Welcome!

AJAX & REA Authors: Aria Blog, Rajesh Lain, Sebastian Kruk, RealWire News Distribution, Harald Zeitlhofer

Related Topics: Cloud Expo, Java, SOA & WOA, Virtualization, Security, Big Data Journal

Cloud Expo: Article

So, Just What Is REACT? And How Does It Change Security Strategies?

Examining the advantages of cloud-based unified security

Last month, I published an article about a new unified security platform called REACT (Realtime Event & Access Correlation Technology).  All in all, it received some very positive notices, but also raised some questions as to what exactly the platform is, and why it should matter.

Simply put, REACT is an approach whereby an organization leverages the capabilities of several security solutions into one central correlated repository of security intelligence. For instance, key information from an Access Management tool (such as SaaS SSO logins or views of/modifications on/additions to protected data) can be shared, processed and analyzed through a SIEM correlation engine. When this is done in real time, not only do you expand the centralized visibility, but more importantly any suspicious activity is immediately identified and alerted.  When these systems are running in parallel, but not unified, it might be days or weeks before these anomalous instances are discovered and remedied.

REACT incorporates four elements: SIEM, Access Management, Identity Management and Log Management. Each, independently, addresses certain security and/or compliance functions. As a deployment of centralized and unified security, they enhance the enterprise’s ability to perform, improve the granular visibility across independent silos and provide a true field of play in which to… yes…react!  But the key is this monitoring must be done in real time to gain the advantages of proactive readiness and agile and accurate response.

Think of REACT like an apple pie. You might have apples, dough crust, butter and spices. Each can be used on their own. However, when using each of the ingredients together, you create a tasty result that is more than the sum of its parts. As a platform, REACT is similar. Your organization may already have Identity Management or SSO, but if it isn’t “baked” together with forensic analytics like SIEM and/or Log management, you only get a portion of the information and a slice of the capability.

Why does that matter? Let’s break it down into 3 key business advantages:

1. Creating 360o Visibility -In the current complex, multi-networked and interlaced  business environment, the ability to know who is doing what, when and where to any part of the monitored IT landscape has moved beyond the “nice-to-have” strategy. Anything less is short sighted, and honestly, dangerous. It seems every few weeks, we hear about a large organization suffering some kind of breach. It could be internal sabotage, user carelessness, or hackers, but either way, sensitive data has been put at risk. By employing the unique advantage of multi-silo correlation and information distillation, the ability to expand visibility manifests as a huge return on investment through prevented breaches, supported work practices and easier compliance.

This enhanced visibility goes a long way toward internal proactive defense planning: who is logging in (or failing), modifying records, accessing data from any affiliated app across the entire extended network. When you have the right level of visibility, you can make better decisions faster...especially when factoring Big Data and BYOD.

2. Improved compliance - One of the top concerns for enterprises are compliance requirements. Hundreds of man-hours and other resources must be deployed per month just to provide the reports auditors require. When approaching security from a non-unified approach, IT needs to look at machine data and logs from many different servers from many different sectors of the network. It’s a Herculean task given the best of circumstances. With multiple audits from multiple agencies, it takes an inordinate amount of time away from other core business needs. Yet when unifying and centralizing (and automating) the data required by audits, compliance becomes less of a burden. The automations across the enterprise now deliver the prescribed data in the right format, fully completed by the imposed deadlines

And also consider, requirements from agencies like HIPAA, PCI, FFIEC, CIP GLBA, SOX are not going to lessen. If history teaches us anything, the demands of such organizations are only going to increase as the usage cases of your online assets continue to diversify and evolve.

3. More capability for less cost - In many circumstances, asking an organization to make investments in all sorts of security solutions is cost prohibitive. Not to mention all the other time, personnel and computing resources needed to properly deploy the initiative. By leveraging the security functionality from the cloud, companies gain additional and immediate solution bandwidth along with expanded capabilities. As a unified security deployment from the cloud, the cost-to-function ratio dramatically drops. Colloquially speaking, you get more bang for the buck. But because the solutions are managed from the cloud it is not an apples-to-apples comparison. REACT can work as an on-premises platform, but through multi-tenancy, centralization and other economies of scale, cloud-based security users get best of breed solutions for pennies against the on premises dollar. In short the cloud provides a unique advantage in functionality, affordability and control for any sized company—not just the big boys.

