Welcome!

SDN Journal Authors: Elizabeth White, Yeshim Deniz, Liz McMillan, Pat Romanski, TJ Randall

Related Topics: @CloudExpo, Cloud Security, SDN Journal

@CloudExpo: Blog Post

How Access Management Protects Today’s No-Perimeter Network | #SDN #Cloud #Security

The rule of thumb for network security today is that there is no perimeter anymore

How Access Management Protects Today's No-Perimeter Network

The rule of thumb for network security today is that there is no perimeter anymore. An outsider can easily become an insider once perimeter security is breached. Every day, attackers find new ways to breach enterprise perimeter security through ransomware, malware or phishing through social engineering.

This is not to suggest that all is lost. Rather, organizations can defeat cybercriminals, in part, by better managing what has already been put in place. As an example of what can go wrong if that doesn't happen, consider the following story.

On the way in to his office one day, Chris, the CSO of Big Deal Company, runs into Kate from cryptography, who comments that their IT admin, Tim, has been hard at work since about 5:00 a.m. This seems odd, since Tim is not known to be a morning person. Kate says Tim requested access to the company's latest build system, where they keep the code to a top-secret product that is about to launch. He also requested access to HR records and the customer payment information systems for maintenance purposes. His access credentials and keys were older, she says, but they still checked out, so she let him continue.

In the hallway, Chris meets up with Don, who works in Data Loss Prevention. He tells Chris that he's surprised how hard Tim has been working this morning, transferring gigabytes of data around the network. Don figures there must be a major update in the works, and Chris agrees that's why Tim must have come in so early. Chris is impressed with Tim's initiative to work off-hours, and he asks what kind of data Tim has been transferring.

Don tells him that there's just no way to know. After all, everything is encrypted for security reasons, so Data Loss Prevention can't see what kind of data is moved in and out of the system. However, he tells Chris that Kate from cryptography said his credentials checked out, so not to worry. Tim is a trustworthy employee.

It all seems to make sense, but Chris feels a vague sense of unease. So, he stops by Jack's office. Jack is in charge of Privileged Access Management, and Chris asks if he's interacted with Tim today. Jack says that, in fact, Tim worked around him by using an SSH Key pair. Chris comments that this seems like a breach of protocol, but Jack assures him that this type of thing happens all the time. Jack mumbles something about how he's never bothered to check for new SSH keys after vaulting all the SSH keys on his first day of work. He supposes he could continuously discover SSH keys, but that seems like a lot of work...

This does nothing to assuage the unease. Chris arrives at his office, where he starts his computer. His login fails; he realizes he's forgotten his password again. As if on cue, his phone rings. It's Tim, who is sniffling and coughing. He apologizes for calling so late in the work day, but-

Chris tells him he's not late; he's called just in time to provide password help. Tim tells him he can help but recommends that, going forward, he use the same password for everything; that way, he'll never forget it. In fact, Tim has written his password on his computer screen at work so anyone can use his account to reset forgotten passwords when he is not in the office.

"Not in the office?" Chris's heart begins to race. Tim says no, he'll be out sick today. "If you're not here, then who is accessing all of our critical systems and moving massive amounts of encrypted data out of the network?"

Now it's Tim's heart that is racing. He is stunned that someone could have stolen the backdoor SSH key that bypasses PAM, which he keeps on his work computer - right next to his password.

What Chris Should Have Known
The saddest part about this story is that it didn't have to happen - and yet it has, in organizations across all industries and geographies. The reality is that a determined attacker can and will get in, but the other reality is that the security mechanisms you have in place to mitigate the damage will make the most difference.

Organizations can better defend their networks by keeping these points in mind:

  • Criminals can breach the network in many ways, but the best way to spread the attack is through the theft of credentials like SSH keys.
  • Once a malicious actor has gained access to your network, an attacker can impersonate your employees and hide their activity with encryption. All internal and external traffic needs to be decrypted and inspected because encrypted traffic renders DLP and firewalls useless.
  • It is critical to continuously monitor network environments for new SSH key deployments. Not doing so can render any PAM system useless.
  • The most effective way to prevent credential theft is to use short-lived credentials, eliminating the need for passwords or burdensome and intrusive PAM systems.

