From the Blogosphere
Treat Security as a Process Not an Event | @CloudExpo #Cloud
IT users must do due diligence within their own organizations and with the providers they retain
By: Adam Stern
Aug. 15, 2015 02:45 PM
As Cyber Attacks Proliferate, Don't Be a Sitting Duck - Treat Security as a Process
Hacking doesn't happen only to other people.
While last spring's notorious Sony hack may have implied that the biggest targets are the most vulnerable, any organization can be a victim - and, perhaps surprisingly, an unwitting perpetrator.
I'm talking to you, IT infrastructure companies. As a class of business, IT providers may be hip to risk as a matter of course, but they aren't exempt from the rules of the game and, given their special position in the information security ecosystem, attacks directed their way can be enormously consequential.
Deploying appropriate security protections, with technologies such as clustered firewalls and intrusion detection and prevention systems (IDPS), doesn't come cheap. The fact is, many of the smaller players in the hosting business can't and don't make that investment.
At the other end of the hosting spectrum, one of the industry's largest providers was recently attacking a mid-range player from thousands of servers each night - and the big provider's security detail couldn't even see the ongoing attack emanating from its own environment. Which raises the really big question: if they couldn't discern the attacks going out, can they see them coming in?
It's not alarmist to recognize that these scenarios have become distressingly common. Organizations - provider and user alike - aren't defenseless, but there's no longer an excuse for being caught napping.
IT users must do due diligence within their own organizations and with the providers they retain. Here are just a few words to the wise (and to those who may need to wise up):
It was William Osler, the 19th Century physician who co-founded Johns Hopkins, who said, "Security can only be achieved through constant change, adapting old ideas that have outlived their usefulness to current facts." Where IaaS is concerned, Osler could hardly have been more prescient.
Latest Cloud Developer Stories
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
SYS-CON Featured Whitepapers
Most Read This Week