Greer - Practical Cloud Security

Practical Cloud Security

A Cross-Industry View

Practical Cloud Security

A Cross-Industry View

Melvin B. Greer, Jr.

National Cybersecurity Institute,
Washington, District of Columbia, USA

Kevin L. Jackson

CloudGov Network, LLC, Washington,
District of Columbia, USA

CRC Press

Taylor & Francis Group

6000 Broken Sound Parkway NW, Suite 300

Boca Raton, FL 33487-2742

2017 by Taylor & Francis Group, LLC

CRC Press is an imprint of Taylor & Francis Group, an Informa business

No claim to original U.S. Government works

Printed on acid-free paper

Version Date: 20160325

International Standard Book Number-13: 978-1-4987-2943-7 (Hardback)

This book contains information obtained from authentic and highly regarded sources. Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint.

Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers.

For permission to photocopy or use material electronically from this work, please access www.copyright.com (http://www.copyright.com/) or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400. CCC is a not-for-profit organization that provides licenses and registration for a variety of users. For organizations that have been granted a photocopy license by the CCC, a separate system of payment has been arranged.

Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation without intent to infringe.

Library of Congress Cataloging-in-Publication Data

Names: Greer, Melvin B., Jr., author. | Jackson, Kevin L., author.

Title: Practical cloud security : a cross-industry view / Melvin B. Greer, Jr., and Kevin L. Jackson.

Description: Boca Raton : CRC Press, 2016.

Identifiers: LCCN 2016003428 | ISBN 9781498729437 (hardcover : acid-free paper)

Subjects: LCSH: Cloud computing--Security measures. | Cloud computing--Industrial applications.

Classification: LCC QA76.585 .G84 2016 | DDC 004.67/82--dc23

LC record available at http://lccn.loc.gov/2016003428

Visit the Taylor & Francis Web site at
http://www.taylorandfrancis.com

and the CRC Press Web site at
http://www.crcpress.com

Contents

T HERE IS, BY NOW, no doubt that we are living in the digital era. Globally renowned thought-leader Don Tapscott refers to it as the Age of Networked Intelligence. Leading venture capitalist Marc Andreessen claims that Software Is Eating the World. Yet another leading VC, Mary Meeker, describes how industry after industry is being reimagined. This reimagination means that enormous wealth is being created by companies that are in some cases barely out of their teens, or not even that old: Google, Amazon, Facebook, Snapchat, Tesla, and Uber. Other companies and industries are being reimagined into oblivion, or at least forced reinvention: Blockbuster, Borders Books, Encyclopedia Britannicas print edition, newspapers, CDs, taxis, DVDs, landline telephony, cable TV services.

The enablers of this transformation include voracious consumers; an entrepreneurial culture; unprecedented access to capital thanks to low or nonexistent interest rates, venture capital, and angel investors who cashed out in the last wave of market expansion; and a rise in global flows of goods, services, capital, and information; together with global prosperity as measured by metrics such as standard of living. Another key enabler, which some might argue is the most key, is a constellation of technologies: the Internet; mobile and wireline broadband networking; big data and analytics; and smart, digital, connected things ranging from jet engines to smart pills to autonomous vehicles.

At the nexus of all of these technologies and trends lies Cloud Computing. Simply put, Cloud Computing enables consumers, small businesses, corporations, and governments to easily access computing resources with little or no upfront investment or commitment. It thus mirrors the ease of accessing a hotel room, compared with the perseverance and pain of saving for years or decades to buy a home. Stated in this way, the value of Cloud Computing would appear to be simplesay, a straightforward financial equationbut its not.

In my most recent book, Digital Disciplines, I delineate four generic strategies that companies can use to exploit the power of software, the cloud, and related digital technologies. One approach is to complement physical operational excellence in processes and resource use with information excellence by, for example, optimizing physical operations with advanced algorithms or seamlessly fusing the online and offline worlds. The second is to move beyond product or service leadership to leadership in smart, digital, connected products and services, thus enabling extensibility, new business models, and a focus on customer experiences and outcomes. A third is to transcend or complement face-to-face human-mediated relationships with virtual, algorithmically mediated ones through collective intimacy by leveraging social networks but also recommendation engines and other predictive analytics. The fourth, overarching strategy is to accelerate innovation through cloud-centric approaches such as idea markets, innovation networks, crowdsourcing, and online contests and challenges.

Practically any entrepreneur with an idea and an Internet connection can execute these strategies and rapidly prototype anything and everything required to run a virtual business. Todays technologies and on-demand information services mean that capitalism no longer requires capital, or people, for that matter. In the industrial age, infrastructure for service delivery such as railroads or manufacturing operations such as factories required massive amounts of capital for things such as locomotives, basic oxygen furnaces, and assembly lines. Today, all you need is a little luck, an idea, a laptop, and a credit card for the means of production, and an app store or the web for the means of distribution.

Companies can produce a billion dollars in annual revenue with a handful of employees. This, in turn, means that larger, more established companies must pay attention to these trends and enablers, whether they want to or not. Weight Watchers has tens of thousands of employees, but competes with MyFitnessPal, a diet/nutrition/exercise app company with 50 employees. It was acquired by Under Armour for almost half a billion (US) dollars after just 10 years of operation. Global telcos have hundreds of millions of employees, but their highly profitable SMS and related messaging services compete with WhatsApp, another company with about 50 employees and almost a billion users. WhatsApp was acquired by Facebook for US$19 billion barely 5 years after its founding. The lesson is clear: A company cant just cast a watchful eye at long-time competitors in its industry, but must be wary of competitors from other industries and upstart start-ups.