Welcome!

Microservices Expo Authors: Elizabeth White, Anders Wallgren, Derek Weeks, Jason Bloomberg, SmartBear Blog

Related Topics: @CloudExpo, Java IoT, Microservices Expo, Containers Expo Blog, Agile Computing, Cloud Security

@CloudExpo: Blog Feed Post

Top Five Cloud Security Myths

Security isn't taken for granted in the cloud... and that's the way it should be.

While movement to the cloud keeps accelerating, fears about security hang on. Let’s take a look at the most common myths about cloud security that might be holding businesses back from taking advantage of the flexibility and scalability of the cloud model.

1. The cloud is inherently less secure than enterprise data centers.
This is the piece of “common sense” that hangs on, but the data just doesn’t bear it out. Alert Logic, a provider of cloud-enabled security solutions, does regular studies of its customers, looking at the actual threats they experienced. For the last few years, they’ve been finding that cloud hosting provider customer are less likely to experience most types of threats, and when they are impacted, it’s less frequent that what’s seen in enterprise data centers.

security guard meme

Security isn't taken for granted in the cloud... and that's the way it should be.

2. Cloud security is my cloud vendor’s job.
Security is never your vendor’s job, no matter where your infrastructure lives. Yes, your vendors play an important role – but ultimately it’s your job. First, as part of your discovery process in choosing a vendor, you should be asking them about security – from their own physical security and management processes to the types of solutions they can offer through their partners. Second, when you are working with any IaaS provider, you are paying them to manage the infrastructure portion of the IT stack – there’s still an application layer that you’re in control of, and web-facing applications are a prime vector for attacks. Your vendor is your partner in building a holistic security strategy for your infrastructure.


3. Customers will not be comfortable with data residing in the cloud.
True, some customers won’t, but that’s not a concern based on data (see item 1). You need to remind your customers that data on a well-managed and properly secured cloud instance is much safer than data in an enterprise data center without proper monitoring for intrusion, without a rock-solid process for collecting and analyzing logs, without 24×7 monitoring of security data, or without a proactive process of identifying and patching vulnerabilities. It’s the management, not the location. If you’re looking at cloud options, you understand that; being transparent with your customers about how you protect them can go a long way to easing these fears.

4. The cloud is home to hackers and criminals.
Yes, there are bad guys using the cloud as a base of operations. Before the cloud, when dedicated hosting was hot, there were bad guys setting up shop at hosting providers. A good service provider will have a solid fraud management program to root out and boot out the bad actors. Ask them about it. And remember – even though there will always be some criminals using the cloud (and traditional hosting and their own data centers), what you need to worry about is what their targets are – and if you’re a target, where they’ve set up shop will be less relevant that the strength of your defenses.

5. Securing the cloud is too complicated.
This one has a basis in truth – securing cloud infrastructure is not the same as securing a traditional data center, much to the chagrin of traditional security vendors who’ve tried to shoehorn traditional products into a new environment with less than stellar results. Cloud security solutions have to be designed to work in multitenant environments. They need to be able to autoscale with cloud instances and they can’t depend on a server having the same IP address all the time. When you’re looking at security solutions, ask questions. How did the vendor handle cloud challenges? Do they work with the leading cloud infastructure vendors who are developing the technology that drives the cloud? In other words – are they cloud aware? If so, they’ll have cut through that complexity for you.

The bottom line: in the cloud, like everywhere else, security is critical. Your cloud provider should be ready to have frank discussions with you about the right approach – and a robust set of tools to keep your infrastructure safe. Let those discussions guide your cloud strategy, and you’ll have an advantage over businesses that are driven by myths.

By Jake Gardner

Read the original blog entry...

More Stories By Gathering Clouds

Cloud computing news, information, and insights. Powered by Logicworks.

