SYS-CON MEDIA Authors: Elizabeth White, Yeshim Deniz, Roger Strukhoff, Jason Bloomberg, Pat Romanski

Related Topics: @CloudExpo, Cloud Security, Government Cloud

@CloudExpo: Article

A Robust Cybersecurity Program | @CloudExpo @CoalfireSys #Cloud

An exclusive interview with Abel Sussman, Director of Federal Services at Coalfire

"Threats are always evolving and the days of ‘set it and forget it' malware and virus scanners are over if you want to keep your business information secure," explained Abel Sussman, Director of Federal Services at Coalfire, in this exclusive Q&A with Cloud Expo Conference Chair Roger Strukhoff.

Cloud Computing Journal: Security threats seem so widespread and diverse that it seems companies need a framework before they tackle individual issues. To what degree do you take this point of view?

Abel Sussman: Fortunately there are many frameworks available for the industry to review and choose the ones that are most appropriate for their business, activity, and data sensitivity. Intra-industry standards bodies are becoming more familiar with cybersecurity needs and how to protect systems. One of the most robust frameworks is published by the National Institute of Standards and Technology (NIST) under Special Publication NIST 800-37 "Guide for Applying the Risk Management Framework to Federal Information Systems" and 800-53 "Security and Privacy Controls for Federal Information Systems and Organizations." The framework and security controls listed are used by Federal Information Security Management Act (FISMA) and the Federal Risk and Authorization Management Program (FedRAMP) to safeguard federal information technology assets. Even non-federal programs can use the NIST controls to evaluate their cybersecurity posture against industry best practices.

Cloud Computing Journal: How should companies get started in assessing their potential cybersecurity threats? How do they adjust as they monitor and manage threats?

Sussman: The first thing companies need to do is identify and categorize their data. Do they know what their vulnerabilities are? You'd be surprised at how many companies don't even know what they have. They should identify critical systems, critical data, understand what threats are out there and which of those apply to them. During that step, they should also look into third-party vendors that manage data for them and make sure their vendors are being held to the same risk standards they are implementing for themselves.

It is important to focus on the desired end-state and implement a graduated approach to priorities as to not disrupt or fail business activities. Once plans, defenses and incident response capabilities are put in place the organization can implement continuous monitoring activities to maintain ongoing awareness of information security, update vulnerabilities and threats, and improve control as measured through metrics

Cloud Computing Journal: How does the Internet of Things add to cybersecurity concerns?

Sussman: With the IoT, the physical world is becoming more defined in real-time, and there is a greater ability to immediately react to conditions.

A recent report from Cisco stated that 25 billion devices are expected to be connected by 2015 and 50 billion are slated to connect by 2020. In parallel, a study released by Hewlett Packard showed that 70 percent of IoT devices contain serious vulnerabilities. Clearly, we are becoming more dependent on technology while at the same time expanding our risk posture; this is not a safe situation.

Cloud Computing Journal: Are there particular industries that are most at risk for cybercrime, or is it fairly widespread throughout all industries and organizations?

Sussman: Within the past year we have seen major cyberattacks on dating sites, financial institutions, federal assets, airline networks, automobile operation, and corporate sensitive information. Clearly every industry, business, and digital personal belonging is affected by cybercrime. Of course, some targets are more desirable to thieves than others. The reasons are many-fold and start from lone hackers, and escalate to corporate espionage, criminal networks, and state sponsored cyber terrorists.

A robust cybersecurity program answers three questions:

  1. Do I know what I should be protecting?
  2. Am I making sufficient progress for all the money I'm spending?
  3. How do I compare to my peers?

Threats are always evolving and the days of "set it and forget it" malware and virus scanners are over if you want to keep your business information secure. Once a business becomes fully educated on their cyber risk profile and understands both the ongoing threats and their regulatory and compliance directives, they can begin to find new use cases and other relevant domains within their organization to optimize and repurpose their security investments.

Register FREE Before Friday! Here
Your registration includes:

Cloud Expo sessions
Big Data Expo sessions
@ThingsExpo sessions
DevOps sessions
Containers sessions
Microservices sessions

The World's Largest Cloud Computing Event, November 3-5 at the Santa Clara Convention Center!

Cloud computing budgets worldwide are reaching into the hundreds of billions of dollars, and no organization can survive long without some sort of cloud migration strategy. Each month brings new announcements, use cases, and success stories.

Cloud Expo offers the world's most comprehensive selection of technical and strategic Industry Keynotes, General Sessions, Breakout Sessions, and signature Power Panels. The exhibition floor features 100+ exhibitors offering specific solutions and comprehensive strategies.

The floor also features a Demo Theater that give delegates the opportunity to get even closer to the technology they want to see and the people who offer it.

