Open Source Cloud Authors: Rostyslav Demush, Liz McMillan, Jason Bloomberg, Yeshim Deniz, Stackify Blog

Related Topics: Microservices Expo, Open Source Cloud, @CloudExpo, Cloud Security

Microservices Expo: Blog Post

Cyber Security Top of Mind for Enterprise Architects

It's hard to plan any strategy for business and the IT forces that drive it, if the continuity of those services is suspect

SAN DIEGO -- The Open Group 2011 conference opened here yesterday with a focus on cyber security, showing how the risk management aspects of IT, architecture, and business stand as a high priority and global imperative for enterprises.

It's hard to plan any strategy for business and the IT forces that drive it, if the continuity of those services is suspect. Social media and the accelerating uses of mobile devices and networks are only adding more questions to the daunting issues around privacy and access. And, the Wikileaks affair has clearly illustrated how high the stakes can be. [Disclosure: The Open Group is a sponsor of BriefingsDirect podcasts.]

Three cyber security thought leaders plunged into the issues for the attendees: Bruce McConnell, Cybersecurity Counselor, National Protection and Programs Directorate (NPPD), US Department of Homeland Security; James Stikeleather, Chief Innovation Office, Dell; and Ben Calloni, Lockheed Martin Fellow for Software Security, Lockheed Martin Corp. Each speaker shared his thoughts on the current state of cyber security and where they see the industry heading in the future. Top of mind: The importance of trust, frameworks, and their impact on the security of critical infrastructure systems.

Following a brief introduction from Allen Brown, President and CEO of The Open Group, McConnell set the stage by discussing the current state of the security ecosystem.

Computing systems today often consist of numerous security hardware and software implementations working completely independently of each other. An improved security ecosystem would not only improve computing performance, but would also create an environment where interoperability would usher in governance and completeness. Facilitating information sharing between security systems would improve overall security by enabling systems to react in a more efficient manner when addressing security threats, he said.

The Department of Homeland Security (DHS) protects the federal executive branch, and works with critical infrastructure (gas, oil, electricity, telecom, etc.) to help them better protect themselves. DHS is currently working on a cyber security awareness campaign.

Stop, Think, Connect

Last year, DHS launched the “Stop, think, connect” campaign, which is directed at teens, young adults and parents of teens. With increased awareness, DHS believes that the threat of cyber security attacks will be lessened. For more information on the campaign, please go to http://www.dhs.gov/files/events/stop-think-connect.shtm.

McConnell mentioned that President Obama spoke on importance of private sector innovation earlier yesterday. He also stated that cyberspace is a new domain that is vital to our way of life. Therefore, it needs to be made more secure. Of course, government must play an important role in this process, but since cyber security is a civilian space, no one actor can secure it alone.

Given the global market of cyberspace, McConnell argued that the U.S. should continue to lead the security effort working together with consumers to achieve security. He then went on to suggest that an open, broad interoperability regime online would be able to validate attributes for online systems, but also emphasized that anonymity must be preserved.

Like every other function in IT, security, too, needs to be clearly defined in order to move forward.

McConnell concluded his keynote by speaking about a future white paper on the health of the cyber ecosystem, which will be based on the premise of a more secure cyberspace, where participants can work together in real-time to work against attacks. This cyber ecosystem would require automation, authentication and interoperability, enabling participating devices at any edge of a network to communicate with each other by policy established by the system owner. The ultimate purpose of the white paper is to encourage discussion and participation in an ecosystem that is more secure.

Dell innovation guru Stikeleather continued the plenary by emphasizing the need for a “Law of the Commons.” Like every other function in IT, security, too, needs to be clearly defined in order to move forward, he said. Clear definitions will enable the transparency and the common understanding needed for organizations and governments to communicate and discuss what goals the cyber community should strive to attain. This would not only lead to increased security, but it would also lead to improved trust, when addressing the growing concern of consumer privacy.


The consequences of the Web’s evolution is actually a co-evolution, he said, in which people depend more on technology and we are restructuring how we see data (augmented reality); while technology is becoming contextual, dependent on who is making the request, how and when they are making it, and what their intentions are in making it.

In such a fluid environment trust is essential, but can there realistically be trust? We have created an untrustworthy environment, Stikeleather said, and the tipping point will be smart phones in the enterprise. This technology, in particular, is creating greater cracks in a complex environment that is destined to ultimately fail.

We’ve created rules for shared international usage of the world’s oceans and for outer space, and cyberspace should be no different.

Additionally, government and enterprise can’t agree on what the world should look like from a security perspective, due to differing cultural concepts in cyberspace, creating the need for a "Law of the Commons." We’ve created rules for shared international usage of the world’s oceans and for outer space, and cyberspace should be no different.

