Comments
yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Computing
Conference & Expo
November 2-4, 2009 NYC
Register Today and SAVE !..

2008 West
DIAMOND SPONSOR:
Data Direct
SOA, WOA and Cloud Computing: The New Frontier for Data Services
PLATINUM SPONSORS:
Red Hat
The Opening of Virtualization
GOLD SPONSORS:
Appsense
User Environment Management – The Third Layer of the Desktop
Cordys
Cloud Computing for Business Agility
EMC
CMIS: A Multi-Vendor Proposal for a Service-Based Content Management Interoperability Standard
Freedom OSS
Practical SOA” Max Yankelevich
Intel
Architecting an Enterprise Service Router (ESR) – A Cost-Effective Way to Scale SOA Across the Enterprise
Sensedia
Return on Assests: Bringing Visibility to your SOA Strategy
Symantec
Managing Hybrid Endpoint Environments
VMWare
Game-Changing Technology for Enterprise Clouds and Applications
Click For 2008 West
Event Webcasts

2008 West
PLATINUM SPONSORS:
Appcelerator
Get ‘Rich’ Quick: Rapid Prototyping for RIA with ZERO Server Code
Keynote Systems
Designing for and Managing Performance in the New Frontier of Rich Internet Applications
GOLD SPONSORS:
ICEsoft
How Can AJAX Improve Homeland Security?
Isomorphic
Beyond Widgets: What a RIA Platform Should Offer
Oracle
REAs: Rich Enterprise Applications
Click For 2008 Event Webcasts
In many cases, the end of the year gives you time to step back and take stock of the last 12 months. This is when many of us take a hard look at what worked and what did not, complete performance reviews, and formulate plans for the coming year. For me, it is all of those things plus a time when I u...
SYS-CON.TV
The Surprising Truth About Cloud Security | @CloudExpo #DigitalTransformation
Three Public Cloud Security Factors That Stop Breaches

Another day, another breach. No wonder security is tied for the top barrier to cloud adoption, according to 2017 research from RightScale, with 25 percent of survey respondents naming it, alongside expertise and expense, as their greatest challenge.

In the face of security concerns, IT executives have mistakenly found comfort in private clouds over public clouds. The RightScale survey found that enterprises run about 75 percent of workloads in the cloud, with 43 percent done in a private cloud and 32 percent handled in a public cloud.

No doubt, some of the enterprises using a private cloud have serious security protocols. But while private clouds can be protected with all the same tools as their public counterparts, they often aren't. It's probably why Alert Logic discovered that companies using pure public cloud environments averaged 405 security incidents, while hosted private cloud environments averaged 684 incidents.

When Security Matters Most, Go Public

Some executives assume that a lurking compliance requirement forbids the use of a public cloud. But no such hard-and-fast rule exists, and cloud service providers - the reputable ones, anyway - provide clear compliance road maps to their clients.

Other executives fear losing control in the event of a breach in someone else's environment, but these fears are also unfounded. The cloud doesn't fail; the implementation fails, or one party fails to abide by its shared security responsibilities.

Just because data exists in a public cloud environment doesn't mean it's at the mercy of that provider's security controls. And in any case, most public cloud providers have more robust security controls than companies that host their own private clouds.

To be clear, this isn't to say that public clouds are always more secure - only that most companies could enjoy stronger security by letting the experts manage their cloud data. Just about every public cloud provider offers three industry-leading security features:

1. Modern patch management and malware safeguards

Companies using private clouds are responsible for patching their own environments. Poor patch management leads to security vulnerabilities, creating windows for attackers to strike.

Public providers typically have more resources to dedicate to these maintenance cycles. As a general rule, older systems carry known vulnerabilities, including weaker malware defenses, while newer ones offer better anti-exploitation features. Most public cloud companies keep their equipment up-to-date because they don't have to compete for internal resources like private cloud solutions do.

2. Virtual private networks and segmentation

Private environments tend to have more "flat networks" than public ones. Because network segmentation is difficult to administer, many large organizations prefer to manage a single network across the enterprise rather than cordon off critical systems. But fewer walls makes it easier for hackers to access important systems.

Public clouds isolate sensitive applications and data while still pooling resources. Segmented systems stop hackers from moving through networks easily, making public clouds better at limiting damage should a breach occur.

3. Better identification and access management tools

Most hackers don't rely on fancy tricks to gain network access. Per Verizon's 2017 Data Breach Investigations Report, 81 percent of hacking breaches involve stolen or weak passwords.

In my experience, on-premise or private cloud environments tend to use outdated identity and access management tools. These often rely on centralized directories to connect everything. Unfortunately, they expose more than necessary when opening the private cloud to external resources, such as mobile, IoT, and web applications. Public cloud products have improved federating identity management built in, which enables security practices like single sign-on, attribute management, and access control.

Even if a public cloud is breached, the data within isn't necessarily in danger. Clients that manage their own encryption keys stop hackers from deciphering their stolen goods. AWS clients using Box KeySafe, for example, keep their data safe in Box while storing their keys outside of Box's environment.

Virtually every company depends - or will soon depend - on the cloud to store and access data, but misconceptions surrounding public clouds prevent them from making secure choices. Leave it to a company that does cloud security for a living, and you'll drastically drop your chances of being breached.

Brad Thies is the founder and president of BARR Advisory, an assurance and advisory firm specializing in cybersecurity, risk management, and compliance. Brad speaks regularly at industry events such as ISACA conferences, and he is a member of AICPA's Trust Information Integrity Task Force. Brad's advice has been featured in Entrepreneur, Cloud Computing Journal, Small Business CEO, and Information Security Buzz. Prior to founding BARR, Brad managed KPMG's risk consulting division. He is a CPA and CISA.

About Brad Thies
Brad Thies is principal at Barr Assurance & Advisory Inc., a risk consulting and compliance firm that provides business performance, information technology, and assurance services to clients across a variety of industries. He specializes in helping clients assess, design, and implement processes and controls to meet customer, regulatory, and compliance requirements. Brad is a certified public accountant and a certified information system auditor with more than 10 years of experience in the industry.

SOA World Latest Stories
As DevOps methodologies expand their reach across the enterprise, organizations face the daunting challenge of adapting related cloud strategies to ensure optimal alignment, from managing complexity to ensuring proper governance. How can culture, automation, legacy apps and even budget...
You know you need the cloud, but you’re hesitant to simply dump everything at Amazon since you know that not all workloads are suitable for cloud. You know that you want the kind of ease of use and scalability that you get with public cloud, but your applications are architected in a w...
Is advanced scheduling in Kubernetes achievable?Yes, however, how do you properly accommodate every real-life scenario that a Kubernetes user might encounter? How do you leverage advanced scheduling techniques to shape and describe each scenario in easy-to-use rules and configurations?...
The cloud era has reached the stage where it is no longer a question of whether a company should migrate, but when. Enterprises have embraced the outsourcing of where their various applications are stored and who manages them, saving significant investment along the way. Plus, the clou...
While some developers care passionately about how data centers and clouds are architected, for most, it is only the end result that matters. To the majority of companies, technology exists to solve a business problem, and only delivers value when it is solving that problem. 2017 brings...
DevOps is under attack because developers don’t want to mess with infrastructure. They will happily own their code into production, but want to use platforms instead of raw automation. That’s changing the landscape that we understand as DevOps with both architecture concepts (CloudNati...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021


SYS-CON Featured Whitepapers
ADS BY GOOGLE