Industry News Desk
A Robust Cybersecurity Program | @CloudExpo @CoalfireSys #Cloud
An exclusive interview with Abel Sussman, Director of Federal Services at Coalfire
By: Elizabeth White
Aug. 19, 2015 02:45 PM
"Threats are always evolving and the days of ‘set it and forget it' malware and virus scanners are over if you want to keep your business information secure," explained Abel Sussman, Director of Federal Services at Coalfire, in this exclusive Q&A with Cloud Expo Conference Chair Roger Strukhoff.
Cloud Computing Journal: Security threats seem so widespread and diverse that it seems companies need a framework before they tackle individual issues. To what degree do you take this point of view?
Abel Sussman: Fortunately there are many frameworks available for the industry to review and choose the ones that are most appropriate for their business, activity, and data sensitivity. Intra-industry standards bodies are becoming more familiar with cybersecurity needs and how to protect systems. One of the most robust frameworks is published by the National Institute of Standards and Technology (NIST) under Special Publication NIST 800-37 "Guide for Applying the Risk Management Framework to Federal Information Systems" and 800-53 "Security and Privacy Controls for Federal Information Systems and Organizations." The framework and security controls listed are used by Federal Information Security Management Act (FISMA) and the Federal Risk and Authorization Management Program (FedRAMP) to safeguard federal information technology assets. Even non-federal programs can use the NIST controls to evaluate their cybersecurity posture against industry best practices.
Cloud Computing Journal: How should companies get started in assessing their potential cybersecurity threats? How do they adjust as they monitor and manage threats?
Sussman: The first thing companies need to do is identify and categorize their data. Do they know what their vulnerabilities are? You'd be surprised at how many companies don't even know what they have. They should identify critical systems, critical data, understand what threats are out there and which of those apply to them. During that step, they should also look into third-party vendors that manage data for them and make sure their vendors are being held to the same risk standards they are implementing for themselves.
It is important to focus on the desired end-state and implement a graduated approach to priorities as to not disrupt or fail business activities. Once plans, defenses and incident response capabilities are put in place the organization can implement continuous monitoring activities to maintain ongoing awareness of information security, update vulnerabilities and threats, and improve control as measured through metrics
Cloud Computing Journal: How does the Internet of Things add to cybersecurity concerns?
Sussman: With the IoT, the physical world is becoming more defined in real-time, and there is a greater ability to immediately react to conditions.
A recent report from Cisco stated that 25 billion devices are expected to be connected by 2015 and 50 billion are slated to connect by 2020. In parallel, a study released by Hewlett Packard showed that 70 percent of IoT devices contain serious vulnerabilities. Clearly, we are becoming more dependent on technology while at the same time expanding our risk posture; this is not a safe situation.
Cloud Computing Journal: Are there particular industries that are most at risk for cybercrime, or is it fairly widespread throughout all industries and organizations?
Sussman: Within the past year we have seen major cyberattacks on dating sites, financial institutions, federal assets, airline networks, automobile operation, and corporate sensitive information. Clearly every industry, business, and digital personal belonging is affected by cybercrime. Of course, some targets are more desirable to thieves than others. The reasons are many-fold and start from lone hackers, and escalate to corporate espionage, criminal networks, and state sponsored cyber terrorists.
A robust cybersecurity program answers three questions:
Threats are always evolving and the days of "set it and forget it" malware and virus scanners are over if you want to keep your business information secure. Once a business becomes fully educated on their cyber risk profile and understands both the ongoing threats and their regulatory and compliance directives, they can begin to find new use cases and other relevant domains within their organization to optimize and repurpose their security investments.
Register FREE Before Friday! ▸ Here
▸ Cloud Expo sessions
The World's Largest Cloud Computing Event, November 3-5 at the Santa Clara Convention Center!
Cloud computing budgets worldwide are reaching into the hundreds of billions of dollars, and no organization can survive long without some sort of cloud migration strategy. Each month brings new announcements, use cases, and success stories.
Cloud Expo offers the world's most comprehensive selection of technical and strategic Industry Keynotes, General Sessions, Breakout Sessions, and signature Power Panels. The exhibition floor features 100+ exhibitors offering specific solutions and comprehensive strategies.
The floor also features a Demo Theater that give delegates the opportunity to get even closer to the technology they want to see and the people who offer it.
