Welcome!

Java IoT Authors: Pat Romanski, Liz McMillan, Gil Allouche, William Schmarzo, AppDynamics Blog

Related Topics: Cloud Security, Java IoT, Microservices Expo, Containers Expo Blog, IoT User Interface, @CloudExpo

Cloud Security: Article

Why Data Breaches Occur and How You Can Lessen Their Impact

Part 1 of 2: Security today is as much about damage control as it is about breach avoidance

One of the dirty little secrets about security: there is simply no way to make your company impervious to a data breach. It's almost a statistical certainty that you will, at some point or another, be hit with a security scenario that you're not prepared for. That's why security today is as much about damage control as it is about breach avoidance.

Consider the following:

  • Most breaches aren't that hard to execute

Attacks on corporate networks and data occur at alarming frequency. You might think that's because attackers have become more sophisticated, but that's not necessarily the case. In fact, the most recent Verizon Security Breach study suggests a hacker with fairly rudimentary skills could've pulled off the majority of attacks in 2012.

And these attacks aren't isolated to large banks and government entities - they're pervasive across all industries. The bottom line is, if you have important data, chances are someone else thinks it's important too -- and will do whatever it takes to get to it.

  • Compliance mandates are limited and vague

U.S. compliance guidelines for data and cybersecurity are noticeably vague, leaving it up to corporations to determine best practices for maintaining the privacy and confidentiality of sensitive data. As a result, organizations typically do just enough to achieve compliance, when in fact, compliance with HIPAA, FERPA, FISMA, PCI and others, should actually be the low bar.

When it comes to sensitive data, you can never be too safe. Let's say an email list gets breached. This isn't regulated data. You're not going to get fined for non-compliance, but PII is still compromised. This represents a significant failure on the part of the responsible corporation, one that ultimately leads to loss of customer trust.

  • Big data is big business

It's hard to have a conversation about technology where the phrase, "big data" doesn't come up. For all the advantages associated with capturing large volumes of diverse data at high speeds, there's an inherent risk in securing lots of sensitive data in massively distributed databases in the cloud. Each node -- and big data can have hundreds or even thousands - represents a point of failure where data can be accessed without authorization.

  • Don't forget about BYOD

Earlier this month, Google Chairman, Eric Schmidt announced there are 500 million Android devices worldwide, with 1.3 million new activations daily. There are about 365 million iOS devices in play right now, and a large percentage of those devices are infiltrating the workplace. In fact, 36% of all email is now being opened on a phone or tablet, many of which are accessing data inside your firewall.

Each of these phones, tablets and mobile devices represent potential security vulnerabilities. According to a site maintained by the US Department of Health and Human Services, 72% of data breaches dating back to 2009 stem from stolen, lost or improperly disposed of devices representing a total of 15.6 million individual health records. Device theft is pervasive, and the influx of mobile devices just presents more opportunity for sensitive regulatory and PII data to go missing.

  • Security keys are being mismanaged

Another concern is around the management of cryptographic keys, SSL certificates and other "opaque" objects. With the trend toward IT hybridization, organizations are being buried by a virtual avalanche of encryption keys, data tokens, SSL certificates, passwords and more.

If any of these security objects fell into the wrong hands, there's almost nothing in your corporate environment that wouldn't be at risk. Surprisingly, not a lot of forethought goes into the security, management, provisioning and revocation of these keys. In fact, we often hear stories about systems administrators storing keys in boot files or easily accessible spreadsheets on their hard drives. Think about it this way: You wouldn't lock your car and leave the keys in the driver's side door, would you?

The issues above only scratch the surface. There are still lingering questions and concerns about cloud security, authentication and ownership of data in SaaS applications to name a few more. On Monday, we'll look at some small things you can do that will have a profound impact on your data security profile. Stay tuned.

More Stories By David Tishgart

After spending years at large corporations including Dell, AMD and BMC, David Tishgart joined the startup ranks leading product marketing for Gazzang. Focused on security for big data, he helps communicate the benefits and challenges that big data can present, offering practical solutions. When not ranting about encryption and key management, you can find David clamoring for a big data application that can fine tune his fantasy football team.

