Welcome!

@BigDataExpo Authors: Liz McMillan, Jeev Trika, Jayaram Krishnaswamy, Elizabeth White, Pat Romanski

Related Topics: Cloud Security, Java IoT, Microservices Expo, Linux Containers, @CloudExpo, @BigDataExpo

Cloud Security: Blog Feed Post

2014 Business Technology Security Threat Assessment

Epidemic threats come from all perimeters, and are often hidden in poorly configured IT account settings or permissions

If you thought that cyber security threats were troubling in 2013, then you should brace yourself for the onslaught that's very likely in 2014. A new generation of security threats stemming from progressive business technology trends -- such as BYOD, mobility and cloud services adoption -- will expose organizations to a multitude of new risks.

According to the findings of a global security survey sponsored by Dell, the majority of IT leaders around the world say they don’t view these threats as top security concerns and they're not prioritizing how to find and address them across the many points of origin.

Apparently, what you don't know can be very harmful. When respondents were asked to look at long term priorities, only 37 percent ranked "unknown threats" as a top security concern in the next five years.

Epidemic threats come from all perimeters, and are often hidden in poorly configured IT account settings or permissions, and ineffective data governance, access management and mainstream employee usage policies.

“Traditional security solutions can defend against malware and known vulnerabilities, but are generally ineffective in this new era of stealthy, unknown threats from both outside and inside the organization. These threats evade detection, bypass security controls, and wreak havoc on an organization’s network, applications, and data. But despite these dangers, our study found, among those surveyed, organizations are just not prepared," said Matt Medeiros, vice president and general manager, Dell Security Products.

Key findings from the market study include:

  • 64 percent of respondents agree that organizations will need to restructure/reorganize their IT processes, and be more collaborative with other departments to stay ahead of the next security threat. Of those surveyed in the United States, 85 percent said this approach is needed, contrasting with the U.K. (43 percent) and Canada (45 percent), which were the least convinced this would be necessary.
  • Nearly 90 percent of respondents believe government should be involved in determining organizations’ cyber defense strategies, and 78 percent in the Unites States think the federal government plays a positive role in protecting organizations against both internal and external threats, which underscores the need for strong leadership and guidance from public sector organizations in helping secure the private sector.

Beware of Unknown Security Threats
The dramatic spike in social engineering, malicious and/or accidental internal attacks, as well as sophisticated, advanced persistent threats means the organization is vulnerable from all directions.

According to the Dell assessment, all stakeholders must immediately take action to strengthen access to points inside and outside the perimeter, and help users prevent such attacks.

  • 67 percent of survey respondents say they have increased funds spent on education and training of employees in the past 12 months; 50 percent believe security training for both new and current employees is a priority.
  • 54 percent have increased spending in monitoring services over the past year; this number rises to 72 percent in the United States.

Among the IT decision-makers surveyed, bring your own device (BYOD) programs, cloud and the Internet were the top areas of concern for security threats.

  • BYOD ─ A sizable number of respondents highlighted mobility as the root cause of a breach, with increased mobility and user choice flooding networks with access devices that provide many paths for exposing data and applications to risk.
  • 93 percent of organizations surveyed allow personal devices for work. 31 percent of end users access the network on personal devices (37 percent in the United States).
  • 44 percent of respondents said instituting policies for BYOD security is of high importance in preventing security breaches.
  • 57 percent ranked increased use of mobile devices as a top security concern in the next five years (71 percent in the U.K.).
  • 24 percent said misuse of mobile devices/operating system vulnerabilities is the root cause of security breaches.
  • Cloud ─ Many organizations today use cloud computing, potentially introducing unknown security threats that lead to targeted attacks on organizational data and applications. Survey findings prove these stealthy threats come with high risk.
  • 73 percent of respondents report their organizations currently use cloud (90 percent in the United States).
  • Nearly half (49 percent) ranked increased use of cloud as a top security concern in the next five years, suggesting unease for the future as only 22 percent said moving data to the cloud was a top security concern today.
  • In organizations where security is a top priority for next year, 86 percent are using cloud.
  • 21 percent said cloud apps or service usage are the root cause of their security breaches
  • Internet ─ The significance of the unknown threats that result from heavy use of Internet communication and distributed networks is evidenced by the 63 percent of respondents who ranked increased reliance upon internet and browser-based applications as a top concern in the next five years.
  • More than one-fifth of respondents consider infection from untrusted remote access (public wifi) among the top three security concerns for their organization.
  • 47 percent identified malware, viruses and intrusions often available through web apps, OS patching issues, and other application-related vulnerabilities as the root causes of breaches.
  • 70 percent are currently using email security to prevent outsider attacks from accessing the network via their email channel.

