Welcome!

Java IoT Authors: SmartBear Blog, Liz McMillan, Elizabeth White, Pat Romanski, Dana Gardner

Related Topics: @CloudExpo, Java IoT, Microservices Expo, Containers Expo Blog, Agile Computing, Cloud Security

@CloudExpo: Article

A Cloud Security Conversation with the SMB

Why the cloud makes sense for companies with limited resources and modest budgets

I just got off the phone with a friend of mine. His name is AJ and he was particularly grouchy. He had just spent the last 12 work hours scouring month-old machine logs so that he could compile a quarter-end audit that met his company’s compliance requirement. AJ is the Director of IT for what would be considered an SMB. It’s a modest home warranty related company that deals with homeowner end users, finance and loan offices, mortgage companies and manufacturers. It does roughly 15-20 million in business each year and employs about 60 direct employees and maybe 100 contracted agents. AJ has a staff of three other IT professionals, but given the workload, could easily double that headcount.

AJ is very proud of his jack-of-all-IT-trades status. He is proficient at writing code as he is virtually installing access on contractor home devices or planning strategic IT footprint expansion. And it's this proficiency that has been making him grumpy. Because he can work some sort of magic with just about any application, the bosses have him wear many different hats. In fact, one of his online IT forum handles is “The Maddest Hatter.” But it is this reliance on his tribal knowledge and multidisciplinary acumen that keep the C-Levels saying “that sounds like it’s right up AJ’s alley.” AJ’s biggest problem is that there are only 24 hours in a day and he can only prioritize so many projects that are interspersed with hair-on-fire emergencies.

Now when I called AJ, it was not to sell him anything, but to see if he wanted to play a round of golf this weekend. However, the conversation soon turned dark, as he said that he would probably be in the office all weekend catching up on the work he would have been doing if not for the pesky audits.  I asked him if that were a regular happenstance, working through the weekend. He said it happened once or twice a month. If it wasn’t compliance, it was server repair, or backup tapes, or investigating why the website submission page transmits gobbledigook (his word, not mine).

“So what about your security policies?” I snuck in the question.

“What about them? Raul and Savino (his techs) usually take care of it-the provsioning, password stuff, whatever. I just step in when the feds come knocking and ask about compliance. Man PCI is just burying me.” (note...most of his company's users pay for service online using credit card--see last week's blog about PCI)

I sighed. “So you don’t know who’s accessing your network, if they’re friendlies. What they are looking at?”

“I know what you’re trying to do…you’re trying to sell me SIEM and Log Management. You know I’ve got it covered.”

“Do you? How secure are those home agents computers? Are they monitored by anything more than virus software? Do you know what sites they’re visiting, how open their networks are before they sign in an access your network? Heck are they using unsecured smartphones?”

“I know. I know. But I thought this call was about golf.”

“Just trying to help a buddy out.

I know from experience that too many SMBs do not enforce data security policies. Like AJ, they are spread too thin or don’t have the necessary budget to afford a holistic solution. Without these security controls they run the risk of losing data, stagnate employee (and agent) productivity, and open themselves up to a myriad of breaches, sabotages and carelessness. Any of which could bring their modest enterprise to a screeching halt.

For company’s like AJ’s, security-as-a-service is making more and more sense. It provides best of breed capabilities for a fraction of the cost. I told AJ that for what he pays currently in support and maintenance, I could provide an enterprise-class holistic solution-one that provides all the tools, plus 24/7 monitoring vigilance. And this is not to displace any person or process currently in house. They might have the expertise, but typically don’t have the bandwidth or the budget or the buy-in. Too many company’s like AJ’s do the bare minimum to maintain compliance, but that certainly leaves them vulnerable. In fact, the all the automated and outsourced functionalities can provide the breathing room to address not only business need and revenue generating priorities, but to allow a transformation from an infrastructure-based organization to a information-based one. AJ knows this and often crosses swords with the C-levels in that they need to upgrade security protocols because it is a matter of when (not if) a major security issue will occur and cost them not only dollars, but reputation as well.

Cloud-based security is not just a benefit for SMBs.  The residual benefit of cloud security is that IT no longer has to be in the Identity Management business, but still reap all the benefits and efficiencies. No more time dedicated to resetting passwords or setting up role based access every time someone is hired, fired or moved. It doesn’t have to be in the log monitoring business, but still is effectively and securely protected from intrusion and attack with 24/7/365 monitoring. IT department is no longer a compiler of data, but a conduit of information and evaluator of compliance audits and reports that meet the various industry standards and government requirements.

The good news is AJ is slotting cloud security migration for his 2013 budget. So I just may let him win the next time we hit the links…but don’t tell him that!

More Stories By Kevin Nikkhoo

With more than 32 years of experience in information technology, and an extensive and successful entrepreneurial background, Kevin Nikkhoo is the CEO of the dynamic security-as-a-service startup Cloud Access. CloudAccess is at the forefront of the latest evolution of IT asset protection--the cloud.

Kevin holds a Bachelor of Science in Computer Engineering from McGill University, Master of Computer Engineering at California State University, Los Angeles, and an MBA from the University of Southern California with emphasis in entrepreneurial studies.