At the end of the day, everything is an economic survival issue, Stikeleather said. The real value of the Web has been network effects. If we were to lose trust in privacy and security, we'd lose the currency of that global network exchange and the associated economic model, which in turn could actually mean the collapse of the global economy, he said. A catastrophic event is likely to happen, he predicted. What will the world without trust look like? A feudal cyber world with white lists, locked clients, fixed communication routes, locked and bound desktops, limited transactions, pre-established trading partners, information hoarders, towers of Babel.

Underlying structure

We have a unique opportunity with cloud, Stikeleather said, to get it right early and put thought into what the underlying structure of cloud needs to look like, and how to conduct the contextual nature of evolving technology. Meantime, people should own the right to their own identity and control their information, and we need to secure data by protecting it within content.

There were a lot of car analogies during the plenary, whether intentional or not, and my favorite one of the day came from Calloni of Intel – “security needs to be built-in, not bolt-on.” I’ve thought of this analogy many times before when discussing IT, especially in regards to enterprise architecture.

Calloni said that given human nature’s tendency to use technology to engineer ways to make our life easier, better, more functional, etc., we increase the risk by increasing exposure. Drawing a comparison to a Ford Pinto, he stated that if organizations can purely focus on security, their probability of success would increase exponentially. However, when we add functionalities where focus will be more distributed, security will decrease as the attack surface increases.

He outlined key questions that each organization should ask when determining security:

  • Who has access?
  • What are the criteria for gaining access/clearance?
  • Who has controls?
  • What function is most important? Is being balanced key?
  • What type of security do you need?

Security is expensive, so the need to reduce an organization’s attack surface is critical, when establishing a security policy. In order to build a security policy that will protect your organization, Calloni argued that you must be able to look at what area or parts of your system/network are available for an assailant to compromise. Five key areas that must be looked at include:

  • Vulnerability -- to have it, an attacker must be able to access it
  • Threats -- any potential hazard of harm to the data, systems or environment by leveraging a vulnerability; Individual taking advantage of a vulnerability
  • Risk -- the probability of the threats using the vulnerabilities; higher risks come with more vulnerabilities and increased threats
  • Exposure -- the damage done through a threat taking advantage of a vulnerability
  • Countermeasures -- processes and standards that are used to combat and mitigate the risks

Like a car's drivetrain, security needs to be built-in, not bolted-on. Security frameworks need to have the solid foundation in which organizations can build-on in order to address the ever-changing cyber threats. Bolt-ons will only provide temporary band-aids that will leave your organization vulnerable to cyber threats, he emphasized.

As organizations move toward the cloud and as cyber threats are becoming more commonplace, it will be interesting to see what importance organizations place of the themes discussed yesterday. They definitely apply to the remaining conference tracks. I’m especially looking forward to how what the enterprise architecture and cloud speakers will address these topics.

If you want a real-time view of the 2011 San Diego Conference, please search for the Twitter hashtag #ogsdg.

More Stories By Dana Gardner

At Interarbor Solutions, we create the analysis and in-depth podcasts on enterprise software and cloud trends that help fuel the social media revolution. As a veteran IT analyst, Dana Gardner moderates discussions and interviews get to the meat of the hottest technology topics. We define and forecast the business productivity effects of enterprise infrastructure, SOA and cloud advances. Our social media vehicles become conversational platforms, powerfully distributed via the BriefingsDirect Network of online media partners like ZDNet and IT-Director.com. As founder and principal analyst at Interarbor Solutions, Dana Gardner created BriefingsDirect to give online readers and listeners in-depth and direct access to the brightest thought leaders on IT. Our twice-monthly BriefingsDirect Analyst Insights Edition podcasts examine the latest IT news with a panel of analysts and guests. Our sponsored discussions provide a unique, deep-dive focus on specific industry problems and the latest solutions. This podcast equivalent of an analyst briefing session -- made available as a podcast/transcript/blog to any interested viewer and search engine seeker -- breaks the mold on closed knowledge. These informational podcasts jump-start conversational evangelism, drive traffic to lead generation campaigns, and produce strong SEO returns. Interarbor Solutions provides fresh and creative thinking on IT, SOA, cloud and social media strategies based on the power of thoughtful content, made freely and easily available to proactive seekers of insights and information. As a result, marketers and branding professionals can communicate inexpensively with self-qualifiying readers/listeners in discreet market segments. BriefingsDirect podcasts hosted by Dana Gardner: Full turnkey planning, moderatiing, producing, hosting, and distribution via blogs and IT media partners of essential IT knowledge and understanding.

