https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/footer-logo.png
  • Home
  • News
    • Back
    • IoT World 2020 News
  • Strategy
  • Special Reports
  • Galleries
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • IoT World 2020 News
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Video / Podcasts
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Strategic Partners
  • IOT World Events
    • Back
    • Internet of Things World: San Jose
    • IoT World 2020 News
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • IoT World 2020 News
  • Strategy
  • Special Reports
  • Galleries
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • IoT World 2020 News
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Video / Podcasts
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Strategic Partners
  • IOT World Events
    • Back
    • Internet of Things World: San Jose
    • IoT World 2020 News
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Architecture
  • Engineering/Development
  • Security
ioti.com

Security


Corey Ford, Thinkstock

Lake with dramatic lightening and clouds

Security Breaches, Data Loss, Outages: The Bad Side of Cloud

What to consider and how to be proactive about cloud security.
  • Written by Bill Kleyman
  • 3rd April 2016

As a big supporter of cloud computing, this is never an easy topic to discuss. However, security concerns will always be present as threats continue to rise. Let me give you an example. As soon as the whole Heartbleed topic arose, our organization began fielding calls from various IT shops asking for remediation, fixes, and patches. The crazy part was that not all OpenSSL systems were impacted. Many pre-version 1 OpenSSL systems were safe. Many others were facing the challenge up correcting and fixing this serious vulnerability. Cisco, Juniper, F5, and many others were actively deploying fixes to ensure that their systems stay safe. Numerous social media giants – Facebook and LinkedIn for example – were also having to deal with OpenSSL issues. Furthermore, even though they were stating that patches have been deployed, these giants were asking all of their users to reset their passwords… just in case.

Interdependencies on cryptography library pieces can allow for a standardization around security protocols. However, it can also cause issues like Heartbleed where a number of large providers are impacted by the same very serious issue. Although cloud computing is a powerful platform, it can certainly have its “cloudier” days.

Although we’ve come a long way with cloud design, there are still some concerns and issues to overcome. There are so many moving parts that create a cloud environment that sometimes, not all of the pieces fit together entirely well. In looking at cloud computing, consider some of the following:

  • Cloud and security. This is still absolutely an issue. In fact, it’s a growing issue. Arbor Networks 9th annual Worldwide Infrastructure Security Report illustrates this point very clearly with the largest reported DDoS attack in 2013 clocking in at 309 Gbps. As cloud computing becomes more popular, it will become the target of more malicious attacks. No single environment is safe and every infrastructure must be controlled with set policies in place. Heartbleed is a perfect example where a number of massive cloud organizations can be impacted by a standardized security structure.
  • Dealing with data loss. Allowing users to get into the cloud is one thing. Accessing applications through a cloud model is a powerful way to allow end-users to work remotely. However, what happens when users start uploading files to the cloud? Healthcare is a great example where data loss can be extremely costly. A recent report from the Health Information Trust Alliance (HITRUST) really paints the picture around the ramifications of a data breach. Over the recent years, the numbers around healthcare data breaches can be quit sobering.
    • Total Breaches: 495
    • Total Records: 21.12 million
    • Total Cost: $4.1 billion
    • Average Size: 42,659 records
    • Average Cost: $8.27 million
    • Average Time to Identify: 84.78 days
    • Average Time to Notify: 68.31 days

Many organizations often times don’t have a Data Loss Prevention (DLP) system plan in place. This means that a user, even non-maliciously, might post some information or upload a file which can contain sensitive information.

  • Cloud outages. No entity is 100% safe from some type of disaster or emergency. In fact, a powerful storm in June of 2012 knocked out an entire data center which was owned by Amazon. What was hosted in that data center? Amazon Web Services. All affected AWS businesses in that data center were effectively down. Cloud-centric companies like Instagram, Netflix, and Pinterest were all made production ineffective for over six hours. To paint a clearer picture, there was a recent study conducted by the International Working Group on Cloud Computing Resiliency. This report showed that since 2007, about 568 hours were logged as downtime between 13 major cloud carriers. This has, so far, cost the customer about $72 million.

So what do you do? If you take a look at the responses from folks like Facebook, Google, and even LinkedIn, you’ll see proactive actions which address the issue immediately and sets in motion plans to fix problems like this moving forward. You can never predict the future, especially not in IT or security. But you can be vigilant and ready for things like this to happen.

New proactive security solutions like virtual security appliances give you the ability to deploy agile, powerful, and intelligent security systems anywhere within your infrastructure. The other big part is that these security platforms can be service-oriented. This means you can monitor specific network nodes and data points within a very distributed environment.

