Home
Schedule
Conference Info
Sponsorship Information
IBM Watson AI Day
Registration
Press Registration
Speakers
Sessions
Sponsors
Exhibitors
JETRO × Six Prefectures of Japan Pavilion Exhibitors
Media Sponsors
  Topics
  Call For Papers
  Hotel Info
  Past Events
Untitled Document
2017 West
Premium Sponsors
Diamond



Platinum
@DevOpsSummit

Bronze










Untitled Document
2017 West
Keynote Sponsor


Untitled Document
2017 West Exhibitors
























@ThingsExpo











Untitled Document
2017 West JETRO ×
Six Prefectures
of Japan
Pavilion Exhibitors



















Untitled Document
2017 West Media Sponsors














Untitled Document
2017 East
Premium Sponsors
Diamond



Platinum
@DevOpsSummit

@DevOpsSummit

Silver
@DevOpsSummit


Bronze










Untitled Document
2017 East Exhibitors
@DevOpsSummit




































Untitled Document
2017 East Media Sponsors
















Untitled Document
2016 West
Premium Sponsors
Platinum Plus



Silver
@ThingsExpo

Bronze







Untitled Document
2016 Welcome Reception Sponsor

Untitled Document
2016 West Exhibitors










@DevOps Summit






@DevOps Summit

@WebRTC Summit












@WebRTC Summit









@DevOps Summit

Untitled Document
2016 West Media Sponsors











Untitled Document
2016 East Gold Sponsors

@ThingsExpo

Untitled Document
2016 East Silver Sponsors


@DevOps Summit

Untitled Document
2016 East Bronze Sponsors

Cloud Expo







Cloud Expo

Untitled Document
2016 East Vendor Presentation Sponsors

@DevOps Summit

Untitled Document
2016 East Exhibitors

@DevOps Summit





@ThingsExpo



@DevOps Summit

@ThingsExpo


@DevOps Summit









@DevOps Summit







@DevOps Summit










Untitled Document
2016 East Media Sponsors










Untitled Document
2015 West Gold Sponsor

Untitled Document
2015 West Silver Sponsor


Untitled Document
2015 West Bronze Sponsors

Cloud Expo |@ThingsExpo

Cloud Expo | DevOps Summit


@ThingsExpo





@DevOps Summit

@ThingsExpo


@ThingsExpo

Untitled Document
2015 West Exhibitors












@DevOps Summit





@DevOps Summit












@DevOps Summit

@DevOps Summit




@ThingsExpo


@DevOps Summit


Untitled Document
2015 West Session Sponsor

Untitled Document
2015 West E-Bulletin Sponsor

DevOps Summit

Untitled Document
2015 West
Association Sponsors

Untitled Document
2015 West
Media Sponsor

Untitled Document
2015 East Gold Sponsor


WebRTC Summit

DevOps Summit

Untitled Document
2015 East Silver Sponsor

DevOps Summit

WebRTC Summit


Untitled Document
2015 East Bronze Sponsor

DevOps Summit

Cloud Expo | DevOps Summit
@ThingsExpo

DevOps Summit

DevOps Summit

Untitled Document
2015 East Delegate Bag Sponsor


Untitled Document
2015 East Exhibitors


DevOps Summit


@ThingsExpo



DevOps Summit







Cloud Expo | @ThingsExpo

@ThingsExpo
@ThingsExpo
DevOps Summit

DevOps Summit
@ThingsExpo
DevOps Summit
DevOps Summit
DevOps Summit
DevOps Summit
DevOps Summit



@ThingsExpo

Untitled Document
2015 East
Media Sponsor

How to Develop an Effective Security Strategy to Play in the Public Cloud
Develop an effective security strategy with the right blend of technology and processes

Look all around and you can easily see that there is no shortage of press regarding the promises of cloud computing. Cloud evangelists have touted cloud computing as the next big thing, a game changer - a disruptive technology that will spark innovation and revolutionize the way businesses acquire and deliver IT services. The staggering volume of these sales pitches is to be expected, considering that cloud computing is at or near the peak of its hype cycle, but as with any new technology or model, reality will eventually set in and the public relations blitz will fade. As people continue to define cloud computing and debate its pros and cons, one thing is certain - one of the biggest obstacles to widespread cloud computing adoption will be security.

