Welcome!

Java IoT Authors: Pat Romanski, Liz McMillan, Yeshim Deniz, Elizabeth White, Frank Lupo

Related Topics: @CloudExpo, Java IoT, Microservices Expo, Linux Containers, Cloud Security, @BigDataExpo

@CloudExpo: Blog Post

Are the Barbarians at the Gate? By @EFeatherston | @CloudExpo [#Cloud]

Cloud has become the ubiquitous term and so overused that whenever a breach happens, it’s assumed it is a cloud problem

The Cloud, Security and Breaches – Are the Barbarians at the Gate?

Target. Home Depot. Community Health Systems. Nieman Marcus. Their names have been all in the news over the past year, though probably not in a way they would like. All have had very public data breaches affecting anywhere from 350,000 (Nieman Marcus) to 4.5 million (Community Health Systems) customers. Add the recent high-profile celebrity nude photo hacking scandal and cloud security has become the trending topic in all the news and social media. Some of the discussions reminded me of a line from a short-lived TV show called ‘Almost Human' (yes I watched it, and since it was not renewed, apparently I was part of a small group). In the opening sequence of the show was the line ‘technology has forever altered the criminal landscape.' Is that where we are? Are the barbarians at the gate? Will this, or should this, impact decisions about migrating to the cloud?

Cloud: guilt by association
Cloud has become the ubiquitous term and so overused that whenever a breach happens, it's assumed it is a cloud problem. The reality is that out of all the breaches I mentioned earlier, only one of them - the celebrity nude photo scandal - had any connection to cloud technology.  In his recent article Celebrities get phished, cloud gets blamed, David Linthicum makes the point saying that "no matter if it's truly a cloud service or, in most cases, internal systems that are somehow compromised. Because no one in the general media really knows what a ‘cloud' is, it's all a cloud to them." The other breaches I listed were all internal system breaches, with various methods used to accomplish the breach. 11 Steps Attackers Took to Crack Target gives a great detailed description of the process the hackers used to breach Target's systems last year. While the first step sstarted with a simple email phishing campaign, it required a complex set of tasks executed over time to eventually compromise Target's Point of Sale (PoS) systems, which is where the actual breach occurred. None of that had anything to do with the cloud.

No technology negates the need for design and planning
While a majority of the highly public security breaches may not be related to the cloud, that does not mean going to the cloud has no security risks involved. Going to the cloud does not automatically give you the security you may need for your data. Like any other complex systems, the risks must be understood, analyzed and planned for. Mitigation strategies should be put in place, and test plans designed and developed to validate that the security you have put in place is working as expected. In addition, this should not be a ‘once and done' type of planning. Security risks are changing at breakneck speeds in the Social, Mobile, Analytic and Cloud (SMAC) disruptive technology landscape of today. These disruptions have altered the criminal landscape, and while the barbarians may not be literally at the gate, they will always be trying to storm the castle, testing your defenses, trying to find other ways in, and seeking the treasures behind those walls - your data.

No system is ever 100 percent safe
This is not meant to be a doom and gloom prediction, just a reality of networked systems. The only 100 percent secure system is one that has no network connects and that no one has physical access to - obviously that level of protection is not realistic or usable in any way. Going to the cloud can be just as secure (if not more so) than using internal-only systems. Whether in the cloud or not, putting security mechanisms in place is always a delicate balancing act between protection and usability of the system. Everything is a tradeoff. As technologists, it is our responsibility to identify the risks and options available with their inherent tradeoffs, and work with the business to determine the appropriate mechanisms to put in place. Ideally, the two primary goals when designing and testing your security measures should be:

  • Make it so difficult and time-consuming to break through,that those trying will just move on
  • Have mechanisms in place to detect attempts to get through those barriers so that countermeasures can be taken (up to and including taking the system offline if the protection of the data is critical enough)

These always need to be balanced and measured with the business to ensure everyone is making informed decisions based on the business benefits, usability and risk associated with those decisions.

Are the barbarians at the gate?
Yes, they always have been and they always will be. There will always be people out there trying to hack into systems, whether for criminal intent or just because. It doesn't mean we should avoid going to the cloud or avoid providing access to systems that have legitimate business value. It just means we should always do our due diligence, identify the risks, design and plan to deal with those risks, and work in concert with the business so that informed decisions get made and all stakeholders have the appropriate expectations. This process should be constantly in motion and evolving given how quickly technology is moving in the disruptive SMAC landscape we operate in today.

