Welcome!

Virtualization Authors: Liz McMillan, Elizabeth White, Bill Vorhies, Jayaram Krishnaswamy, Ian Khan

Related Topics: Cloud Expo, Java, SOA & WOA, Virtualization, Web 2.0, Security

Cloud Expo: Article

A Cloud Security Conversation with the SMB

Why the cloud makes sense for companies with limited resources and modest budgets

I just got off the phone with a friend of mine. His name is AJ and he was particularly grouchy. He had just spent the last 12 work hours scouring month-old machine logs so that he could compile a quarter-end audit that met his company’s compliance requirement. AJ is the Director of IT for what would be considered an SMB. It’s a modest home warranty related company that deals with homeowner end users, finance and loan offices, mortgage companies and manufacturers. It does roughly 15-20 million in business each year and employs about 60 direct employees and maybe 100 contracted agents. AJ has a staff of three other IT professionals, but given the workload, could easily double that headcount.

AJ is very proud of his jack-of-all-IT-trades status. He is proficient at writing code as he is virtually installing access on contractor home devices or planning strategic IT footprint expansion. And it's this proficiency that has been making him grumpy. Because he can work some sort of magic with just about any application, the bosses have him wear many different hats. In fact, one of his online IT forum handles is “The Maddest Hatter.” But it is this reliance on his tribal knowledge and multidisciplinary acumen that keep the C-Levels saying “that sounds like it’s right up AJ’s alley.” AJ’s biggest problem is that there are only 24 hours in a day and he can only prioritize so many projects that are interspersed with hair-on-fire emergencies.

Now when I called AJ, it was not to sell him anything, but to see if he wanted to play a round of golf this weekend. However, the conversation soon turned dark, as he said that he would probably be in the office all weekend catching up on the work he would have been doing if not for the pesky audits.  I asked him if that were a regular happenstance, working through the weekend. He said it happened once or twice a month. If it wasn’t compliance, it was server repair, or backup tapes, or investigating why the website submission page transmits gobbledigook (his word, not mine).

“So what about your security policies?” I snuck in the question.

“What about them? Raul and Savino (his techs) usually take care of it-the provsioning, password stuff, whatever. I just step in when the feds come knocking and ask about compliance. Man PCI is just burying me.” (note...most of his company's users pay for service online using credit card--see last week's blog about PCI)

I sighed. “So you don’t know who’s accessing your network, if they’re friendlies. What they are looking at?”

“I know what you’re trying to do…you’re trying to sell me SIEM and Log Management. You know I’ve got it covered.”

“Do you? How secure are those home agents computers? Are they monitored by anything more than virus software? Do you know what sites they’re visiting, how open their networks are before they sign in an access your network? Heck are they using unsecured smartphones?”

“I know. I know. But I thought this call was about golf.”

“Just trying to help a buddy out.

I know from experience that too many SMBs do not enforce data security policies. Like AJ, they are spread too thin or don’t have the necessary budget to afford a holistic solution. Without these security controls they run the risk of losing data, stagnate employee (and agent) productivity, and open themselves up to a myriad of breaches, sabotages and carelessness. Any of which could bring their modest enterprise to a screeching halt.

For company’s like AJ’s, security-as-a-service is making more and more sense. It provides best of breed capabilities for a fraction of the cost. I told AJ that for what he pays currently in support and maintenance, I could provide an enterprise-class holistic solution-one that provides all the tools, plus 24/7 monitoring vigilance. And this is not to displace any person or process currently in house. They might have the expertise, but typically don’t have the bandwidth or the budget or the buy-in. Too many company’s like AJ’s do the bare minimum to maintain compliance, but that certainly leaves them vulnerable. In fact, the all the automated and outsourced functionalities can provide the breathing room to address not only business need and revenue generating priorities, but to allow a transformation from an infrastructure-based organization to a information-based one. AJ knows this and often crosses swords with the C-levels in that they need to upgrade security protocols because it is a matter of when (not if) a major security issue will occur and cost them not only dollars, but reputation as well.

Cloud-based security is not just a benefit for SMBs.  The residual benefit of cloud security is that IT no longer has to be in the Identity Management business, but still reap all the benefits and efficiencies. No more time dedicated to resetting passwords or setting up role based access every time someone is hired, fired or moved. It doesn’t have to be in the log monitoring business, but still is effectively and securely protected from intrusion and attack with 24/7/365 monitoring. IT department is no longer a compiler of data, but a conduit of information and evaluator of compliance audits and reports that meet the various industry standards and government requirements.