This article will deal with the security approach for the public cloud as opposed to a private, hybrid, or community cloud. The public cloud, as defined by the National Institute of Standards and Technology (NIST), is cloud infrastructure that is made available to the general public or a large industry group and is owned by an organization selling cloud services. An example of a public cloud implementation would be an application that is hosted in Amazon EC2. Anyone with a simple credit card would be able to deploy a software application in this type of environment.

Cloud Computing Styles
There are three major styles of cloud computing: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). IaaS is delivery of the computing infrastructure as a fully outsourced service versus an in-house, capital investment-sourced model. The consumer rents processing, storage, networking components, etc. With PaaS, consumers are given everything they need to develop, test, and deploy applications to the cloud. Finally, SaaS provides the consumer with the capability to use a cloud provider's applications running on a cloud infrastructure. The software application is accessed through a thin client interface such as a standard web browser. While many of the recommendations presented are applicable across all three cloud styles, the security approach described in this article is most applicable to IaaS.

Benefits of the Cloud
Before we dive into the security approach for the public cloud, let's briefly examine the potential benefits. Once you cut through all the hype, a closer look at the benefits of moving to the cloud reveals a strong business case. The cloud offers a pay-as-you-go model that is highly reliable and scalable, and gives you tremendous flexibility and agility to boot. The McKinsey study, "Clearing the Air on Cloud Computing," states that the average server utilization in a data center is 10 percent. Anyone who has ever run a data center knows how enormously difficult it is to achieve high reliability, efficiency, and scalability.

In the cloud, enterprises can greatly reduce their capital costs and no longer have to worry about allocating time and resources to maintaining infrastructure, and patching servers and software. As a result, IT personnel can work more efficiently which in turn, can breed more innovation and help enterprises enter new markets. In the cloud, applications are accessible anywhere and at any time so employees now have more mobility. The cloud provides nearly infinite computing power and storage to enterprises and users at a mere fraction of what it would cost to actually purchase and maintain these resources. This is a huge advantage for technology startups that have limited capital. The case for moving to the cloud becomes even stronger when you consider how the troubled economy is putting pressure on businesses to cut costs.

Although surveys differ on what percentage of companies will adopt cloud computing in the next 12-24 months, enterprises are already taking cloud computing seriously. In fact, according to a recent Forrester study, one out of four large companies plans to use a cloud provider soon, or has already employed one. Furthermore, Intel predicts that by 2012, an estimated 20 to 25 percent of its server chips will be dedicated toward cloud computing data centers.

Cloud Computing in the Private and Public Sectors
Anyone who has ever logged onto Facebook, Twitter, or Gmail or purchased an item from Amazon.com has either knowingly or unknowingly used a cloud-based application. There are numerous other examples of cloud computing implementations in the private sector, but it is also important to note that the public sector does not trail far behind.

Vivek Kundra, the federal CIO, is a big supporter of cloud computing. Under Kundra's leadership, the federal government has moved quickly on major cloud computing initiatives such as the General Services Administration (GSA) Storefront, an online store that will soon allow government agencies to easily procure cloud computing services. NIST has already released a working definition of cloud computing and is currently developing a Special Publication on cloud computing security.

In the defense sector, the Defense Information Systems Agency (DISA) has led the way with private cloud implementations such as Rapid Access Computing Environment (RACE) and Forge.mil. RACE gives DISA customers the ability to rent a basic computing environment. Customers purchase an environment on a monthly basis so the costs and risks of acquiring and sustaining a computing environment are significantly reduced. Forge.mil is essentially a mirror of SourceForge.net and allows developers to store and manage code for open source software projects.

Cloud Computing Security Risks
If the benefits are so clear, why isn't everyone adopting cloud computing right now? Research and polling indicate that the main obstacle is security. It probably comes as no surprise that the vast majority of surveys reveal security to be the number one concern of IT executives and CIOs who are considering cloud computing. Security within the cloud has received substantial press coverage, including publication of the Gartner top seven security risks associated with cloud computing, in a report entitled, "Assessing the Security Risks of Cloud Computing."

Earlier this year, a flaw in Google Docs led to the inadvertent sharing of some users' private documents with other users on the Internet without the owners' permission. There have been other highly publicized breaches and future incidents are inevitable.

