https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/mobile-logo.png
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
    • Back
    • Embedded IoT World (Part of DesignCon) 2022
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
    • Back
    • Embedded IoT World (Part of DesignCon) 2022
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Metaverse
  • Development
  • Security
ioti.com

Security


Getty Images

Cloud Cybersecurity

Cloud and IoT Security: The Makings of McAfee MVISION Cloud

The cloud is often an important element of IoT security. Here, we take a look at the backstory of McAfee’s MVISION Cloud.
  • Written by Brian Buntz
  • 9th July 2019

In 2011, Rajiv Gupta, Ph.D., wanted to develop a game-changing idea for the IT field. Then a vice president and general manager at Cisco, his team created the Identity Services Engine at the company Securent, which Cisco acquired in 2007. The product later won Cisco’s internal Pioneer Award. Gupta interviewed scores of executives as part of that research and brainstormed with long-term colleagues Sekhar Sarukkai, who, like Gupta, has a Ph.D. in computer science, and Kaushik Narayan, who was then a principal engineer at Cisco. 

“We made it very clear that we would not write a single line of code until we figured out what we were going to do because what happens is technologists, as you probably know, very often get enamored by the technology and then to try and figure out where they can apply it,” Gupta said. “They ask themselves: ‘What is the solution to which I have the answer?’ And I was determined not to do that.” 

So the three sat down to come up with five distinct potentially disruptive ideas. The work was something like doing a miniature MBA — evaluating the size of the business opportunity, relevant market trends, the competitive landscape and so forth. 

One of those ideas related to the cloud. “There, the feedback was: ‘Hey, I’m using the cloud to store and share documents and I’m finding it very useful. My employees are doing the same, but as a [chief information officer], I have no clue what’s going in and out. My corporate data may be flowing out, but I have no idea.’” 

In 2011, cloud computing was clearly on the upswing, but it was difficult to evaluate how big the market might be or that cloud security would become an important element for IoT security. “We took a bet that cloud was going to be big,” Gupta said. And by extension, they assumed cloud security would be a bigger problem over time. 

In 2015, the nonprofit Cloud Security Alliance released security guidance for early IoT adopters. The Open Web Application Security Project, also a nonprofit, has cited insecure cloud interfaces as a vital consideration for IoT security relevant to both device manufacturers and developers. 

Rajiv GuptaBy 2011, Gupta had been fascinated by the potential of cloud computing for two decades — and the prospect of cloud security for nearly as long. Although the concept didn’t get its current name until 1996, according to Technology Review, the concept has a long history. The legendary computer scientist John McCarthy predicted in 1961: “Computing may someday be organized as a public utility just as the telephone system is a public utility.” 

Gupta remembers wishing cloud computing existed in 1991 after buying a laptop and thinking it would become obsolete within six months. He didn’t want to worry about obsolescence. All he wanted to do was to use software. “I wondered: ‘Why can’t someone provide [computing] to me as a service and I would pay for as much as I use. And if I want faster performance, I’ll just pay more.’”

So he created a skunkworks project dedicated to the notion of client utility computing. “It really was what you call cloud today, but I called it client utility because my prediction at the time was that it this will become a utility just like we tap into water or electricity.” 

“But it was only in 2011, 20 years later, that we decided cloud security would be interesting. And then we set off to address that problem statement,” he said.

Shortly thereafter, Gartner coined the term “cloud access security broker” or CASB, for short. Skyhigh CASB was the first product in the category. 

In 2012, Gupta and his two co-founders formally founded Skyhigh Networks dedicated to cloud security, which McAfee eventually acquired in January 2018 for an undisclosed sum. 

Earlier this year, the Skyhigh CASB technology, which has been rebranded the McAfee MVISION Cloud became the first product to win Amazon’s AWS Security Competency status and AWS Well-Architected designation. To make that determination, Amazon “did a rigorous technical evaluation of us, and rightly so,” Gupta said, doing a comprehensive review of its architecture, implementation support practices, checking customer references and so forth.

“If I look at what customers need, there’s a lot of AWS adoption. We see that clearly in what MVISION customers are using. And so we work very closely with AWS, Microsoft and others to get technical validation from them.” 

In June, McAfee announced updates to MVISION Cloud for AWS including security scans for AWS CloudFormation templates, preemptive risk avoidance and tools for determining the root cause of security or misconfiguration problems. 

“AWS has articulated this shared responsibility model, so there is some level of security responsibility that you delegate to the cloud provider,” Gupta said. “You expect the cloud provider to have the infrastructure secure, their server secure, the application secure, the data center secure, the network secure. They have padlocks and so on so forth. That’s the cloud provider’s responsibility. And then there’s the user’s responsibility.” 

