Click here to close now.

Welcome!

Industrial IoT Authors: Liz McMillan, Elizabeth White, Carmen Gonzalez, Pat Romanski, JP Morgenthal

Related Topics: CloudExpo® Blog, Industrial IoT, @MicroservicesE Blog, @ContainersExpo Blog, Agile Computing, Cloud Security, SDN Journal

CloudExpo® Blog: Article

How Cloud Security Balances Risk Versus Reward

Moving beyond the concept of security as a cost center

I spend a great deal of my day thinking about security. How it affects the enterprise; how to best position and protect assets. How it shapes risk management and how it delivers potential benefits through smoother operations, enhanced trust and loss prevention.

At its core, security is about risk versus reward. It’s no great secret that many executives look at security as a cost center. Compounded by the requirements of compliance, the expansion of technology, and the nature of the modern enterprise, no one doubts the need to secure the enterprise…but to what degree? Securing your IT environment is not free, but there are best practices and technology options designed to mitigate costs while still providing a strong, manageable and proactive defense. While many companies still would rather spend capital on commodity assets, many CIOs recognize that information security is an important business driver. Many more still are looking to the cloud for security solutions to further reduce resource reliance.

In the end, it is a question each company must answer on its own. I can talk until I am blue in the face about the bogeymen of hacking, slipshod employees opening suspect emails, the exposure of a company’s most precious data, but the needs of the company—how it interacts with customers, the access it provides third parties, employee productivity processes, compliance requirements and all the other moving parts of an active organization--must create and prioritize the roadmap based on understood vulnerabilities and available resources.

However, therein lies the problem…understood vulnerabilities. This decision is based on assumptions, resource limitations and previous experience. But security issues are a moving target...it's more about knowing what you don't know. Obviously a bank or medical management facility is at more risk than a local dog grooming company, but that doesn’t mean it is any less vulnerable. In fact, the modest company might be at greater risk because even a small breach of customer data can devastate a company. A large company may be able to absorb (although painful) the fines, lawsuits and the loss of proprietary assets, but the impact on a small or mid-sized company is magnified. The damage to the trust factor alone could put them out of business.

This is not meant to be some sort of scare tactic, but the reality of doing business in the 21st century means every company must take some level of action to protect itself beyond filtering emails. However understanding investments in CapEx, resource and personnel expenditures, hardware and software management, this might be untenable for every company. This is where the CIO earns his keep. How much time and capital is necessary to invest versus the real threats to the network/assets (is a barking dog enough to chase away robbers, or do you need bolt locks, motion sensors, round-the-clock-sentries, gun turrets, etc…)

This is why cloud security (security managed from the cloud) provides the necessary balance in the risk versus reward quotient. Not only does it support a unified platform (PaaS or REACT), but eliminates many of the costs that throw the equation out of balance. A smaller company no longer has to decide to invest in virus sweepers OR access management, identity credentialing OR intrusion detection. A larger organization can reallocate important resources towards key revenue drivers and core competencies. A unified/centralized approach from the cloud provides all the capabilities with no additional capital expenditures. In the fact that it centralizes all the activity under a centralized pane of glass not only makes an organization response ready, but also automates a great deal of what compliance regulators are demanding.

What about the risk? Are organizations exposing or ceding control of their data in order to save a few bucks? Is a Pandora’s Box opening because functionality and reporting is virtualized? Of course not. Yet, with all business initiatives, there are risks. However, by applying such best practices as 24/7/365 monitoring, event correlation across multiple silos, and fostering interactive communication between functions closes the vulnerability gap significantly. But to harness all those capabilities a company would need to invest in SIEM, Access Management, Log Management, IDM and other security solutions. Before the cloud, this combined initiative was only an option available to Fortune 500 enterprises. Even applying some cloud-based tools, each of the referenced solutions typically works in parallel. What is needed is the ability to centralize and have each of the solutions leverage one another.

Now cloud security solutions and applications are two different animals when it comes to the all important data ownership and information liability. Security manages the data wherever it is stored-cloud or some locked server room in the basement of a fortified campus. It is the fence, not the animals held within. If there is a break in the fence, or the rancher hires irresponsible cowboys, then the herd is at risk. But if the foreman is vigilant about riding the perimeter and managing his employees, then there should be as many cows in the barn as there were the day before.

This is not to say data is unassailable every time the sales guy accesses the product demo site to present to a prospect via online third party collaboration software, but if the tools are in place, properly automated and integrated and the policies (access rules, credentialing, web authorization, monitoring etc…) are sound, risk goes down and reward goes up.