Attend Cloud Expo. Create your own custom experience. Learn the latest from the world's best technologists. Talk to the vendors you are considering, and put them to the test.

Cloud Expo 2015 Silicon Valley
(November 3-5, 2015, Santa Clara Convention Center, CA)

Cloud Expo 2016 New York
(June 7-9, 2016, Javits Center, Manhattan)


Photo: Cloud Expo Silicon Valley, November 2014

Speaking Proposals Open
The 17th International Cloud Expo has announced that its Call for Papers is open. 17th International Cloud Expo, to be held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Containers and Microservices to one location.

With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal today!

Submit Your Call for Papers Here

Sponsorship Opportunities Open
17th International Cloud Expo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud Expo is the single show where delegates and technology vendors can meet to experience and discuss the entire world of the cloud. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "Cloud-Ready" as it can be! Sponsors of Cloud Expo will benefit from unmatched branding, profile building and lead generation opportunities through:

Sponsor Cloud Expo ▸ Here
Download Show Prospectus ▸ Here

For the Past Four Years @CloudExpo Has Been a Must-Attend Event for MetraTech/Ericsson
This week, the team assembled in NYC for @Cloud Expo 2015 and @ThingsExpo 2015. For the past four years, this has been a must-attend event for MetraTech. We were happy to once again join industry visionaries, colleagues, customers and even competitors to share and explore the ways in which the Internet of Things (IoT) will impact our industry. Over the course of the show, we discussed the types of challenges we will collectively need to solve to capitalize on the opportunity IoT presents. [continued]

Opening Keynote at 16th Cloud Expo | Sandy Carter, IBM General Manager Cloud Ecosystem
In her Opening Keynote at 16th Cloud Expo, Sandy Carter, IBM General Manager Cloud Ecosystem and Developers, and a Social Business Evangelist, discussed why this matters, how innovation will benefit, and how to foster an interest in tech.

Cisco Keynote: The Internet of Everything: Seizing the Opportunities
In her keynote at @ThingsExpo, Manjula Talreja, VP of Cisco Consulting Services, discussed IoE and the enormous opportunities it provides to public and private firms alike. She also shared what businesses must do to thrive in the IoE economy, citing examples from several industry sectors.

Microservices & IoT Power Panel
In this Power Panel at @DevOpsSummit, moderated by Jason Bloomberg, president of Intellyx, panelists Roberto Medrano, Executive Vice President at Akana; Lori MacVittie, Evangelist for F5 Networks; and Troy Topnik, ActiveState's Technical Product Manager; and Otis Gospodnetić, founder of Sematext; peeled away the buzz and discuss the important architectural principles behind implementing IoT solutions for the enterprise. As remote IoT devices and sensors become increasingly intelligent, they become part of our distributed cloud environment, and we must architect and code accordingly. At the very least, you'll have no problem filling in your buzzword bingo cards.

SYS-CON.tv Interviews By Conference Chair Roger Strukhoff
Roberto Medrano of Akana ▸ Video
Brendan O'Brien of Aria Systems Video
Otis Gospodnetic of Sematext ▸ Video
Dalibor Siroky of Plutora ▸ Video
Charles Kendrick of Isomorphic ▸ Video
Reuven Harrison of Tufin ▸ Video

Containers & Microservices Expo To Be Colocated with Cloud Expo Silicon Valley, November 3-5, 2015 at the Santa Clara Convention Center, CA
SYS-CON Events announced on June 9, 2015 at the Javits Center that the 2nd "Containers & Microservices Conference" will take place November 3-5, 2015, at the Santa Clara Convention Center, Santa Clara, CA, and the "Third Containers & Microservices Conference" will take place June 7-9, 2016, at Javits Center in New York City.

Containers and microservices have become topics of intense interest throughout the cloud developer and enterprise IT communities.

Microservices focuses on the business and technology of the software architecture design pattern, in which complex applications are composed of small, independent processes communicating with each other using language-agnostic APIs.

Containers are not being considered for the first time by the cloud community, but a current era of re-consideration has pushed them to the top of the cloud agenda.

Rather than just stuff an OS into a container, for example, developers and deployers should consider a spectrum of microservices and what they can do.