Read the original blog entry...

More Stories By David H Deans

David H. Deans is the Managing Director at the GeoActive Group. He has more than 25 years of experience in the Technology, Media and Telecom sectors.

@BigDataExpo Stories
The vision of a connected smart home is becoming reality with the application of integrated wireless technologies in devices and appliances. The use of standardized and TCP/IP networked wireless technologies in line-powered and battery operated sensors and controls has led to the adoption of radios in the 2.4GHz band, including Wi-Fi, BT/BLE and 802.15.4 applied ZigBee and Thread. This is driving the need for robust wireless coexistence for multiple radios to ensure throughput performance and th...
SYS-CON Events announced today that Commvault, a global leader in enterprise data protection and information management, has been named “Bronze Sponsor” of SYS-CON's 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Commvault is a leading provider of data protection and information management solutions, helping companies worldwide activate their data to drive more value and business insight and to transform moder...
If you’re responsible for an application that depends on the data or functionality of various IoT endpoints – either sensors or devices – your brand reputation depends on the security, reliability, and compliance of its many integrated parts. If your application fails to deliver the expected business results, your customers and partners won't care if that failure stems from the code you developed or from a component that you integrated. What can you do to ensure that the endpoints work as expect...
An IoT product’s log files speak volumes about what’s happening with your products in the field, pinpointing current and potential issues, and enabling you to predict failures and save millions of dollars in inventory. But until recently, no one knew how to listen. In his session at @ThingsExpo, Dan Gettens, Chief Research Officer at OnProcess, will discuss recent research by Massachusetts Institute of Technology and OnProcess Technology, where MIT created a new, breakthrough analytics model f...
SYS-CON Events announced today that Bsquare has been named “Silver Sponsor” of SYS-CON's @ThingsExpo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. For more than two decades, Bsquare has helped its customers extract business value from a broad array of physical assets by making them intelligent, connecting them, and using the data they generate to optimize business processes.
Technology vendors and analysts are eager to paint a rosy picture of how wonderful IoT is and why your deployment will be great with the use of their products and services. While it is easy to showcase successful IoT solutions, identifying IoT systems that missed the mark or failed can often provide more in the way of key lessons learned. In his session at @ThingsExpo, Peter Vanderminden, Principal Industry Analyst for IoT & Digital Supply Chain to Flatiron Strategies, will focus on how IoT de...
Most of us already know that adopting new cloud applications can boost a business’s productivity by enabling organizations to be more agile and ready to change course in our fast-moving and connected digital world. But the rapid adoption of cloud apps and services also brings with it profound security threats, including visibility and control challenges that aren’t present in traditional on-premises environments. At the same time, the cloud – because of its interconnected, flexible and adaptable...
Digital transformation is too big and important for our future success to not understand the rules that apply to it. The first three rules for winning in this age of hyper-digital transformation are: Advantages in speed, analytics and operational tempos must be captured by implementing an optimized information logistics system (OILS) Real-time operational tempos (IT, people and business processes) must be achieved Businesses that can "analyze data and act and with speed" will dominate those t...
Information technology is an industry that has always experienced change, and the dramatic change sweeping across the industry today could not be truthfully described as the first time we've seen such widespread change impacting customer investments. However, the rate of the change, and the potential outcomes from today's digital transformation has the distinct potential to separate the industry into two camps: Organizations that see the change coming, embrace it, and successful leverage it; and...