@ThingsExpo Stories
IoT generates lots of temporal data. But how do you unlock its value? You need to discover patterns that are repeatable in vast quantities of data, understand their meaning, and implement scalable monitoring across multiple data streams in order to monetize the discoveries and insights. Motif discovery and deep learning platforms are emerging to visualize sensor data, to search for patterns and to build application that can monitor real time streams efficiently. In his session at @ThingsExpo, ...
The best-practices for building IoT applications with Go Code that attendees can use to build their own IoT applications. In his session at @ThingsExpo, Indraneel Mitra, Senior Solutions Architect & Technology Evangelist at Cognizant, provided valuable information and resources for both novice and experienced developers on how to get started with IoT and Golang in a day. He also provided information on how to use Intel Arduino Kit, Go Robotics API and AWS IoT stack to build an application tha...
Manufacturers are embracing the Industrial Internet the same way consumers are leveraging Fitbits – to improve overall health and wellness. Both can provide consistent measurement, visibility, and suggest performance improvements customized to help reach goals. Fitbit users can view real-time data and make adjustments to increase their activity. In his session at @ThingsExpo, Mark Bernardo Professional Services Leader, Americas, at GE Digital, discussed how leveraging the Industrial Internet a...
You think you know what’s in your data. But do you? Most organizations are now aware of the business intelligence represented by their data. Data science stands to take this to a level you never thought of – literally. The techniques of data science, when used with the capabilities of Big Data technologies, can make connections you had not yet imagined, helping you discover new insights and ask new questions of your data. In his session at @ThingsExpo, Sarbjit Sarkaria, data science team lead ...
Extracting business value from Internet of Things (IoT) data doesn’t happen overnight. There are several requirements that must be satisfied, including IoT device enablement, data analysis, real-time detection of complex events and automated orchestration of actions. Unfortunately, too many companies fall short in achieving their business goals by implementing incomplete solutions or not focusing on tangible use cases. In his general session at @ThingsExpo, Dave McCarthy, Director of Products...
Amazon has gradually rolled out parts of its IoT offerings in the last year, but these are just the tip of the iceberg. In addition to optimizing their back-end AWS offerings, Amazon is laying the ground work to be a major force in IoT – especially in the connected home and office. Amazon is extending its reach by building on its dominant Cloud IoT platform, its Dash Button strategy, recently announced Replenishment Services, the Echo/Alexa voice recognition control platform, the 6-7 strategic...
WebRTC is bringing significant change to the communications landscape that will bridge the worlds of web and telephony, making the Internet the new standard for communications. Cloud9 took the road less traveled and used WebRTC to create a downloadable enterprise-grade communications platform that is changing the communication dynamic in the financial sector. In his session at @ThingsExpo, Leo Papadopoulos, CTO of Cloud9, discussed the importance of WebRTC and how it enables companies to focus...
Verizon Communications Inc. (NYSE, Nasdaq: VZ) and Yahoo! Inc. (Nasdaq: YHOO) have entered into a definitive agreement under which Verizon will acquire Yahoo's operating business for approximately $4.83 billion in cash, subject to customary closing adjustments. Yahoo informs, connects and entertains a global audience of more than 1 billion monthly active users** -- including 600 million monthly active mobile users*** through its search, communications and digital content products. Yahoo also co...
"There's a growing demand from users for things to be faster. When you think about all the transactions or interactions users will have with your product and everything that is between those transactions and interactions - what drives us at Catchpoint Systems is the idea to measure that and to analyze it," explained Leo Vasiliou, Director of Web Performance Engineering at Catchpoint Systems, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York Ci...
SYS-CON Events announced today that LeaseWeb USA, a cloud Infrastructure-as-a-Service (IaaS) provider, will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. LeaseWeb is one of the world's largest hosting brands. The company helps customers define, develop and deploy IT infrastructure tailored to their exact business needs, by combining various kinds cloud solutions.
Is your aging software platform suffering from technical debt while the market changes and demands new solutions at a faster clip? It’s a bold move, but you might consider walking away from your core platform and starting fresh. ReadyTalk did exactly that. In his General Session at 19th Cloud Expo, Michael Chambliss, Head of Engineering at ReadyTalk, will discuss why and how ReadyTalk diverted from healthy revenue and over a decade of audio conferencing product development to start an innovati...
It’s 2016: buildings are smart, connected and the IoT is fundamentally altering how control and operating systems work and speak to each other. Platforms across the enterprise are networked via inexpensive sensors to collect massive amounts of data for analytics, information management, and insights that can be used to continuously improve operations. In his session at @ThingsExpo, Brian Chemel, Co-Founder and CTO of Digital Lumens, will explore: The benefits sensor-networked systems bring to ...
SYS-CON Events announced today that 910Telecom will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Housed in the classic Denver Gas & Electric Building, 910 15th St., 910Telecom is a carrier-neutral telecom hotel located in the heart of Denver. Adjacent to CenturyLink, AT&T, and Denver Main, 910Telecom offers connectivity to all major carriers, Internet service providers, Internet backbones and ...
SYS-CON Events announced today that Venafi, the Immune System for the Internet™ and the leading provider of Next Generation Trust Protection, will exhibit at @DevOpsSummit at 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Venafi is the Immune System for the Internet™ that protects the foundation of all cybersecurity – cryptographic keys and digital certificates – so they can’t be misused by bad guys in attacks...
There will be new vendors providing applications, middleware, and connected devices to support the thriving IoT ecosystem. This essentially means that electronic device manufacturers will also be in the software business. Many will be new to building embedded software or robust software. This creates an increased importance on software quality, particularly within the Industrial Internet of Things where business-critical applications are becoming dependent on products controlled by software. Qua...
SYS-CON Events has announced today that Roger Strukhoff has been named conference chair of Cloud Expo and @ThingsExpo 2016 Silicon Valley. The 19th Cloud Expo and 6th @ThingsExpo will take place on November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. "The Internet of Things brings trillions of dollars of opportunity to developers and enterprise IT, no matter how you measure it," stated Roger Strukhoff. "More importantly, it leverages the power of devices and the Interne...
Large scale deployments present unique planning challenges, system commissioning hurdles between IT and OT and demand careful system hand-off orchestration. In his session at @ThingsExpo, Jeff Smith, Senior Director and a founding member of Incenergy, will discuss some of the key tactics to ensure delivery success based on his experience of the last two years deploying Industrial IoT systems across four continents.
CenturyLink has announced that application server solutions from GENBAND are now available as part of CenturyLink’s Networx contracts. The General Services Administration (GSA)’s Networx program includes the largest telecommunications contract vehicles ever awarded by the federal government. CenturyLink recently secured an extension through spring 2020 of its offerings available to federal government agencies via GSA’s Networx Universal and Enterprise contracts. GENBAND’s EXPERiUS™ Application...
The Internet of Things will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform. In his session at @ThingsExpo, Craig Sproule, CEO of Metavine, demonstrated how to move beyond today's coding paradigm and shared the must-have mindsets for removing complexity from the develo...
SYS-CON Events announced today that MangoApps will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. MangoApps provides modern company intranets and team collaboration software, allowing workers to stay connected and productive from anywhere in the world and from any device.