Does this mean that the security risks of cloud computing outweigh its potential benefits?

Absolutely not, but customers must perform due diligence and practice due care. In addition to selecting a vendor that can comply with organizational security requirements, customers need to carefully plan and develop a defense-in-depth strategy that mitigates the security risks of cloud computing and addresses all layers of the cloud architecture.

Cloud Computing Security Approach
Given the highly distributed and federated nature of the cloud computing model and the constant threat of new attacks, the network-based perimeter defense strategy is clearly no longer adequate or relevant. Customers will now have to protect all the layers of the cloud architecture. To ensure the confidentiality, integrity, and availability of customer data, the security strategy for the cloud must address the following:

  • Physical and environmental security
  • Hypervisor security
  • Operating system security
  • The web tier
  • The application tier
  • The database tier
  • Network security
  • Auditing

The design of this approach is best accomplished through the use of defense-in-depth principles, but the traditional defense-in-depth approach will have to be expanded beyond on-premise security controls to distributed and federated ones that are agile enough to be implemented in many different types of cloud architectures.

Physical and Environmental Security
The first line of defense in an effective cloud security strategy is physical and environmental security. Data stored in the cloud can be just as secure, if not more, than data stored in customer data centers as reputable and well-established cloud providers will typically have greater dedicated resources and security solutions at their disposal than any single enterprise. Security mechanisms, ranging from robust authentication and access controls to disaster recovery, and their associated costs are distributed across multiple enterprises, resulting in capabilities that are usually too expensive to employ or manage for many enterprises.

Cloud providers also have the advantage of possessing many years of experience in designing and operating world class, large-scale data centers and because they have to win and maintain the confidence of their customers to maintain their business, they are highly motivated to avoid a security breach. However, none of this implies that enterprises should blindly accept any cloud provider's claims.

In addition to addressing personnel security issues, enterprises need to perform due diligence by looking for certifications and accreditations such as WebTrust/SysTrust, Statement on Accounting Standard 70 (SAS 70) and International Organization for Standardization (ISO), and verifying compliance with Sarbanes-Oxley (SOX), Federal Information Security Management Act (FISMA), Health Insurance Portability and Accountability Act (HIPAA), and the Payment Card Industry Data Security Standard (PCI DSS).

If you think that these certifications do not matter, think again. According to Verizon's "2009 Data Breach Investigations Report," 81 percent of the researched companies were not PCI compliant prior to being breached.

Hypervisor Security
When choosing a cloud provider, it is important to consider hypervisor security. In a public cloud, the customer is renting servers and the computing tasks are now being executed within the cloud provider's infrastructure. These virtual servers (or virtual machines) are actually guest instances running on a cloud provider's hypervisors. The hypervisor (also known as a virtual machine monitor) is software that controls the guest instances running on it. Anyone who exploits the hypervisor has all the proverbial keys to the kingdom and can modify or delete the customer data residing on the guest instances.

Customers will not have much control over the types of hypervisors their vendors will use, but it is important that they understand what security mechanisms and features are in place to secure the hypervisor layer. Proper implementation is crucial to hypervisor security as misconfiguration is one of the biggest security risks. Enterprises should understand hypervisor best practices and verify that cloud providers are incorporating them into their hypervisor solutions.

Operating System Security
In a virtualized environment, each operating system installed on an individual virtual machine (VM) needs to be hardened. Good operating system security boils down to three sets of practices:

  1. Server hardening
  2. Patch management
  3. Access control

Well-known hardening guides such as the DISA Security Technical Implementation Guides (STIGs) and Center for Internet Security (CIS) benchmarks can be used to effectively lock down operating system images.

By installing anti-virus software, and hardening and patching servers, the administrator protects instances against malware, keeps operating system patches current, removes all unused and unnecessary services, and ensures that only trusted parties may establish a connection to the operating system. Once an operating system image has been properly configured and hardened, the administrator can then develop a minimum security baseline and provision new, secure virtual machine images on demand. Fortunately, there are tools that can automatically assess and lock down systems.

