October 13, 2017 · Cloud Computing · Comments Off on Centralized security in the cloud is the best security model

It’s 6:00 a.m. on a Monday morning. You get an automated text from your security systems that a DDOS attack was attempted, but new security policies downloaded several hours earlier proactively protected the systems from the attacking IP address. All is well. 

The alternative is not good—meaning that you had no idea of the DDOS attack, and now you’re playing cloud security whack-a-mole to fend off the attack until you can put more permanent solutions in place. Of course, other types of breaches could be much worse, in terms of their impact on the enterprise. 

Proactive and automated security solutions are known as centralized trust. Simply put, these are central repositories of security policies that are linked to local repositories in the enterprise cloud. They may even contain centralized identities—things, processes, or people—that that can be centrally credentialed.

The cloud is the perfect place to have centralized trust, both for the cloud platforms themselves and enterprise resources wherever they may reside. Sadly, enterprises may not be willing to adopt this model.

How centralized trust works

Here’s how centralized trust works: As security threats are noted, the central security policy repository is updated, and those updates are sent to all subscribing distributed security policy repositories. Or, the new policies can also be centrally read, without actually replicating the policies. 

The idea is that you get an instant notification of a common threat, which is translated into a policy that you instantly put into production to eliminate the threat. This process is completely automated; there are no people involved, and so it’s the ultimate in proactive security, both for small threats such as DDOS and for larger threats such as data breaches.

Obviously, enterprises need to have their own security policies. That means private and public security policies must exist in the enterprise-level security policy repository, marked accordingly. 

Enterprises fear losing local control, and thus make themselves less secure

Although this is the ultimate security defense model, one that could keep many enterprises out of cloud security trouble, I really don’t believe many enterprises will go for it. The reason is obvious: They won’t accept outside security automation, instead considering that a threat to them an their control. 

But we’re already there. Public cloud providers proactively deal with security threats in an ongoing basis, and enterprises that have hundreds of workloads on those public clouds benefit from their providers’ security systems.

However, this is a passive process for the enterprises, because they are not actively engaged in the process. Although the platforms are protected by the cloud providers, the enterprise’s applications and data may not be protected. After all, securing those areas is the responsibility of the cloud tenant, which is the enterprise that uses the public cloud. 

Security systems seem to be enterprise-driven, even those in the public cloud. Each cloud-based security solution, as well as the supporting cloud-based security policies, is unique to each enterprise. That means the level of risk is all over the place.

Although centralized security could provide much better protection and greatly reduce risk, enterprises don’t seem to want it, even though there are more upsides than downsides. Bummer. 

Tech

October 9, 2017 · Cloud Computing · Comments Off on Exclusive: Former HPE Executive Named CEO of This Cloud Company

Saar Gillai brings years of networking experience from Cisco, HP, and HPE to Teridion.

Saar Gillai, a former Hewlett-Packard Enterprise senior vice president, is now CEO of Teridion, an Israeli-American cloud-based networking company.

Teridion, with offices in San Francisco and Israel, aims to speed up the transit of content and data from one data cloud to another. The four-year-old company puts its software on rented servers in Amazon amzn Web Services, IBM ibm SoftLayer, Microsoft msft Azure, and Google goog Cloud Platform. There it acts as a traffic cop for data that needs to move. Teridion’s technology finds the best route between any clouds at a given time, Gillai tells Fortune.

“We map the Internet in real time and change routes on the fly, so if there’s an outage in one area, we route around it,” he said.

Get Data Sheet, Fortune’s daily tech newsletter.

Teridion customers include Box box and Egnyte, both of which rent cloud storage capacity to customers. Those companies use their own data centers as well as data centers run by the big cloud providers as needed. That means it’s necessary for them to be able to move data between cloud data centers to get the best price. The major cloud players often cut prices to compete with each other. That makes such data transferring a key concern to cost-conscious customers.

Related: Welcome to the Era of Data Center Consolidation

Gillai has a lot of experience in networking. He was at Cisco csco from 1998 to 2005 before joining 3Com, a Cisco rival that was acquired by pre-split Hewlett Packard in 2010. As senior vice president, he helped lead HP’s cloud computing effort for two years. Then in 2014, when HP split into HP Inc., hpq and HPE hpe , he went with HPE where he remained until last year.

As CEO, Gillai succeeds Chris Keene, who held that position for a year.

“Saar Gillai is well respected in both the cloud and networking worlds,” Teridion chairman Ronnie Kenneth said in a statement. “He brings more than 20 years of building innovative and successful businesses,”

Tech