructure be scalable enough to handle this new interconnected world?
As more and more data is generated from a variety of connected devices, the need to get insights from this data and predict future behavior and trends is increasingly essential for businesses. Real-time stream processing is needed in a variety of different industries such as Manufacturing, Oil and Gas, Automobile, Finance, Online Retail, Smart Grids, and Healthcare. Azure Stream Analytics is a fully managed distributed stream computation service that provides low latency, scalable processing of streaming data in the cloud with an enterprise grade SLA. It features built-in integration with Azur...
Too often with compelling new technologies market participants become overly enamored with that attractiveness of the technology and neglect underlying business drivers. This tendency, what some call the “newest shiny object syndrome,” is understandable given that virtually all of us are heavily engaged in technology. But it is also mistaken. Without concrete business cases driving its deployment, IoT, like many other technologies before it, will fade into obscurity.
Akana has announced the availability of the new Akana Healthcare Solution. The API-driven solution helps healthcare organizations accelerate their transition to being secure, digitally interoperable businesses. It leverages the Health Level Seven International Fast Healthcare Interoperability Resources (HL7 FHIR) standard to enable broader business use of medical data. Akana developed the Healthcare Solution in response to healthcare businesses that want to increase electronic, multi-device access to health records while reducing operating costs and complying with government regulations.
For IoT to grow as quickly as analyst firms’ project, a lot is going to fall on developers to quickly bring applications to market. But the lack of a standard development platform threatens to slow growth and make application development more time consuming and costly, much like we’ve seen in the mobile space. In his session at @ThingsExpo, Mike Weiner, Product Manager of the Omega DevCloud with KORE Telematics Inc., discussed the evolving requirements for developers as IoT matures and conducted a live demonstration of how quickly application development can happen when the need to comply wit...
The Internet of Everything (IoE) brings together people, process, data and things to make networked connections more relevant and valuable than ever before – transforming information into knowledge and knowledge into wisdom. IoE creates new capabilities, richer experiences, and unprecedented opportunities to improve business and government operations, decision making and mission support capabilities.
Explosive growth in connected devices. Enormous amounts of data for collection and analysis. Critical use of data for split-second decision making and actionable information. All three are factors in making the Internet of Things a reality. Yet, any one factor would have an IT organization pondering its infrastructure strategy. How should your organization enhance its IT framework to enable an Internet of Things implementation? In his session at @ThingsExpo, James Kirkland, Red Hat's Chief Architect for the Internet of Things and Intelligent Systems, described how to revolutionize your archit...
MuleSoft has announced the findings of its 2015 Connectivity Benchmark Report on the adoption and business impact of APIs. The findings suggest traditional businesses are quickly evolving into "composable enterprises" built out of hundreds of connected software services, applications and devices. Most are embracing the Internet of Things (IoT) and microservices technologies like Docker. A majority are integrating wearables, like smart watches, and more than half plan to generate revenue with APIs within the next year.
Growth hacking is common for startups to make unheard-of progress in building their business. Career Hacks can help Geek Girls and those who support them (yes, that's you too, Dad!) to excel in this typically male-dominated world. Get ready to learn the facts: Is there a bias against women in the tech / developer communities? Why are women 50% of the workforce, but hold only 24% of the STEM or IT positions? Some beginnings of what to do about it! In her Opening Keynote at 16th Cloud Expo, Sandy Carter, IBM General Manager Cloud Ecosystem and Developers, and a Social Business Evangelist, d...