For now, cloud computing has really done a good job staying out of the spotlight when it comes to major security issues. Yes, Dropbox might accidentally delete a few of your files, or some source code becomes exposed. But the reality is that a public cloud environment hasn’t really ever experience amassive data breach. Ask yourself this question, what would happen if AWS lost 80 million records like in the very recent Anthem breach? The conversation around public cloud security would certainly shift quickly. But the reality is that they haven’t. Maybe this gives us more hope that the cloud architecture is being designed in such a way that data is properly segregated, networks are well designed, and the proper boarder security technologies are in place. It all sounds great; but the key is to never become complacent. As more organizations move to a cloud-based model, advanced persistent threats may follow.

Article was originally published on Data Center Knowledge.

Tags: Article Security Technologies News

Related


  • IoT security
    IoT Device Security: Risk Assessment, Hygiene Are Key
    As devices and data proliferate at the edge of the network, IT pros have encountered new challenges in securing enterprise IT systems.
  • Five Principles in a Zero-Trust Security Approach to IoT
    IoT devices have created vulnerability for IT networks, but a zero-trust security approach can lock down attack vectors. Here are five key principles.
  • Tactics for Successfully Selling IoT Technologies
    While this year has proven the value of digitization, many enterprises need persuasion. Experts discuss strategies for successfully selling IoT.
  • LynxSecure Datasheet
    LynxSecure is a tiny separation kernel that can be programmed to partition a modern processor into secure virtual environments. It is not RTOS. It is not a traditional hypervisor. It is smaller than a microkernel (as small as 15Kb). LynxSecure requires and leverages the hardware virtualization capabilities of certain modern CPUs to (1) establish secure […]

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Content

  • Cybersecurity Crisis Management During the Coronavirus Pandemic
  • In Industrial Realm, Trustworthy Software Means Safety
  • Integrating Analog Controls into IIoT Systems
  • Patient Health Data Is Increasingly Democratized--Despite Data Quality Issues

News

View all

Private LTE Market Projected to Grow to $13 Billion

12th January 2021

IoT World Announces 2021 IoT World Advisory Board

9th December 2020

White Papers

View all

Zero Trust Manufacturing: Navigating Complex Supply Chains to Build Trusted IoT Devices

27th January 2021

IoTConnect and How to Get Started

27th January 2021

Special Reports

View all

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

Webinars

View all

Weber’s Journey: How a Top Grill Maker Serves Up Connected Cooking

25th February 2021

From Insights to Action: Best Practices for Implementing Connected Device Security

15th December 2020

Galleries

View all

Top IoT Trends to Watch in 2020

26th January 2020

Five of the Most Promising Digital Health Technologies

14th January 2020

Industry Perspectives

View all

IoT Spending Holds Firm — Tempered by Dose of ‘IoT Pragmatism’

1st December 2020

The Great IoT Connectivity Lockdown

11th May 2020

Events

View all

IoT at the Edge

17th March 2021

Embedded IoT World 2021

28th April 2021 - 29th April 2021

IoT World 2021

2nd November 2021 - 4th November 2021

Twitter

IoTWorldToday, IoTWorldSeries

Zero Trust Manufacturing: Navigating Complex Supply Chains to Build Trusted IoT Devices dlvr.it/RrTDP4 https://t.co/fuH0GrHJrX

27th January 2021
IoTWorldToday, IoTWorldSeries

PKI: The Solution for Designing Secure IoT Devices dlvr.it/RrTDNF https://t.co/KBWcsksAQi

27th January 2021
IoTWorldToday, IoTWorldSeries

Five Guiding Tenets for IoT Security dlvr.it/RrTDGS https://t.co/Ss17Vn4sFw

27th January 2021
IoTWorldToday, IoTWorldSeries

📢 Announcing #EIOTWORLD Silver Sponsor @ONETech_AI! 💡 Learn more about sponsoring Embedded IoT World here:… twitter.com/i/web/status/1…

27th January 2021
IoTWorldToday, IoTWorldSeries

IoTConnect and How to Get Started dlvr.it/RrT1gl https://t.co/6Vci1hvOV2

27th January 2021
IoTWorldToday, IoTWorldSeries

RT @IoTWorldToday: #IoTsecuritytrends in 2021 will feature new threats given #remotework, #digitalhealth and #edgecomputing. https://t.co/S…

27th January 2021
IoTWorldToday, IoTWorldSeries

#IoTsecuritytrends in 2021 will feature new threats given #remotework, #digitalhealth and #edgecomputing.… twitter.com/i/web/status/1…

25th January 2021
IoTWorldToday, IoTWorldSeries

Protecting Your Network Against Ripple20 Vulnerabilities dlvr.it/RrJhpD https://t.co/Q2xe5hoy4U

25th January 2021

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X