|By Kevin Nikkhoo||
|October 19, 2012 10:00 AM EDT||
In my experience there are two types of enterprise IT departments: those that maintain the status quo and those looking to continuously explore and improve.
It is truly unfortunate how many fall into the former category. But the problem with IT security is that it's an ever-evolving and moving target. So the decision to not dip your toe in the water and understand all available options could mean the difference between a panicked 3am call regarding a breach alert or a good night’s sleep.
I realize this is an over generalization, and oftentimes the decision to “stay the course” is not in the hands of IT. There are budget concerns. There are personnel limitations. There are higher perceived priorities. There are complex layers of interdepartmental decision making. So, if it ain’t broke, don’t fix it…right?
As an IT professional myself, I realize how inundated your inbox and voice mail becomes with messages; cloud-this, virtual-that, next generation so & so…but why rock the boat, everything is working…AS FAR AS YOU KNOW.
There’s the old adage, if you don’t know what you don’t know then you can’t possibly be prepared. Additionally there are organizations that simply act like ostriches. They put their head in the sand, so therefore nothing bad can happen. Or then there’s the old chestnut, “well, we’ve never been breached/hacked/attacked before, so there is no need to change.” These are people who don’t know what they don’t know…or don’t want to know because it will force a change of the status quo.
For them, here’s a true story.
Once upon a time there was (and still is!) a large retail and design firm worth about 3/4s of a billion dollars. They were very vigilant with their security. At least they thought so. They had solid on-premise tools and had dedicated security resources. Problem was, with the lingering effects of the recession, budgets got squeezed and resources became scarcer. And looking at cost centers, IT security had a target on its back. This prompted the IT team to investigate alternative ways to drive down costs, but still maintain the level of readiness and watchfulness.
They examined a variety of alternatives and did significant due diligence. They found that by moving their SIEM and Log Management functions to the cloud, they would remove considerable capital expenditures and related costs. For practically the same cost they were paying for on premise solution support and maintenance, they could incorporate a cloud-managed enterprise-class solution to manage their network defenses. But this isn’t an economic parable.
Working in conjunction with the new cloud-based security experts, the folks at this retail organization recreated many of the rules, alerts, and escalations against a variety of servers and endpoints currently being monitored on the on-premise system. For the first month or so, they wanted systems to be redundant--just to ensure the new cloud-managed SIEM and Log management were catching all the activity and traffic required to help protect the IP and help the organization comply with PCI and SOX.
Ten days into the project, the phone rang. The cloud security analyst wanted to inform the company that some unusual anomalies were detected on an internal server. It was initially diagnosed as a false positive, but the cloud analyst insisted that when correlated with other data from other servers, the intrusion was probably more than just a harmless blip.
The company reviewed its on-premise logs and could not verify the same problem. At this point the analyst was able to provide the precise server and trace the issue to a specific laptop. It was there they found the unauthorized download of what seemed to be a harmless email application, but had also nested some nasty botnets and malware. Acting quickly, they were able to quarantine the problem and diffuse the issue before a breach could occur.
But the story is not so much about cloud security saving the day, but rather how a new way of thinking and analyzing shined a light on inefficiencies, unexplored vulnerabilities and process breakdowns. It provided updated knowledge on how their users and customers were accessing and using their network resources.
Again, the moral of the story is not that cloud security is superior to all other security implementations, but rather if you don’t know what you don’t know, you can’t make the necessary adjustments to create new best practices and, in short, do the job better and more efficiently. However, whereas cloud-based security may not be better than other enterprise deployments, it IS more accessible to companies that aren’t listed on the Fortune 500. Therefore, if it is AS GOOD as a brand name enterprise tool, it would be considerably more effective than most initiatives deployed by the smaller and more moderately financed enterprises.
It allows these companies to know what they don’t know. It allows them to cast a wider net around their IT assets and better understand who is access what data and when. It allows them to monitor, in real time, all the events that are hitting every quarter of their IT infrastructure and make informed determinations based on situational context. Instead of phased, limited or partially deployed security initiatives, companies benefit from a fully-powered, industrial-strength solution ready on Day 1. To further mix metaphors, think of it as an experienced geologist looking for oil. Generally, he knows what areas likely contain oil reserves. Additionally he knows what crude looks like. Problem is, all he has is a trowel with which to search. So if the oil is not bubbling up to the top, it will go unnoticed and untapped. The geologist needs radar penetrating technology. He needs the means to reach the reserve; to understand and document the different strata of earth, detritus and bedrock. He needs a way to determine where the most advantageous position on the field for maximum yield lies. Without it, he’s bound to miss something.