Web Security
The defense-in-depth strategy must also secure the web tier. Administrators must prevent unauthorized users from gaining access to web resources. The first step is to protect web resources. If an unauthenticated user attempts to gain access to a protected web resource, the web container will automatically try to authenticate the user. Cloud customers should implement client certificate authentication mechanisms such as HTTPS for web resources.

Administrators can apply a wide range of best practices to secure web servers. A wise approach is to organize the safeguards you would like to implement and the settings that need to be configured into categories. Categories allow you to systematically walk through the hardening process using a checklist so that administrators can focus on individual categories and understand all the specific steps that are required to apply a particular countermeasure.

Most web server best practice guides incorporate the following:

  • Patches and updates
  • The lockdown of unnecessary ports
  • Protocols, and services
  • Account management
  • The proper securing of files and directories
  • The removal of all unnecessary file shares
  • Auditing and logging
  • The application of security policy settings
  • Application Security

Web applications are vulnerable to many different kinds of attacks (e.g., network eavesdropping, unauthorized access, and malware). To prevent eavesdropping, administrators can utilize strong authentication mechanisms (e.g., SSL with digital certificates) and secure communication channels (encrypting all traffic between the client, the application, and the database server).

Unauthorized access can be prevented by implementing firewall policies that block all traffic except authorized communication ports, disabling all unused services, limiting and periodically reviewing user membership to predefined administrative groups, restricting user access to administrative accounts created during product installation, practicing the principle of least privilege when granting permissions to new administration groups or roles, and restricting directory and file access. To mitigate the risks posed by malware, administrators should promptly apply the latest software patches, disable unused functionality, and run processes with least privileged accounts to reduce the scope of damage in the event of a compromise.

Of course, the best way to protect the application tier is to design and build secure web applications. Until recently, organizations merely talked about developing secure web applications, but the steady rise in the number and sophistication of cyber attacks over the years has forced IT professionals to move beyond mere talk. Fortunately, some real progress is being made. For example, (ISC)2 introduced a new certification last year called the Certified Secure Software Lifecycle Professional (CSSLP).

The CSSLP certification is designed to help developers understand government standards and best practices for secure software development so that security is considered and implemented throughout the entire software lifecycle. More and more security professionals are leveraging tools such as web application scanners to detect vulnerabilities and weak configuration settings. Most of the more established automated security tools offer a selection of security engines and vulnerability tests ranging from the OWASP Top 10 and ISO 27002 to HIPAA and SOX. Users can select modules or let automatic crawlers map a site's tree structure, and apply all of the selected policies' attacks from thousands of security checks.

Data Security
One of the biggest cloud computing concerns is data confidentiality. Data stored in the cloud has different privacy implications than data stored in an in-house data center. These are some questions that must be considered before storing data in the cloud:

  • What is the provider's privacy policy?
  • What are the terms of service?
  • Who owns the data? Who has access to the data?
  • How does the provider deal with subpoenas for customer data?
  • How many copies of the customer's data are kept and are they stored in different locations?
  • What are the provider's data and media sanitization methods?
  • When data is removed from the cloud, does the provider retain rights to customer information?
  • How is data isolated and separated from other customers' data?
  • Where is the data processed?
  • How does the provider protect customer data?

Many of the data confidentiality obstacles can be overcome by utilizing existing technologies and solutions. While it is important to encrypt network traffic, it is just as important to encrypt data at rest. It is wise to assume that all data in the cloud can be compromised. This means that network traffic, storage, and file systems must all be encrypted. Some other best practices for database security include using roles to simplify security administration, encapsulating privileges into stored procedures, using row-level access control to enforce security policies at a row level of granularity, and building web applications so that the application users are the database users.

Network Security
A network-based perimeter defense alone is not effective for the cloud, but network security is still a vital piece of the defense-in-depth strategy. Most cloud providers utilize VLANs to provide traffic isolation channels and will offer some level of protection against the most common types of external attacks such as distributed denial of service, man-in-the-middle attacks, IP spoofing, port scanning, and packet sniffing, but it is the enterprise's responsibility to implement additional layers of security.

Virtualization brings with it a host of new threat vectors that cannot be secured with traditional security tools and methods. An owner of one VM instance may launch attacks against adjacent VMs or hackers may try to install a rogue hypervisor that can take complete control of a server. To prevent these types of attacks, enterprises need to deploy virtual firewalls and virtual IDS/IPS solutions.

