Welcome!

Agile Computing Authors: Liz McMillan, Steve Latham, Pat Romanski, Larry Alton, Harry Trott

Related Topics: @CloudExpo, Java IoT, Microservices Expo, Containers Expo Blog, Agile Computing, Cloud Security

@CloudExpo: Article

A Cloud Security Conversation with the SMB

Why the cloud makes sense for companies with limited resources and modest budgets

I just got off the phone with a friend of mine. His name is AJ and he was particularly grouchy. He had just spent the last 12 work hours scouring month-old machine logs so that he could compile a quarter-end audit that met his company’s compliance requirement. AJ is the Director of IT for what would be considered an SMB. It’s a modest home warranty related company that deals with homeowner end users, finance and loan offices, mortgage companies and manufacturers. It does roughly 15-20 million in business each year and employs about 60 direct employees and maybe 100 contracted agents. AJ has a staff of three other IT professionals, but given the workload, could easily double that headcount.

AJ is very proud of his jack-of-all-IT-trades status. He is proficient at writing code as he is virtually installing access on contractor home devices or planning strategic IT footprint expansion. And it's this proficiency that has been making him grumpy. Because he can work some sort of magic with just about any application, the bosses have him wear many different hats. In fact, one of his online IT forum handles is “The Maddest Hatter.” But it is this reliance on his tribal knowledge and multidisciplinary acumen that keep the C-Levels saying “that sounds like it’s right up AJ’s alley.” AJ’s biggest problem is that there are only 24 hours in a day and he can only prioritize so many projects that are interspersed with hair-on-fire emergencies.

Now when I called AJ, it was not to sell him anything, but to see if he wanted to play a round of golf this weekend. However, the conversation soon turned dark, as he said that he would probably be in the office all weekend catching up on the work he would have been doing if not for the pesky audits.  I asked him if that were a regular happenstance, working through the weekend. He said it happened once or twice a month. If it wasn’t compliance, it was server repair, or backup tapes, or investigating why the website submission page transmits gobbledigook (his word, not mine).

“So what about your security policies?” I snuck in the question.

“What about them? Raul and Savino (his techs) usually take care of it-the provsioning, password stuff, whatever. I just step in when the feds come knocking and ask about compliance. Man PCI is just burying me.” (note...most of his company's users pay for service online using credit card--see last week's blog about PCI)

I sighed. “So you don’t know who’s accessing your network, if they’re friendlies. What they are looking at?”

“I know what you’re trying to do…you’re trying to sell me SIEM and Log Management. You know I’ve got it covered.”

“Do you? How secure are those home agents computers? Are they monitored by anything more than virus software? Do you know what sites they’re visiting, how open their networks are before they sign in an access your network? Heck are they using unsecured smartphones?”

“I know. I know. But I thought this call was about golf.”

“Just trying to help a buddy out.

I know from experience that too many SMBs do not enforce data security policies. Like AJ, they are spread too thin or don’t have the necessary budget to afford a holistic solution. Without these security controls they run the risk of losing data, stagnate employee (and agent) productivity, and open themselves up to a myriad of breaches, sabotages and carelessness. Any of which could bring their modest enterprise to a screeching halt.

For company’s like AJ’s, security-as-a-service is making more and more sense. It provides best of breed capabilities for a fraction of the cost. I told AJ that for what he pays currently in support and maintenance, I could provide an enterprise-class holistic solution-one that provides all the tools, plus 24/7 monitoring vigilance. And this is not to displace any person or process currently in house. They might have the expertise, but typically don’t have the bandwidth or the budget or the buy-in. Too many company’s like AJ’s do the bare minimum to maintain compliance, but that certainly leaves them vulnerable. In fact, the all the automated and outsourced functionalities can provide the breathing room to address not only business need and revenue generating priorities, but to allow a transformation from an infrastructure-based organization to a information-based one. AJ knows this and often crosses swords with the C-levels in that they need to upgrade security protocols because it is a matter of when (not if) a major security issue will occur and cost them not only dollars, but reputation as well.