But first, he has to know what he doesn’t know.
And before I let you go this week, I ask a favor. My company, CloudAccess is in the running for an cloud computing UP Award and I would welcome your support. Please vote for us: HERE
The Internet of Things will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform and how we integrate our thinking to solve complicated problems. In his session at 19th Cloud Expo, Craig Sproule, CEO of Metavine, will demonstrate how to move beyond today's coding paradigm ...
Jun. 29, 2016 07:00 PM EDT Reads: 461
The cloud market growth today is largely in public clouds. While there is a lot of spend in IT departments in virtualization, these aren’t yet translating into a true “cloud” experience within the enterprise. What is stopping the growth of the “private cloud” market? In his general session at 18th Cloud Expo, Nara Rajagopalan, CEO of Accelerite, explored the challenges in deploying, managing, and getting adoption for a private cloud within an enterprise. What are the key differences between wh...
Jun. 29, 2016 05:30 PM EDT Reads: 1,037
SYS-CON Events has announced today that Roger Strukhoff has been named conference chair of Cloud Expo and @ThingsExpo 2016 Silicon Valley. The 19th Cloud Expo and 6th @ThingsExpo will take place on November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. "The Internet of Things brings trillions of dollars of opportunity to developers and enterprise IT, no matter how you measure it," stated Roger Strukhoff. "More importantly, it leverages the power of devices and the Interne...
Jun. 29, 2016 04:15 PM EDT Reads: 447
"We work in the area of Big Data analytics and Big Data analytics is a very crowded space - you have Hadoop, ETL, warehousing, visualization and there's a lot of effort trying to get these tools to talk to each other," explained Mukund Deshpande, head of the Analytics practice at Accelerite, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Jun. 29, 2016 04:15 PM EDT Reads: 424
The idea of comparing data in motion (at the sensor level) to data at rest (in a Big Data server warehouse) with predictive analytics in the cloud is very appealing to the industrial IoT sector. The problem Big Data vendors have, however, is access to that data in motion at the sensor location. In his session at @ThingsExpo, Scott Allen, CMO of FreeWave, discussed how as IoT is increasingly adopted by industrial markets, there is going to be an increased demand for sensor data from the outermos...
Jun. 29, 2016 04:00 PM EDT Reads: 381
UAS, drones or unmanned aircraft, no matter what you call them — this was their week. Our news stream was flooded with updates on the newly announced rules and regulations for commercial UAS from the FAA. So, naturally we have dedicated this week’s top news round up to highlight some of our favorite UAS stories.
Jun. 29, 2016 03:02 PM EDT Reads: 288
Internet of @ThingsExpo has announced today that Chris Matthieu has been named tech chair of Internet of @ThingsExpo 2016 Silicon Valley. The 6thInternet of @ThingsExpo will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Jun. 29, 2016 03:00 PM EDT Reads: 377
CenturyLink has announced that application server solutions from GENBAND are now available as part of CenturyLink’s Networx contracts. The General Services Administration (GSA)’s Networx program includes the largest telecommunications contract vehicles ever awarded by the federal government. CenturyLink recently secured an extension through spring 2020 of its offerings available to federal government agencies via GSA’s Networx Universal and Enterprise contracts. GENBAND’s EXPERiUS™ Application...
Jun. 29, 2016 02:00 PM EDT Reads: 401
Basho Technologies has announced the latest release of Basho Riak TS, version 1.3. Riak TS is an enterprise-grade NoSQL database optimized for Internet of Things (IoT). The open source version enables developers to download the software for free and use it in production as well as make contributions to the code and develop applications around Riak TS. Enhancements to Riak TS make it quick, easy and cost-effective to spin up an instance to test new ideas and build IoT applications. In addition to...
Jun. 29, 2016 02:00 PM EDT Reads: 666
In addition to all the benefits, IoT is also bringing new kind of customer experience challenges - cars that unlock themselves, thermostats turning houses into saunas and baby video monitors broadcasting over the internet. This list can only increase because while IoT services should be intuitive and simple to use, the delivery ecosystem is a myriad of potential problems as IoT explodes complexity. So finding a performance issue is like finding the proverbial needle in the haystack.
