Cloud Hosting

Click here to listen to the audio.

Cloud computing offers a business the prospect of efficiency and savings by improving data storage capabilities and outsourcing computing resources that a business need not build for itself. But when data moves to the cloud, does this raise new troubles and make legal compliance more difficult? Or can it minimize risk and increase compliance with a dizzying array of global data privacy laws? How do cloud computing and data privacy compliance intersect?

Lowell Thompson of Genity, a US-based company, discusses in this podcast how a cloud computing service can address this challenge and opportunity. Using encryption technology, Genity offers what it describes as data security by default that aims to bypass data privacy laws of Europe, California, Canada, and other countries.

Major data breaches such as Equifax (2017) revealed weaknesses in internal business systems, in that case exposing sensitive personal information of 147 million people from several countries. As a business focused on data, a cloud provider must be attentive to cybersecurity and differing data privacy rules and so may be able to provide greater security and compliance than many businesses can expect of their own personnel and system.

When a business contracts with a cloud computing services provider, it should consider several key issues: consent of data subjects, security, control and supervision, and server location. If a server resides in a jurisdiction that requires data localization or requires sharing data with government authorities, this can complicate a business data issues. The contract between a business and cloud services provider merits careful review to determine whether proceeding minimizes or increases the risk of data breach and inadvertent violations of differing state and national data privacy rules.

Cloud computing has its benefits. But you dont want a cloud to turn dark with thunder and lightning. Explore the intersection of cloud computing and data privacy in this podcast. If you have ideas for more interviews or stories, please email info@thedataprivacydetective.com.

Here is the original post:
Data Privacy Detective Podcast - Episode 50 - Intersection Of Cloud Computing And Data Privacy - Lexology

As businesses across the world become more reliant on the cloud, how can they upskill their workforce and develop cloud computing talent effectively?

It's time for businesses to think differently about how they develop their cloud computing talent.

The disruption caused by the Covid-19 pandemic has accelerated business dependence on technologies, such as the cloud.The dial was always moving in this direction, but now the global economy is increasingly reliant on the cloud to facilitate remote working and as a result, developing cloud computing talent must now be taken as a priority.

How to develop this talent should also change, with a greater focus on learning and culture, as opposed to the tradition of IT outsourcing.

Commenting on this trend, Simon Ratcliffe, principal consultant at hybrid IT services provider, Ensono, says: Cloud computing has challenged many of our long help preconceptions about IT. It has delivered flexibility, agility, freedom from capital expenditure, a safe world in which we can create an environment, experiment and tear it down again. So many of these changes, whilst driven by the underlying technology, mean we must think differently if we are to maximise the benefits.

A recent McAfee report found that 40% of large UK businesses expect their companies to be cloud-only by 2021, with 70% working towards being cloud-only businesses in the future.

Unfortunately, Fred Flack, head of talent academy at CloudStratex, points out that, still, many businesses fall into the trap of outsourcing their IT departments, wrongly believing this makes them digital.

He argues that this could not be further from the truth, as this digital knowledge is leased, and any advantage they enjoy from it will disappear when they can no longer afford to pay, putting them right back at square one.

As more businesses embrace a cloud-only model, which is accelerating in the wake of the Covid-19 pandemic, they have a duty of responsibility to their employees to keep them upskilled or even reskilled where necessary, according to Flack.

This does not mean paying lip service to digital training, but prioritising the development of cloud computing talent within the corporate strategy.

Flack suggests that this involves making appropriate digital hires where possible, despite the difficulty of finding talent given the current skills shortage.

He points out that another option is to employ IT training organisations who can educate and qualify staff in the first instance, with the aim of creating an internal digital knowledge hub and culture that encourages good practice and ultimately digital autonomy.

DevTeam.Space takes a look at what benefits cloud computing can provide for companies, including storage capabilities and cost. Read here

As cloud computing evolves, it will become something that more closely resembles a software development role, rather than an IT support role.

Theres still a skills crossover they need knowledge around hardware, infrastructure and be able to trouble shoot, but businesses looking for cloud computing talent are essentially looking at developer roles.

Commenting on this changing role, Simon Utting, COO at Amito, says: With the cloud environment becoming increasingly complex feature-wise, staying ahead of competitors, maintaining platforms and scaling requires consistent automation. This brings us back to coding. Make sure your team is on a pathway of continually developing these skills. Theres a huge gap around Linux talent right now so were looking at how we can plug that, given 65% of our client base run on it.

Another shift is tying security into your cloud talent development its going to be huge in the next couple of years as cyber security becomes more sophisticated your team needs to know how to respond to it effectively. Theres a major learning curve ahead.

Your business is so important and you need to do what you can to ensure you are running it the best way you possibly can. That means you need to think about what you can do to make the company more efficient and successful. Read here

Similar to Flack, Utting also emphasises the importance of creating a culture of lifelong learning in his cloud business.

