Click here to close now.

Welcome!

@MicroservicesE Blog Authors: Pat Romanski, Elizabeth White, Carmen Gonzalez, Liz McMillan, Sematext Blog

Related Topics: CloudExpo® Blog, Java IoT, @MicroservicesE Blog, @ContainersExpo Blog, Agile Computing, Cloud Security

CloudExpo® Blog: Blog Feed Post

Top Five Cloud Security Myths

Security isn't taken for granted in the cloud... and that's the way it should be.

While movement to the cloud keeps accelerating, fears about security hang on. Let’s take a look at the most common myths about cloud security that might be holding businesses back from taking advantage of the flexibility and scalability of the cloud model.

1. The cloud is inherently less secure than enterprise data centers.
This is the piece of “common sense” that hangs on, but the data just doesn’t bear it out. Alert Logic, a provider of cloud-enabled security solutions, does regular studies of its customers, looking at the actual threats they experienced. For the last few years, they’ve been finding that cloud hosting provider customer are less likely to experience most types of threats, and when they are impacted, it’s less frequent that what’s seen in enterprise data centers.

security guard meme

Security isn't taken for granted in the cloud... and that's the way it should be.

2. Cloud security is my cloud vendor’s job.
Security is never your vendor’s job, no matter where your infrastructure lives. Yes, your vendors play an important role – but ultimately it’s your job. First, as part of your discovery process in choosing a vendor, you should be asking them about security – from their own physical security and management processes to the types of solutions they can offer through their partners. Second, when you are working with any IaaS provider, you are paying them to manage the infrastructure portion of the IT stack – there’s still an application layer that you’re in control of, and web-facing applications are a prime vector for attacks. Your vendor is your partner in building a holistic security strategy for your infrastructure.


3. Customers will not be comfortable with data residing in the cloud.
True, some customers won’t, but that’s not a concern based on data (see item 1). You need to remind your customers that data on a well-managed and properly secured cloud instance is much safer than data in an enterprise data center without proper monitoring for intrusion, without a rock-solid process for collecting and analyzing logs, without 24×7 monitoring of security data, or without a proactive process of identifying and patching vulnerabilities. It’s the management, not the location. If you’re looking at cloud options, you understand that; being transparent with your customers about how you protect them can go a long way to easing these fears.

4. The cloud is home to hackers and criminals.
Yes, there are bad guys using the cloud as a base of operations. Before the cloud, when dedicated hosting was hot, there were bad guys setting up shop at hosting providers. A good service provider will have a solid fraud management program to root out and boot out the bad actors. Ask them about it. And remember – even though there will always be some criminals using the cloud (and traditional hosting and their own data centers), what you need to worry about is what their targets are – and if you’re a target, where they’ve set up shop will be less relevant that the strength of your defenses.

5. Securing the cloud is too complicated.
This one has a basis in truth – securing cloud infrastructure is not the same as securing a traditional data center, much to the chagrin of traditional security vendors who’ve tried to shoehorn traditional products into a new environment with less than stellar results. Cloud security solutions have to be designed to work in multitenant environments. They need to be able to autoscale with cloud instances and they can’t depend on a server having the same IP address all the time. When you’re looking at security solutions, ask questions. How did the vendor handle cloud challenges? Do they work with the leading cloud infastructure vendors who are developing the technology that drives the cloud? In other words – are they cloud aware? If so, they’ll have cut through that complexity for you.

The bottom line: in the cloud, like everywhere else, security is critical. Your cloud provider should be ready to have frank discussions with you about the right approach – and a robust set of tools to keep your infrastructure safe. Let those discussions guide your cloud strategy, and you’ll have an advantage over businesses that are driven by myths.

By Jake Gardner

Read the original blog entry...

More Stories By Gathering Clouds

Cloud computing news, information, and insights. Powered by Logicworks.