The good news is AJ is slotting cloud security migration for his 2013 budget. So I just may let him win the next time we hit the links…but don’t tell him that!

More Stories By Kevin Nikkhoo

With more than 32 years of experience in information technology, and an extensive and successful entrepreneurial background, Kevin Nikkhoo is the CEO of the dynamic security-as-a-service startup Cloud Access. CloudAccess is at the forefront of the latest evolution of IT asset protection--the cloud.

Kevin holds a Bachelor of Science in Computer Engineering from McGill University, Master of Computer Engineering at California State University, Los Angeles, and an MBA from the University of Southern California with emphasis in entrepreneurial studies.

@ThingsExpo Stories

ARMONK, N.Y., Nov. 20, 2014 /PRNewswire/ --  IBM (NYSE: IBM) today announced that it is bringing a greater level of control, security and flexibility to cloud-based application development and delivery with a single-tenant version of Bluemix, IBM's platform-as-a-service. The new platform enables developers to build ap...

Building low-cost wearable devices can enhance the quality of our lives. In his session at Internet of @ThingsExpo, Sai Yamanoor, Embedded Software Engineer at Altschool, provided an example of putting together a small keychain within a $50 budget that educates the user about the air quality in their surroundings. He also provided examples such as building a wearable device that provides transit or recreational information. He then reviewed the resources available to build wearable devices at home including open source hardware, the raw materials required and the options available to power s...
The Internet of Things promises to transform businesses (and lives), but navigating the business and technical path to success can be difficult to understand. In his session at @ThingsExpo, Sean Lorenz, Technical Product Manager for Xively at LogMeIn, demonstrated how to approach creating broadly successful connected customer solutions using real world business transformation studies including New England BioLabs and more.
Since 2008 and for the first time in history, more than half of humans live in urban areas, urging cities to become “smart.” Today, cities can leverage the wide availability of smartphones combined with new technologies such as Beacons or NFC to connect their urban furniture and environment to create citizen-first services that improve transportation, way-finding and information delivery. In her session at @ThingsExpo, Laetitia Gazel-Anthoine, CEO of Connecthings, will focus on successful use cases.
Enthusiasm for the Internet of Things has reached an all-time high. In 2013 alone, venture capitalists spent more than $1 billion dollars investing in the IoT space. With "smart" appliances and devices, IoT covers wearable smart devices, cloud services to hardware companies. Nest, a Google company, detects temperatures inside homes and automatically adjusts it by tracking its user's habit. These technologies are quickly developing and with it come challenges such as bridging infrastructure gaps, abiding by privacy concerns and making the concept a reality. These challenges can't be addressed w...
The Domain Name Service (DNS) is one of the most important components in networking infrastructure, enabling users and services to access applications by translating URLs (names) into IP addresses (numbers). Because every icon and URL and all embedded content on a website requires a DNS lookup loading complex sites necessitates hundreds of DNS queries. In addition, as more internet-enabled ‘Things' get connected, people will rely on DNS to name and find their fridges, toasters and toilets. According to a recent IDG Research Services Survey this rate of traffic will only grow. What's driving t...
The Internet of Things is a misnomer. That implies that everything is on the Internet, and that simply should not be - especially for things that are blurring the line between medical devices that stimulate like a pacemaker and quantified self-sensors like a pedometer or pulse tracker. The mesh of things that we manage must be segmented into zones of trust for sensing data, transmitting data, receiving command and control administrative changes, and peer-to-peer mesh messaging. In his session at @ThingsExpo, Ryan Bagnulo, Solution Architect / Software Engineer at SOA Software, focused on desi...
"For over 25 years we have been working with a lot of enterprise customers and we have seen how companies create applications. And now that we have moved to cloud computing, mobile, social and the Internet of Things, we see that the market needs a new way of creating applications," stated Jesse Shiah, CEO, President and Co-Founder of AgilePoint Inc., in this SYS-CON.tv interview at 15th Cloud Expo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
The Industrial Internet revolution is now underway, enabled by connected machines and billions of devices that communicate and collaborate. The massive amounts of Big Data requiring real-time analysis is flooding legacy IT systems and giving way to cloud environments that can handle the unpredictable workloads. Yet many barriers remain until we can fully realize the opportunities and benefits from the convergence of machines and devices with Big Data and the cloud, including interoperability, data security and privacy.
