Welcome!

Containers Expo Blog Authors: Flint Brenton, Elizabeth White, Automic Blog, XebiaLabs Blog, Yeshim Deniz

Blog Feed Post

Top 5 Best Practices for Cloud Security

cloud security best practices Cloud Security Cloud Encryption  security daily Top 5 Best Practices for Cloud SecurityCloud computing security issues are constantly a top concern for IT leaders migrating to the cloud. There are many issues related to data security in the cloud and more than one approach to cloud security. Focusing on Infrastructure as a Service cloud security, there are five issues that repeatedly concern customers that are resolved by implementing the best practices discussed at a high level below. Cloud security best practices are technology related, but also focuses on P3: Process, People, Products.

1.     Choose your cloud wisely


Infrastructure clouds come in many variations. Some are big (like Amazon Web Services, Microsoft Azure, Google, or HP) and some are smaller but more focused on specific needs such as addressing compliance (Firehost and Layered Technologies are two examples, but there are many more).

A cross-platform concern in every Infrastructure as a Service (IaaS) deployment is that data security is a shared responsibility. When shortlisting cloud providers, make sure specific certification such as ISO 27001 or SOC3 are in place. If you have specific regulatory concerns such as HIPAA safe harbor or PCI DSS compliance, ensure your cloud provider can support these specific requirements. Ask to speak with customers with a similar use case and similar size (or bigger). Learn from their lessons and make a decision accordingly.

2.     Encrypt your data

As we’ve written before, encryption becomes your virtual walls in a cloud deployment. In your datacenter, your physical servers are protected by the 4 walls and the tight access security policy. In a shared cloud infrastructure, those measures are basically nonexistent.

This is where data encryption steps in. Data encryption allows you to segregate and isolate your environment from other companies (or adversaries) running on the same infrastructure. Data encryption in the cloud takes multiple forms: some more secure than others.

Freeware encryption tools might seem attractive at first, but they have two major issues:

  1. They don’t scale well
  2. In many cases, the encryption key is stored on the virtual disk along with the encrypted data, which renders the entire solution useless.

In a compliance use case, these drawbacks might pose serious issues.

Research and test more than one encryption solution, and learn carefully about the security posture of the encryption provider.

3.     Focus on encryption keys

Although it sounds strange at first, cloud encryption can be easily achieved. The challenge lies=s not with the actual encryption, but with the encryption keys.

The Heartbleed bug, discovered a few weeks ago, exposed a weakness in Open SSL’s SSL/TLS protocol, allowing anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. As a result, many encrypted servers in the cloud unknowingly exposed their encryption key, which resided in memory of a server impacted by heartbleed.

To mitigate with such sophisticated attack vectors, the encryption keys should be secured throughout their life cycle: while in the key management system and while in use in the cloud. Emerging technologies such as split-key encryption and homomorphic key management can be used to avoid such attacks.

When researching encryption and key management technologies, look for cloud-enabled innovative technologies, and verify how encryption keys are managed and secure throughout the life cycle of the key usage.

4.     Automate cloud security as much as possible

One of the clouds’ most important benefits is its ability to automatically scale an infrastructure environment up or down, in a single geography or across multiple geographies. When it comes to cloud security, the paradigm shifts. You’ll hear experts telling you about the need to “keep security under your control,” and that security automation means sacrificing trust.

While true for traditional security systems, new – cloud based – security solutions do enable automation using secure, RESTful API tools.

Automating data security actually reduces risk and configuration mistakes. Assuming the software vendor can prove automation is done securely, it is a best practice for IaaS cloud security.

5.     Train your employees

Implementing the latest and greatest security toys is fun. Training employees may not seem as exciting. Yet, in many cases, a trained employee will be more efficient in stopping an attack than most technologies. (Art Gilliland gave a great pitch on “defense in depth” during RSA 2014 – see the video here).

A common modern attack pattern would start by identifying and infiltrating privileged users’ accounts (such as database administrator, or system administrators), and once access is gained, getting to end user data stored on those databases becomes a much simpler task for the attacker.