These security tools are designed to protect each VM instance and can even secure live migrations of VM instances. Some VM security solutions offer protection against SQL injection attacks, cross-site scripting, and other web application vulnerabilities and can monitor unauthorized or unexpected changes to operating system files and application files.

Auditing
The importance of audit event logging has never been greater as the threat of cybercrime continues to increase. Auditing takes on even more importance in the cloud due to the dynamic nature of virtual machines. A good auditing solution for the cloud will collect and integrate real-time information from all the major systems in a cloud environment and enable the customer to detect intrusions, data leaks, misuse, or insider threats. A robust, centralized auditing solution provides a clear and comprehensive picture of the customer's changing cloud environment and enables IT professionals to spot trends and quickly assess and resolve security incidents. Ensuring that a continuous monitoring solution is implemented that includes these capabilities in a scalable nature is essential to maintaining an effective security presence within the cloud.

Final Thoughts
Utilizing cloud computing brings with it many advantages that can improve application deployment, scalability, and flexibility while leveraging cost savings. While there are multiple concerns, security in the cloud does not present radically new challenges. With cloud computing, we have the convergence of virtualization, SOA, and distributed computing - concepts that have been around for some time. This does not mean that every application should be deployed to the public cloud. Cloud computing standards and guidelines need more time to mature. For now, more security-sensitive applications should probably remain in-house or move to a private cloud, but enterprises that are considering appropriate applications for the public cloud should know that they can develop an effective security strategy with the right blend of technology and processes that takes into account all layers of the cloud architecture.

Resources

About Peter Choi
Peter Choi is the cloud computing security lead for Apptis, Inc. He has over 9 years of experience in certification and accreditation, vulnerability management, security auditing, network engineering, and systems administration. Most recently, he spoke about cloud computing security at the 2009 Special Operations Forces Industry Conference and worked with FEMA to demonstrate that a cloud prototype could be certified and accredited.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

as someone who had never heard about cloud computing before, i found peter choi's article to be both interesting and insightful. i look forward to learning more about this potentially-revolutionary technology.

Great overview of some of the technical challenges organizations have to contend with in the cloud. It will be interesting to see how dramatic of an effect the GSA Storefront will have on the way the federal government manages IT services.


Presentation Slides
Traditional on-premises data centers have long been the domain of modern data platforms like Apache Hadoop, meaning companies who build thei...
Using new techniques of information modeling, indexing, and processing, new cloud-based systems can support cloud-based workloads previously...
CloudEXPO Stories
Only Adobe gives everyone - from emerging artists to global brands - everything they need to design and deliver exceptional digital experiences. Adobe Systems Incorporated develops, markets, and supports computer software products and technologies. The Company's products allow users to express and use information across all print and electronic media. The Company's Digital Media segment provides tools and solutions that enable individuals, small and medium businesses and enterprises to create, publish, promote and monetize their digital content.
Despite being the market leader, we recognized the need to transform and reinvent our business at Dynatrace, before someone else disrupted the market. Over the course of three years, we changed everything - our technology, our culture and our brand image. In this session we'll discuss how we navigated through our own innovator's dilemma, and share takeaways from our experience that you can apply to your own organization.
Blockchain has numerous revolutionary ambitions, but technology hasn’t evolved enough to make them practical. What is the best use of blockchain technology today? How are asset owners and managers looking at blockchain to transform ownership structures? How will blockchain technology allow global investors to access new markets? What kinds of companies will take advantage of blockchain technology as a more efficient way to raise capital?
This session describes how Professional Services organisations can deliver within Technology-as-a-Service (IaaS) constructs, in private and public enterprise cloud scenarios. See how professional services can be packaged and funded by IaaS cash flows, based upon consumption of technology services. Learn how significant, IT infrastructure transformations can be funded through OPEX spending models with multi-year As-a-Services based contracts. Understand how the automation of repeatable services can positively impact the commercial viability of Professional Services within As-a-Service constructs. Hear how innovative IT infrastructure service offerings can elevate the impact of professional services engagements, and accelerate positive business outcomes.
Since their inception, Total Uptime has been delivering on their promise of unprecedented uptime to major brands as well as Fortune 500 corporations in the United States and around the world. Their Cloud network spans 17 countries and delivers the unique ability to seamlessly route Internet traffic from one site to the next when our customers need us to. It is built on the best SSAE 16 SOC 2 Type 2 and CSAE 3416 Datacenters and boasts an impressive line-up of Network and Transit Provider Redundancy. A back-end private network that spans the globe helps facilitate security and redundancy, key components for true Cloud architecture.