Tim is not the bad guy in this story - or at least, not the only bad guy. The organization that normalizes Tim's slack and unsafe behavior is bound to run into trouble. But it doesn't have to be this way. Use the points above to make sure your organization is managing privileged access consistently and securely. That way, outsiders will have a much harder time wreaking havoc once they get into your network.

CloudExpo | DXWorldEXPO have announced the conference tracks for Cloud Expo 2018, introducing DXWorldEXPO.

DXWordEXPO, colocated with Cloud Expo will be held June 5-7, 2018, at the Javits Center in New York City, and November 6-8, 2018, at the Santa Clara Convention Center, Santa Clara, CA.

Digital Transformation (DX) is a major focus with the introduction of DXWorld Expo within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term.

A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throughout enterprises of all sizes.

Cloud Expo | DXWorldEXPO 2018 New York
(June 5-7, 2018, Javits Center, Manhattan)

Cloud Expo | DXWorldEXPO 2018 Silicon Valley
(November 6-8, 2018, Santa Clara Convention Center, CA)

Full Conference Registration "Gold Pass" and Exhibit HallHere (Register ▸ Here via EventBrite)

DX World EXPO, LLC., a Lighthouse Point, Florida-based startup trade show producer and the creator of DXWorldEXPO® - Digital Transformation Conference & Expo has announced its conference agenda, with three major themes:

* Technology - The Revolution Continues
* Economy - The 21st Century Emerges
* Society - The Big Issues

"DX encompasses the continuing technology revolution, and is addressing society's most important issues throughout the entire $78 trillion 21st-century global economy," said Roger Strukhoff, Conference Chair. "DXWorldExpo has organized these issues along 10 tracks with more than 500 of the world's top speakers coming to Istanbul to help change the world."

There are 10 tracks running throughout the event and following the major themes. More than 500 breakout sessions will be featured, along with keynotes and general sessions from some of the world's top technology, business, and societal leaders. The event will be held over five days in Istanbul, reflecting the global nature of Digital Transformation and the city's long and historic role as a key business and intellectual center and linchpin between East and West.

Full Conference Registration "Gold Pass" and Exhibit HallHere (Register ▸ Here via EventBrite)

DX World Expo's Global Themes and Tracks are as follows:

Technology - The Revolution Continues

DX Tech: Data-Driven Global 2000
DX Tech: The Blockchain Challenge
DX Tech: AI and Cognitive
DX Tech: The Global Cloud

Economy - The 21st Century Emerges

DX Econ: Software is Rewriting the World
DX Econ: Smart Cities, Nations, and Regions
DX Econ: FinTech and the Token Economy
DX Econ: The Industrial Internet and Industrie 4.0

Society - The Big Issues

DX Society: Environment
DX Society: Education
DX Society: Agriculture
DX Society: Health Care

Call for Papers -speaking opportunities- as well as sponsorship and exhibit opportunities will open on November 1, 2017.

World's Most Important Tech Event
DXWorldEXPO® will be the world's most important tech event with 1,000 exhibitors in its first year and 2,000 exhibitors in its second year, as it guides Global 2000 companies through their Digital Transformation journey for the next two decades. The global event is set to launch September 17-20, 2018 in Istanbul. It will be sponsored by Fortune 50 companies, and more than 30 international banks will be among sponsors of its FinTech/InsurTech track.

Gaining a better understanding of customers and acting upon this information is the foundation of Digital Transformation (DX) in the enterprise. Applying the latest technologies in this area is the key to driving new topline revenue opportunities.

Global 2000 companies have more than US$40 trillion in annual revenue - more than 50% of the world's entire GDP. The Global 2000 spends a total of US$2.4 trillion annually on enterprise IT. The average Global 2000 company has US$11 billion in annual revenue. The average Global 2000 company spends more than $600 million annually on enterprise IT.

Governments throughout the world spend another US$500 billion on IT - much of it dedicated to new Smart City initiatives. There are more than a dozen Global 2000 companies in Turkey, including Isbank, Garanti Bank, other financial institutions, Turk Telecom, Turkcell, Turkish Airlines, and ENKA.