So to recap… REACT is not a collection of individual solutions and functions, but an interpolation of all the data across the enterprise to gain a truly holistic security vantage point. AND REACT matters because you can see more, see it faster, manage it cheaper and protect a greater swath of your enterprise. It’s a simple calculation-especially from the cloud.

Kevin Nikkhoo
A Cloud REACTionary

More Stories By Kevin Nikkhoo

With more than 32 years of experience in information technology, and an extensive and successful entrepreneurial background, Kevin Nikkhoo is the CEO of the dynamic security-as-a-service startup Cloud Access. CloudAccess is at the forefront of the latest evolution of IT asset protection--the cloud.

Kevin holds a Bachelor of Science in Computer Engineering from McGill University, Master of Computer Engineering at California State University, Los Angeles, and an MBA from the University of Southern California with emphasis in entrepreneurial studies.

@CloudExpo Stories
Performance is the intersection of power, agility, control, and choice. If you value performance, and more specifically consistent performance, you need to look beyond simple virtualized compute. Many factors need to be considered to create a truly performant environment. In their General Session at 15th Cloud Expo, Phil Jackson, Development Community Advocate at SoftLayer, and Harold Hannon, Sr. Software Architect at SoftLayer, to discuss how to take advantage of a multitude of compute option...
Come learn about what you need to consider when moving your data to the cloud. In her session at 15th Cloud Expo, Skyla Loomis, a Program Director of Cloudant Development at Cloudant, will discuss the security, performance, and operational implications of keeping your data on premise, moving it to the cloud, or taking a hybrid approach. She will use real customer examples to illustrate the tradeoffs, key decision points, and how to be successful with a cloud or hybrid cloud solution.
In today's application economy, enterprise organizations realize that it's their applications that are the heart and soul of their business. If their application users have a bad experience, their revenue and reputation are at stake. In his session at 15th Cloud Expo, Anand Akela, Senior Director of Product Marketing for Application Performance Management at CA Technologies, will discuss how a user-centric Application Performance Management solution can help inspire your users with every appli...
With the explosion of the cloud, more businesses are transitioning to a recurring revenue model to generate reliable sales, grow profits, and open new markets. This opportunity requires businesses to get to market quickly with the pricing and packaging options customers want. In addition, you will want to take advantage of the ensuing tidal wave of data to more effectively upsell, cross-sell and manage your customers. All of this is possible, but only with the right approach. At 15th Cloud Exp...
Planning scalable environments isn't terribly difficult, but it does require a change of perspective. In his session at 15th Cloud Expo, Phil Jackson, Development Community Advocate for SoftLayer, will broaden your views to think on an Internet scale by dissecting a video publishing application built with The SoftLayer Platform, Message Queuing, Object Storage, and Drupal. By examining a scalable modular application build that can handle unpredictable traffic, attendees will able to grow your de...
The cloud provides an easy onramp to building and deploying Big Data solutions. Transitioning from initial deployment to large-scale, highly performant operations may not be as easy. In his session at 15th Cloud Expo, Harold Hannon, Sr. Software Architect at SoftLayer, will discuss the benefits, weaknesses, and performance characteristics of public and bare metal cloud deployments that can help you make the right decisions.
Over the last few years the healthcare ecosystem has revolved around innovations in Electronic Health Record (HER) based systems. This evolution has helped us achieve much desired interoperability. Now the focus is shifting to other equally important aspects – scalability and performance. While applying cloud computing environments to the EHR systems, a special consideration needs to be given to the cloud enablement of Veterans Health Information Systems and Technology Architecture (VistA), i.e....
Cloud and Big Data present unique dilemmas: embracing the benefits of these new technologies while maintaining the security of your organization’s assets. When an outside party owns, controls and manages your infrastructure and computational resources, how can you be assured that sensitive data remains private and secure? How do you best protect data in mixed use cloud and big data infrastructure sets? Can you still satisfy the full range of reporting, compliance and regulatory requirements? I...
Scott Jenson leads a project called The Physical Web within the Chrome team at Google. Project members are working to take the scalability and openness of the web and use it to talk to the exponentially exploding range of smart devices. Nearly every company today working on the IoT comes up with the same basic solution: use my server and you'll be fine. But if we really believe there will be trillions of these devices, that just can't scale. We need a system that is open a scalable and by using...