The Internet of Things is tied together with a thin strand that is known as time. Coincidentally, at the core of nearly all data analytics is a timestamp. When working with time series data there are a few core principles that everyone should consider, especially across datasets where time is the common boundary. In his session at Internet of @ThingsExpo, Jim Scott, Director of Enterprise Strategy & Architecture at MapR Technologies, discussed single-value, geo-spatial, and log time series data. By focusing on enterprise applications and the data center, he will use OpenTSDB as an example t...
The industrial software market has treated data with the mentality of “collect everything now, worry about how to use it later.” We now find ourselves buried in data, with the pervasive connectivity of the (Industrial) Internet of Things only piling on more numbers. There’s too much data and not enough information. In his session at @ThingsExpo, Bob Gates, Global Marketing Director, GE’s Intelligent Platforms business, to discuss how realizing the power of IoT, software developers are now focused on understanding how industrial data can create intelligence for industrial operations. Imagine ...
Cultural, regulatory, environmental, political and economic (CREPE) conditions over the past decade are creating cross-industry solution spaces that require processes and technologies from both the Internet of Things (IoT), and Data Management and Analytics (DMA). These solution spaces are evolving into Sensor Analytics Ecosystems (SAE) that represent significant new opportunities for organizations of all types. Public Utilities throughout the world, providing electricity, natural gas and water, are pursuing SmartGrid initiatives that represent one of the more mature examples of SAE. We have s...
There is no doubt that Big Data is here and getting bigger every day. Building a Big Data infrastructure today is no easy task. There are an enormous number of choices for database engines and technologies. To make things even more challenging, requirements are getting more sophisticated, and the standard paradigm of supporting historical analytics queries is often just one facet of what is needed. As Big Data growth continues, organizations are demanding real-time access to data, allowing immediate and actionable interpretation of events as they happen. Another aspect concerns how to deliver ...
Scott Jenson leads a project called The Physical Web within the Chrome team at Google. Project members are working to take the scalability and openness of the web and use it to talk to the exponentially exploding range of smart devices. Nearly every company today working on the IoT comes up with the same basic solution: use my server and you'll be fine. But if we really believe there will be trillions of these devices, that just can't scale. We need a system that is open a scalable and by using the URL as a basic building block, we open this up and get the same resilience that the web enjoys.
The Internet of Things will greatly expand the opportunities for data collection and new business models driven off of that data. In her session at @ThingsExpo, Esmeralda Swartz, CMO of MetraTech, discussed how for this to be effective you not only need to have infrastructure and operational models capable of utilizing this new phenomenon, but increasingly service providers will need to convince a skeptical public to participate. Get ready to show them the money!
The 3rd International Internet of @ThingsExpo, co-located with the 16th International Cloud Expo - to be held June 9-11, 2015, at the Javits Center in New York City, NY - announces that its Call for Papers is now open. The Internet of Things (IoT) is the biggest idea since the creation of the Worldwide Web more than 20 years ago.
Cloud Expo 2014 TV commercials will feature @ThingsExpo, which was launched in June, 2014 at New York City's Javits Center as the largest 'Internet of Things' event in the world.
"People are a lot more knowledgeable about APIs now. There are two types of people who work with APIs - IT people who want to use APIs for something internal and the product managers who want to do something outside APIs for people to connect to them," explained Roberto Medrano, Executive Vice President at SOA Software, in this SYS-CON.tv interview at Cloud Expo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
SYS-CON Media announced that Splunk, a provider of the leading software platform for real-time Operational Intelligence, has launched an ad campaign on Big Data Journal. Splunk software and cloud services enable organizations to search, monitor, analyze and visualize machine-generated big data coming from websites, applications, servers, networks, sensors and mobile devices. The ads focus on delivering ROI - how improved uptime delivered $6M in annual ROI, improving customer operations by mining large volumes of unstructured data, and how data tracking delivers uptime when it matters most.
DevOps Summit 2015 New York, co-located with the 16th International Cloud Expo - to be held June 9-11, 2015, at the Javits Center in New York City, NY - announces that it is now accepting Keynote Proposals. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long development cycles that produce software that is obsolete at launch. DevOps may be disruptive, but it is essential.