Welcome!

@DXWorldExpo Authors: William Schmarzo, Rostyslav Demush, Jason Bloomberg, Greg Pierce, Stackify Blog

Related Topics: @DXWorldExpo, @CloudExpo, Cloud Security

@DXWorldExpo: Blog Feed Post

Cloud Security - 'Best Practices of the Fortune 500'

Here is some advice from the Fortune 500

Cloud Security Best Practices of the Fortune 500

enterprise encryption cloud security best practices Cloud Encryption  cloud security best practices Cloud Security Best Practices of the Fortune 500

When you plan your migration to the cloud, and the cloud security best practices to secure it, there is no need to reinvent the wheel.  Here is some advice from the Fortune 500. Use these tips to learn from others’ successes and to avoid their failures – maybe their companies can afford “valuable” learning lessons, but yours would do better heeding their advice for free.

Intel: security is a concern in both private and public clouds

enterprise encryption cloud security best practices Cloud Encryption  Intel cloud security best practices Cloud Security Best Practices of the Fortune 500Mr. Jason Waxman | General Manager | Intel | www.intel.com

The GM of Intel speaks up about the differences between data center and cloud environment.With cloud infrastructure, servers are typically virtualized and shared across multiple lines of business or even among multiple organizations rather than dedicated to specific lines of business . . . This lack of visibility . . . has people concerned because they no longer have dedicated equipment for their line of business and instead are using shared, multi-tenant resources.”

What this means for you

Waxman is explicit that an issue exists whether you are in a private cloud or a public one. If your line of business has sensitive data, segregating your project from others, within a shared infrastructure, is your responsibility. Your IT department, or a cloud provider (AWS or VMware) may share some accountability, but you must make sure to take all necessary precautions to protect your sensitive business data.  Techniques for segregating data should include segregation of network segments and encryption of data with encryption keys that are specific to a project.


HP: Regulations hold service providers more accountable

enterprise encryption cloud security best practices Cloud Encryption  HP cloud security best practices Cloud Security Best Practices of the Fortune 500Mr. Anil Katarki | Chief Information Security Officer | HP Enterprise Services | Cybersecurity for U.S. Public Sector

HP’s CISO, Mr. Katarki, argues that “perpetual preparedness is tough to maintain” partially because we don’t “have an accurate inventory of where PII is located, transmitted, or stored.” Regulatory compliance requirements with HIPAA, PCI DSS, and other regulations continue to “hold service providers more accountable with stiff penalties for noncompliance.”

What this means for you

You can definitely learn the best practices of securing your data. The healthcare industry’s HIPAA, or the financial industry’s PCI DSS, for example, will teach you:

  • Do not use vendor-supplied defaults for passwords and other security parameters.
  • Use and regularly update anti-virus software.
  • Protect data with encryption and protect cryptographic keys against disclosure and misuse.
  • Restrict access to data by business need-to-know and assign a unique ID to each person with access.
  • Track and monitor all access and regularly test security systems and processes.

IBM: Data must be protected throughout its lifecycle

enterprise encryption cloud security best practices Cloud Encryption  IBM cloud security best practices Cloud Security Best Practices of the Fortune 500Mr. Peter Evans | Director | IBM Internet Security Systems | www.ibm.com

“Today’s enterprises are looking for integrated solutions that protect the data in transit, at rest, in motion, in use, and throughout the lifecycle.”

What this means for you

It is not enough to protect your data only some of the time.  For example, have you thought about protecting your online backups as much as you protect the “live” data?

Your data security lock and chain are only as strong as their weakest link and it is your responsibility to make sure no point of the data lifecycle falls victim to weak security.

Encryption has become the best practice for ensuring lifecycle protection of data. Encryption should be applied to the network, when data is in transit, through techniques such as SSL. And it should be applied to data at rest, whether it is on the current (virtual) disk or in a backup.


Unisys: Cloud security for growth and innovation

enterprise encryption cloud security best practices Cloud Encryption  Unisys cloud security best practices Cloud Security Best Practices of the Fortune 500Mr. Nick Evans | Vice President and General Manager | Worldwide Enterprise Security | Unisys

“We believe that in today’s economy, security solutions must be thought of strategically and applied not only for risk mitigation but also for growth and innovation. This is a change in mind-set from the traditional view of security as a cost of doing business or “insurance,” merely an information protection issue.”