Certifications help set a benchmark for a conversation, but we tend to verify during interviews. Personally, Im far more interested in curiosity, a desire to solve a problem, being self-starters this talent goes much further as you develop it, he adds.

Sean Farrington, SVP EMEA at Pluralsight, also believes that developing and maintaining cloud computing skills once talent is in place is a challenge. Businesses need the ability to accurately map skill levels and proficiencies within teams and put in place tailored learning pathways to address knowledge gaps, he says.

Success in thisrequires a reassessment of how learning is undertaken. Pluralsight, for example, found that 40% of IT professionals prefer learning online, either through self-paced or instructor led courses, rather than in classroom-based setups.

Commenting on this, Farrington adds: Companies are nothing more than the sum of their parts, and so business leaders must listen to the needs of their employees and implement an appropriate learning environment. In this case, the ability to upskill on demand and in bite-sized chunks is likely to keep cloud computing talent motivated, current and project-ready.

Ratcliff agrees that as businesses adapt their culture to embrace the cloud, they must also adapt their approach to developing the talent.

He says: It is no longer enough to produce a list of technical requirements and pattern match applicants to skills. We must adopt a far more people-centric approach to recruitment and development right across the organisation. The speed, agility and freedom to fail provided by the cloud are worthless without an underlying culture that accepts this.

Pointing to the other half of the battle with developing cloud computing talent, Farrington suggests that cloud computing roles can be neglected in favour of more glamorous jobs in AI development or cyber security.

He continues: Half the battle with developing cloud computing talent is showing bright employees that there is a long, enriching career in the cloud. As technology leaders, we must show them that the cloud is the engine room for tomorrows innovation; helping build our smart cities by underpinning big data, AI, IoT or 5G applications.

Ratcliffe believes that because cloud technology evolves at such pace, looking for technical skills is a redundant exercise.

Instead, he suggests businesses and the wider community build a talent pool with a blend of individuals that promotes diverse thinking and a passion to learn new things constantly.

The days of a couple of technical courses a year for staff are long gone. Learning is constant, consistent, on the job and flexibility needs to be built into the culture to allow for this, he adds.

See the article here:
It's time to think differently about how to develop cloud computing talent - Information Age

SEATTLE--(BUSINESS WIRE)--The Cloud Security Alliance (CSA), the worlds leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, announced today the release of its latest survey report, The Evolution of the CASB. The study, which queried more than 200 IT and security professionals from a variety of organization sizes and locations, examined the expectations, technical implementations, and challenges of using cloud security access brokers (CASB). The results reveal unrealized gaps between the rate of implementation or operation and the effective use of the capabilities within the enterprise.

CASB solutions have been underutilized on all the pillars but in particular on the compliance, data security, and threat protection capabilities within the service, said Hillary Baron, lead author and research analyst, Cloud Security Alliance. Its clear that training and knowledge of how to use the products need to be made a priority if CASBs are to become effective as a service or solution.

Commissioned by Proofpoint, Inc., a leading cybersecurity company and CASB solution provider, the paper found that while nearly 90% of the organizations surveyed are already using or researching the use of a CASB, half (50%) dont have the staffing to fully utilize cloud security solutions, which could be remediated by working with top CASB vendors.

Further, more than 30% of respondents reported having to use multiple CASBs to meet their security needs and just over one-third (34%) find solution complexities an inhibitor in fully realizing the potential of CASB solutions. Overall, CASBs perform well for visibility and detecting behavior anomalies in the cloud but have yet to become practical as a tool for remediation or prevention.

To overcome the gaps uncovered in this Cloud Security Alliance survey look for a solution that is part of a larger security portfolio and can effectively address the people-centric cloud security concerns on cloud account compromise, cloud data loss prevention, and cloud application compliance and visibility, said Tim Choi, vice president of Product Marketing for Proofpoint. Its critical that the journey starts with clear goals in mind and prioritized objectives. In addition, identifying CASB solutions that provide a deployment model that can be operationalized in hours, not weeks leads to faster time to value.

Additionally, the report found that when it comes to utilizing CASBs, of those surveyed:

Download the free report.

For more information on Proofpoints CASB solution, please visit https://www.proofpoint.com/us/products/cloud-security/cloud-app-security-broker.

About Cloud Security Alliance

The Cloud Security Alliance (CSA) is the worlds leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, training, certification, events, and products. CSA's activities, knowledge, and extensive network benefit the entire community impacted by cloud from providers and customers to governments, entrepreneurs, and the assurance industry and provide a forum through which different parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at http://www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.

About Proofpoint, Inc.

