Welcome!

Microservices Expo Authors: Pat Romanski, Elizabeth White, Liz McMillan, Yeshim Deniz, Zakia Bouachraoui

Related Topics: Microservices Expo, @CloudExpo, Cloud Security

Microservices Expo: Blog Post

Preventive Security Through Behavior Modification - Part 2

Part 2 - Don't do the crime or you'll do the time

Last week, we saw that Defensive Security is not enough to solve the $1 trillion Intellectual Property and IT theft and cybercrime problem.

This week, more about Preventive Security.

Preventive Security is a set of technologies and processes used to prevent security incidents from even being attempted. These include awareness and training programs, establishment of proper policies and procedures and the use of technology solutions in support of existing laws.

In fact, this is not very different from "regular" crime and how we deal with it. We arm ourselves with the means to catch the bad guys, we severely punish crimes and we let people know that crime is bad, that jail is also bad and that if they try and commit the crime they will be caught. This prevents most people from getting into trouble.

So how severe are punishments for IT crimes?

In a case tried in March of last year, "The Soup Nazi" hacker was indicted to 20 years in jail for being caught stealing credit cards numbers.  Other types of crime, such as employee embezzlement, intellectual property theft, insider trade, and other white collar crimes are also severely punished with jail time and severe fines.

Do these types of punishment act as a deterrent to electronic crime? Yes, they most certainly do, provided the bad guys know that they'll be caught. Would-be attackers, like everybody else in the security business, play the odd games. I guess you could say that they too follow a risk management process!

"OK, I'm going to try this...I could get 20 years, but I'll never get caught" will certainly trigger a different behavior than "Hmm, I'm not even going to try it...I will get 20 years for sure because I'll get caught".

So, as in "the real world," severe punishment is not enough. We also need to deter would-be cybercriminals with a real fear of getting caught.

And what's the surest way to catch bad guys?

The best way to catch bad behavior is to properly perform forensics. Simply put, computer forensics is the digital equivalent of traditional criminal forensics. If a crime has been committed then we need to find out who did it and how they did it. And the investigation needs to respect the digital integrity of evidence so that the case can be successfully prosecuted in a court of law.

Ask any computer forensics expert what their favorite, go-to data points are to solve a complex IT crime, and they'll tell you "properly managed logs."

Next week, we'll see the advantages of using logs to solve the IT crime and why properly managed logs can be a powerful deterrent to would-be thieves.

More Stories By Gorka Sadowski

Gorka is a natural born entrepreneur with a deep understanding of Technology, IT Security and how these create value in the Marketplace. He is today offering innovative European startups the opportunity to benefit from the Silicon Valley ecosystem accelerators. Gorka spent the last 20 years initiating, building and growing businesses that provide technology solutions to the Industry. From General Manager Spain, Italy and Portugal for LogLogic, defining Next Generation Log Management and Security Forensics, to Director Unisys France, bringing Cloud Security service offerings to the market, from Director of Emerging Technologies at NetScreen, defining Next Generation Firewall, to Director of Performance Engineering at INS, removing WAN and Internet bottlenecks, Gorka has always been involved in innovative Technology and IT Security solutions, creating successful Business Units within established Groups and helping launch breakthrough startups such as KOLA Kids OnLine America, a social network for safe computing for children, SourceFire, a leading network security solution provider, or Ibixis, a boutique European business accelerator.

Microservices Articles
Lori MacVittie is a subject matter expert on emerging technology responsible for outbound evangelism across F5's entire product suite. MacVittie has extensive development and technical architecture experience in both high-tech and enterprise organizations, in addition to network and systems administration expertise. Prior to joining F5, MacVittie was an award-winning technology editor at Network Computing Magazine where she evaluated and tested application-focused technologies including app secu...
Using new techniques of information modeling, indexing, and processing, new cloud-based systems can support cloud-based workloads previously not possible for high-throughput insurance, banking, and case-based applications. In his session at 18th Cloud Expo, John Newton, CTO, Founder and Chairman of Alfresco, described how to scale cloud-based content management repositories to store, manage, and retrieve billions of documents and related information with fast and linear scalability. He addresse...
Adding public cloud resources to an existing application can be a daunting process. The tools that you currently use to manage the software and hardware outside the cloud aren’t always the best tools to efficiently grow into the cloud. All of the major configuration management tools have cloud orchestration plugins that can be leveraged, but there are also cloud-native tools that can dramatically improve the efficiency of managing your application lifecycle. In his session at 18th Cloud Expo, ...
The now mainstream platform changes stemming from the first Internet boom brought many changes but didn’t really change the basic relationship between servers and the applications running on them. In fact, that was sort of the point. In his session at 18th Cloud Expo, Gordon Haff, senior cloud strategy marketing and evangelism manager at Red Hat, will discuss how today’s workloads require a new model and a new platform for development and execution. The platform must handle a wide range of rec...
Containers and Kubernetes allow for code portability across on-premise VMs, bare metal, or multiple cloud provider environments. Yet, despite this portability promise, developers may include configuration and application definitions that constrain or even eliminate application portability. In this session we'll describe best practices for "configuration as code" in a Kubernetes environment. We will demonstrate how a properly constructed containerized app can be deployed to both Amazon and Azure ...
SYS-CON Events announced today that DatacenterDynamics has been named “Media Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY. DatacenterDynamics is a brand of DCD Group, a global B2B media and publishing company that develops products to help senior professionals in the world's most ICT dependent organizations make risk-based infrastructure and capacity decisions.
Discussions of cloud computing have evolved in recent years from a focus on specific types of cloud, to a world of hybrid cloud, and to a world dominated by the APIs that make today's multi-cloud environments and hybrid clouds possible. In this Power Panel at 17th Cloud Expo, moderated by Conference Chair Roger Strukhoff, panelists addressed the importance of customers being able to use the specific technologies they need, through environments and ecosystems that expose their APIs to make true ...
In his keynote at 19th Cloud Expo, Sheng Liang, co-founder and CEO of Rancher Labs, discussed the technological advances and new business opportunities created by the rapid adoption of containers. With the success of Amazon Web Services (AWS) and various open source technologies used to build private clouds, cloud computing has become an essential component of IT strategy. However, users continue to face challenges in implementing clouds, as older technologies evolve and newer ones like Docker c...
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
DevOpsSummit New York 2018, colocated with CloudEXPO | DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City. Digital Transformation (DX) is a major focus with the introduction of DXWorldEXPO within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term.