Welcome!

Big Data Journal Authors: Elizabeth White, Liz McMillan, John Savageau, Nitin Bandugula, Carmen Gonzalez

Related Topics: Cloud Expo, Java, SOA & WOA, Linux, Security, Big Data Journal

Cloud Expo: Article

Common Gotchas: Cloud Security Problems to Avoid

For organizations looking to adopt the cloud, securing sensitive information outside the corporate perimeter isn’t as daunting

Cloud computing security can be a conundrum. The point of using the public cloud is to outsource certain infrastructure and application needs to third party providers, after all. How can you secure your data once it leaves your perimeter and your control? As puzzling as it may seem, there is hope.

Luckily for organizations looking to adopt the cloud, securing sensitive information outside the corporate perimeter isn't as daunting (or as impossible) as it may appear. Technologies exist to enable cloud computing security strong enough for companies to remain in compliance while taking full advantage of the flexibility, agility, and economies of scale of the cloud. Avoid these common pitfalls for a secure cloud experience.

Pitfall 1: Assuming that responsibility for cloud computing security rests with your CSP
If your cloud service provider is the one housing your data, then doesn't responsibility (and legal liability) rest with them when it comes to cloud computing security?

It stands to reason but isn't true. While recent revisions to data privacy regulations like HIPAA do specify that third-party contractors bear some responsibility for data security - and while CSPs take security very seriously - that doesn't shift the burden from covered entities at all. In the event of a breach of your organization's data, your organization will still be held liable and still have to make a public breach disclosure. Look for ways to retain control over the privacy and integrity of your data no matter which CSP you choose.

Pitfall 2: Not encrypting enough
Your key vulnerability lies in the public Internet connections that data has to traverse between your perimeter and your CSPs, right?

Not quite, and therefore encryption in transit isn't enough. Encryption in transit is a cloud computing security standard, of course. It protects data from would-be eavesdroppers while that data's en route from your premises to the CSPs. Data should always be encrypted in transit.

But encryption in transit is only one part of the story. Last year, the NSA's MUSCULAR program made waves when the news came out that the agency had tapped directly into Google and Yahoo internal networks in order to intercept data as it moved between their data centers. Encryption in transit wouldn't be much help there. Choose a cloud data encryption solution that will protect your data every step of the way - in transit to the cloud, at rest in the cloud, and even while in motion or in use in the cloud.

Pitfall 3: Forgetting your neighbors
As one of many customers of a public cloud provider, you're analogous to a renter in an apartment complex. Multi-tenancy can raise cloud computing security issues. Fortunately, taking steps to secure your data addresses those issues. Choose a cloud data encryption solution that gives your organization exclusive access to the encryption keys. This way, even if your data is inadvertently leaked or disclosed, no one can read it or do anything with it without your knowledge and consent.

Cloud computing security concerns can make companies hesitant to adopt the cloud, but they don't need to be. There is a solution to the data privacy challenges created by the cloud, and that solution is control. Maintain control of your data from the moment it leaves your perimeter throughout its life cycle in the cloud and maintain control of your encryption keys, and your data can remain safe no matter where it roams.