Cloud Expo | DXWorldEXPO 2018 New York
(June 5-7, 2018, Javits Center, Manhattan)

Cloud Expo | DXWorldEXPO 2018 Silicon Valley
(November 6-8, 2018, Santa Clara Convention Center, CA)

Full Conference Registration "Gold Pass" and Exhibit HallHere (Register ▸ Here via EventBrite)

More Management Quotes
"For the past 10 years at Cloud Expo, we've helped drive the migration to modern enterprise IT infrastructures, built upon the foundation of cloud computing. Today's hybrid, multiple cloud IT infrastructures integrate Big Data, analytics, blockchain, the IoT, mobile devices, and the latest in cryptography and enterprise-grade security," said Fuat Kircaali, Chairman and founder of DX World Expo, LLC.

"As a report from the World Economic Forum and Accenture recently stated, 'Companies need to fundamentally change the way they identify, develop and launch new business ventures.' We agree," said Carmen Gonzalez, president of DX World Expo, LLC.

"Digital Transformation is the key issue driving the global enterprise IT business," said Roger Strukhoff, Conference Chair and Executive Director of the Tau Institute for Global ICT Studies. "DX is most prominent among Global 2000 enterprises and government institutions. Our new event in Istanbul brings together the top companies and delegates from around the world, who are transforming the world."

2018 Conference Agenda and Tracks, June 5-7, Javits Center

Track 1 | Cloud Expo - Enterprise Cloud
Track 2 | DXWorld Expo - Digital Transformation (DX)
Track 3 | The API Enterprise | Mobility & Security
Track 4 | DevOps | Containers & Microservices
Track 5 | Cognitive Computing | AI, ML, DL
Track 6 | Big Data | Analytics
Track 7 | IoT | IIoT | Smart Cities
Track 8 | Hot Topics | FinTech | WebRTC

Cloud Expo covers all of these tools, with the most comprehensive program and more than 120 top world-class speakers throughout our Industry presenting Keynotes, General Sessions, Breakout Sessions along eight focused tracks, as well as our signature Power Panels. Our expo floor brings together the world's leading companies throughout the world of Cloud Computing, DX, and all they entail.

As your enterprise creates a vision and strategy that enables you to create your own unique, long-term success, learning about all the technologies involved is essential. Companies today not only form multi-cloud and hybrid cloud architectures, but create them with built-in cognitive capabilities. Cloud-native thinking is now the norm in financial services, manufacturing, telco, healthcare, transportation, energy, media, entertainment, retail and other consumer industries, as well as the public sector.

Cloud Expo is the world's most important, independent event where technology buyers and vendors meet to experience and discuss the big picture of Digital Tranformation and all of the strategies, tactics, and tools they need to realize their goals.

Full Conference Registration "Gold Pass" and Exhibit HallHere (Register ▸ Here via EventBrite)

Only Cloud Expo brings together all this in a single location:

  • Cloud Computing
  • Big Data & Analytics
  • Software-Defined Infrastructure
  • Industrial IoT
  • Industry 4.0
  • Artificial Intelligence
  • Cognitive Computing
  • Microservices
  • Machine Learning
  • DevOps
  • WebRTC
  • FinTech
  • Digital Transformation

Attend Cloud Expo. Build your own custom experience. Learn about the world's latest technologies and chart your course to Digital Transformation.

21st International Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world.

Download Show Prospectus ▸ Here

Full Conference Registration "Gold Pass" and Exhibit HallHere (Register ▸ Here via EventBrite)

Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Meanwhile, 94% of enterprises are using some form of XaaS - software, platform, and infrastructure as a service.

With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend 21st Cloud Expo, October 31 - November 2, 2017, at the Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.

2018 Conference Agenda and Tracks, June 5-7, Javits Center

Track 1 | Cloud Expo - Enterprise Cloud
Track 2 | DXWorld Expo - Digital Transformation (DX)
Track 3 | The API Enterprise | Mobility & Security
Track 4 | DevOps | Containers & Microservices
Track 5 | Cognitive Computing | AI, ML, DL
Track 6 | Big Data | Analytics
Track 7 | IoT | IIoT | Smart Cities
Track 8 | Hot Topics | FinTech | WebRTC

Cloud Expo | DXWorldEXPO 2018 New York
(June 5-7, 2018, Javits Center, Manhattan)

Cloud Expo | DXWorldEXPO 2018 Silicon Valley
(November 6-8, 2018, Santa Clara Convention Center, CA)

Full Conference Registration "Gold Pass" and Exhibit HallHere (Register ▸ Here via EventBrite)

Download Show ProspectusHere

Every Global 2000 enterprise in the world is now integrating cloud computing in some form into its IT development and operations. Midsize and small businesses are also migrating to the cloud in increasing numbers.

