Click here to close now.

Welcome!

Java Authors: Lori MacVittie, AppDynamics Blog, Kelly Murphy, Pat Romanski, Liz McMillan

Related Topics: Cloud Expo, Java, .NET, Linux, Containers, Security

Cloud Expo: Article

Analyzing the Top 10 Benefits of Unified Security

Providing collaborative intelligence from the cloud

Of all the strategies and tactics available to prevent breaches, deter data leakage and theft, control access and secure beyond the so-called network perimeter, the one that is emerging as an achievable and affordable best practice is that of unified security from the cloud.

But if you look across the web, you will no doubt come across various versions of what constitutes “unified,” what is “protected,” and, what is “security from the cloud?” Luckily this means that the concept of unified security from the cloud is becoming more and more of a best practice. In general, the practice of unified security is the centralization of all security functions under one umbrella across the enterprise. This means more than ensuring data encryption. It means more than access policies. It means more than intrusion detection, malware blocking, data review. It’s more than ensuring compliance to the various regulatory bodies that provide general guidelines. It is the sum of all these things… and more.

So what is unified security? In short, it is an enterprise-powered tactical strategy that not only centralizes various security toolsets, but creates the seamless means to create cooperative functionality between them all. And as a cloud-based security initiative, this creates several tangible benefits that will allow any-sized company to upgrade their protection, but expand their protection beyond the network-centric traditional models of perimeter security.

To properly expand visibility, unified security is typically comprised of several solutions including system log archiving (the collection and storage of all online activity), identity management (administration of users, passwords and applications), access management (enforcement of identity rules and channeled access to data) and SIEM (the  intelligence that correlates and contextualizes all activity).

True unified security is also more than the solutions it comprises; it includes the analysis, management, and the implementation of access and intelligence policies that transform it from passive to proactive and immediately responsive. And by developing and managing these security features, solutions and policies from the cloud is more than the obvious cost savings, it allows for the exponential expansion of  real time visibility over a broader landscape and facilitates a more secure transaction compatibility with the way modern enterprises exchange, process and share  information.

To that end, the following are 10 benefits of implementing unified security from the cloud.

10. Right size as the situation dictates – In today’s business landscape, change is often fast and evolutionary. Being able to keep up is a major challenge for IT and IT security. One of the hallmarks of a cloud-based implementation is the flexibility and agility to adjust its scope quickly and without the oppressive costs and time of a consultant or IT service. Considering the hoops of fire and Herculean strength needed to expand coverage to a new department or division, on-premise security initiatives may require the purchase of new expensive servers, resource-heavy reconfiguration and re-prioritization of core competency projects.   With the cloud’s natural economies of scale, these costs are already absorbed and changes are more fluid and immediate. And with unified security, it’s more than just applying a sensor or agent on a server to collect new data. The changes to right size affect more than a single solution, —you must consider the constant fluctuation of change within an enterprise-the ebb and flow of staffing, the adjustment of new, updated and retired applications, and all the moving parts that come with incorporating vendors, suppliers and customers into the permission and protection mix. Unified security from the cloud creates the freedom and necessary speed to evolve with a company’s changing situation on an as-needed basis without an Act of Congress while still ensuring the adjustments across all the entire security landscape.

9. Make compliance easier: One of the substantial drains of time and energy go into the process of proving to various regulatory bodies that various slices of data are free from prying keyboards. Some companies go so far as dedicating personnel to simply comb through logs and find and report upon instances of breach and questionable activities. As I’ve insisted many times before, this practice is akin to looking for the horse in a gigantic haystack long after its left the barn (no matter how often sys-logs are reviewed, it is done in a rear-view mirror. These are events that have already occurred. And the damage is already done).

When evaluating what organizations like PCI and HIPAA require, the scope is more than just continuous monitoring (see blog regarding continuous monitoring satisfies compliance, but not security). They require proof of compliance for everything from firewall configuration to vulnerability scans, from data storage protocols to the development of identity authentication, password management and access privileges. I've identified about 20 common critical controls that are typically required by all compliance agencies. Unified security consolidates all the capabilities so that the reporting is considerably more streamline and accessible. Instead of four or five solutions each requiring four or five reports, logins and the physical coordination, collection and review for reporting, compliance is achieved by an automated model (see the white paper Mapping Compliance Requirements). It is the multiple collaborative and concurrent layers of security that support the automations, create better accuracy and significantly reduce the time previously dedicated to compliance reporting.