On Wall Street there is a “measurement” called the Sharpe Index. Essentially it characterizes how well the return of an asset compensates the investor for the risk taken. Part of the complex equation analyzes the variables to get to a positive return. Applied to finance the axiom typically means the greater the risk, the greater the return. When applied to security, and more pointedly, cloud-based security, the variables line up so that there doesn’t have to be a high trade off of risk and return Considering the lower investment, the faster deployment, the reduction of personnel and computing resources against an expanded enterprise toolset, improved capabilities, continuous and centralized alerts, security-as-a-service support and enhanced visibility across the organization, the path to realize rewards and ROI point to the cloud.

Bottom line, cloud-based security functionality is as trustworthy, as powerful and as comprehensive as any on-premise deployment. Because it is infinitely more affordable, flexible and manageable, it allows you to increase the layers of security around your enterprise for a fraction of the hard and soft costs. It allows you to concentrate on priorities, policies and core competencies to ensure your perimeters are safe and the cattle can always come in from the fields. Each company is unique in terms of its needs and security comfort level and its concept in determining risk versus reward. Yet biggest risk, in terms of security, is standing still.

More Stories By Kevin Nikkhoo

With more than 32 years of experience in information technology, and an extensive and successful entrepreneurial background, Kevin Nikkhoo is the CEO of the dynamic security-as-a-service startup Cloud Access. CloudAccess is at the forefront of the latest evolution of IT asset protection--the cloud.

Kevin holds a Bachelor of Science in Computer Engineering from McGill University, Master of Computer Engineering at California State University, Los Angeles, and an MBA from the University of Southern California with emphasis in entrepreneurial studies.

