Welcome!

Microservices Expo Authors: Elizabeth White, Liz McMillan, Cynthia Dunlop, Carmen Gonzalez, Derek Weeks

Related Topics: @CloudExpo, Java IoT, Microservices Expo, Linux Containers, Cloud Security, @BigDataExpo

@CloudExpo: Article

What Business Must Learn from the eBay Breach

How can enterprises protect sensitive data?

Until this week the biggest anxiety when dealing with eBay has likely been fretting over a negative rating, concerns about slow shipping or a delayed refund. Then suddenly yesterday the media jumped all over the story that eBay had been hacked and users need to change their passwords. By the way, I can tell you from experience the password change process is not as easy or straightforward as you would expect.

EBay is now in damage control mode and trying to calm fears after revealing that hackers attacked its network three months ago. It is believed over 145 million user records were accessed, forcing eBay to issue a security warning. Three states are conducting a joint investigation which will focus on eBay's measures for securing personal data, the circumstances that led to the breach, how many users were affected, and the company's response to the breach, said a spokeswoman for Connecticut Attorney General George Jepsen.[i] The breach could possibly be the second-biggest in US history, based on the number of records accessed by the hackers. Massive data breaches seem to be occurring much more frequently with Heartland Payments, Target, Neiman Marcus, Living Social, Zappos, AOL and now eBay all reporting damages in the news recently.

Why is this happening?
Enterprises that act as large repositories of data aggregated from consumers and businesses find themselves attractive targets for today's cybercriminals. Think about it, a successful hack provides a colossal "Return on Investment" for the cybercriminal. I believe we will continue to see aggressive attempts to break into shared consumer services like eBay as well as their "equivalents" in the business world - Enterprise Cloud Applications. Enterprises are increasingly turning to these cloud solutions to run operations such as Sales, Finance, Customer Support, etc. All of these groups within an organization maintain records with confidential files, proprietary data as well as Intellectual Property that is frequently the source of a business' competitive advantage.

How can enterprises protect sensitive data?
EBay says financial data was not affected; pointing out credit card information is encrypted and stored separately from the affected database. This is positive news, but what if they had taken the extra step of encrypting all data stored in their systems? If eBay had encrypted or tokenized all sensitive data, the hackers would have received meaningless information rather than private email addresses, birth dates, mailing addresses, etc. The same holds true for enterprise cloud systems. Sensitive/regulated data and IP should never be processed or stored in the clear when outside of an organization's control.

Executives and security professionals at enterprises need to consider broad based use of encryption and tokenization. And by the way, tokenization and encryption technologies can also protect information from unlawful surveillance and even safeguard against the loss of Intellectual Property due to cyber espionage (U.S. Charges Five Chinese Military Hackers for Cyber Espionage Against U.S. Corporations and a Labor Organization for Commercial Advantage.

Solutions such as Cloud Data Control Gateways can be deployed to protect all sensitive data. These Gateways allow enterprises to keep sensitive data behind their firewall, replacing it with tokens or encrypted values which then go to the cloud for processing and storage. Sensitive data never leaves the organization's control in any format, so information a cybercriminal obtains is either tokenized or encrypted so it is meaningless. Best of all, these gateways ensure that users of cloud applications are not impacted - they can still enjoy all the benefits of their critical cloud applications while the enterprise benefits from complete control of their data. Learn more at http://perspecsys.com/how-we-help/


[i] Reuters, "U.S. states probe eBay cyber-attack as customers complain."


Read the original blog entry...


Perspecsys Inc. is a leading provider of cloud data tokenization and cloud encryption solutions that enable mission-critical cloud applications to be adopted throughout the enterprise. Cloud security companies like Perspecsys remove the technical, legal and financial risks of placing sensitive company data in the cloud. Perspecsys accomplishes this for many large, heavily regulated companies across the world by never allowing sensitive data to leave a customer's network, while maintaining the functionality of cloud applications. For more information please visit perspecsys.com or follow on Twitter @perspecsys.

More Stories By David Canellos

David Canellos is a security veteran who is now President and CEO of PerspecSys. An entrepreneur specializing in bringing innovative security and privacy solutions to market, he has been instrumental in establishing PerspecSys as the leader in the Cloud data Protection Gateway market.