Is your organization struggling to deal with skyrocketing volumes of digital assets? The amount of data is growing exponentially and organizations are having a hard time managing this growth. In his session at 15th Cloud Expo, Amar Kapadia, Senior Director of Open Cloud Strategy at Seagate, will walk through the essential considerations when developing a cloud storage strategy. In this discussion, you will understand the challenges IT is facing, why companies need to move to cloud, and how the...
If cloud computing benefits are so clear, why have so few enterprises migrated their mission-critical apps? The answer is often inertia and FUD. No one ever got fired for not moving to the cloud – not yet. In his session at 15th Cloud Expo, Michael Hoch, SVP, Cloud Advisory Service at Virtustream, will discuss the six key steps to justify and execute your MCA cloud migration.
The 16th International Cloud Expo announces that its Call for Papers is now open. 16th International Cloud Expo, to be held June 9–11, 2015, at the Javits Center in New York City brings together Cloud Computing, APM, APIs, Security, Big Data, Internet of Things, DevOps and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speak...
Most of today’s hardware manufacturers are building servers with at least one SATA Port, but not every systems engineer utilizes them. This is considered a loss in the game of maximizing potential storage space in a fixed unit. The SATADOM Series was created by Innodisk as a high-performance, small form factor boot drive with low power consumption to be plugged into the unused SATA port on your server board as an alternative to hard drive or USB boot-up. Built for 1U systems, this powerful devic...
SYS-CON Events announced today that Gridstore™, the leader in software-defined storage (SDS) purpose-built for Windows Servers and Hyper-V, will exhibit at SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Gridstore™ is the leader in software-defined storage purpose built for virtualization that is designed to accelerate applications in virtualized environments. Using its patented Server-Side Virtual C...
SYS-CON Events announced today that Cloudian, Inc., the leading provider of hybrid cloud storage solutions, has been named “Bronze Sponsor” of SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Cloudian is a Foster City, Calif.-based software company specializing in cloud storage. Cloudian HyperStore® is an S3-compatible cloud object storage platform that enables service providers and enterprises to bui...
SYS-CON Events announced today that TechXtend (formerly Programmer’s Paradise), a leading value-added provider of server and storage virtualization, and r-evolution will exhibit at SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. TechXtend (formerly Programmer’s Paradise) is a leading value-added provider of software, systems and solutions for corporations, government organizations, and academic instit...
Every healthy ecosystem is diverse. This is especially true in cloud ecosystems, where portability and interoperability are more important than old enterprise models of proprietary ownership. In his session at 15th Cloud Expo, Mark Baker, Server Product Manager at Canonical/Ubuntu, will discuss how single vendors used to take the lead in creating and delivering technology, but in a cloud economy, where users want tools of their preference, when and where they need them, it makes no sense.
The consumption economy is here and so are cloud applications and solutions that offer more than subscription and flat fee models and at the same time are available on a pure consumption model, which not only reduces IT spend but also lowers infrastructure costs, and offers ease of use and availability. In their session at 15th Cloud Expo, Ermanno Bonifazi, CEO & Founder of Solgenia, and Ian Khan, Global Strategic Positioning & Brand Manager at Solgenia, will discuss this shifting dynamic with ...
The emergence of cloud computing and Big Data warrants a greater role for the PMO to successfully manage enterprise transformation driven by these powerful trends. As the adoption of cloud-based services continues to grow, a governance model is needed to orchestrate enterprise cloud implementations and harness the power of Big Data analytics. In his session at 15th Cloud Expo, Mahesh Singh, President of BigData, Inc., to discuss how the Enterprise PMO takes center stage not only in developing th...
Cloud computing started a technology revolution; now DevOps is driving that revolution forward. By enabling new approaches to service delivery, cloud and DevOps together are delivering even greater speed, agility, and efficiency. No wonder leading innovators are adopting DevOps and cloud together! In his session at DevOps Summit, Andi Mann, Vice President of Strategic Solutions at CA Technologies, will explore the synergies in these two approaches, with practical tips, techniques, research dat...