@ThingsExpo Stories
The world is at a tipping point where the technology, the device and global adoption are converging to such a point that we will see an explosion of a world where smartphone devices not only allow us to talk to each other, but allow for communication between everything – serving as a central hub from which we control our world – MediaTek is at the heart of both driving this and allowing the markets to drive this reality forward themselves. The next wave of consumer gadgets is here – smart, connected, and small. If your ambitions are big, so are ours. In his session at @ThingsExpo, Jack Hu, D...
17th Cloud Expo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Meanwhile, 94% of enterprises are using some form of XaaS – software, platform, and infrastructure as a service.
The recent trends like cloud computing, social, mobile and Internet of Things are forcing enterprises to modernize in order to compete in the competitive globalized markets. However, enterprises are approaching newer technologies with a more silo-ed way, gaining only sub optimal benefits. The Modern Enterprise model is presented as a newer way to think of enterprise IT, which takes a more holistic approach to embracing modern technologies.
The true value of the Internet of Things (IoT) lies not just in the data, but through the services that protect the data, perform the analysis and present findings in a usable way. With many IoT elements rooted in traditional IT components, Big Data and IoT isn’t just a play for enterprise. In fact, the IoT presents SMBs with the prospect of launching entirely new activities and exploring innovative areas. CompTIA research identifies several areas where IoT is expected to have the greatest impact.
There's no doubt that the Internet of Things is driving the next wave of innovation. Google has spent billions over the past few months vacuuming up companies that specialize in smart appliances and machine learning. Already, Philips light bulbs, Audi automobiles, and Samsung washers and dryers can communicate with and be controlled from mobile devices. To take advantage of the opportunities the Internet of Things brings to your business, you'll want to start preparing now.
P2P RTC will impact the landscape of communications, shifting from traditional telephony style communications models to OTT (Over-The-Top) cloud assisted & PaaS (Platform as a Service) communication services. The P2P shift will impact many areas of our lives, from mobile communication, human interactive web services, RTC and telephony infrastructure, user federation, security and privacy implications, business costs, and scalability. In his session at @ThingsExpo, Robin Raymond, Chief Architect at Hookflash, will walk through the shifting landscape of traditional telephone and voice services ...
Explosive growth in connected devices. Enormous amounts of data for collection and analysis. Critical use of data for split-second decision making and actionable information. All three are factors in making the Internet of Things a reality. Yet, any one factor would have an IT organization pondering its infrastructure strategy. How should your organization enhance its IT framework to enable an Internet of Things implementation? In his session at Internet of @ThingsExpo, James Kirkland, Chief Architect for the Internet of Things and Intelligent Systems at Red Hat, described how to revolutioniz...
The security devil is always in the details of the attack: the ones you've endured, the ones you prepare yourself to fend off, and the ones that, you fear, will catch you completely unaware and defenseless. The Internet of Things (IoT) is nothing if not an endless proliferation of details. It's the vision of a world in which continuous Internet connectivity and addressability is embedded into a growing range of human artifacts, into the natural world, and even into our smartphones, appliances, and physical persons. In the IoT vision, every new "thing" - sensor, actuator, data source, data con...
All major researchers estimate there will be tens of billions devices - computers, smartphones, tablets, and sensors - connected to the Internet by 2020. This number will continue to grow at a rapid pace for the next several decades. With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo, June 9-11, 2015, at the Javits Center in New York City. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be
SYS-CON Events announced today that MetraTech, now part of Ericsson, has been named “Silver Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place on June 9–11, 2015, at the Javits Center in New York, NY. Ericsson is the driving force behind the Networked Society- a world leader in communications infrastructure, software and services. Some 40% of the world’s mobile traffic runs through networks Ericsson has supplied, serving more than 2.5 billion subscribers.
The 4th International Internet of @ThingsExpo, co-located with the 17th International Cloud Expo - to be held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA - announces that its Call for Papers is open. The Internet of Things (IoT) is the biggest idea since the creation of the Worldwide Web more than 20 years ago.
SYS-CON Events announced today that O'Reilly Media has been named “Media Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place on June 9–11, 2015, at the Javits Center in New York City, NY. O'Reilly Media spreads the knowledge of innovators through its books, online services, magazines, and conferences. Since 1978, O'Reilly Media has been a chronicler and catalyst of cutting-edge development, homing in on the technology trends that really matter and spurring their adoption by amplifying "faint signals" from the alpha geeks who are creating the future. An active participa...
We’re entering a new era of computing technology that many are calling the Internet of Things (IoT). Machine to machine, machine to infrastructure, machine to environment, the Internet of Everything, the Internet of Intelligent Things, intelligent systems – call it what you want, but it’s happening, and its potential is huge. IoT is comprised of smart machines interacting and communicating with other machines, objects, environments and infrastructures. As a result, huge volumes of data are being generated, and that data is being processed into useful actions that can “command and control” thi...
There will be 150 billion connected devices by 2020. New digital businesses have already disrupted value chains across every industry. APIs are at the center of the digital business. You need to understand what assets you have that can be exposed digitally, what their digital value chain is, and how to create an effective business model around that value chain to compete in this economy. No enterprise can be complacent and not engage in the digital economy. Learn how to be the disruptor and not the disruptee.
There's Big Data, then there's really Big Data from the Internet of Things. IoT is evolving to include many data possibilities like new types of event, log and network data. The volumes are enormous, generating tens of billions of logs per day, which raise data challenges. Early IoT deployments are relying heavily on both the cloud and managed service providers to navigate these challenges. In her session at Big Data Expo®, Hannah Smalltree, Director at Treasure Data, discussed how IoT, Big Data and deployments are processing massive data volumes from wearables, utilities and other machines...
Buzzword alert: Microservices and IoT at a DevOps conference? What could possibly go wrong? In this Power Panel at DevOps Summit, moderated by Jason Bloomberg, the leading expert on architecting agility for the enterprise and president of Intellyx, panelists will peel away the buzz and discuss the important architectural principles behind implementing IoT solutions for the enterprise. As remote IoT devices and sensors become increasingly intelligent, they become part of our distributed cloud environment, and we must architect and code accordingly. At the very least, you'll have no problem fil...
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo in Silicon Valley. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 17th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal an...
The worldwide cellular network will be the backbone of the future IoT, and the telecom industry is clamoring to get on board as more than just a data pipe. In his session at @ThingsExpo, Evan McGee, CTO of Ring Plus, Inc., discussed what service operators can offer that would benefit IoT entrepreneurs, inventors, and consumers. Evan McGee is the CTO of RingPlus, a leading innovative U.S. MVNO and wireless enabler. His focus is on combining web technologies with traditional telecom to create a new breed of unified communication that is easily accessible to the general consumer. With over a de...
Disruptive macro trends in technology are impacting and dramatically changing the "art of the possible" relative to supply chain management practices through the innovative use of IoT, cloud, machine learning and Big Data to enable connected ecosystems of engagement. Enterprise informatics can now move beyond point solutions that merely monitor the past and implement integrated enterprise fabrics that enable end-to-end supply chain visibility to improve customer service delivery and optimize supplier management. Learn about enterprise architecture strategies for designing connected systems tha...
The Internet of Things (IoT) promises to evolve the way the world does business; however, understanding how to apply it to your company can be a mystery. Most people struggle with understanding the potential business uses or tend to get caught up in the technology, resulting in solutions that fail to meet even minimum business goals. In his session at @ThingsExpo, Jesse Shiah, CEO / President / Co-Founder of AgilePoint Inc., showed what is needed to leverage the IoT to transform your business. He discussed opportunities and challenges ahead for the IoT from a market and technical point of vie...