@MicroservicesExpo Stories
Once the decision has been made to move part or all of a workload to the cloud, a methodology for selecting that workload needs to be established. How do you move to the cloud? What does the discovery, assessment and planning look like? What workloads make sense? Which cloud model makes sense for each workload? What are the considerations for how to select the right cloud model? And how does that fit in with the overall IT transformation?
You use an agile process; your goal is to make your organization more agile. But what about your data infrastructure? The truth is, today's databases are anything but agile - they are effectively static repositories that are cumbersome to work with, difficult to change, and cannot keep pace with application demands. Performance suffers as a result, and it takes far longer than it should to deliver new features and capabilities needed to make your organization competitive. As your application an...
17th Cloud Expo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Meanwhile, 94% of enterprises a...
SYS-CON Events announced today that SUSE, a pioneer in open source software, will exhibit at SYS-CON's DevOps Summit 2015 New York, which will take place June 9-11, 2015, at the Javits Center in New York City, NY. SUSE provides reliable, interoperable Linux, cloud infrastructure and storage solutions that give enterprises greater control and flexibility. More than 20 years of engineering excellence, exceptional service and an unrivaled partner ecosystem power the products and support that help ...
The release of Kibana 4.x has had an impact on monitoring and other related activities.  In this post we’re going to get specific and show you how to add Node.js monitoring to the Kibana 4 server app.  Why Node.js?  Because Kibana 4 now comes with a little Node.js server app that sits between the Kibana UI and the […]
Virtualization is everywhere. Enormous and highly profitable companies have been built on nothing but virtualization. And nowhere has virtualization made more of an impact than in Cloud Computing, the rampant and unprecedented adoption of which has been the direct result of the wide availability of virtualization software and techniques that enabled it. But does the cloud actually require virtualization?
There’s a lot of discussion around managing outages in production via the likes of DevOps principles and the corresponding software development lifecycles that does enable higher quality output from development, however, one cannot lay all blame for “bugs” and failures at the feet of those responsible for coding and development. As developers incorporate features and benefits of these paradigm shift, there is a learning curve and a point of not-knowing-what-is-not-known. Sometimes, the only way ...
Right off the bat, Newman advises that we should "think of microservices as a specific approach for SOA in the same way that XP or Scrum are specific approaches for Agile Software development". These analogies are very interesting because my expectation was that microservices is a pattern. So I might infer that microservices is a set of process techniques as opposed to an architectural approach. Yet in the book, Newman clearly includes some elements of concept model and architecture as well as p...
I’ve been thinking a bit about microservices (μServices) recently. My immediate reaction is to think: “Isn’t this just yet another new term for the same stuff, Web Services->SOA->APIs->Microservices?” Followed shortly by the thought, “well yes it is, but there are some important differences/distinguishing factors.” Microservices is an evolutionary paradigm born out of the need for simplicity (i.e., get away from the ESB) and alignment with agile (think DevOps) and scalable (think Containerizati...
How can you compare one technology or tool to its competitors? Usually, there is no objective comparison available. So how do you know which is better? Eclipse or IntelliJ IDEA? Java EE or Spring? C# or Java? All you can usually find is a holy war and biased comparisons on vendor sites. But luckily, sometimes, you can find a fair comparison. How does this come to be? By having it co-authored by the stakeholders. The binary repository comparison matrix is one of those rare resources. It is edite...
As the world moves from DevOps to NoOps, application deployment to the cloud ought to become a lot simpler. However, applications have been architected with a much tighter coupling than it needs to be which makes deployment in different environments and migration between them harder. The microservices architecture, which is the basis of many new age distributed systems such as OpenStack, Netflix and so on is at the heart of CloudFoundry – a complete developer-oriented Platform as a Service (PaaS...
T-Mobile has been transforming the wireless industry with its “Uncarrier” initiatives. Today as T-Mobile’s IT organization works to transform itself in a like manner, technical foundations built over the last couple of years are now key to their drive for more Agile delivery practices. In his session at DevOps Summit, Martin Krienke, Sr Development Manager at T-Mobile, will discuss where they started their Continuous Delivery journey, where they are today, and where they are going in an effort ...
There is no question that the cloud is where businesses want to host data. Until recently hypervisor virtualization was the most widely used method in cloud computing. Recently virtual containers have been gaining in popularity, and for good reason. In the debate between virtual machines and containers, the latter have been seen as the new kid on the block – and like other emerging technology have had some initial shortcomings. However, the container space has evolved drastically since coming on...
The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long development cycles that produce software that is obsolete at launch. DevOps may be disruptive, but it is essential. The DevOps Summit at Cloud Expo – to be held June 3-5, 2015, at the Javits Center in New York City – will expand the DevOps community, enable a wide...
Cloud Expo, Inc. has announced today that Andi Mann returns to DevOps Summit 2015 as Conference Chair. The 4th International DevOps Summit will take place on June 9-11, 2015, at the Javits Center in New York City. "DevOps is set to be one of the most profound disruptions to hit IT in decades," said Andi Mann. "It is a natural extension of cloud computing, and I have seen both firsthand and in independent research the fantastic results DevOps delivers. So I am excited to help the great team at ...
Container technology is sending shock waves through the world of cloud computing. Heralded as the 'next big thing,' containers provide software owners a consistent way to package their software and dependencies while infrastructure operators benefit from a standard way to deploy and run them. Containers present new challenges for tracking usage due to their dynamic nature. They can also be deployed to bare metal, virtual machines and various cloud platforms. How do software owners track the usag...
Enterprises are fast realizing the importance of integrating SaaS/Cloud applications, API and on-premises data and processes, to unleash hidden value. This webinar explores how managers can use a Microservice-centric approach to aggressively tackle the unexpected new integration challenges posed by proliferation of cloud, mobile, social and big data projects. Industry analyst and SOA expert Jason Bloomberg will strip away the hype from microservices, and clearly identify their advantages and d...
SYS-CON Events announced today that MetraTech, now part of Ericsson, has been named “Silver Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place on June 9–11, 2015, at the Javits Center in New York, NY. Ericsson is the driving force behind the Networked Society- a world leader in communications infrastructure, software and services. Some 40% of the world’s mobile traffic runs through networks Ericsson has supplied, serving more than 2.5 billion subscribers.
The 4th International Internet of @ThingsExpo, co-located with the 17th International Cloud Expo - to be held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA - announces that its Call for Papers is open. The Internet of Things (IoT) is the biggest idea since the creation of the Worldwide Web more than 20 years ago.
SYS-CON Events announced today that O'Reilly Media has been named “Media Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place on June 9–11, 2015, at the Javits Center in New York City, NY. O'Reilly Media spreads the knowledge of innovators through its books, online services, magazines, and conferences. Since 1978, O'Reilly Media has been a chronicler and catalyst of cutting-edge development, homing in on the technology trends that really matter and spurring their adoption...