What this means for you

Cloud security certainly protects you from threats (malicious hackers, government eavesdroppers, employee oversight), but today, it goes a step beyond that.  Proper cloud security enables you to reduce costs, achieve regulatory compliance and a “safe harbor,” and create a brand that is committed to securing the data of its customers.


Conclusion: what the security experts want you to know

You don’t have to be a Fortune 500 company in order to think like a Fortune 500 company.  And you don’t have to spend like a Fortune 500 company to have their level of cloud security for your own apps and data. Remember (and apply!) these key principles:

  1. Intel wants you to know that private clouds are not a panacea. Segregating sensitive projects form others is essential (and can be achieved through encryption).  In virtual environments, you need virtual walls to replace the physical separations of the data center.
  2. HP reminds you that regulatory requirements have lessons we can all learn from. You should implement their safeguards to protect your data.
  3. IBM prompts you to protect all stages in the lifecycle of your data.  A hacked backup is just as dangerous as compromised “live” data.
  4. Unisys says that cloud security isn’t just about protection today, it is about building a future that is safe and compliant.

The post Cloud Security Best Practices of the Fortune 500 appeared first on Porticor Cloud Security.

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.

@BigDataExpo Stories
DX World EXPO, LLC, a Lighthouse Point, Florida-based startup trade show producer and the creator of "DXWorldEXPO® - Digital Transformation Conference & Expo" has announced its executive management team. The team is headed by Levent Selamoglu, who has been named CEO. "Now is the time for a truly global DX event, to bring together the leading minds from the technology world in a conversation about Digital Transformation," he said in making the announcement.
"Space Monkey by Vivent Smart Home is a product that is a distributed cloud-based edge storage network. Vivent Smart Home, our parent company, is a smart home provider that places a lot of hard drives across homes in North America," explained JT Olds, Director of Engineering, and Brandon Crowfeather, Product Manager, at Vivint Smart Home, in this SYS-CON.tv interview at @ThingsExpo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
SYS-CON Events announced today that Conference Guru has been named “Media Sponsor” of the 22nd International Cloud Expo, which will take place on June 5-7, 2018, at the Javits Center in New York, NY. A valuable conference experience generates new contacts, sales leads, potential strategic partners and potential investors; helps gather competitive intelligence and even provides inspiration for new products and services. Conference Guru works with conference organizers to pass great deals to gre...
In his Opening Keynote at 21st Cloud Expo, John Considine, General Manager of IBM Cloud Infrastructure, led attendees through the exciting evolution of the cloud. He looked at this major disruption from the perspective of technology, business models, and what this means for enterprises of all sizes. John Considine is General Manager of Cloud Infrastructure Services at IBM. In that role he is responsible for leading IBM’s public cloud infrastructure including strategy, development, and offering m...
"Evatronix provides design services to companies that need to integrate the IoT technology in their products but they don't necessarily have the expertise, knowledge and design team to do so," explained Adam Morawiec, VP of Business Development at Evatronix, in this SYS-CON.tv interview at @ThingsExpo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
To get the most out of their data, successful companies are not focusing on queries and data lakes, they are actively integrating analytics into their operations with a data-first application development approach. Real-time adjustments to improve revenues, reduce costs, or mitigate risk rely on applications that minimize latency on a variety of data sources. In his session at @BigDataExpo, Jack Norris, Senior Vice President, Data and Applications at MapR Technologies, reviewed best practices to ...
Widespread fragmentation is stalling the growth of the IIoT and making it difficult for partners to work together. The number of software platforms, apps, hardware and connectivity standards is creating paralysis among businesses that are afraid of being locked into a solution. EdgeX Foundry is unifying the community around a common IoT edge framework and an ecosystem of interoperable components.
"ZeroStack is a startup in Silicon Valley. We're solving a very interesting problem around bringing public cloud convenience with private cloud control for enterprises and mid-size companies," explained Kamesh Pemmaraju, VP of Product Management at ZeroStack, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Large industrial manufacturing organizations are adopting the agile principles of cloud software companies. The industrial manufacturing development process has not scaled over time. Now that design CAD teams are geographically distributed, centralizing their work is key. With large multi-gigabyte projects, outdated tools have stifled industrial team agility, time-to-market milestones, and impacted P&L stakeholders.