If an enterprise employee configures a surveillance camera to stream sensitive live data to the internet or if an employee creates a shared document and gives it a public link, that enterprise in question bears the responsibility in addressing it. 

“The approach we’ve taken is to work in partnership with the cloud providers as opposed to in conflict with them,” Gupta said. “We leverage their API’s, we engage with them early on, we get feedback, and they view us as a strategic partner as a result of that. We help them achieve their goals by helping remove impediments for enterprises to adopt their service,” he added. “We are following the enterprise shared responsibility model, so it really is a win, win, win.” 

Tags: Security Features

Related


  • Image shows welding robotics and a digital manufacturing operation.
    IoT Supply Chain Vulnerability Poses Threat to IIoT Security
    The supply chain provides building blocks for IoT but also vulnerabilities. IT pros need to ward against malicious attacks that exploit supply chain security gaps.
  • IoT Security Needs Pen Testing Approach
    IoT pen testing is a no-brainer, say experts. But don’t test everything.
  • Image shows a digital background depicting innovative technologies in security systems,
    Securing IoT Devices With Zero Trust Requires Mindset Shift
    Zero-trust approaches require a shift in mindset to ensure IoT devices have rigorous security policies applied — and the work is never done, say IT pros.
  • An Integrated Approach to IoT Security
    This e-book provides a comprehensive framework to help organizations reduce risk in IoT products and environments.

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Content

  • Common Internet of Things Security Pitfalls 
  • Can Privacy-Preserving Machine Learning Overcome Data-Sharing Worries?
  • Developing a Critical Infrastructure Cybersecurity Strategy
  • Addressing IoT Security Challenges From the Cloud to the Edge 

Roundups

View all

IoT Product Roundup: PTC, Nokia, Arm and More

19th May 2022

IoT Deals, Partnerships Roundup: Intel, Nauto, Helium and more

14th May 2022

IoT Product Roundup: Amazon, Synaptics, Urban Control and More

27th April 2022

White Papers

View all

The Role of Manufacturing Technology in Continuous Improvement Ebook

6th April 2022

IIoT Platform Trends for Manufacturing in 2022

6th April 2022

Latest Videos

View all
Dylan Kennedy of EMQ

Embedded IoT World 2022: Dylan Kennedy of EMQ

Dylan Kennedy, EMQ’s VP of global operations, sat down with Chuck Martin at Embedded IoT World 2022.

Embedded IoT World 2022: Omdia’s Sang Oh Talks Vehicle Chip Shortage

Omdia’s automotive semiconductor analyst sits down with Chuck Martin at this year’s event

E-books

View all

How Remote Access Helps Enterprises Improve IT Service and Employee Satisfaction

12th January 2022

An Integrated Approach to IoT Security

6th November 2020

Webinars

View all

Rethinking the Database in the IoT Era

18th May 2022

Jumpstarting Industrial IoT solutions with an edge data management platform

12th May 2022

AI led Digital Transformation of Manufacturing: Time is NOW

9th December 2021

Special Reports

View all

Omdia’s Smart Home Market Dynamics Report

7th January 2022

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

IoT Security Best Practices for Industry and Enterprise

20th October 2020

Twitter

IoTWorldToday, IoTWorldSeries

Clearview AI has been fined $9.4 million for collecting images of people from social media platforms to add to its… twitter.com/i/web/status/1…

24th May 2022
IoTWorldToday, IoTWorldSeries

Swiss-startup Airyacht is developing an eponymously named vehicle that it says will take the luxury-yacht experienc… twitter.com/i/web/status/1…

23rd May 2022
IoTWorldToday, IoTWorldSeries

@Tesla’s #Autopilot being investigated once again following fatal crash in Newport Beach, California. iotworldtoday.com/2022/05/23/tes…

23rd May 2022
IoTWorldToday, IoTWorldSeries

A new Kansas law will enable #driverless deliveries from @Walmart and its partner @Gatik_AI. #AVs… twitter.com/i/web/status/1…

23rd May 2022
IoTWorldToday, IoTWorldSeries

Access a world of opportunity in 2022 with @IoTWorldToday ➡️ Now is time to unlock ROI, by accessing a global com… twitter.com/i/web/status/1…

23rd May 2022
IoTWorldToday, IoTWorldSeries

3D Home Printer to Build 72 Residences for National Homebuilder dlvr.it/SQhWSF https://t.co/XJOs70DqzH

19th May 2022
IoTWorldToday, IoTWorldSeries

Microsoft Ramping up Cybersecurity Service Offerings dlvr.it/SQhPR0 https://t.co/nYzaDRnyVY

19th May 2022
IoTWorldToday, IoTWorldSeries

IoT Product Roundup: PTC, Nokia, Arm and More dlvr.it/SQhNNF https://t.co/ZApdw3RHdu

19th May 2022

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X