@MicroservicesExpo Stories
SYS-CON Events announced today that DatacenterDynamics has been named “Media Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY. DatacenterDynamics is a brand of DCD Group, a global B2B media and publishing company that develops products to help senior professionals in the world's most ICT dependent organizations make risk-based infrastructure and capacity decisions.
With DevOps becoming more well-known and established practice in nearly every industry that delivers software, it is important to continually reassess its efficacy. This week’s top 10 includes a discussion on how the quick uptake of DevOps adoption in the enterprise has posed some serious challenges. Additionally, organizations who have taken the DevOps plunge must find ways to find, hire and keep their DevOps talent in order to keep the machine running smoothly.
Call it DevOps or not, if you are concerned about releasing more code faster and at a higher quality, the resulting software delivery chain and process will look and smell like DevOps. But for existing development teams, no matter what the velocity objective is, getting from here to there is not something that can be done without a plan. Moving your release cadence from months to weeks is not just about learning Agile practices and getting some automation tools. It involves people, tooling and ...
Between the mockups and specs produced by analysts, and resulting applications built by developers, there exists a gulf where projects fail, costs spiral, and applications disappoint. Methodologies like Agile attempt to address this with intensified communication, with partial success but many limitations. In his session at 18th Cloud Expo, Charles Kendrick, CTO & Chief Architect at Isomorphic Software, will present a revolutionary model enabled by new technologies. Learn how business and devel...
The notion of customer journeys, of course, are central to the digital marketer’s playbook. Clearly, enterprises should focus their digital efforts on such journeys, as they represent customer interactions over time. But making customer journeys the centerpiece of the enterprise architecture, however, leaves more questions than answers. The challenge arises when EAs consider the context of the customer journey in the overall architecture as well as the architectural elements that make up each...
APIs have taken the world by storm in recent years. The use of APIs has gone beyond just traditional "software" companies, to companies and organizations across industries using APIs to share information and power their applications. For some organizations, APIs are the biggest revenue drivers. For example, Salesforce generates nearly 50% of annual revenue through APIs. In other cases, APIs can increase a business's footprint and initiate collaboration. Netflix, for example, reported over 5 bi...
As the software delivery industry continues to evolve and mature, the challenge of managing the growing list of the tools and processes becomes more daunting every day. Today, Application Lifecycle Management (ALM) platforms are proving most valuable by providing the governance, management and coordination for every stage of development, deployment and release. Recently, I spoke with Madison Moore at SD Times about the changing market and where ALM is headed.
If there is anything we have learned by now, is that every business paves their own unique path for releasing software- every pipeline, implementation and practices are a bit different, and DevOps comes in all shapes and sizes. Software delivery practices are often comprised of set of several complementing (or even competing) methodologies – such as leveraging Agile, DevOps and even a mix of ITIL, to create the combination that’s most suitable for your organization and that maximize your busines...
These days I mostly make my living as a consultant. Consultants in general are probably not the best loved group in the world. It is common to think of consultants wafting-in to your organization, telling you things that you already know and advising you to “change your culture”, whatever that means. Subsequently they depart, no-doubt with a fat fee, and leave you as you were before with the same problems and no progress made.
Struggling to keep up with increasing application demand? Learn how Platform as a Service (PaaS) can streamline application development processes and make resource management easy.
In the rush to compete in the digital age, a successful digital transformation is essential, but many organizations are setting themselves up for failure. There’s a common misconception that the process is just about technology, but it’s not. It’s about your business. It shouldn’t be treated as an isolated IT project; it should be driven by business needs with the committed involvement of a range of stakeholders.
New Relic, Inc. has announced a set of new features across the New Relic Software Analytics Cloud that offer IT operations teams increased visibility, and the ability to diagnose and resolve performance problems quickly. The new features further IT operations teams’ ability to leverage data and analytics, as well as drive collaboration and a common, shared understanding between teams. Software teams are under pressure to resolve performance issues quickly and improve availability, as the comple...
The goal of any tech business worth its salt is to provide the best product or service to its clients in the most efficient and cost-effective way possible. This is just as true in the development of software products as it is in other product design services. Microservices, an app architecture style that leans mostly on independent, self-contained programs, are quickly becoming the new norm, so to speak. With this change comes a declining reliance on older SOAs like COBRA, a push toward more s...
Join IBM June 8 at 18th Cloud Expo at the Javits Center in New York City, NY, and learn how to innovate like a startup and scale for the enterprise. You need to deliver quality applications faster and cheaper, attract and retain customers with an engaging experience across devices, and seamlessly integrate your enterprise systems. And you can't take 12 months to do it.
This is not a small hotel event. It is also not a big vendor party where politicians and entertainers are more important than real content. This is Cloud Expo, the world's longest-running conference and exhibition focused on Cloud Computing and all that it entails. If you want serious presentations and valuable insight about Cloud Computing for three straight days, then register now for Cloud Expo.
The proper isolation of resources is essential for multi-tenant environments. The traditional approach to isolate resources is, however, rather heavyweight. In his session at 18th Cloud Expo, Igor Drobiazko, co-founder of elastic.io, will draw upon their own experience with operating a Docker container-based infrastructure on a large scale and present a lightweight solution for resource isolation using microservices. He will also discuss the implementation of microservices in data and applicat...
Digital means customer preferences and behavior are driving enterprise technology decisions to be sure, but let’s not forget our employees. After all, when we say customer, we mean customer writ large, including partners, supply chain participants, and yes, those salaried denizens whose daily labor forms the cornerstone of the enterprise. While your customers bask in the warm rays of your digital efforts, are your employees toiling away in the dark recesses of your enterprise, pecking data into...
SYS-CON Events announced today that Stratoscale, the software company developing the next generation data center operating system, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. Stratoscale is revolutionizing the data center with a zero-to-cloud-in-minutes solution. With Stratoscale’s hardware-agnostic, Software Defined Data Center (SDDC) solution to store everything, run anything and scale everywhere...
SYS-CON Events announced today that Men & Mice, the leading global provider of DNS, DHCP and IP address management overlay solutions, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. The Men & Mice Suite overlay solution is already known for its powerful application in heterogeneous operating environments, enabling enterprises to scale without fuss. Building on a solid range of diverse platform support,...
You deployed your app with the Bluemix PaaS and it's gaining some serious traction, so it's time to make some tweaks. Did you design your application in a way that it can scale in the cloud? Were you even thinking about the cloud when you built the app? If not, chances are your app is going to break. Check out this webcast to learn various techniques for designing applications that will scale successfully in Bluemix, for the confidence you need to take your apps to the next level and beyond.