New York and Silicon Valley Sponsors and Exhibitors
During our last New York and Silicon Valley events, over 12,000 (audited) delegates registered and participated in the world's largest DevOps, Containers, and Microservices show, colocated with Cloud Expo. Our conference delegates met with over 150 of the world's leading technology pioneers that were among the sponsors and exhibitors, including:

Acision, Actifio, ActiveState, AgilePoint, AIC , Akana, AlertLogic, Ambernet, Amplidata, Apacer Memory America Inc., Appcore, AppDynamics, AppZero, Aria Systems, Arista Networks, Automic, Avere Systems, Axis Communications, B2CLOUD, Basic6, Bestwebdesignagencies.com, Bitium, Blue Box , BMC, BroadSoft, Brother , Bsquare, BUMI, CA, Inc., Calm.io, CenturyLink, Ciqada, CiRBA, Cisco, Cloudant, an IBM Company, Cloudian, CoalFire, CodeFutures, COLUMN Technologies, CommVault, connect2.me, Connected Data, CrashPlan/Code42, Creative Business Solutions , Cynny Italia S.r.l, Dasher, dcVAST, DEAC, Dell, DevOps.com, Distrix , DragonGlass, Dyn, Edgecast , ElasticBox, Emcien, Endstream Communications/Open Data Centers, EnterpriseDB, e-SignLive, by Silanis, Esri, Evident.io, FierceDevOps, FireHost, Genband, Gigamon, GoodData, Gridstore, Harbinger Group , IAPP, IBM, IDenticard Access Control, Imperva,


Cloud Expo Demo Theater (June 9-11, 2015, Javits Center) on the Expo Floor attracts more delegates than the entire conference of other events

IndependenceIT, Infor, InMage, Innodisk, Intelligent Systems, Isomorhpic , ITinvolve, iwNetworks, Ixia, iXsystems , Jelastic, Kintone, KOTRA , Liaison, Litmus Automation, MangoApps, Matrix.org, MediaTek Labs, MetraTech (now part of Ericsson), Microsoft, Navisite, Net Access , Nimble Storage, NuoDB, Inc., Objectivity, OMG, Open Data Centers, OpenCrowd, Optimal Design, Oracle, OutSystems, Parasoft, Peak10, Peer 1 Hosting, PluralSight, Plutora, ProfitBricks, PubNub, Quality Technology Services , Quantum, Qubell, RackWare , Rancher Labs, Red Hat, r-evolutionapp , RingStor, Robomq.io, SafeLogic, SAP, ScaleMP, Seagate, Secure Infrastructure & Services, Sematext , SendGrid , Serena Software, Sherweb, SimpleECM, Site 24x7, Smartvue Corporation, SOASTA, SoftLayer, an IBM Company, SoftwareAG, Soha, Solgenia, SPAN Systems, Spirent, StackIQ, Stateless Networks, Storpool, Stratogent, Stratoscale, Supermicro, SUSE, Tau Institute, Telecity, Telehouse, Telestax, The New York Times , The Vision Times, TierPoint, TMCnet, Transparent Cloud Computing Consortium, Tufin, Ulunsoft, Utimaco, VASCO Data Security, Veeam, Verizon Enterprise Solutions, Vicom Computer Services, VictorOps, Virtustream, VITRIA Technology, Vormetric, WHOA.com, Will Jaya, Windstream, WSM - Website Movers International, Zentera Systems, Zerto.


Cloud Expo New York (June 9-11, 2015) and Silicon Valley (November 3-5, 2015) "Bronze Sponsor" AlertLogic Booth at the Javits Center

About SYS-CON Media & Events
SYS-CON Media (www.sys-con.com) has since 1994 been connecting technology companies and customers through a comprehensive content stream - featuring over forty focused subject areas, from Cloud Computing to Web Security - interwoven with market-leading full-scale conferences produced by SYS-CON Events. The company's internationally recognized brands include among others Cloud Expo® (@CloudExpo), Big Data Expo® (@BigDataExpo), DevOps Summit (@DevOpsSummit), @ThingsExpo® (@ThingsExpo), Containers Expo (@ContainersExpo) and Microservices Expo (@MicroservicesE).

Cloud Expo®, Big Data Expo® and @ThingsExpo® are registered trademarks of Cloud Expo, Inc., a SYS-CON Events company.

More Stories By Elizabeth White

News Desk compiles and publishes breaking news stories, press releases and latest news articles as they happen.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