@ThingsExpo Stories
Manufacturers are embracing the Industrial Internet the same way consumers are leveraging Fitbits – to improve overall health and wellness. Both can provide consistent measurement, visibility, and suggest performance improvements customized to help reach goals. Fitbit users can view real-time data and make adjustments to increase their activity. In his session at @ThingsExpo, Mark Bernardo Professional Services Leader, Americas, at GE Digital, discussed how leveraging the Industrial Internet a...
There will be new vendors providing applications, middleware, and connected devices to support the thriving IoT ecosystem. This essentially means that electronic device manufacturers will also be in the software business. Many will be new to building embedded software or robust software. This creates an increased importance on software quality, particularly within the Industrial Internet of Things where business-critical applications are becoming dependent on products controlled by software. Qua...
In addition to all the benefits, IoT is also bringing new kind of customer experience challenges - cars that unlock themselves, thermostats turning houses into saunas and baby video monitors broadcasting over the internet. This list can only increase because while IoT services should be intuitive and simple to use, the delivery ecosystem is a myriad of potential problems as IoT explodes complexity. So finding a performance issue is like finding the proverbial needle in the haystack.
The 19th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Digital Transformation, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportuni...
Large scale deployments present unique planning challenges, system commissioning hurdles between IT and OT and demand careful system hand-off orchestration. In his session at @ThingsExpo, Jeff Smith, Senior Director and a founding member of Incenergy, will discuss some of the key tactics to ensure delivery success based on his experience of the last two years deploying Industrial IoT systems across four continents.
The Internet of Things will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform. In his session at @ThingsExpo, Craig Sproule, CEO of Metavine, demonstrated how to move beyond today's coding paradigm and shared the must-have mindsets for removing complexity from the develo...
SYS-CON Events announced today that MangoApps will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. MangoApps provides modern company intranets and team collaboration software, allowing workers to stay connected and productive from anywhere in the world and from any device.
IoT is rapidly changing the way enterprises are using data to improve business decision-making. In order to derive business value, organizations must unlock insights from the data gathered and then act on these. In their session at @ThingsExpo, Eric Hoffman, Vice President at EastBanc Technologies, and Peter Shashkin, Head of Development Department at EastBanc Technologies, discussed how one organization leveraged IoT, cloud technology and data analysis to improve customer experiences and effi...
The IETF draft standard for M2M certificates is a security solution specifically designed for the demanding needs of IoT/M2M applications. In his session at @ThingsExpo, Brian Romansky, VP of Strategic Technology at TrustPoint Innovation, explained how M2M certificates can efficiently enable confidentiality, integrity, and authenticity on highly constrained devices.
In today's uber-connected, consumer-centric, cloud-enabled, insights-driven, multi-device, global world, the focus of solutions has shifted from the product that is sold to the person who is buying the product or service. Enterprises have rebranded their business around the consumers of their products. The buyer is the person and the focus is not on the offering. The person is connected through multiple devices, wearables, at home, on the road, and in multiple locations, sometimes simultaneously...
“delaPlex Software provides software outsourcing services. We have a hybrid model where we have onshore developers and project managers that we can place anywhere in the U.S. or in Europe,” explained Manish Sachdeva, CEO at delaPlex Software, in this SYS-CON.tv interview at @ThingsExpo, held June 7-9, 2016, at the Javits Center in New York City, NY.
"We've discovered that after shows 80% if leads that people get, 80% of the conversations end up on the show floor, meaning people forget about it, people forget who they talk to, people forget that there are actual business opportunities to be had here so we try to help out and keep the conversations going," explained Jeff Mesnik, Founder and President of ContentMX, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Internet of @ThingsExpo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with the 19th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world and ThingsExpo Silicon Valley Call for Papers is now open.
The IoT is changing the way enterprises conduct business. In his session at @ThingsExpo, Eric Hoffman, Vice President at EastBanc Technologies, discussed how businesses can gain an edge over competitors by empowering consumers to take control through IoT. He cited examples such as a Washington, D.C.-based sports club that leveraged IoT and the cloud to develop a comprehensive booking system. He also highlighted how IoT can revitalize and restore outdated business models, making them profitable ...
"delaPlex is a software development company. We do team-based outsourcing development," explained Mark Rivers, COO and Co-founder of delaPlex Software, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
We all know the latest numbers: Gartner, Inc. forecasts that 6.4 billion connected things will be in use worldwide in 2016, up 30 percent from last year, and will reach 20.8 billion by 2020. We're rapidly approaching a data production of 40 zettabytes a day – more than we can every physically store, and exabytes and yottabytes are just around the corner. For many that’s a good sign, as data has been proven to equal money – IF it’s ingested, integrated, and analyzed fast enough. Without real-ti...
"There's a growing demand from users for things to be faster. When you think about all the transactions or interactions users will have with your product and everything that is between those transactions and interactions - what drives us at Catchpoint Systems is the idea to measure that and to analyze it," explained Leo Vasiliou, Director of Web Performance Engineering at Catchpoint Systems, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York Ci...
I wanted to gather all of my Internet of Things (IOT) blogs into a single blog (that I could later use with my University of San Francisco (USF) Big Data “MBA” course). However as I started to pull these blogs together, I realized that my IOT discussion lacked a vision; it lacked an end point towards which an organization could drive their IOT envisioning, proof of value, app dev, data engineering and data science efforts. And I think that the IOT end point is really quite simple…
A critical component of any IoT project is what to do with all the data being generated. This data needs to be captured, processed, structured, and stored in a way to facilitate different kinds of queries. Traditional data warehouse and analytical systems are mature technologies that can be used to handle certain kinds of queries, but they are not always well suited to many problems, particularly when there is a need for real-time insights.
Big Data, cloud, analytics, contextual information, wearable tech, sensors, mobility, and WebRTC: together, these advances have created a perfect storm of technologies that are disrupting and transforming classic communications models and ecosystems. In his session at @ThingsExpo, Erik Perotti, Senior Manager of New Ventures on Plantronics’ Innovation team, provided an overview of this technological shift, including associated business and consumer communications impacts, and opportunities it ...