By educating users on risks and security best practices, the access of the attacker can be avoided. In addition, the cloud brings additional potential attack vectors, such as disk snapshots, or identity theft to the online portal, managing all servers. When training employees, always keep cloud in mind, together with your business tools and processes.

Cloud Security Best Practices Lead to Successful Deployments
There are many considerations surrounding cloud security. These best practices do not eliminate the risks or remove the need to always be kept abreast of the latest development. They do, however, ensure that your cloud will be more secure and enable you to comply with laws and industry regulations while taking advantage of the many business benefits of the cloud. Much of this, when explored from such a high level seems like common sense, and yet, the news is filled with stories of companies large and small who failed to properly manage their encryption keys or permitted their employees or vendors to enable access by attackers (a la recent breaches at Ebay and Target). Implementing these best practices will ensure that yours isn’t listed among the news-making breaches.

cloud security best practices Cloud Security Cloud Encryption  333333 Top 5 Best Practices for Cloud Security

The post Top 5 Best Practices for Cloud Security appeared first on Porticor Cloud Security.

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.

@ThingsExpo Stories
Bert Loomis was a visionary. This general session will highlight how Bert Loomis and people like him inspire us to build great things with small inventions. In their general session at 19th Cloud Expo, Harold Hannon, Architect at IBM Bluemix, and Michael O'Neill, Strategic Business Development at Nvidia, discussed the accelerating pace of AI development and how IBM Cloud and NVIDIA are partnering to bring AI capabilities to "every day," on-demand. They also reviewed two "free infrastructure" pr...
The explosion of new web/cloud/IoT-based applications and the data they generate are transforming our world right before our eyes. In this rush to adopt these new technologies, organizations are often ignoring fundamental questions concerning who owns the data and failing to ask for permission to conduct invasive surveillance of their customers. Organizations that are not transparent about how their systems gather data telemetry without offering shared data ownership risk product rejection, regu...
The Internet of Things is clearly many things: data collection and analytics, wearables, Smart Grids and Smart Cities, the Industrial Internet, and more. Cool platforms like Arduino, Raspberry Pi, Intel's Galileo and Edison, and a diverse world of sensors are making the IoT a great toy box for developers in all these areas. In this Power Panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists discussed what things are the most important, which will have the most profound e...
@ThingsExpo has been named the Most Influential ‘Smart Cities - IIoT' Account and @BigDataExpo has been named fourteenth by Right Relevance (RR), which provides curated information and intelligence on approximately 50,000 topics. In addition, Right Relevance provides an Insights offering that combines the above Topics and Influencers information with real time conversations to provide actionable intelligence with visualizations to enable decision making. The Insights service is applicable to eve...
SYS-CON Events announced today that Grape Up will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct. 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Grape Up is a software company specializing in cloud native application development and professional services related to Cloud Foundry PaaS. With five expert teams that operate in various sectors of the market across the U.S. and Europe, Grape Up works with a variety of customers from emergi...
SYS-CON Events announced today that Hitachi, the leading provider the Internet of Things and Digital Transformation, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Hitachi Data Systems, a wholly owned subsidiary of Hitachi, Ltd., offers an integrated portfolio of services and solutions that enable digital transformation through enhanced data management, governance, mobility and analytics. We help globa...
In his keynote at @ThingsExpo, Chris Matthieu, Director of IoT Engineering at Citrix and co-founder and CTO of Octoblu, focused on building an IoT platform and company. He provided a behind-the-scenes look at Octoblu’s platform, business, and pivots along the way (including the Citrix acquisition of Octoblu).
SYS-CON Events announced today that SoftLayer, an IBM Company, has been named “Gold Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. SoftLayer, an IBM Company, provides cloud infrastructure as a service from a growing number of data centers and network points of presence around the world. SoftLayer’s customers range from Web startups to global enterprises.