8. Easier, faster to deploy and find ROI. Forrester noted that 73% of major software implementations don’t get past phase 1. Whether a result of scope creep, budget issues or flagging executive buy-in, the promise of ROI for on premise security initiatives are difficult; not to mention the drag on IT productivity and lack of measurable results. And it’s those results we depend on to drive ROI and solve the business need (see the article: Is your security initiative “one inch into a mile”? ) It’s no secret that way too many companies view security solutions as a “nice to have” luxury or a grudgingly purchased cost center. But this is a different business environment than even that of 5 years ago; beyond the drivers of compliance and industry required governance IT security must be built into the fabric of every online facet of the business. Ignore reality at your own peril.

Assuming that security investments are not simply a luxury, the question remains how do you find ROI in a prevention initiative? On-premise point solutions are expensive. There’s no getting around that fact. Installing them is expensive. Configuring them is expensive. Maintaining them is expensive. In fact, Gartner estimates the annual cost to own and manage traditional on-premise security software applications can be 4X the initial purchase. Each and every move is a significant bite out of the any potential ROI gain in productivity. It might be more than 3 years before the investment starts paying off in any tangible way. Now the cloud, especially the unified security configuration, removes all of the waiting time. As a multi-tenant deployment, there is no hardware to buy, no software to install. Your complex, planned multi-phased, multi-year rollout can be fused a single week (sometimes “installation-to-insight” in minutes). Therefore the cloud version is providing the immediate benefits and immediate returns. Moreover, unified cloud security removes the complexity in configuration, installation and deployment because it is already built and easily customized to fit any sized organization.

We’ll deal with cost later on, but in terms of ROI, because there are no capital expenditures and the ability to keep investment minimized and output maximized means you can realign resources based on immediate business needs. The ROI is the elimination of negative impact—no compliance fines, no trust-busting breaches while waiting for the system to be fully functional, reduced risks and liabilities may decrease various insurance costs, no employees slipping away unnoticed with a database of your customers, no having to put out malware fires, no excessive time management conflicts from multi-sourced coordination, no de-centralized shadow IT, etc..

7. Better safeguard against BYOD: It may be the buzzword of the moment, but it is a trend that will continue to proliferate. Employees are increasingly using their own potentially-unsanctioned devices (smart phones, tablets and other mobile devices) to access your network, applications and data. (Read the blog “The Genie, the bottle and BYOD).  Users love the mobility and the immediacy of these devices, but forget these devices are just hand-held computers prone to the same intrusions, attacks, viruses and risks as the computers used in the office. The larger problem is many users don’t see that, so every time they sign on to your network or download an app, it creates a wider and wider vulnerability gap for the enterprise network. However, by implementing unified security (that includes access control and identity management), you can minimize what an employee (or supplier, partner or any other group) can see and what tools they can access. Additionally unified security policies can create an alert every time one of these unsanctioned devices tries to access the enterprise. Based on your protocols and administrative policies, the system can grant access or block for these mobile devices. It is one way in which identity management, access management; log management and SIEM work seamlessly together and prevent unwarranted access or careless usage issues.

6. Security-as-a-service offers continuous tribal knowledge (expertise) without adding headcount. One of the constant impediments to shrinking the vulnerability gap is recruiting and retaining the specific type of talent necessary to maintain an enterprise-level security initiative. But The MSPAlliance reports that the unemployment rate for such professionals is less than 1%--and the salary for these specialists has doubled in the past three years. Security-as-a-service is the “secret” value-add that accompanies a cloud-based deployment.  Having an expert that understands more than what a denial of service/brute force attack looks like can be invaluable; one that knows how to read in between the lines; that understands context and can trigger an alert or dismiss a possible threat as harmless—and to do it without any additional personnel costs to a company is a huge benefit.

We will be continuing this list next week with our entries of 5 through our number one benefit. However, in case you can’t wait, here’s a preview...