"Akvelon is a software development company and we also provide consultancy services to folks who are looking to scale or accelerate their engineering roadmaps," explained Jeremiah Mothersell, Marketing Manager at Akvelon, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
"Infoblox does DNS, DHCP and IP address management for not only enterprise networks but cloud networks as well. Customers are looking for a single platform that can extend not only in their private enterprise environment but private cloud, public cloud, tracking all the IP space and everything that is going on in that environment," explained Steve Salo, Principal Systems Engineer at Infoblox, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Conventio...
"IBM is really all in on blockchain. We take a look at sort of the history of blockchain ledger technologies. It started out with bitcoin, Ethereum, and IBM evaluated these particular blockchain technologies and found they were anonymous and permissionless and that many companies were looking for permissioned blockchain," stated René Bostic, Technical VP of the IBM Cloud Unit in North America, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Conventi...
In his session at 21st Cloud Expo, Carl J. Levine, Senior Technical Evangelist for NS1, will objectively discuss how DNS is used to solve Digital Transformation challenges in large SaaS applications, CDNs, AdTech platforms, and other demanding use cases. Carl J. Levine is the Senior Technical Evangelist for NS1. A veteran of the Internet Infrastructure space, he has over a decade of experience with startups, networking protocols and Internet infrastructure, combined with the unique ability to it...
22nd International Cloud Expo, taking place June 5-7, 2018, at the Javits Center in New York City, NY, and co-located with the 1st DXWorld Expo will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud ...
Gemini is Yahoo’s native and search advertising platform. To ensure the quality of a complex distributed system that spans multiple products and components and across various desktop websites and mobile app and web experiences – both Yahoo owned and operated and third-party syndication (supply), with complex interaction with more than a billion users and numerous advertisers globally (demand) – it becomes imperative to automate a set of end-to-end tests 24x7 to detect bugs and regression. In th...
Agile has finally jumped the technology shark, expanding outside the software world. Enterprises are now increasingly adopting Agile practices across their organizations in order to successfully navigate the disruptive waters that threaten to drown them. In our quest for establishing change as a core competency in our organizations, this business-centric notion of Agile is an essential component of Agile Digital Transformation. In the years since the publication of the Agile Manifesto, the conn...
"Codigm is based on the cloud and we are here to explore marketing opportunities in America. Our mission is to make an ecosystem of the SW environment that anyone can understand, learn, teach, and develop the SW on the cloud," explained Sung Tae Ryu, CEO of Codigm, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
High-velocity engineering teams are applying not only continuous delivery processes, but also lessons in experimentation from established leaders like Amazon, Netflix, and Facebook. These companies have made experimentation a foundation for their release processes, allowing them to try out major feature releases and redesigns within smaller groups before making them broadly available. In his session at 21st Cloud Expo, Brian Lucas, Senior Staff Engineer at Optimizely, discussed how by using ne...
Vulnerability management is vital for large companies that need to secure containers across thousands of hosts, but many struggle to understand how exposed they are when they discover a new high security vulnerability. In his session at 21st Cloud Expo, John Morello, CTO of Twistlock, addressed this pressing concern by introducing the concept of the “Vulnerability Risk Tree API,” which brings all the data together in a simple REST endpoint, allowing companies to easily grasp the severity of the ...
Coca-Cola’s Google powered digital signage system lays the groundwork for a more valuable connection between Coke and its customers. Digital signs pair software with high-resolution displays so that a message can be changed instantly based on what the operator wants to communicate or sell. In their Day 3 Keynote at 21st Cloud Expo, Greg Chambers, Global Group Director, Digital Innovation, Coca-Cola, and Vidya Nagarajan, a Senior Product Manager at Google, discussed how from store operations and ...