More Stories By Paige Leidig

Paige Leidig is SVP at CipherCloud. He has 20 years of experience in technology, marketing, and selling enterprise application solutions and managing trusted customer relationships. As SVP of Marketing, he is responsible for all aspects of marketing at CipherCloud. Paige was previously in the Office of the CEO at SAP, where he was responsible for leading and coordinating SAP’s acquisition and integration activities on a global basis. He has managed a number of marketing initiatives at SAP, including responsibility for all go-to-market activities for SAP’s Cloud applications portfolio. Preceding his SAP career, Paige held senior management positions with Ariba, Elance, and E*Trade.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@BigDataExpo Stories
SYS-CON Media announced that Cisco, a worldwide leader in IT that helps companies seize the opportunities of tomorrow, has launched a new ad campaign in Cloud Computing Journal. The ad campaign, a webcast titled 'Is Your Data Center Ready for the Application Economy?', focuses on the latest data center networking technologies, including SDN or ACI, and how customers are using SDN and ACI in their organizations to achieve business agility. The Cisco webcast is available on-demand.
Datapipe has acquired GoGrid, a provider of multi-cloud solutions for Big Data deployments. GoGrid’s proprietary orchestration and automation technologies provide 1-Button deployment for Big Data solutions that speed creation and results of new cloud projects. “GoGrid has made it easy for companies to stand up Big Data solutions quickly,” said Robb Allen, CEO, Datapipe. “Datapipe customers will achieve significant value from the speed at which we can now create new Big Data projects in the clou...
Dale Kim is the Director of Industry Solutions at MapR. His background includes a variety of technical and management roles at information technology companies. While his experience includes work with relational databases, much of his career pertains to non-relational data in the areas of search, content management, and NoSQL, and includes senior roles in technical marketing, sales engineering, and support engineering. Dale holds an MBA from Santa Clara University, and a BA in Computer Science f...
The Internet of Things (IoT) is rapidly in the process of breaking from its heretofore relatively obscure enterprise applications (such as plant floor control and supply chain management) and going mainstream into the consumer space. More and more creative folks are interconnecting everyday products such as household items, mobile devices, appliances and cars, and unleashing new and imaginative scenarios. We are seeing a lot of excitement around applications in home automation, personal fitness,...
The Internet of Things (IoT) promises to evolve the way the world does business; however, understanding how to apply it to your company can be a mystery. Most people struggle with understanding the potential business uses or tend to get caught up in the technology, resulting in solutions that fail to meet even minimum business goals. In his session at @ThingsExpo, Jesse Shiah, CEO / President / Co-Founder of AgilePoint Inc., showed what is needed to leverage the IoT to transform your business. ...
SYS-CON Events announced today that CodeFutures, a leading supplier of database performance tools, has been named a “Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place on June 9–11, 2015, at the Javits Center in New York, NY. CodeFutures is an independent software vendor focused on providing tools that deliver database performance tools that increase productivity during database development and increase database performance and scalability during production.
Things are being built upon cloud foundations to transform organizations. This CEO Power Panel at 15th Cloud Expo, moderated by Roger Strukhoff, Cloud Expo and @ThingsExpo conference chair, addressed the big issues involving these technologies and, more important, the results they will achieve. Rodney Rogers, chairman and CEO of Virtustream; Brendan O'Brien, co-founder of Aria Systems, Bart Copeland, president and CEO of ActiveState Software; Jim Cowie, chief scientist at Dyn; Dave Wagstaff, VP ...
“We help people build clusters, in the classical sense of the cluster. We help people put a full stack on top of every single one of those machines. We do the full bare metal install," explained Greg Bruno, Vice President of Engineering and co-founder of StackIQ, in this SYS-CON.tv interview at 15th Cloud Expo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
"People are a lot more knowledgeable about APIs now. There are two types of people who work with APIs - IT people who want to use APIs for something internal and the product managers who want to do something outside APIs for people to connect to them," explained Roberto Medrano, Executive Vice President at SOA Software, in this SYS-CON.tv interview at Cloud Expo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
Performance is the intersection of power, agility, control, and choice. If you value performance, and more specifically consistent performance, you need to look beyond simple virtualized compute. Many factors need to be considered to create a truly performant environment. In his General Session at 15th Cloud Expo, Harold Hannon, Sr. Software Architect at SoftLayer, discussed how to take advantage of a multitude of compute options and platform features to make cloud the cornerstone of your onlin...
Hardware will never be more valuable than on the day it hits your loading dock. Each day new servers are not deployed to production the business is losing money. While Moore's Law is typically cited to explain the exponential density growth of chips, a critical consequence of this is rapid depreciation of servers. The hardware for clustered systems (e.g., Hadoop, OpenStack) tends to be significant capital expenses. In his session at Big Data Expo, Mason Katz, CTO and co-founder of StackIQ, disc...
SYS-CON Media announced that Splunk, a provider of the leading software platform for real-time Operational Intelligence, has launched an ad campaign on Big Data Journal. Splunk software and cloud services enable organizations to search, monitor, analyze and visualize machine-generated big data coming from websites, applications, servers, networks, sensors and mobile devices. The ads focus on delivering ROI - how improved uptime delivered $6M in annual ROI, improving customer operations by minin...
Software Defined Storage provides many benefits for customers including agility, flexibility, faster adoption of new technology and cost effectiveness. However, for IT organizations it can be challenging and complex to build your Enterprise Grade Storage from software. In his session at Cloud Expo, Paul Turner, CMO at Cloudian, looked at the new Original Design Manufacturer (ODM) market and how it is changing the storage world. Now Software Defined Storage companies can build Enterprise grade ...
Companies today struggle to manage the types and volume of data their customers and employees generate and use every day. With billions of requests daily, operational consistency can be elusive. In his session at Big Data Expo, Dave McCrory, CTO at Basho Technologies, will explore how a distributed systems solution, such as NoSQL, can give organizations the consistency and availability necessary to succeed with on-demand data, offering high availability at massive scale.
Vormetric on Wednesday announced the results of its 2015 Insider Threat Report (ITR), conducted online on their behalf by Harris Poll and in conjunction with analyst firm Ovum in fall 2014 among 818 IT decision makers in various countries, including 408 in the United States. The report details striking findings around how U.S. and international enterprises perceive security threats, the types of employees considered most dangerous, environments at the greatest risk for data loss and the steps or...
CodeFutures has announced Dan Lynn as its new CEO. Lynn assumes the role from Founder Cory Isaacson, who has joined RMS and will now serve as chairman of CodeFutures. Lynn brings more than 14 years of advanced technology and business success experience, and will help CodeFutures build on its industry leadership around its Agile Big Data initiatives. His technical expertise will be invaluable in advancing CodeFutures’ AgilData platform and new processes for streamlining and gaining value from gro...
Cloud and Big Data present unique dilemmas: embracing the benefits of these new technologies while maintaining the security of your organization's assets. When an outside party owns, controls and manages your infrastructure and computational resources, how can you be assured that sensitive data remains private and secure? How do you best protect data in mixed use cloud and big data infrastructure sets? Can you still satisfy the full range of reporting, compliance and regulatory requirements? In...
SYS-CON Events announced today that ActiveState, the leading independent Cloud Foundry and Docker-based PaaS provider, has been named “Silver Sponsor” of SYS-CON's DevOps Summit New York, which will take place June 9-11, 2015, at the Javits Center in New York City, NY. ActiveState believes that enterprises gain a competitive advantage when they are able to quickly create, deploy and efficiently manage software solutions that immediately create business value, but they face many challenges that ...
We certainly live in interesting technological times. And no more interesting than the current competing IoT standards for connectivity. Various standards bodies, approaches, and ecosystems are vying for mindshare and positioning for a competitive edge. It is clear that when the dust settles, we will have new protocols, evolved protocols, that will change the way we interact with devices and infrastructure. We will also have evolved web protocols, like HTTP/2, that will be changing the very core...
Cloud services are the newest tool in the arsenal of IT products in the market today. These cloud services integrate process and tools. In order to use these products effectively, organizations must have a good understanding of themselves and their business requirements. In his session at 15th Cloud Expo, Brian Lewis, Principal Architect at Verizon Cloud, outlined key areas of organizational focus, and how to formalize an actionable plan when migrating applications and internal services to the ...