Companies are each developing their unique mix of cloud technologies and services, forming multi-cloud and hybrid cloud architectures and deployments across all major industries. Cloud-driven thinking has become the norm in financial services, manufacturing, telco, healthcare, transportation, energy, media, entertainment, retail and other consumer industries, and the public sector.

Cloud Expo is the single show where technology buyers and vendors can meet to experience and discus cloud computing and all that it entails. Sponsors of Cloud Expo will benefit from unmatched branding, profile building and lead generation opportunities through:

  • Featured on-site presentation and ongoing on-demand webcast exposure to a captive audience of industry decision-makers.
  • Showcase exhibition during our new extended dedicated expo hours
  • Breakout Session Priority scheduling for Sponsors that have been guaranteed a 35-minute technical session
  • Online advertising in SYS-CON's i-Technology Publications
  • Capitalize on our Comprehensive Marketing efforts leading up to the show with print mailings, e-newsletters and extensive online media coverage.
  • Unprecedented PR Coverage: Editorial Coverage on Cloud Computing Journal.
  • Tweetup to over 75,000 plus followers
  • Press releases sent on major wire services to over 500 industry analysts.

For more information on sponsorship, exhibit, and keynote opportunities, contact Carmen Gonzalez by email at events (at) sys-con.com, or by phone 201 802-3021.

The World's Largest "Cloud Digital Transformation" Event

@CloudExpo | @ThingsExpo 2017 Silicon Valley
(Oct. 31 - Nov. 2, 2017, Santa Clara Convention Center, CA)

@CloudExpo | @ThingsExpo 2018 New York
(June 12-14, 2018, Javits Center, Manhattan)

Full Conference Registration "Gold Pass" and Exhibit HallHere (Register ▸ Here via EventBrite)

Sponsorship Opportunities

Sponsors of Cloud Expo | @ThingsExpo will benefit from unmatched branding, profile building and lead generation opportunities through:

  • Featured on-site presentation and ongoing on-demand webcast exposure to a captive audience of industry decision-makers
  • Showcase exhibition during our new extended dedicated expo hours
  • Breakout Session Priority scheduling for Sponsors that have been guaranteed a 35 minute technical session
  • Online targeted advertising in SYS-CON's i-Technology Publications
  • Capitalize on our Comprehensive Marketing efforts leading up to the show with print mailings, e-newsletters and extensive online media coverage
  • Unprecedented Marketing Coverage: Editorial Coverage on ITweetup to over 100,000 plus followers, press releases sent on major wire services to over 500 industry analysts

For more information on sponsorship, exhibit, and keynote opportunities, contact Carmen Gonzalez (@GonzalezCarmen) today by email at events (at) sys-con.com, or by phone 201 802-3021.

Secrets of Sponsors and ExhibitorsHere
Secrets of Cloud Expo SpeakersHere

All major researchers estimate there will be tens of billions devices - computers, smartphones, tablets, and sensors - connected to the Internet by 2020. This number will continue to grow at a rapid pace for the next several decades.

With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend @CloudExpo | @ThingsExpo, October 31 - November 2, 2017, at the Santa Clara Convention Center, CA, and June 12-4, 2018, at the Javits Center in New York City, NY, and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.

Delegates to Cloud Expo | @ThingsExpo will be able to attend 8 simultaneous, information-packed education tracks.

There are over 120 breakout sessions in all, with Keynotes, General Sessions, and Power Panels adding to three days of incredibly rich presentations and content.

Join Cloud Expo | @ThingsExpo conference chair Roger Strukhoff (@IoT2040), October 31 - November 2, 2017, Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, for three days of intense Enterprise Cloud and 'Digital Transformation' discussion and focus, including Big Data's indispensable role in IoT, Smart Grids and (IIoT) Industrial Internet of Things, Wearables and Consumer IoT, as well as (new) Digital Transformation in Vertical Markets.

Full Conference Registration "Gold Pass" and Exhibit HallHere (Register ▸ Here via EventBrite)

Financial Technology - or FinTech - Is Now Part of the @CloudExpo Program!

Accordingly, attendees at the upcoming 21st Cloud Expo | @ThingsExpo October 31 - November 2, 2017, Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, will find fresh new content in a new track called FinTech, which will incorporate machine learning, artificial intelligence, deep learning, and blockchain into one track.