Register and Save!
Save $405
on your “Golden Pass”!
before October 30, 2017!
Call 201.802.3020


Santa Clara Call For Papers Open
Submit
submit your speaking proposal
for the upcoming Big Data at Cloud Expo in
Santa Clara!
[Oct 31 - Nov 2, 2017]


Big Data 2017 West
Sponsorship Opportunities
Please Call
201.802.3021
events (at) sys-con.com
Sponsorship opportunities are now open for Big Data at Cloud Expo 2017 Santa Clara, Oct 31-Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, and Big Data at Cloud Expo 2018 New York, June 5-7, 2018, at the Javits Center in New York, NY. For sponsorship, exhibit opportunities and show prospectus, please contact Carmen Gonzalez, carmen (at) sys-con.com.



Big Data Expo Silicon Valley All-Star Speakers Include

MATTHIEU
Octoblu

MAHADEV
Cisco

MCCARTHY
Bsquare

FELICIANO
AMDG

PAUL
VenueNext

SMITH
Eviot

BEAMER
goTraverse

GETTENS
goTraverse

CHAMBLISS
ReadyTalk

HERBERTS
Cityzen Data

REITBAUER
Dynatrace

WILLIAM-
SON

Cloud
Computing

SCHMARZO
EMC

WOOD
VeloCloud

WALLGREN
Electric Cloud

VARAN-
NATH

GE

SRIDHARA-
BALAN

Pulzze

METRIC
Linux

MONTES
Iced

ARIOLA
Parasoft

HOLT
Daitan

CUNNING-
HAM

ReadyTalk

BEDRO-
SIAN

Cypress

NAMIE
Cisco

NAKA-
GAWA

Transparent
Cloud

SHIBATA
Transparent
Cloud

BOYD
Neo4j

WARD
DWE

MILLER
Covisint

EVAVOLD
Covisint

MEINER
Oracle

MEEHAN
Esri

WITECK
Citrix

LIANG
Rancher Labs

BUTLER
Tego

ROWE
IBM Cloud

SKILLERN
Intel

SMITH
Numerex
Big Data Expo New York All-Star Speakers Include

CLELAND
HGST

VASILIOU
Catchpoint

WALLGREN
Electric Cloud

HINCH-
CLIFFE

7Summits

DE SOUZA
Cisco

RANDALL
Gartner

ARMSTRONG
AppNeta

SMALLTREE
Cazena

MCCARTHY
Bsquare

DELOACH
Infobright

QUINT
Ontegrity

MALAUCHLAN
Buddy Platform

PALIOTTA
Vector

MITRA
Cognizant

KOCHER
Grey Heron

PAPDO
POULOS

Cloud9

HARLAN
Two Bulls

GOLO
SHUBIN

Bit6

PROIETTI
Location
Smart

MARTIN
nfrastructure

MOULINE
Everbridge

MARSH
Blue Pillar

PARKS
SecureRF

PEROTTI
Plantronics

HOFFMAN
EastBanc

WATSON
Trendalyze

BENSONOFF
Unigma

SHAN
CTS

MATTELA
Redpine

GILLEN
Spark
Coginition