More Stories By Ed Featherston

Ed Featherston is VP, Principal Architect at Cloud Technology Partners. He brings 35 years of technology experience in designing, building, and implementing large complex solutions. He has significant expertise in systems integration, Internet/intranet, and cloud technologies. He has delivered projects in various industries, including financial services, pharmacy, government and retail.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@ThingsExpo Stories
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend 21st Cloud Expo October 31 - November 2, 2017, at the Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
Smart cities have the potential to change our lives at so many levels for citizens: less pollution, reduced parking obstacles, better health, education and more energy savings. Real-time data streaming and the Internet of Things (IoT) possess the power to turn this vision into a reality. However, most organizations today are building their data infrastructure to focus solely on addressing immediate business needs vs. a platform capable of quickly adapting emerging technologies to address future ...
SYS-CON Events announced today that mruby Forum will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. mruby is the lightweight implementation of the Ruby language. We introduce mruby and the mruby IoT framework that enhances development productivity. For more information, visit http://forum.mruby.org/.
Digital transformation is changing the face of business. The IDC predicts that enterprises will commit to a massive new scale of digital transformation, to stake out leadership positions in the "digital transformation economy." Accordingly, attendees at the upcoming Cloud Expo | @ThingsExpo at the Santa Clara Convention Center in Santa Clara, CA, Oct 31-Nov 2, will find fresh new content in a new track called Enterprise Cloud & Digital Transformation.
Most technology leaders, contemporary and from the hardware era, are reshaping their businesses to do software. They hope to capture value from emerging technologies such as IoT, SDN, and AI. Ultimately, irrespective of the vertical, it is about deriving value from independent software applications participating in an ecosystem as one comprehensive solution. In his session at @ThingsExpo, Kausik Sridhar, founder and CTO of Pulzze Systems, will discuss how given the magnitude of today's applicati...
SYS-CON Events announced today that NetApp has been named “Bronze Sponsor” of SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. NetApp is the data authority for hybrid cloud. NetApp provides a full range of hybrid cloud data services that simplify management of applications and data across cloud and on-premises environments to accelerate digital transformation. Together with their partners, NetApp emp...
In a recent survey, Sumo Logic surveyed 1,500 customers who employ cloud services such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). According to the survey, a quarter of the respondents have already deployed Docker containers and nearly as many (23 percent) are employing the AWS Lambda serverless computing framework. It’s clear: serverless is here to stay. The adoption does come with some needed changes, within both application development and operations. Tha...
SYS-CON Events announced today that Avere Systems, a leading provider of enterprise storage for the hybrid cloud, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Avere delivers a more modern architectural approach to storage that doesn't require the overprovisioning of storage capacity to achieve performance, overspending on expensive storage media for inactive data or the overbui...
SYS-CON Events announced today that Avere Systems, a leading provider of hybrid cloud enablement solutions, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Avere Systems was created by file systems experts determined to reinvent storage by changing the way enterprises thought about and bought storage resources. With decades of experience behind the company’s founders, Avere got its ...
Amazon is pursuing new markets and disrupting industries at an incredible pace. Almost every industry seems to be in its crosshairs. Companies and industries that once thought they were safe are now worried about being “Amazoned.”. The new watch word should be “Be afraid. Be very afraid.” In his session 21st Cloud Expo, Chris Kocher, a co-founder of Grey Heron, will address questions such as: What new areas is Amazon disrupting? How are they doing this? Where are they likely to go? What are th...
As hybrid cloud becomes the de-facto standard mode of operation for most enterprises, new challenges arise on how to efficiently and economically share data across environments. In his session at 21st Cloud Expo, Dr. Allon Cohen, VP of Product at Elastifile, will explore new techniques and best practices that help enterprise IT benefit from the advantages of hybrid cloud environments by enabling data availability for both legacy enterprise and cloud-native mission critical applications. By rev...
Recently, REAN Cloud built a digital concierge for a North Carolina hospital that had observed that most patient call button questions were repetitive. In addition, the paper-based process used to measure patient health metrics was laborious, not in real-time and sometimes error-prone. In their session at 21st Cloud Expo, Sean Finnerty, Executive Director, Practice Lead, Health Care & Life Science at REAN Cloud, and Dr. S.P.T. Krishnan, Principal Architect at REAN Cloud, will discuss how they b...
SYS-CON Events announced today that SkyScale will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. SkyScale is a world-class provider of cloud-based, ultra-fast multi-GPU hardware platforms for lease to customers desiring the fastest performance available as a service anywhere in the world. SkyScale builds, configures, and manages dedicated systems strategically located in maximum-security...
High-velocity engineering teams are applying not only continuous delivery processes, but also lessons in experimentation from established leaders like Amazon, Netflix, and Facebook. These companies have made experimentation a foundation for their release processes, allowing them to try out major feature releases and redesigns within smaller groups before making them broadly available. In his session at 21st Cloud Expo, Brian Lucas, Senior Staff Engineer at Optimizely, will discuss how by using...
In this strange new world where more and more power is drawn from business technology, companies are effectively straddling two paths on the road to innovation and transformation into digital enterprises. The first path is the heritage trail – with “legacy” technology forming the background. Here, extant technologies are transformed by core IT teams to provide more API-driven approaches. Legacy systems can restrict companies that are transitioning into digital enterprises. To truly become a lead...
SYS-CON Events announced today that Daiya Industry will exhibit at the Japanese Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Ruby Development Inc. builds new services in short period of time and provides a continuous support of those services based on Ruby on Rails. For more information, please visit https://github.com/RubyDevInc.
As businesses evolve, they need technology that is simple to help them succeed today and flexible enough to help them build for tomorrow. Chrome is fit for the workplace of the future — providing a secure, consistent user experience across a range of devices that can be used anywhere. In her session at 21st Cloud Expo, Vidya Nagarajan, a Senior Product Manager at Google, will take a look at various options as to how ChromeOS can be leveraged to interact with people on the devices, and formats th...
SYS-CON Events announced today that Yuasa System will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Yuasa System is introducing a multi-purpose endurance testing system for flexible displays, OLED devices, flexible substrates, flat cables, and films in smartphones, wearables, automobiles, and healthcare.
Organizations do not need a Big Data strategy; they need a business strategy that incorporates Big Data. Most organizations lack a road map for using Big Data to optimize key business processes, deliver a differentiated customer experience, or uncover new business opportunities. They do not understand what’s possible with respect to integrating Big Data into the business model.
Enterprises have taken advantage of IoT to achieve important revenue and cost advantages. What is less apparent is how incumbent enterprises operating at scale have, following success with IoT, built analytic, operations management and software development capabilities – ranging from autonomous vehicles to manageable robotics installations. They have embraced these capabilities as if they were Silicon Valley startups. As a result, many firms employ new business models that place enormous impor...