Cloud-based security is not just a benefit for SMBs.  The residual benefit of cloud security is that IT no longer has to be in the Identity Management business, but still reap all the benefits and efficiencies. No more time dedicated to resetting passwords or setting up role based access every time someone is hired, fired or moved. It doesn’t have to be in the log monitoring business, but still is effectively and securely protected from intrusion and attack with 24/7/365 monitoring. IT department is no longer a compiler of data, but a conduit of information and evaluator of compliance audits and reports that meet the various industry standards and government requirements.

The good news is AJ is slotting cloud security migration for his 2013 budget. So I just may let him win the next time we hit the links…but don’t tell him that!

More Stories By Kevin Nikkhoo

With more than 32 years of experience in information technology, and an extensive and successful entrepreneurial background, Kevin Nikkhoo is the CEO of the dynamic security-as-a-service startup Cloud Access. CloudAccess is at the forefront of the latest evolution of IT asset protection--the cloud.

Kevin holds a Bachelor of Science in Computer Engineering from McGill University, Master of Computer Engineering at California State University, Los Angeles, and an MBA from the University of Southern California with emphasis in entrepreneurial studies.

@ThingsExpo Stories
Web Real-Time Communication APIs have quickly revolutionized what browsers are capable of. In addition to video and audio streams, we can now bi-directionally send arbitrary data over WebRTC's PeerConnection Data Channels. With the advent of Progressive Web Apps and new hardware APIs such as WebBluetooh and WebUSB, we can finally enable users to stitch together the Internet of Things directly from their browsers while communicating privately and securely in a decentralized way.
WebRTC is about the data channel as much as about video and audio conferencing. However, basically all commercial WebRTC applications have been built with a focus on audio and video. The handling of “data” has been limited to text chat and file download – all other data sharing seems to end with screensharing. What is holding back a more intensive use of peer-to-peer data? In her session at @ThingsExpo, Dr Silvia Pfeiffer, WebRTC Applications Team Lead at National ICT Australia, looked at differ...
The security needs of IoT environments require a strong, proven approach to maintain security, trust and privacy in their ecosystem. Assurance and protection of device identity, secure data encryption and authentication are the key security challenges organizations are trying to address when integrating IoT devices. This holds true for IoT applications in a wide range of industries, for example, healthcare, consumer devices, and manufacturing. In his session at @ThingsExpo, Lancen LaChance, vic...
With all the incredible momentum behind the Internet of Things (IoT) industry, it is easy to forget that not a single CEO wakes up and wonders if “my IoT is broken.” What they wonder is if they are making the right decisions to do all they can to increase revenue, decrease costs, and improve customer experience – effectively the same challenges they have always had in growing their business. The exciting thing about the IoT industry is now these decisions can be better, faster, and smarter. Now ...
Fact is, enterprises have significant legacy voice infrastructure that’s costly to replace with pure IP solutions. How can we bring this analog infrastructure into our shiny new cloud applications? There are proven methods to bind both legacy voice applications and traditional PSTN audio into cloud-based applications and services at a carrier scale. Some of the most successful implementations leverage WebRTC, WebSockets, SIP and other open source technologies. In his session at @ThingsExpo, Da...
Who are you? How do you introduce yourself? Do you use a name, or do you greet a friend by the last four digits of his social security number? Assuming you don’t, why are we content to associate our identity with 10 random digits assigned by our phone company? Identity is an issue that affects everyone, but as individuals we don’t spend a lot of time thinking about it. In his session at @ThingsExpo, Ben Klang, Founder & President of Mojo Lingo, discussed the impact of technology on identity. Sho...
A critical component of any IoT project is what to do with all the data being generated. This data needs to be captured, processed, structured, and stored in a way to facilitate different kinds of queries. Traditional data warehouse and analytical systems are mature technologies that can be used to handle certain kinds of queries, but they are not always well suited to many problems, particularly when there is a need for real-time insights.
