Welcome!

Microservices Expo Authors: Elizabeth White, Pat Romanski, Kevin Jackson, Yeshim Deniz, Jason Bloomberg

Related Topics: Cloud Security

Cloud Security: Article

Focus on Cyber-Crime Misses Real Threat

Vendors hyping cyber-crime missing potential for state sponsored threats

Security Journal on Ulitzer

Thanks to tough economic times and a generous dollop of fear-mongering from the media and opportunistic profiteers, we've all become myopically obsessed with cyber-crime.

This is not entirely a bad thing. Unless you've been living under a rock, everyone knows that technology has created unimaginable opportunity for resourceful crooks. The pitfall is in our myopia. But we've become so obsessed with cyber-crime-a "petty" offense in the grand scheme of things-that we've overlooked the bigger picture. While monetary gains are certainly a big motivator for cybercrime, increasingly cyber-criminals are acting out of political interests. Thus, it is important for IT departments to be aware that threats can come from anywhere.

A recent article in the New York Times reminded us of a conspicuously under-reported digital security threat: cyber-terrorism. Dennis Blair, the Director of National Intelligence, made the following comment in an appearance before the U.S. Congress:

"Malicious cyberactivity is occurring on an unprecedented scale with extraordinary sophistication."

U.S. Secretary of State Hillary Clinton also recently shed light on the critical nature of this global issue when she urged NATO members to modernize and strengthen their alliance to combat cyber-terrorism.

These are important reminders that all cyber-threats are not strictly for money and are certainly not all commercial. In fact, there is good reason to believe that the largest increase in systems security vulnerabilities will occur as a result of political, not criminal, activity.

Politics in this context can be defined as the creation, distribution, and maintenance of power across some group of people. On the Web, as we have seen with the alleged Chinese attacks on Google, the struggle is over the power of information.

The point is that politically motivated attacks are fundamentally different. Governments, even small ones, have vastly more resources than your average "cyber-criminal", who may actually some script-kiddie in a basement in Wisconsin. The Google attack was on a huge scale, and also highly coordinated, and was executed with, dare I say it, "military" precision.

This new brand of digital threat takes advantage of a weakness in the hierarchy of law. Most of what we're exposed to is either civil law (like lawsuits, generally) or criminal law (the kind we need police to enforce). This new form of atatck however, runs up against international law. While I am not a lawyer, the principal issues with international law are that it is both ill-defined and expensive (or impossible) to enforce.

The threat is real, and the threat is growing. Companies, organizations and governments need to be aware of commercial AND political threats to their critical digital infrastructure.

The increased nature of the geopolitical cyber-threat says something about the current, often hysterical, narrative floating around the industry about "cyber-crime". I have to admit, "cyber-crime" is getting some traction in the media, as a cyber-crime story even appeared on NPR's Fresh Air show.

Playing on the hysteria in the media, a number of competitors in our market, the Log Management space, are shamelessly hyping the dangers of cyber-crime to degrees that border on the irresponsible. Yes, it is true that we need to be aware of hackers who want to steal our data-either for monetary or political reasons. But despite what a vendor may tell you, true systems security is reliant on people, products and processes; it's not just about one single product that will magically solve all the world's security problems.

The fact of the matter is that bad things happen. You will be hacked. You may have already been hacked and not know it. A rational organization will do three things.

First, put up the best defenses you can. Make sure that you are putting the resources you already have, such as log files, to the best possible use. Start with the basics, like log management, before moving on to supplemental technologies like SIEM. Do your research and buy the best security products that suit your needs and your budget.

Second, implement the best people-processes you can. Recent studies have shown that most data-loss or security-break incidents come from people who are or have been on the inside.

Finally, you will be hacked. Accept the fact and prepare of it. Be ready to clean up and perform forensics when you do get hacked, because one way or another, it will happen.

The number and kinds of attacks on your critical IT infrastructure are increasing. While you may see attacks from one vector decrease, the number of new attack vectors in increasing. Attention by the US Government, and the Google attack from China clearly reinforce this. We must all remain vigilant, now more than ever.

More Stories By Bill Roth

Bill Roth is a Silicon Valley veteran with over 20 years in the industry. He has played numerous product marketing, product management and engineering roles at companies like BEA, Sun, Morgan Stanley, and EBay Enterprise. He was recently named one of the World's 30 Most Influential Cloud Bloggers.