Latest Stories
Industry after industry is under siege as companies embrace digital transformation (DX) to disrupt existing business models and disintermediate their competitor’s customer relationships. But what do we mean by “Digital Transformation”? The coupling of granular, real-time data (e.g., smartphones, connected devices, smart appliances, wearables, mobile commerce, video surveillance) with modern technologies (e.g., cloud native apps, big data architectures, hyper-converged technologies, artificial in...
In his session at 21st Cloud Expo, Raju Shreewastava, founder of Big Data Trunk, provided a fun and simple way to introduce Machine Leaning to anyone and everyone. He solved a machine learning problem and demonstrated an easy way to be able to do machine learning without even coding. Raju Shreewastava is the founder of Big Data Trunk (www.BigDataTrunk.com), a Big Data Training and consulting firm with offices in the United States. He previously led the data warehouse/business intelligence and Bi...
Codete accelerates their clients growth through technological expertise and experience. Codite team works with organizations to meet the challenges that digitalization presents. Their clients include digital start-ups as well as established enterprises in the IT industry. To stay competitive in a highly innovative IT industry, strong R&D departments and bold spin-off initiatives is a must. Codete Data Science and Software Architects teams help corporate clients to stay up to date with the mod...
The Japan External Trade Organization (JETRO) is a non-profit organization that provides business support services to companies expanding to Japan. With the support of JETRO's dedicated staff, clients can incorporate their business; receive visa, immigration, and HR support; find dedicated office space; identify local government subsidies; get tailored market studies; and more.
Tapping into blockchain revolution early enough translates into a substantial business competitiveness advantage. Codete comprehensively develops custom, blockchain-based business solutions, founded on the most advanced cryptographic innovations, and striking a balance point between complexity of the technologies used in quickly-changing stack building, business impact, and cost-effectiveness. Codete researches and provides business consultancy in the field of single most thrilling innovative te...
CloudEXPO has been the M&A capital for Cloud companies for more than a decade with memorable acquisition news stories which came out of CloudEXPO expo floor. DevOpsSUMMIT New York faculty member Greg Bledsoe shared his views on IBM's Red Hat acquisition live from NASDAQ floor. Acquisition news was announced during CloudEXPO New York which took place November 12-13, 2019 in New York City.
With the introduction of IoT and Smart Living in every aspect of our lives, one question has become relevant: What are the security implications? To answer this, first we have to look and explore the security models of the technologies that IoT is founded upon. In his session at @ThingsExpo, Nevi Kaja, a Research Engineer at Ford Motor Company, discussed some of the security challenges of the IoT infrastructure and related how these aspects impact Smart Living. The material was delivered interac...
Atmosera delivers modern cloud services that maximize the advantages of cloud-based infrastructures. Offering private, hybrid, and public cloud solutions, Atmosera works closely with customers to engineer, deploy, and operate cloud architectures with advanced services that deliver strategic business outcomes. Atmosera's expertise simplifies the process of cloud transformation and our 20+ years of experience managing complex IT environments provides our customers with the confidence and trust tha...
In his session at 23rd International CloudEXPO, Raju Shreewastava, founder of Big Data Trunk, will provide a fun and simple way to introduce Machine Leaning to anyone and everyone. Together we will solve a machine learning problem and find an easy way to be able to do machine learning without even coding. Raju Shreewastava is the founder of Big Data Trunk (www.BigDataTrunk.com), a Big Data Training and consulting firm with offices in the United States. He previously led the data warehouse/busine...
CloudEXPO has been the M&A capital for Cloud companies for more than a decade with memorable acquisition news stories which came out of CloudEXPO expo floor. DevOpsSUMMIT New York faculty member Greg Bledsoe shared his views on IBM's Red Hat acquisition live from NASDAQ floor. Acquisition news was announced during CloudEXPO New York which took place November 12-13, 2019 in New York City. Our Silicon Valley 2019 schedule will showcase 200 keynotes, sessions, general sessions, power panels, and...
ShieldX's CEO and Founder, Ratinder Ahuja, believes that traditional security solutions are not designed to be effective in the cloud. The role of Data Loss Prevention must evolve in order to combat the challenges of changing infrastructure associated with modernized cloud environments. Ratinder will call out the notion that security processes and controls must be equally dynamic and able to adapt for the cloud. Utilizing four key factors of automation, enterprises can remediate issues and impro...
Intel is an American multinational corporation and technology company headquartered in Santa Clara, California, in the Silicon Valley. It is the world's second largest and second highest valued semiconductor chip maker based on revenue after being overtaken by Samsung, and is the inventor of the x86 series of microprocessors, the processors found in most personal computers (PCs). Intel supplies processors for computer system manufacturers such as Apple, Lenovo, HP, and Dell. Intel also manufactu...
When you're operating multiple services in production, building out forensics tools such as monitoring and observability becomes essential. Unfortunately, it is a real challenge balancing priorities between building new features and tools to help pinpoint root causes. Linkerd provides many of the tools you need to tame the chaos of operating microservices in a cloud native world. Because Linkerd is a transparent proxy that runs alongside your application, there are no code changes required. I...
BMC has unmatched experience in IT management, supporting 92 of the Forbes Global 100, and earning recognition as an ITSM Gartner Magic Quadrant Leader for five years running. Our solutions offer speed, agility, and efficiency to tackle business challenges in the areas of service management, automation, operations, and the mainframe.
The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long development cycles that produce software that is obsolete at launch. DevOps may be disruptive, but it is essential. DevOpsSUMMIT at CloudEXPO expands the DevOps community, enable a wide sharing of knowledge, and educate delegates and technology providers alike.