You think you know what’s in your data. But do you? Most organizations are now aware of the business intelligence represented by their data. Data science stands to take this to a level you never thought of – literally. The techniques of data science, when used with the capabilities of Big Data technologies, can make connections you had not yet imagined, helping you discover new insights and ask new questions of your data. In his session at @ThingsExpo, Sarbjit Sarkaria, data science team lead ...
WebRTC has had a real tough three or four years, and so have those working with it. Only a few short years ago, the development world were excited about WebRTC and proclaiming how awesome it was. You might have played with the technology a couple of years ago, only to find the extra infrastructure requirements were painful to implement and poorly documented. This probably left a bitter taste in your mouth, especially when things went wrong.
WebRTC is bringing significant change to the communications landscape that will bridge the worlds of web and telephony, making the Internet the new standard for communications. Cloud9 took the road less traveled and used WebRTC to create a downloadable enterprise-grade communications platform that is changing the communication dynamic in the financial sector. In his session at @ThingsExpo, Leo Papadopoulos, CTO of Cloud9, discussed the importance of WebRTC and how it enables companies to focus o...
Providing secure, mobile access to sensitive data sets is a critical element in realizing the full potential of cloud computing. However, large data caches remain inaccessible to edge devices for reasons of security, size, format or limited viewing capabilities. Medical imaging, computer aided design and seismic interpretation are just a few examples of industries facing this challenge. Rather than fighting for incremental gains by pulling these datasets to edge devices, we need to embrace the i...
Web Real-Time Communication APIs have quickly revolutionized what browsers are capable of. In addition to video and audio streams, we can now bi-directionally send arbitrary data over WebRTC's PeerConnection Data Channels. With the advent of Progressive Web Apps and new hardware APIs such as WebBluetooh and WebUSB, we can finally enable users to stitch together the Internet of Things directly from their browsers while communicating privately and securely in a decentralized way.
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place June 6-8, 2017, at the Javits Center in New York City, New York, is co-located with 20th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry p...
In his General Session at 17th Cloud Expo, Bruce Swann, Senior Product Marketing Manager for Adobe Campaign, explored the key ingredients of cross-channel marketing in a digital world. Learn how the Adobe Marketing Cloud can help marketers embrace opportunities for personalized, relevant and real-time customer engagement across offline (direct mail, point of sale, call center) and digital (email, website, SMS, mobile apps, social networks, connected objects).
SYS-CON Events announced today that Catchpoint, a leading digital experience intelligence company, has been named “Silver Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Catchpoint Systems is a leading Digital Performance Analytics company that provides unparalleled insight into your customer-critical services to help you consistently deliver an amazing customer experience. Designed for digital business, C...
@ThingsExpo has been named the ‘Top WebRTC Influencer' by iTrend. iTrend processes millions of conversations, tweets, interactions, news articles, press releases, blog posts - and extract meaning form them and analyzes mobile and desktop software platforms used to communicate, various metadata (such as geo location), and automation tools. In overall placement, @ThingsExpo ranked as the number one ‘WebRTC Influencer' followed by @DevOpsSummit at 55th.
"There's a growing demand from users for things to be faster. When you think about all the transactions or interactions users will have with your product and everything that is between those transactions and interactions - what drives us at Catchpoint Systems is the idea to measure that and to analyze it," explained Leo Vasiliou, Director of Web Performance Engineering at Catchpoint Systems, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York Ci...
The 20th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held June 6-8, 2017, at the Javits Center in New York City, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Containers, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal ...
20th Cloud Expo, taking place June 6-8, 2017, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy.
SYS-CON Events announced today that Linux Academy, the foremost online Linux and cloud training platform and community, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Linux Academy was founded on the belief that providing high-quality, in-depth training should be available at an affordable price. Industry leaders in quality training, provided services, and student certification passes, its goal is to c...