SOLT
Netvibes

BERNARDO
GE Digital

ROMANSKY
TrustPoint

BEAMER
GoTransverse

LESTER
LogMeIn

PONO
-MAREVA

Google

SINGH
Sencha

CALKINS
Amadeus

KLEIN
Rachio

HOASIN
Aeris

SARKARIA
PHEMI

SPROULE
Metavine

SNELL
Intel

LEVINE
CytexOne

ALLEN
Freewave

MCCALLUM
Falconstor

HYEDT
Seamless

Big Data Expo Silicon Valley All-Star Speakers Include

SCHULZ
Luxoft

TAMBURINI
Autodesk

MCCARTHY
Bsquare

THURAI
SaneIoT

TURNER
Cloudian

ENDO
Intrepid

NAKAGAWA
Transparent

SHIBATA
Transparent

LEVANT-LEVI
testRTC

VARAN NATH
GE

COOPER
M2Mi

SENAY
Teletax

SKEEN
Vitria

KOCHER
Grey Heron

GREENE
PubNub

MAGUIRE
HP

MATTHIEU
Octoblu

STEINER-JOVIC
AweSense

LYNN
AgilData

HEDGES
Cloudata

DUFOUR
Webroot

ROBERTS
Platform

JONES
Deep

PFEIFFER
NICTA

NIELSEN
Redis

PAOLALANTORIO
DataArchon

KAHN
Solgenia

LOPEZ
Kurento

KIM
MapR

BROMHEAD
Instaclustr

LEVINE
CytexOne

BONIFAZI
Solgenia

GORBACHEV
Intelligent
Systems

THYKATTIL
Navisite

TRELOAR
Bebaio

SIVARAMA-
KRISHNAN

Red Hat
Cloud Expo New York All-Star Speakers Included

DE SOUZA
Cisco

POTTER
SafeLogic

ROBINSON
CompTIA

WARUSA
-WITHANA

WSO2 Inc

MEINER
Oracle

CHOU
Microsoft

HARRISON
Tufin

BRUNOZZI
VMware

KIM
MapR

KANE
Dyn

SICULAR
Basho

TURNER
Cloudian

KUMAR
Liaison

ADAMIAK
Liaison

KHAN
Solgenia

BONIFAZI
Solgenia

SUSSMAN
Coalfire

ISAACSON
RMS

LYNN
CodeFutures

HEABERLIN
Windstream

RAMA
MURTHY

Virtusa

BOSTOCK
IndependenceIT

DE MENO
CommVault

GRILLI
Adobe

WILLIAMS
Rancher Labs

CRISWELL
Alert Logic

COTY
Alert Logic

JACOBS
SingleHop

MARAVEI
Cisco

JACKSON
Softlayer

SINGH
IBM

HAZARD
Softlayer

GALLO
Softlayer

TAMASKAR
GENBAND

SUBRA
-MANIAN

Emcien

LEVESQUE
Windstream

IVANOV
StorPool

BLOOMBERG
Intellyx

BUDHANI
Soha

HATHAWAY
IBM Watson

TOLL
ProfitBricks

LANDRY
Microsoft

BEARFIELD
Blue Box

HERITAGE
Akana

PILUSO
SIASMSP

HOLT
IBM Cloudant

SHAN
CTS

PICCININNI
EMC

BRON-
GERSMA

Modulus

PAIGE
CenturyLink

SABHIKHI
Cognitive Scale

MILLS
Green House Data

KATZEN
CenturyLink

SLOPER
CenturyLink

SRINIVAS
EMC

TALREJA
Cisco

GORBACHEV
Systems Services Inc.