5. Control applications and who gets to use them

4. Know what’s happening faster, more completely

3. Real time actionable information

2. One single, centralized management component

1. More protection, less cost

More Stories By Kevin Nikkhoo

With more than 32 years of experience in information technology, and an extensive and successful entrepreneurial background, Kevin Nikkhoo is the CEO of the dynamic security-as-a-service startup Cloud Access. CloudAccess is at the forefront of the latest evolution of IT asset protection--the cloud.

Kevin holds a Bachelor of Science in Computer Engineering from McGill University, Master of Computer Engineering at California State University, Los Angeles, and an MBA from the University of Southern California with emphasis in entrepreneurial studies.

@ThingsExpo Stories
The true value of the Internet of Things (IoT) lies not just in the data, but through the services that protect the data, perform the analysis and present findings in a usable way. With many IoT elements rooted in traditional IT components, Big Data and IoT isn’t just a play for enterprise. In fact, the IoT presents SMBs with the prospect of launching entirely new activities and exploring innovative areas. CompTIA research identifies several areas where IoT is expected to have the greatest impact.
The 4th International Internet of @ThingsExpo, co-located with the 17th International Cloud Expo - to be held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA - announces that its Call for Papers is open. The Internet of Things (IoT) is the biggest idea since the creation of the Worldwide Web more than 20 years ago.
The Industrial Internet revolution is now underway, enabled by connected machines and billions of devices that communicate and collaborate. The massive amounts of Big Data requiring real-time analysis is flooding legacy IT systems and giving way to cloud environments that can handle the unpredictable workloads. Yet many barriers remain until we can fully realize the opportunities and benefits from the convergence of machines and devices with Big Data and the cloud, including interoperability, data security and privacy.
The Internet of Things is tied together with a thin strand that is known as time. Coincidentally, at the core of nearly all data analytics is a timestamp. When working with time series data there are a few core principles that everyone should consider, especially across datasets where time is the common boundary. In his session at Internet of @ThingsExpo, Jim Scott, Director of Enterprise Strategy & Architecture at MapR Technologies, discussed single-value, geo-spatial, and log time series data. By focusing on enterprise applications and the data center, he will use OpenTSDB as an example t...
The Internet of Things is not only adding billions of sensors and billions of terabytes to the Internet. It is also forcing a fundamental change in the way we envision Information Technology. For the first time, more data is being created by devices at the edge of the Internet rather than from centralized systems. What does this mean for today's IT professional? In this Power Panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists will addresses this very serious issue of profound change in the industry.
Scott Jenson leads a project called The Physical Web within the Chrome team at Google. Project members are working to take the scalability and openness of the web and use it to talk to the exponentially exploding range of smart devices. Nearly every company today working on the IoT comes up with the same basic solution: use my server and you'll be fine. But if we really believe there will be trillions of these devices, that just can't scale. We need a system that is open a scalable and by using the URL as a basic building block, we open this up and get the same resilience that the web enjoys.
We are reaching the end of the beginning with WebRTC, and real systems using this technology have begun to appear. One challenge that faces every WebRTC deployment (in some form or another) is identity management. For example, if you have an existing service – possibly built on a variety of different PaaS/SaaS offerings – and you want to add real-time communications you are faced with a challenge relating to user management, authentication, authorization, and validation. Service providers will want to use their existing identities, but these will have credentials already that are (hopefully) i...
All major researchers estimate there will be tens of billions devices - computers, smartphones, tablets, and sensors - connected to the Internet by 2020. This number will continue to grow at a rapid pace for the next several decades. With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo, June 9-11, 2015, at the Javits Center in New York City. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be
Container frameworks, such as Docker, provide a variety of benefits, including density of deployment across infrastructure, convenience for application developers to push updates with low operational hand-holding, and a fairly well-defined deployment workflow that can be orchestrated. Container frameworks also enable a DevOps approach to application development by cleanly separating concerns between operations and development teams. But running multi-container, multi-server apps with containers is very hard. You have to learn five new and different technologies and best practices (libswarm, sy...