There is growing need for data-driven applications and the need for digital platforms to build these apps. In his session at 19th Cloud Expo, Muddu Sudhakar, VP and GM of Security & IoT at Splunk, will cover different PaaS solutions and Big Data platforms that are available to build applications. In addition, AI and machine learning are creating new requirements that developers need in the building of next-gen apps. The next-generation digital platforms have some of the past platform needs a...
Without a clear strategy for cost control and an architecture designed with cloud services in mind, costs and operational performance can quickly get out of control. To avoid multiple architectural redesigns requires extensive thought and planning. Boundary (now part of BMC) launched a new public-facing multi-tenant high resolution monitoring service on Amazon AWS two years ago, facing challenges and learning best practices in the early days of the new service. In his session at 19th Cloud Exp...
SYS-CON Events announced today that Secure Channels will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. The bedrock of Secure Channels Technology is a uniquely modified and enhanced process based on superencipherment. Superencipherment is the process of encrypting an already encrypted message one or more times, either using the same or a different algorithm.
Almost two-thirds of companies either have or soon will have IoT as the backbone of their business in 2016. However, IoT is far more complex than most firms expected. How can you not get trapped in the pitfalls? In his session at @ThingsExpo, Tony Shan, a renowned visionary and thought leader, will introduce a holistic method of IoTification, which is the process of IoTifying the existing technology and business models to adopt and leverage IoT. He will drill down to the components in this fra...
I'm a lonely sensor. I spend all day telling the world how I'm feeling, but none of the other sensors seem to care. I want to be connected. I want to build relationships with other sensors to be more useful for my human. I want my human to understand that when my friends next door are too hot for a while, I'll soon be flaming. And when all my friends go outside without me, I may be left behind. Don't just log my data; use the relationship graph. In his session at @ThingsExpo, Ryan Boyd, Engi...
SYS-CON Events announced today that Pulzze Systems will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Pulzze Systems, Inc. provides infrastructure products for the Internet of Things to enable any connected device and system to carry out matched operations without programming. For more information, visit http://www.pulzzesystems.com.
DevOps at Cloud Expo – being held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA – announces that its Call for Papers is open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's largest enterprises – and delivering real results. Am...
The Internet of Things can drive efficiency for airlines and airports. In their session at @ThingsExpo, Shyam Varan Nath, Principal Architect with GE, and Sudip Majumder, senior director of development at Oracle, will discuss the technical details of the connected airline baggage and related social media solutions. These IoT applications will enhance travelers' journey experience and drive efficiency for the airlines and the airports. The session will include a working demo and a technical d...
The Transparent Cloud-computing Consortium (abbreviation: T-Cloud Consortium) will conduct research activities into changes in the computing model as a result of collaboration between "device" and "cloud" and the creation of new value and markets through organic data processing High speed and high quality networks, and dramatic improvements in computer processing capabilities, have greatly changed the nature of applications and made the storing and processing of data on the network commonplace.
Traditional on-premises data centers have long been the domain of modern data platforms like Apache Hadoop, meaning companies who build their business on public cloud were challenged to run Big Data processing and analytics at scale. But recent advancements in Hadoop performance, security, and most importantly cloud-native integrations, are giving organizations the ability to truly gain value from all their data. In his session at 19th Cloud Expo, David Tishgart, Director of Product Marketing ...
Enterprise IT has been in the era of Hybrid Cloud for some time now. But it seems most conversations about Hybrid are focused on integrating AWS, Microsoft Azure, or Google ECM into existing on-premises systems. Where is all the Private Cloud? What do technology providers need to do to make their offerings more compelling? How should enterprise IT executives and buyers define their focus, needs, and roadmap, and communicate that clearly to the providers?