Cloud Expo 2015 Silicon Valley
Cloud Expo 2016 New York
Speaking Proposals Open
With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal today!
Submit Your Call for Papers ▸ Here
Sponsorship Opportunities Open
For the Past Four Years @CloudExpo Has Been a Must-Attend Event for MetraTech/Ericsson
Opening Keynote at 16th Cloud Expo | Sandy Carter, IBM General Manager Cloud Ecosystem
Cisco Keynote: The Internet of Everything: Seizing the Opportunities
Microservices & IoT Power Panel
SYS-CON.tv Interviews By Conference Chair Roger Strukhoff
Containers & Microservices Expo To Be Colocated with Cloud Expo Silicon Valley, November 3-5, 2015 at the Santa Clara Convention Center, CA
Containers and microservices have become topics of intense interest throughout the cloud developer and enterprise IT communities.
Microservices focuses on the business and technology of the software architecture design pattern, in which complex applications are composed of small, independent processes communicating with each other using language-agnostic APIs.
Containers are not being considered for the first time by the cloud community, but a current era of re-consideration has pushed them to the top of the cloud agenda.
Rather than just stuff an OS into a container, for example, developers and deployers should consider a spectrum of microservices and what they can do.
New York and Silicon Valley Sponsors and Exhibitors
Acision, Actifio, ActiveState, AgilePoint, AIC , Akana, AlertLogic, Ambernet, Amplidata, Apacer Memory America Inc., Appcore, AppDynamics, AppZero, Aria Systems, Arista Networks, Automic, Avere Systems, Axis Communications, B2CLOUD, Basic6, Bestwebdesignagencies.com, Bitium, Blue Box , BMC, BroadSoft, Brother , Bsquare, BUMI, CA, Inc., Calm.io, CenturyLink, Ciqada, CiRBA, Cisco, Cloudant, an IBM Company, Cloudian, CoalFire, CodeFutures, COLUMN Technologies, CommVault, connect2.me, Connected Data, CrashPlan/Code42, Creative Business Solutions , Cynny Italia S.r.l, Dasher, dcVAST, DEAC, Dell, DevOps.com, Distrix , DragonGlass, Dyn, Edgecast , ElasticBox, Emcien, Endstream Communications/Open Data Centers, EnterpriseDB, e-SignLive, by Silanis, Esri, Evident.io, FierceDevOps, FireHost, Genband, Gigamon, GoodData, Gridstore, Harbinger Group , IAPP, IBM, IDenticard Access Control, Imperva,
IndependenceIT, Infor, InMage, Innodisk, Intelligent Systems, Isomorhpic , ITinvolve, iwNetworks, Ixia, iXsystems , Jelastic, Kintone, KOTRA , Liaison, Litmus Automation, MangoApps, Matrix.org, MediaTek Labs, MetraTech (now part of Ericsson), Microsoft, Navisite, Net Access , Nimble Storage, NuoDB, Inc., Objectivity, OMG, Open Data Centers, OpenCrowd, Optimal Design, Oracle, OutSystems, Parasoft, Peak10, Peer 1 Hosting, PluralSight, Plutora, ProfitBricks, PubNub, Quality Technology Services , Quantum, Qubell, RackWare , Rancher Labs, Red Hat, r-evolutionapp , RingStor, Robomq.io, SafeLogic, SAP, ScaleMP, Seagate, Secure Infrastructure & Services, Sematext , SendGrid , Serena Software, Sherweb, SimpleECM, Site 24x7, Smartvue Corporation, SOASTA, SoftLayer, an IBM Company, SoftwareAG, Soha, Solgenia, SPAN Systems, Spirent, StackIQ, Stateless Networks, Storpool, Stratogent, Stratoscale, Supermicro, SUSE, Tau Institute, Telecity, Telehouse, Telestax, The New York Times , The Vision Times, TierPoint, TMCnet, Transparent Cloud Computing Consortium, Tufin, Ulunsoft, Utimaco, VASCO Data Security, Veeam, Verizon Enterprise Solutions, Vicom Computer Services, VictorOps, Virtustream, VITRIA Technology, Vormetric, WHOA.com, Will Jaya, Windstream, WSM - Website Movers International, Zentera Systems, Zerto.
About SYS-CON Media & Events
Reader Feedback: Page 1 of 1
SOA World Latest Stories
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
SYS-CON Featured Whitepapers
Most Read This Week