@MicroservicesExpo Stories
You know you need the cloud, but you’re hesitant to simply dump everything at Amazon since you know that not all workloads are suitable for cloud. You know that you want the kind of ease of use and scalability that you get with public cloud, but your applications are architected in a way that makes the public cloud a non-starter. You’re looking at private cloud solutions based on hyperconverged infrastructure, but you’re concerned with the limits inherent in those technologies.
The reality of data ubiquity is here—data is buried in operational statistics, machine logs, stacks of overflowing tickets and customer details, among other things. How can any user get valuable information amid this rapid influx of data? Imagine a situation where your firm’s revenue takes a hit owing to an unexpected failure in some business process. It would be a nightmare for IT admins to sift through the interminable piles of data to deduce exactly why and where the problem occurred. To sav...
What's the role of an IT self-service portal when you get to continuous delivery and Infrastructure as Code? This general session showed how to create the continuous delivery culture and eight accelerators for leading the change. Don Demcsak is a DevOps and Cloud Native Modernization Principal for Dell EMC based out of New Jersey. He is a former, long time, Microsoft Most Valuable Professional, specializing in building and architecting Application Delivery Pipelines for hybrid legacy, and cloud ...
21st International Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Me...
"We are a monitoring company. We work with Salesforce, BBC, and quite a few other big logos. We basically provide monitoring for them, structure for their cloud services and we fit into the DevOps world" explained David Gildeh, Co-founder and CEO of Outlyer, in this SYS-CON.tv interview at DevOps Summit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
There's a lot to gain from cloud computing, but success requires a thoughtful and enterprise focused approach. Cloud computing decouples data and information from the infrastructure on which it lies. A process that is a LOT more involved than dragging some folders from your desktop to a shared drive. Cloud computing as a mission transformation activity, not a technological one. As an organization moves from local information hosting to the cloud, one of the most important challenges is addressi...
Cloud Expo, Inc. has announced today that Andi Mann and Aruna Ravichandran have been named Co-Chairs of @DevOpsSummit at Cloud Expo Silicon Valley which will take place Oct. 31-Nov. 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. "DevOps is at the intersection of technology and business-optimizing tools, organizations and processes to bring measurable improvements in productivity and profitability," said Aruna Ravichandran, vice president, DevOps product and solutions marketing...
SYS-CON Events announced today that CA Technologies has been named "Platinum Sponsor" of SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business - from apparel to energy - is being rewritten by software. From planning to development to management to security, CA creates software that fuels transformation for companies in the applic...
In the decade following his article, cloud computing further cemented Carr’s perspective. Compute, storage, and network resources have become simple utilities, available at the proverbial turn of the faucet. The value they provide is immense, but the cloud playing field is amazingly level. Carr’s quote above presaged the cloud to a T. Today, however, we’re in the digital era. Mark Andreesen’s ‘software is eating the world’ prognostication is coming to pass, as enterprises realize they must be...
Both SaaS vendors and SaaS buyers are going “all-in” to hyperscale IaaS platforms such as AWS, which is disrupting the SaaS value proposition. Why should the enterprise SaaS consumer pay for the SaaS service if their data is resident in adjacent AWS S3 buckets? If both SaaS sellers and buyers are using the same cloud tools, automation and pay-per-transaction model offered by IaaS platforms, then why not host the “shrink-wrapped” software in the customers’ cloud? Further, serverless computing, cl...
Hybrid IT is today’s reality, and while its implementation may seem daunting at times, more and more organizations are migrating to the cloud. In fact, according to SolarWinds 2017 IT Trends Index: Portrait of a Hybrid IT Organization 95 percent of organizations have migrated crucial applications to the cloud in the past year. As such, it’s in every IT professional’s best interest to know what to expect.
A common misconception about the cloud is that one size fits all. Companies expecting to run all of their operations using one cloud solution or service must realize that doing so is akin to forcing the totality of their business functionality into a straightjacket. Unlocking the full potential of the cloud means embracing the multi-cloud future where businesses use their own cloud, and/or clouds from different vendors, to support separate functions or product groups. There is no single cloud so...
The taxi industry never saw Uber coming. Startups are a threat to incumbents like never before, and a major enabler for startups is that they are instantly “cloud ready.” If innovation moves at the pace of IT, then your company is in trouble. Why? Because your data center will not keep up with frenetic pace AWS, Microsoft and Google are rolling out new capabilities. In his session at 20th Cloud Expo, Don Browning, VP of Cloud Architecture at Turner, posited that disruption is inevitable for comp...
Companies have always been concerned that traditional enterprise software is slow and complex to install, often disrupting critical and time-sensitive operations during roll-out. With the growing need to integrate new digital technologies into the enterprise to transform business processes, this concern has become even more pressing. A 2016 Panorama Consulting Solutions study revealed that enterprise resource planning (ERP) projects took an average of 21 months to install, with 57 percent of th...
In 2014, Amazon announced a new form of compute called Lambda. We didn't know it at the time, but this represented a fundamental shift in what we expect from cloud computing. Now, all of the major cloud computing vendors want to take part in this disruptive technology. In his session at 20th Cloud Expo, Doug Vanderweide, an instructor at Linux Academy, discussed why major players like AWS, Microsoft Azure, IBM Bluemix, and Google Cloud Platform are all trying to sidestep VMs and containers wit...
New competitors, disruptive technologies, and growing expectations are pushing every business to both adopt and deliver new digital services. This ‘Digital Transformation’ demands rapid delivery and continuous iteration of new competitive services via multiple channels, which in turn demands new service delivery techniques – including DevOps. In this power panel at @DevOpsSummit 20th Cloud Expo, moderated by DevOps Conference Co-Chair Andi Mann, panelists examined how DevOps helps to meet the de...
"When we talk about cloud without compromise what we're talking about is that when people think about 'I need the flexibility of the cloud' - it's the ability to create applications and run them in a cloud environment that's far more flexible,” explained Matthew Finnie, CTO of Interoute, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
Colocation is a central pillar of modern enterprise infrastructure planning because it provides greater control, insight, and performance than managed platforms. In spite of the inexorable rise of the cloud, most businesses with extensive IT hardware requirements choose to host their infrastructure in colocation data centers. According to a recent IDC survey, more than half of the businesses questioned use colocation services, and the number is even higher among established businesses and busine...
For most organizations, the move to hybrid cloud is now a question of when, not if. Fully 82% of enterprises plan to have a hybrid cloud strategy this year, according to Infoholic Research. The worldwide hybrid cloud computing market is expected to grow about 34% annually over the next five years, reaching $241.13 billion by 2022. Companies are embracing hybrid cloud because of the many advantages it offers compared to relying on a single provider for all of their cloud needs. Hybrid offers bala...
@DevOpsSummit at Cloud Expo taking place Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center, Santa Clara, CA, is co-located with the 21st International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is ...