SYS-CON Events announced today that DragonGlass, an enterprise search platform, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. After eleven years of designing and building custom applications, OpenCrowd has launched DragonGlass, a cloud-based platform that enables the development of search-based applications. These are a new breed of applications that utilize a search index as their backbone for data retrieval. They can easily adapt to new data sets and provide access to both structured and unstruc...
The Internet of Things is a misnomer. That implies that everything is on the Internet, and that simply should not be - especially for things that are blurring the line between medical devices that stimulate like a pacemaker and quantified self-sensors like a pedometer or pulse tracker. The mesh of things that we manage must be segmented into zones of trust for sensing data, transmitting data, receiving command and control administrative changes, and peer-to-peer mesh messaging. In his session at @ThingsExpo, Ryan Bagnulo, Solution Architect / Software Engineer at SOA Software, focused on desi...
An entirely new security model is needed for the Internet of Things, or is it? Can we save some old and tested controls for this new and different environment? In his session at @ThingsExpo, New York's at the Javits Center, Davi Ottenheimer, EMC Senior Director of Trust, reviewed hands-on lessons with IoT devices and reveal a new risk balance you might not expect. Davi Ottenheimer, EMC Senior Director of Trust, has more than nineteen years' experience managing global security operations and assessments, including a decade of leading incident response and digital forensics. He is co-author of t...
SYS-CON Events announced today that MetraTech, now part of Ericsson, has been named “Silver Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place on June 9–11, 2015, at the Javits Center in New York, NY. Ericsson is the driving force behind the Networked Society- a world leader in communications infrastructure, software and services. Some 40% of the world’s mobile traffic runs through networks Ericsson has supplied, serving more than 2.5 billion subscribers.
While great strides have been made relative to the video aspects of remote collaboration, audio technology has basically stagnated. Typically all audio is mixed to a single monaural stream and emanates from a single point, such as a speakerphone or a speaker associated with a video monitor. This leads to confusion and lack of understanding among participants especially regarding who is actually speaking. Spatial teleconferencing introduces the concept of acoustic spatial separation between conference participants in three dimensional space. This has been shown to significantly improve comprehe...
Buzzword alert: Microservices and IoT at a DevOps conference? What could possibly go wrong? In this Power Panel at DevOps Summit, moderated by Jason Bloomberg, the leading expert on architecting agility for the enterprise and president of Intellyx, panelists will peel away the buzz and discuss the important architectural principles behind implementing IoT solutions for the enterprise. As remote IoT devices and sensors become increasingly intelligent, they become part of our distributed cloud environment, and we must architect and code accordingly. At the very least, you'll have no problem fil...
The Domain Name Service (DNS) is one of the most important components in networking infrastructure, enabling users and services to access applications by translating URLs (names) into IP addresses (numbers). Because every icon and URL and all embedded content on a website requires a DNS lookup loading complex sites necessitates hundreds of DNS queries. In addition, as more internet-enabled ‘Things' get connected, people will rely on DNS to name and find their fridges, toasters and toilets. According to a recent IDG Research Services Survey this rate of traffic will only grow. What's driving t...
Today’s enterprise is being driven by disruptive competitive and human capital requirements to provide enterprise application access through not only desktops, but also mobile devices. To retrofit existing programs across all these devices using traditional programming methods is very costly and time consuming – often prohibitively so. In his session at @ThingsExpo, Jesse Shiah, CEO, President, and Co-Founder of AgilePoint Inc., discussed how you can create applications that run on all mobile devices as well as laptops and desktops using a visual drag-and-drop application – and eForms-buildi...
The Internet of Things promises to transform businesses (and lives), but navigating the business and technical path to success can be difficult to understand. In his session at @ThingsExpo, Sean Lorenz, Technical Product Manager for Xively at LogMeIn, demonstrated how to approach creating broadly successful connected customer solutions using real world business transformation studies including New England BioLabs and more.
The recent trends like cloud computing, social, mobile and Internet of Things are forcing enterprises to modernize in order to compete in the competitive globalized markets. However, enterprises are approaching newer technologies with a more silo-ed way, gaining only sub optimal benefits. The Modern Enterprise model is presented as a newer way to think of enterprise IT, which takes a more holistic approach to embracing modern technologies.
Every day we read jaw-dropping stats on the explosion of data. We allocate significant resources to harness and better understand it. We build businesses around it. But we’ve only just begun. For big payoffs in Big Data, CIOs are turning to cognitive computing. Cognitive computing’s ability to securely extract insights, understand natural language, and get smarter each time it’s used is the next, logical step for Big Data.