COLLISON
Apcera

PRABHU
OpenCrowd

LYNN
CodeFutures

SWARTZ
Ericsson

MOSHENKO
CoreOS

BERMINGHAM
SIOS

WILLIS
Stateless Networks

MURPHY
Gridstore

KHABE
Vicom

NIKOLOV
GetClouder

DIETZE
Windstream

DALRYMPLE
EnterpriseDB

MAZZUCCO
TierPoint

RIVERA
WHOA.com

HERITAGE
Akana

SEYMOUR
6fusion

GIANNETTO
Author

CARTER
IBM

ROGERS
Virtustream
Cloud Expo Silicon Valley All-Star Speakers

TESAR
Microsoft

MICKOS
HP

BHARGAVA
Intel

RILEY
Riverbed

DEVINE
IBM

ISAACSON
CodeFutures

LYNN
HP

HINKLE
Citrix

KHAN
Solgenia

SINGH
Bigdata

BEACH
SendGrid

BOSTOCK
IndependenceIT

DE SOUZA
Cisco

PATTATHIL
Harbinger

O'BRIEN
Aria Systems

BONIFAZI
Solgenia

BIANCO
Solgenia

PROCTOR
NuoDB

DUGGAL
EnterpriseWeb

TEGETHOFF
Appcore

BRUNOZZI
VMware

HICKENS
Parasoft

KLEBANOV
Cisco

PETERS
Esri

GOLDBERG
Vormetric

CUMBER-
LAND

Dimension

ROSENDAHL
Quantum

LOOMIS
Cloudant

BRUNO
StackIQ

HANNON
SoftLayer

JACKSON
SoftLayer

HOCH
Virtustream

KAPADIA
Seagate

PAQUIN
OnLive

TSAI
Innodisk

BARRALL
Connected Data

SHIAH
AgilePoint

SEGIL
Verizon

PODURI
Citrix

COWIE
Dyn

RITTEN-
HOUSE

Cisco

FALLOWS
Kaazing

THYKATTIL
TimeWarner

LEIDUCK
SAP

LYNN
HP

WAGSTAFF
BSQUARE

POLLACK
AOL

KAMARAJU
Vormetric

BARRY
Catbird

MENDEN-
HALL

SUPERNAP

SHAN
KEANE

PLESE
Verizon

BARNUM
Voxox

TURNER
Cloudian

CALDERON
Advanced Systems

AGARWAL
SOA Software

LEE
Quantum

OBEROI
Concurrent, Inc.

HATEM
Verizon

GALEY
Autodesk

CAUTHRON
NIMBOXX

BARSOUM
IBM

GORDON
1Plug

LEWIS
Verizon

YEO
OrionVM

NAKAGAWA
Transparent Cloud Computing

SHIBATA
Transparent Cloud Computing

NATH
GE

GOKCEN
GE

STOICA
Databricks

TANKEL
Pivotal Software


Testimonials
This week I had the pleasure of delivering the opening keynote at Cloud Expo New York. It was amazing to be back in the great city of New York with thousands of cloud enthusiasts eager to learn about the next step on their journey to embracing a cloud-first worldl."
@SteveMar_Msft
General Manager of Window Azure
 
How does Cloud Expo do it every year? Another INCREDIBLE show - our heads are spinning - so fun and informative."
@SOASoftwareInc
 
Thank you @ThingsExpo for such a great event. All of the people we met over the past three days makes us confident IoT has a bright future."
Yasser Khan
CEO of @Cnnct2me
 
One of the best conferences we have attended in a while. Great job, Cloud Expo team! Keep it going."

@Peak_Ten


Who Should Attend?
Senior Technologists including CIOs, CTOs & Vps of Technology, Chief Systems Engineers, IT Directors and Managers, Network and Storage Managers, Enterprise Architects, Communications and Networking Specialists, Directors of Infrastructure.

Business Executives including CEOs, CMOs, & CIOs , Presidents & SVPs, Directors of Business Development , Directors of IT Operations, Product and Purchasing Managers, IT Managers.

Download Cloud Expo Show Guide
Cloud Expo Show Guide
Download PDF

Join Us as a Media Partner - Together We Can Rock the IT World!
SYS-CON Media has a flourishing Media Partner program in which mutually beneficial promotion and benefits are arranged between our own leading Enterprise IT portals and events and those of our partners.

If you would like to participate, please provide us with details of your website/s and event/s or your organization and please include basic audience demographics as well as relevant metrics such as ave. page views per month.

To get involved, email Patricia Henderson at patricia@sys-con.com.

Digital Transformation Blogs
Only Adobe gives everyone - from emerging artists to global brands - everything they need to design and deliver exceptional digital experiences. Adobe Systems Incorporated develops, markets, and supports computer software products and technologies. The Company's products allow users to express and use information across all print and electronic media. The Company's Digital Media segment provides tools and solutions that enable individuals, small and medium businesses and enterprises to create, publish, promote and monetize their digital content.
Despite being the market leader, we recognized the need to transform and reinvent our business at Dynatrace, before someone else disrupted the market. Over the course of three years, we changed everything - our technology, our culture and our brand image. In this session we'll discuss how we navigated through our own innovator's dilemma, and share takeaways from our experience that you can apply to your own organization.
Blockchain has numerous revolutionary ambitions, but technology hasn’t evolved enough to make them practical. What is the best use of blockchain technology today? How are asset owners and managers looking at blockchain to transform ownership structures? How will blockchain technology allow global investors to access new markets? What kinds of companies will take advantage of blockchain technology as a more efficient way to raise capital?