@ThingsExpo Stories
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to ...
Cloud-enabled transformation has evolved from cost saving measure to business innovation strategy -- one that combines the cloud with cognitive capabilities to drive market disruption. Learn how you can achieve the insight and agility you need to gain a competitive advantage. Industry-acclaimed CTO and cloud expert, Shankar Kalyana presents. Only the most exceptional IBMers are appointed with the rare distinction of IBM Fellow, the highest technical honor in the company. Shankar has also receive...
Enterprises have taken advantage of IoT to achieve important revenue and cost advantages. What is less apparent is how incumbent enterprises operating at scale have, following success with IoT, built analytic, operations management and software development capabilities - ranging from autonomous vehicles to manageable robotics installations. They have embraced these capabilities as if they were Silicon Valley startups.
Poor data quality and analytics drive down business value. In fact, Gartner estimated that the average financial impact of poor data quality on organizations is $9.7 million per year. But bad data is much more than a cost center. By eroding trust in information, analytics and the business decisions based on these, it is a serious impediment to digital transformation.
Predicting the future has never been more challenging - not because of the lack of data but because of the flood of ungoverned and risk laden information. Microsoft states that 2.5 exabytes of data are created every day. Expectations and reliance on data are being pushed to the limits, as demands around hybrid options continue to grow.
The standardization of container runtimes and images has sparked the creation of an almost overwhelming number of new open source projects that build on and otherwise work with these specifications. Of course, there's Kubernetes, which orchestrates and manages collections of containers. It was one of the first and best-known examples of projects that make containers truly useful for production use. However, more recently, the container ecosystem has truly exploded. A service mesh like Istio addr...
As IoT continues to increase momentum, so does the associated risk. Secure Device Lifecycle Management (DLM) is ranked as one of the most important technology areas of IoT. Driving this trend is the realization that secure support for IoT devices provides companies the ability to deliver high-quality, reliable, secure offerings faster, create new revenue streams, and reduce support costs, all while building a competitive advantage in their markets. In this session, we will use customer use cases...
Business professionals no longer wonder if they'll migrate to the cloud; it's now a matter of when. The cloud environment has proved to be a major force in transitioning to an agile business model that enables quick decisions and fast implementation that solidify customer relationships. And when the cloud is combined with the power of cognitive computing, it drives innovation and transformation that achieves astounding competitive advantage.
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As automation and artificial intelligence (AI) power solution development and delivery, many businesses need to build backend cloud capabilities. Well-poised organizations, marketing smart devices with AI and BlockChain capabilities prepare to refine compliance and regulatory capabilities in 2018. Volumes of health, financial, technical and privacy data, along with tightening compliance requirements by...
DevOpsSummit New York 2018, colocated with CloudEXPO | DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City. Digital Transformation (DX) is a major focus with the introduction of DXWorldEXPO within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of bus...
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, @CloudEXPO and DXWorldEXPO are two of the most important technology events of the year. Since its launch over eight years ago, @CloudEXPO and DXWorldEXPO have presented a rock star faculty as well as showcased hundreds of sponsors and exhibitors! In this blog post, we provide 7 tips on how, as part of our world-class faculty, you can deliver one of the most popular sessions at our events. But before reading...
DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
DXWorldEXPO LLC announced today that ICOHOLDER named "Media Sponsor" of Miami Blockchain Event by FinTechEXPO. ICOHOLDER give you detailed information and help the community to invest in the trusty projects. Miami Blockchain Event by FinTechEXPO has opened its Call for Papers. The two-day event will present 20 top Blockchain experts. All speaking inquiries which covers the following information can be submitted by email to [email protected] Miami Blockchain Event by FinTechEXPO also offers s...
DXWorldEXPO | CloudEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
Dion Hinchcliffe is an internationally recognized digital expert, bestselling book author, frequent keynote speaker, analyst, futurist, and transformation expert based in Washington, DC. He is currently Chief Strategy Officer at the industry-leading digital strategy and online community solutions firm, 7Summits.
The best way to leverage your Cloud Expo presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering Cloud Expo and @ThingsExpo will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at Cloud Expo. Product announcements during our show provide your company with the most reach through our targeted audiences.
The IoT Will Grow: In what might be the most obvious prediction of the decade, the IoT will continue to expand next year, with more and more devices coming online every single day. What isn’t so obvious about this prediction: where that growth will occur. The retail, healthcare, and industrial/supply chain industries will likely see the greatest growth. Forrester Research has predicted the IoT will become “the backbone” of customer value as it continues to grow. It is no surprise that retail is ...
Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereal. Andrew's role at ConsenSys Enterprise is a mul...
DXWorldEXPO LLC announced today that "Miami Blockchain Event by FinTechEXPO" has announced that its Call for Papers is now open. The two-day event will present 20 top Blockchain experts. All speaking inquiries which covers the following information can be submitted by email to [email protected] Financial enterprises in New York City, London, Singapore, and other world financial capitals are embracing a new generation of smart, automated FinTech that eliminates many cumbersome, slow, and expe...
Cloud Expo | DXWorld Expo have announced the conference tracks for Cloud Expo 2018. Cloud Expo will be held June 5-7, 2018, at the Javits Center in New York City, and November 6-8, 2018, at the Santa Clara Convention Center, Santa Clara, CA. Digital Transformation (DX) is a major focus with the introduction of DX Expo within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive ov...