Jun. 29, 2016 01:15 PM EDT Reads: 366
When people aren’t talking about VMs and containers, they’re talking about serverless architecture. Serverless is about no maintenance. It means you are not worried about low-level infrastructural and operational details. An event-driven serverless platform is a great use case for IoT. In his session at @ThingsExpo, Animesh Singh, an STSM and Lead for IBM Cloud Platform and Infrastructure, will detail how to build a distributed serverless, polyglot, microservices framework using open source tec...
Jun. 29, 2016 12:30 PM EDT Reads: 565
Presidio has received the 2015 EMC Partner Services Quality Award from EMC Corporation for achieving outstanding service excellence and customer satisfaction as measured by the EMC Partner Services Quality (PSQ) program. Presidio was also honored as the 2015 EMC Americas Marketing Excellence Partner of the Year and 2015 Mid-Market East Partner of the Year. The EMC PSQ program is a project-specific survey program designed for partners with Service Partner designations to solicit customer feedbac...
Jun. 29, 2016 11:00 AM EDT Reads: 601
Apixio Inc. has raised $19.3 million in Series D venture capital funding led by SSM Partners with participation from First Analysis, Bain Capital Ventures and Apixio’s largest angel investor. Apixio will dedicate the proceeds toward advancing and scaling products powered by its cognitive computing platform, further enabling insights for optimal patient care. The Series D funding comes as Apixio experiences strong momentum and increasing demand for its HCC Profiler solution, which mines unstruc...
Jun. 29, 2016 11:00 AM EDT Reads: 534
The IoT is changing the way enterprises conduct business. In his session at @ThingsExpo, Eric Hoffman, Vice President at EastBanc Technologies, discussed how businesses can gain an edge over competitors by empowering consumers to take control through IoT. He cited examples such as a Washington, D.C.-based sports club that leveraged IoT and the cloud to develop a comprehensive booking system. He also highlighted how IoT can revitalize and restore outdated business models, making them profitable ...
Jun. 29, 2016 11:00 AM EDT Reads: 499
IoT offers a value of almost $4 trillion to the manufacturing industry through platforms that can improve margins, optimize operations & drive high performance work teams. By using IoT technologies as a foundation, manufacturing customers are integrating worker safety with manufacturing systems, driving deep collaboration and utilizing analytics to exponentially increased per-unit margins. However, as Benoit Lheureux, the VP for Research at Gartner points out, “IoT project implementers often ...
Jun. 29, 2016 10:45 AM EDT Reads: 568
"delaPlex is a software development company. We do team-based outsourcing development," explained Mark Rivers, COO and Co-founder of delaPlex Software, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Jun. 29, 2016 10:30 AM EDT Reads: 520
In his general session at 18th Cloud Expo, Lee Atchison, Principal Cloud Architect and Advocate at New Relic, discussed cloud as a ‘better data center’ and how it adds new capacity (faster) and improves application availability (redundancy). The cloud is a ‘Dynamic Tool for Dynamic Apps’ and resource allocation is an integral part of your application architecture, so use only the resources you need and allocate /de-allocate resources on the fly.
Jun. 29, 2016 10:00 AM EDT Reads: 1,307
Connected devices and the industrial internet are growing exponentially every year with Cisco expecting 50 billion devices to be in operation by 2020. In this period of growth, location-based insights are becoming invaluable to many businesses as they adopt new connected technologies. Knowing when and where these devices connect from is critical for a number of scenarios in supply chain management, disaster management, emergency response, M2M, location marketing and more. In his session at @Th...
Jun. 29, 2016 09:45 AM EDT Reads: 1,275
Machine Learning helps make complex systems more efficient. By applying advanced Machine Learning techniques such as Cognitive Fingerprinting, wind project operators can utilize these tools to learn from collected data, detect regular patterns, and optimize their own operations. In his session at 18th Cloud Expo, Stuart Gillen, Director of Business Development at SparkCognition, discussed how research has demonstrated the value of Machine Learning in delivering next generation analytics to imp...
Jun. 29, 2016 09:45 AM EDT Reads: 961
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life sett...
Jun. 29, 2016 09:15 AM EDT Reads: 1,468