Proofpoint, Inc. (NASDAQ: PFPT) is a leading cybersecurity company that protects organizations greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber attacks. Leading organizations of all sizes, including more than half of the Fortune 1000, rely on Proofpoint for people-centric security and compliance solutions that mitigate their most critical risks across email, the cloud, social media, and the web. More information is available at http://www.proofpoint.com.

Visit link:
Cloud Security Alliance Study Finds While CASB Demand Is High, Additional Education Is Needed to Clarify Cloud Security Goals - Business Wire

Its been more than a year since Capital One Financial said it had suffered a data breach that exposed the personal information of 106 million customers, but the lessons from the episode are as timely as ever.

The $80 million penalty assessed by the Office of the Comptroller of the Currency on Thursday against the McLean, Va., company for its security lapse highlights how serious a regulatory risk data-integrity issues are especially those involving cloud computing.

The hack was allegedly carried out by Paige Thompson, a former software engineer at Amazon Web Services, who broke into Capital One's servers in Amazon's cloud through a misconfigured web application firewall. Thompson was arrested and awaits trial on charges of hacking Capital One and 30 other organizations.

Banks continue to put sensitive data in the cloud, especially as digital services have risen in popularity during the pandemic. The incident and its aftermath offer banks a watchlist of precautions that have become clearer with the passage of time, say academic and information security experts interviewed for this story.

Here are six steps banks can take to strengthen their data defenses.

Thompson gained access to the Capital One data through an insecure web application firewall.

Jim Reavis, co-founder and chief executive of the Cloud Security Alliance, said Capital One used open-source software to build its firewall to the servers.

Open-source software in and of itself is not dangerous, he said. All of corporate America uses open-source software of different types and flavors, he said.

But this firewall had a misconfiguration that the attacker used to conduct a server-side request forgery, which enabled her to obtain privileged identity credentials.

Maintaining security updates on open-source software is as important as it is on proprietary software, Reavis said.

Capital One did not immediately respond to a request for comment Friday, but a day earlier, after the OCC penalty was announced, the company said it takes data security seriously and had controls in place at the time of the breach that helped authorities make an arrrest.

"In the year since the incident, we have invested significant additional resources into further strengthening our cyber defenses, and have made substantial progress in addressing the requirements of these orders," a company spokesperson said in an email to American Banker.

A combination of automation and human review can be used to check and double-check the security of software code, said Steve Rubinow, a computer science faculty member at DePaul University and former chief information officer of the New York Stock Exchange.

In any security space, the weakest link is human because we humans make mistakes, Rubinow said. Even the smartest of us, the most capable of people with the best track records are capable of making mistakes.

Thompson was an insider: She had worked at AWS on the Capital One account.

Reavis said companies need to pay more attention to administrator accounts, sometimes called God access accounts, that give insiders carte blanche access to everything. And they should and apply dual key systems, so administrators cant access elevated privileges on their own.

Companies ought to employ a principle of least privileges so when a credential is stolen, as in this case, they can reduce the harm caused, Reavis said.

Capital One made some mistakes with authentication, Reavis said.

Multifactor authentication is a great way to take a lot of different types of successful attacks and cause them to have no negative consequences, he said.

Capital One does use multifactor authentication a lot, Reavis said. But on back-end systems like this one, its use is uncommon.

That's changing you're seeing more organizations thinking of identity more holistically, Reavis said. They're thinking of identity of devices, identity of applications, identity of data stores, and then extending their identity management and authentication strategies across the board.

Capital One did respond quickly and effectively to the breach, such that the hacker was caught right away and the data was rapidly secured.

In addition to a strong incident response, Capital One notified customers of the breach promptly.

It likely reduced their fine significantly, Reavis said.

Throughout the past year, Capital One has been in a court battle to keep private an investigative report it hired the security firm Mandiant to write about the breach. But recently, a court required Capital One to share the report with the plaintiffs' attorneys in a class action.

An incident analysis or forensics type of report is going to have a lot of sensitive information that might expose additional vulnerabilities and threat vectors, Reavis said. I understand the sensitivity. But organizations need to be very frank about how their systems are configured and tested to make sure they're secure in the first place and be very transparent about how incidents are handled, how the systems are governed.

Mark Bower, senior vice president with the data-security company comforte AG, makes a point regulators have been making for years: Companies cant outsource security to vendors, especially cloud vendors.

The signal is very clear: The often-referenced shared responsibility cloud model means naught when its your data, Bower said. You are responsible and accountable, and will pay the price if gaps are exploited.

Rubinow echoed this point.

There have been a number of companies in the past that have so much respect for Amazon or whoever their cloud provider is that they say, if I just put my computing assets in their cloud, they will secure them for me because they're really smart people and they do it at scale, he said.

I always have to remind those people that they don't secure everything. And at the end of the day, these are your applications. This is your data. You need to be vigilant and safeguard them, because no one's going to care about them as much as you are, and it's still your responsibility.