Multiple data types are pouring into IoT deployments. Data is coming in small packages as well as enormous files and data streams of many sizes. Widespread use of mobile devices adds to the total. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists will look at the tools and environments that are being put to use in IoT deployments, as well as the team skills a modern enterprise IT shop needs to keep things running, get a handle on all this data, and deli...
20th Cloud Expo, taking place June 6-8, 2017, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy.
SYS-CON Events announced today that Super Micro Computer, Inc., a global leader in compute, storage and networking technologies, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Supermicro (NASDAQ: SMCI), the leading innovator in high-performance, high-efficiency server technology, is a premier provider of advanced server Building Block Solutions® for Data Center, Cloud Computing, Enterprise IT, Hadoop/...
Amazon has gradually rolled out parts of its IoT offerings in the last year, but these are just the tip of the iceberg. In addition to optimizing their back-end AWS offerings, Amazon is laying the ground work to be a major force in IoT – especially in the connected home and office. Amazon is extending its reach by building on its dominant Cloud IoT platform, its Dash Button strategy, recently announced Replenishment Services, the Echo/Alexa voice recognition control platform, the 6-7 strategic...
Judith Hurwitz is president and CEO of Hurwitz & Associates, a Needham, Mass., research and consulting firm focused on emerging technology, including big data, cognitive computing and governance. She is co-author of the book Cognitive Computing and Big Data Analytics, published in 2015. Her Cloud Expo session, "What Is the Business Imperative for Cognitive Computing?" is scheduled for Wednesday, June 8, at 8:40 a.m. In it, she puts cognitive computing into perspective with its value to the busin...
Cognitive Computing is becoming the foundation for a new generation of solutions that have the potential to transform business. Unlike traditional approaches to building solutions, a cognitive computing approach allows the data to help determine the way applications are designed. This contrasts with conventional software development that begins with defining logic based on the current way a business operates. In her session at 18th Cloud Expo, Judith S. Hurwitz, President and CEO of Hurwitz & ...
Financial Technology has become a topic of intense interest throughout the cloud developer and enterprise IT communities. Accordingly, attendees at the upcoming 20th Cloud Expo at the Javits Center in New York, June 6-8, 2017, will find fresh new content in a new track called FinTech.
SYS-CON Events announced today that Interoute, owner-operator of one of Europe's largest networks and a global cloud services platform, has been named “Bronze Sponsor” of SYS-CON's 20th Cloud Expo, which will take place on June 6-8, 2017 at the Javits Center in New York, New York. Interoute is the owner-operator of one of Europe's largest networks and a global cloud services platform which encompasses 12 data centers, 14 virtual data centers and 31 colocation centers, with connections to 195 add...
The age of Digital Disruption is evolving into the next era – Digital Cohesion, an age in which applications securely self-assemble and deliver predictive services that continuously adapt to user behavior. Information from devices, sensors and applications around us will drive services seamlessly across mobile and fixed devices/infrastructure. This evolution is happening now in software defined services and secure networking. Four key drivers – Performance, Economics, Interoperability and Trust ...
Grape Up is a software company, specialized in cloud native application development and professional services related to Cloud Foundry PaaS. With five expert teams that operate in various sectors of the market across the USA and Europe, we work with a variety of customers from emerging startups to Fortune 1000 companies.
Cybersecurity is a critical component of software development in many industries including medical devices. However, code is not always written to be robust or secure from the unknown or the unexpected. This gap can make medical devices susceptible to cybersecurity attacks ranging from compromised personal health information to life-sustaining treatment. In his session at @ThingsExpo, Clark Fortney, Software Engineer at Battelle, will discuss how programming oversight using key methods can incre...
SYS-CON Events announced today that Super Micro Computer, Inc., a global leader in compute, storage and networking technologies, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Supermicro (NASDAQ: SMCI), the leading innovator in high-performance, high-efficiency server technology, is a premier provider of advanced server Building Block Solutions® for Data Center, Cloud Computing, Enterprise IT, Hadoop/...