bizibly

Dissecting Cloud Security Strategies at the IT Roadmap Conference, San Jose

After spending more than 20 years in the IT and cloud security industry, I have joined Aryaka Networks, a company headquartered in Silicon Valley that is revolutionizing the enterprise WAN space.

I lead Aryaka’s Global Security and IT functions, and I’m chartered with making Aryaka the most secure solution in the market while establishing fully integrated and advanced IT solutions which will bring automation and streamlined business services. As a company, we continue to focus on delivering the highest level of security and service to our customers around the globe.

Yesterday, I spoke at the IT Roadmap Conference in San Jose. The conference revolved around IT technologies, strategies, trends and solutions that are fundamental to building the Next-Generation Enterprise. A number of speakers talked about the challenges being faced in today’s IT ecosystems, and how enterprises need to deploy innovative technology solutions to tackle these challenges. The focus was on security management, network management and infrastructure, application security and secure BYOT experience.

The adoption of cloud services, today, is almost ubiquitous. According to Forbes, 82% of the enterprises today have a hybrid cloud strategy in place (up from 74% in 2014). The benefits are obvious – reduced time spent in managing IT, less IT resources, improved service availability, and lesser concern about system outages.

While much of the cloud discussion surrounds reducing costs, increasing agility, and streamlining business functions, there is far less conversation about what IT practitioners can do to be more comfortable with another company controlling their data.  When it comes to cloud, what are the most common security concerns around actual threats and compliance, and how do you assess the posture of a cloud provider?  What information is available at no cost that can assist you in asking the right questions about cloud security?

Stolen credit cards, corporate data for sale, and email phishing attacks used to be newspaper headlines at one point in time. Not anymore.

The reasons, today, are more strategic. PII (Personal Identifiable Information) holds higher “value” (for lack of a better word) compared to stolen credit cards. There are organized groups orchestrating these attacks as all of this generates a revenue stream for them. DDoS attacks are quite commonplace. Corporate giants including many Fortune 500 companies have fallen prey to such incidences, let alone SMBs. Last month alone, over 40 major cyber security attacks were tracked, including the ones on University of California Los Angeles (UCLA), Ashley Madison, Office of Personnel Management (OPM) and United Airlines.

Losing Control to the Cloud

Cloud customers need to understand the following:

  • How to manage their own environment
  • Policy and Regulatory Compliance Requirements
  • Implementation controls specific to their company
  • Need to maintain control of their data
  • Whether to adopt cloud or update legacy IT
  • Data that they need to have in the cloud
  • Concerns in losing control to the cloud

Before businesses relinquish control to the cloud, they need to conduct appropriate (and applicable) due diligence, and make sure security certifications are in place, privacy policy is being followed and other security compliance programs such as SOX, SSAE-16, GLBA and HIPAA are being adhered to.

Striking a balance between cloud operability and security is also crucial. Without the support of technology, people and processes, this is nearly impossible to achieve.

Cloud Operability

Aryaka's security has been vetted by CIOs for Fortune 1000 companies worldwide. Click To Tweet

At Aryaka, security of our customers’ data as it passes through our network has always been a key consideration for us. Engraining security within our global network architecture, proprietary optimization software stack and operational management has been one of the key factors to enabling us to consistently exceed our customers’ security expectations. Aryaka implements security features at many levels, providing traffic security at the network and systems design level, as well as POP and physical security throughout the network. Our security was built for our behind-the-firewall systems and has been vetted by CIOs for Fortune 1000 companies worldwide.

– Randolph Barr, Chief Security Officer

 

Randolph