View original post here:
Capital One fine is latest wake-up call for banks using the cloud - American Banker

Theglobal market for cloud technologies in healthcarewas $16.1 billion in 2016. The market should reach $20.2 billion in 2017 and $35.0 billion by 2022, growing at a compound annual growth rate (CAGR) of 11.6% during 2017-2022.

Request For Report[emailprotected]https://www.trendsmarketresearch.com/report/sample/12227

Report Scope:

The report will segment the technology for IT suppliers by hardware, software and network, as well as for internal and external cloud deployment models by software as a service (SaaS), infrastructure as a service (IaaS) and platform as a service (PaaS), and also by public, private and hybrid cloud platforms. For healthcare applications, the report will segment the market by: Electronic health records (EHRs). Picture archiving and communications systems (PACS). Cardiology information systems (CIS). Laboratory information systems (LIS). Radiology information systems (RIS). Other (facility, hospital information systems).

Use segments will also be addressed, including healthcare providers, private and public payers, and cloud providers.

Key issues that will be discussed include the inclusion of consumer healthcare applications and medical devices in the cloud ecosystem, adoption of stronger security measures to prevent data breeches and future innovations such as edge cloud services that can better support mobile devices and video services for remote healthcare.Report Includes:

35 data tables and 2 additional tables An overview of the global market for healthcare cloud computing technologies. Analyses of global market trends, with data from 2016, estimates for 2017, and projections of compound annual growth rates (CAGRs) through 2022. Market segmentation by technology, cloud deployment models, healthcare cloud applications, and by region. Discussion of key issues, such as inclusion of consumer healthcare applications and medical devices in the cloud ecosystem, and adoption of stronger security measures. Insight into future innovations, such as edge cloud services that can better support video services for remote healthcare. Profiles of key companies in the market, including: Agfa HealthCare, Allscripts, Amazon Web Services, Analogic, ARM Holdings, Athena Health, Beckman Coulter Inc., Biocontrol Medical.

Get Complete TOC with Tables and [emailprotected]https://www.trendsmarketresearch.com/report/discount/12227

Summary

Initially approached with caution by healthcare organizations, cloud computing is becoming more widely adopted. In 2017, cloud adoption in healthcare increased, as cost savings outweigh potential data protection concerns. Healthcare IT systems are historically expensive to implement, update and maintain. Cloud economics changes that by shifting from individual budgets to cost-sharing models enabled by private, multi-tenant, and in some cases, public clouds.

These trends are shifting in favor of increased IT spending toward cloud hardware, software and networks. The global market for cloud technologies in healthcare was $16.1 billion in 2016. The market is expected to grow to $20.2 billion in 2017 and increase to $35.0 billion by 2022, with a compound average growth rate (CAGR) of 11.6%.

North America will continue to lead spending due to the combination of the large number of cloud suppliers and providers in the region, as well as the pressure to shift expenses away from traditional IT environments. The region will grow from an estimated REDACTED in 2017 to REDACTED in 2022 at a strong CAGR of REDACTED. Europe and Asia-Pacific (APAC) will be the next-largest markets, each representing a REDACTED share of global spending. Europe will increase spending for cloud technologies inhealthcare from REDACTED in 2017 to REDACTED in 2022, at a REDACTED CAGR. APAC will achieve a similarspending level, but it will surpass Europe as cloud services expand in the region. APAC spending will increase from REDACTED in 2017 to REDACTED in 2022, at an REDACTED CAGR.

Latin America, Middle East and Africa, and the remaining Rest of World countries will comprise the remaining REDACTED of the market, with cloud technologies advancing over traditional IT at a slow but steadyrate of between REDAC TED and REDACTED.

Scope of Report

The report will segment the technology for IT suppliers by hardware, software and network, as well as for internal and external cloud deployment models by software as a service (SaaS), infrastructure as a service (IaaS) and platform as a service (PaaS), and also by public, private and hybrid cloud platforms. For healthcare applications, the report will segment the market by: Electronic health records (EHRs). Picture archiving and communications systems (PACS). Cardiology information systems (CIS). Laboratory information systems (LIS). Radiology information systems (RIS). Other (facility, hospital information systems).

Use segments will also be addressed, including healthcare providers, private and public payers, and cloud providers.

Key issues that will be discussed include the inclusion of consumer healthcare applications and medical devices in the cloud ecosystem, adoption of stronger security measures to prevent data breeches and future innovations such as edge cloud services that can better support mobile devices and video services for remote healthcare.

<<< Get COVID-19 Report Analysis >>>https://www.trendsmarketresearch.com/report/covid-19-analysis/12227

View original post here:
HEALTHCARE CLOUD COMPUTING Market: Which Region Will Register Higher CAGR? 2022 - eRealty Express