Financial enterprises in New York City, London, Singapore, and other world financial capitals are embracing a new generation of smart, automated FinTech that eliminates many cumbersome, slow, and expensive intermediate processes from their businesses.

FinTech brings efficiency as well as the ability to deliver new services and a much improved customer experience throughout the global financial services industry. FinTech is a natural fit with cloud computing, as new services are quickly developed, deployed, and scaled on public, private, and hybrid clouds.

More than US$20 billion in venture capital is being invested in FinTech this year. @CloudExpo is pleased to bring you the latest FinTech developments as an integral part of our program, starting at the 21st International Cloud Expo October 31 - November 2, 2017 in Silicon Valley, and June 12-14, 2018, in New York City.

@CloudExpo is accepting submissions for this new track, so please visit www.CloudComputingExpo.com for the latest information.

Speaking Opportunities

The upcoming 21st International @CloudExpo | @ThingsExpo, October 31 - November 2, 2017, Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY announces that its Call For Papers for speaking opportunities is open.

Submit your speaking proposal today! ▸ Here

About @CloudEXPO and @DXWorldEXPO
SYS-CON Media (www.sys-con.com) has since 1994 been connecting technology companies and customers through a comprehensive content stream - featuring over forty focused subject areas, from Cloud Computing to Web Security - interwoven with market-leading full-scale conferences. The company's internationally recognized brands include among others Cloud Expo® (@CloudExpo), Big Data Expo® (@BigDataExpo), DevOps Summit (@DevOpsSummit), @ThingsExpo® (@ThingsExpo), and DXWorldEXPO® (@ExpoDX).

@CloudExpo® and @ThingsExpo® are registered trademarks of CLOUD EXPO INC.

DXWorldEXPO® is a registered trademark of DX WORLD EXPO LLC.

More Stories By John Walsh

John Walsh serves as director of product marketing at SSH Communications Security, where he is focused on raising industry awareness of risk and compliance issues of unmanaged credentials. He has more than 15 years of experience in the IT security industry, having held product management, product marketing and software engineering positions at IBM and SSH Communications Security. Prior to joining the company, he worked at IBM, where he obtained a patent, contributed to solutions guides and designed a number of key software features for security products such as SSH, LDAP, Firewall and Java Cryptography. John holds a BS in Computer Science from Binghamton University as well as an MS in Management Information Systems from Marist College.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


CloudEXPO Stories
Headquartered in Plainsboro, NJ, Synametrics Technologies has provided IT professionals and computer systems developers since 1997. Based on the success of their initial product offerings (WinSQL and DeltaCopy), the company continues to create and hone innovative products that help its customers get more from their computer applications, databases and infrastructure. To date, over one million users around the world have chosen Synametrics solutions to help power their accelerated business or personal computing needs.
All in Mobile is a place where we continually maximize their impact by fostering understanding, empathy, insights, creativity and joy. They believe that a truly useful and desirable mobile app doesn't need the brightest idea or the most advanced technology. A great product begins with understanding people. It's easy to think that customers will love your app, but can you justify it? They make sure your final app is something that users truly want and need. The only way to do this is by researching target group and involving users in the designing process.
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to advisory roles at startups. He has worked extensively on monetization, SAAS, IoT, ecosystems, partnerships and accelerating growth in new business initiatives.
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence. Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more business becomes digital the more stakeholders are interested in this data including how it relates to business. Some of these people have never used a monitoring tool before. They have a question on their mind like "How is my application doing" but no idea how to get a proper answer.
DXWorldEXPO LLC announced today that Big Data Federation to Exhibit at the 22nd International CloudEXPO, colocated with DevOpsSUMMIT and DXWorldEXPO, November 12-13, 2018 in New York City. Big Data Federation, Inc. develops and applies artificial intelligence to predict financial and economic events that matter. The company uncovers patterns and precise drivers of performance and outcomes with the aid of machine-learning algorithms, big data, and fundamental analysis. Their products are deployed by some of the world's largest financial institutions. The company develops and applies innovative machine-learning technologies to big data to predict financial, economic, and world events. The team is a group of passionate technologists, mathematicians, data scientists and programmers in Silicon Valley with over 100 patents to their names. Big Data Federation was incorporated in 2015 and is ...