Before joining PerspecSys, David held executive positions at Irdeto Worldwide, which acquired the company he led, Cloakware, which was a pioneer in encryption and digital rights management. Before joining Cloakware, he was the General Manager and Vice President of Sales for Cramer Systems (now Amdocs), a UK-based company, where he was responsible for the company’s revenue and operations in the Americas. Prior to his work with Cramer, David held a variety of executive, sales management and business development positions with the Oracle Corporation, Versatility and SAIC.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@MicroservicesExpo Stories
SYS-CON Events announced today that Tintri Inc., a leading producer of VM-aware storage (VAS) for virtualization and cloud environments, will exhibit at the 18th International CloudExpo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, New York, and the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
SYS-CON Events announced today that Commvault, a global leader in enterprise data protection and information management, has been named “Bronze Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY, and the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Commvault is a leading provider of data protection and information management...
The initial debate is over: Any enterprise with a serious commitment to IT is migrating to the cloud. But things are not so simple. There is a complex mix of on-premises, colocated, and public-cloud deployments. In this power panel at 18th Cloud Expo, moderated by Conference Chair Roger Strukhoff, panelists will look at the present state of cloud from the C-level view, and how great companies and rock star executives can use cloud computing to meet their most ambitious and disruptive business ...
Agile teams report the lowest rate of measuring non-functional requirements. What does this mean for the evolution of quality in this era of Continuous Everything? To explore how the rise of SDLC acceleration trends such as Agile, DevOps, and Continuous Delivery are impacting software quality, Parasoft conducted a survey about measuring and monitoring non-functional requirements (NFRs). Here's a glimpse at what we discovered and what it means for the evolution of quality in this era of Continuo...
SYS-CON Events announced today that AppNeta, the leader in performance insight for business-critical web applications, will exhibit and present at SYS-CON's @DevOpsSummit at Cloud Expo New York, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. AppNeta is the only application performance monitoring (APM) company to provide solutions for all applications – applications you develop internally, business-critical SaaS applications you use and the networks that deli...
SYS-CON Events announced today that Isomorphic Software will exhibit at SYS-CON's [email protected] at Cloud Expo New York, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. Isomorphic Software provides the SmartClient HTML5/AJAX platform, the most advanced technology for building rich, high-productivity enterprise web applications for any device. SmartClient couples the industry’s broadest, deepest UI component set with a java server framework to deliver an end-...
Join us at Cloud Expo | @ThingsExpo 2016 – June 7-9 at the Javits Center in New York City and November 1-3 at the Santa Clara Convention Center in Santa Clara, CA – and deliver your unique message in a way that is striking and unforgettable by taking advantage of SYS-CON's unmatched high-impact, result-driven event / media packages.
You might already know them from theagileadmin.com, but let me introduce you to two of the leading minds in the Rugged DevOps movement: James Wickett and Ernest Mueller. Both James and Ernest are active leaders in the DevOps space, in addition to helping organize events such as DevOpsDays Austinand LASCON. Our conversation covered a lot of bases from the founding of Rugged DevOps to aligning organizational silos to lessons learned from W. Edwards Demings.
In the rush to compete in the digital age, a successful digital transformation is essential, but many organizations are setting themselves up for failure. There’s a common misconception that the process is just about technology, but it’s not. It’s about your business. It shouldn’t be treated as an isolated IT project; it should be driven by business needs with the committed involvement of a range of stakeholders.
Application development and delivery methods have undergone radical changes in recent years to improve scalability and resiliency. Container images are the new build and deployment artifacts that are used to ship and run software. While startups have long been comfortable experimenting with and embracing new technologies, even large enterprises are now re-architecting their software systems so that they can benefit from container-enabled micro services architectures. With the launch of DC/OS, w...
SYS-CON Events announced today that BMC Software has been named "Siver Sponsor" of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2015 at the Javits Center in New York, New York. BMC is a global leader in innovative software solutions that help businesses transform into digital enterprises for the ultimate competitive advantage. BMC Digital Enterprise Management is a set of innovative IT solutions designed to make digital business fast, seamless, and optimized from mainframe to mo...
Earlier this week, we hosted a Continuous Discussion (#c9d9) on Continuous Delivery (CD) automation and orchestration, featuring expert panelists Dondee Tan, Test Architect at Alaska Air, Taco Bakker, a LEAN Six Sigma black belt focusing on CD, and our own Sam Fell and Anders Wallgren. During this episode, we discussed the differences between CD automation and orchestration, their challenges with setting up CD pipelines and some of the common chokepoints, as well as some best practices and tips...
When I talk about driving innovation with self-organizing teams, I emphasize that such self-organization includes expecting the participants to organize their own teams, give themselves their own goals, and determine for themselves how to measure their success. In contrast, the definition of skunkworks points out that members of such teams are “usually specially selected.” Good thing he added the word usually – because specially selecting such teams throws a wrench in the entire works, limiting...
SYS-CON Events announced today TechTarget has been named “Media Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY, and the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. TechTarget is the Web’s leading destination for serious technology buyers researching and making enterprise technology decisions. Its extensive global networ...
Automation is a critical component of DevOps and Continuous Delivery. This morning on #c9d9 we discussed CD Automation and how you can apply Automation to accelerate release cycles, improve quality, safety and governance? What is the difference between Automation and Orchestration? Where should you begin your journey to introduce both?
SYS-CON Events announced today that EastBanc Technologies will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. EastBanc Technologies has been working at the frontier of technology since 1999. Today, the firm provides full-lifecycle software development delivering flexible technology solutions that seamlessly integrate with existing systems – whether on premise or cloud. EastBanc Technologies partners with p...
As AT&Ts VP of Domain 2.0 architecture writes one aspect of their Domain 2.0 strategy is a goal to embrace a Microservices Application Architecture. One page 9 they describe how these envisage them fitting into the ECOMP architecture: "The initial steps of the recipes include a homing and placement task using constraints specified in the requests. ‘Homing and Placement' are micro-services involving orchestration, inventory, and controllers responsible for infrastructure, network, and applicati...
A strange thing is happening along the way to the Internet of Things, namely far too many devices to work with and manage. It has become clear that we'll need much higher efficiency user experiences that can allow us to more easily and scalably work with the thousands of devices that will soon be in each of our lives. Enter the conversational interface revolution, combining bots we can literally talk with, gesture to, and even direct with our thoughts, with embedded artificial intelligence, wh...
SYS-CON Events announced today that Alert Logic, Inc., the leading provider of Security-as-a-Service solutions for the cloud, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. Alert Logic, Inc., provides Security-as-a-Service for on-premises, cloud, and hybrid infrastructures, delivering deep security insight and continuous protection for customers at a lower cost than traditional security solutions. Ful...
Many banks and financial institutions are experimenting with containers in development environments, but when will they move into production? Containers are seen as the key to achieving the ultimate in information technology flexibility and agility. Containers work on both public and private clouds, and make it easy to build and deploy applications. The challenge for regulated industries is the cost and complexity of container security compliance. VM security compliance is already challenging, ...