Category Archives: Cloud Computing

How Docker changes cloud security?

How Docker changes cloud security?

Docker and cloud security

Nowadays Cloud computing is thriving on its popularity as benefits of cloud adoption are countless, including better efficiency, reduced costs of virtual services, greater accessibility and flexibility. Today almost everything that includes information of individuals and companies is placed on cloud but moving applications to the cloud and acquiring the advantages means first evaluating specific data security and cloud security issues.

Docker and security

Docker brings certainty to application administration in shared surroundings, ensures the portability and increases the availability of application hence decreasing the overall risk. Docker containers are much more similar to LXC containers if you’re already aware of them or have worked on them in the past. Docker makes use of a layered security approach which is an exercise of integrating various mitigating security commands to preserve resource and data.


Docker uses many security barricades to stop break out. If situation emerges where there is a break out of one container mechanism then the issue is resolved by blocking the concerned containers with the next one. We know that Docker shares Linux kernel architecture and provide as many Linux security mechanisms as possible.

There are three main zones that are to be examined when evaluating Docker security:

1) Built-in safety of containers, as performed by kernel namespaces and c groups.
2) Docker daemon attack surface.
3) The freezing security characteristics of the kernel and how they reach out with containers.

Following are the security features provided by Docker in cloud:

1) Kernel Namespaces:

Namespaces provide the isolation workplace for the containers. Docker creates a set of namespaces for the container and each aspect of a container runs in its own namespace hence does not have access outside of it. Each container also gets its own network stack thus restricting the interfaces of another container.

Below is the list of namespaces that Docker uses:

  • The pid namespace: It is used for a series of actions or steps taken in order to achieve isolation (PID: Process ID).
  • The net namespace: It is used for having executive control over network interfaces (NET: Networking).
  • The ipc namespace: It is used for maintaining control over the access to IPC resources (IPC: InterProcess Communication).
  • The mnt namespace: It is used for managing mount-points (MNT: Mount).
  • The uts namespace: It is used for segregating kernel and version identifiers. (UTS: Unix Timesharing System).

2) Control Groups

Control Groups also called “cgroups” are another main element of containers. They implement resource accounting and limiting as key element to run applications. This mechanism helps in understanding and ensuring that containers are beneficial multi-tenant citizens on a host like public and private PaaS, to guarantee a consistent uptime as well as performance even when some applications start to misbehave. Control Groups supply sufficient functional standards and even limit the memory available to a specific container.

3) Docker Daemon Attack Surface

Applications and containers running with Docker initiate to run the “Docker daemon” that needs root benefits and runs on a host machine. The user does not directly interact with the daemon,instead through the Docker client.

Docker daemon should always be controlled by the faithful users. Docker gives you the permission to share a directory among the Docker host and a guest container, regardless of limiting the access rights of the container. This helps you to run a container where the host directory will be free to operate without any restrictions. Such a structure leads to very strong safety consequences. Let’s explain it through an example, if you are implementing Docker from a web server to provision containers through an API, you must make sure to avoid potential danger with variable examination. It helps in building a sentiment that no hostile user proceeds with crafted variable causing Docker to generate arbitrary containers.

For this particular reason, REST API endpoint found an answer to a problem by considering possible options of using Docker CLI to communicate with the Docker daemon. They now make use of a UNIX socket rather than TCP socket bound.

Upcoming advancements in Linux namespaces will promptly allow running of the full featured containers in the absence of root privileges and will also solve the problems that are caused by sharing of the namespaces between host and guests.

4) Linux Kernel Capabilities

Docker starts every container with a set of capabilities that are limited within bounds and Capabilities change the binary “root/non-root” separation into a fine grained access control system.
Removing these capabilities may lead to the breaking of the applications so it can be said that capabilities try to achieve serviceability, usability and security between Docker Containers. You always have the authority to enable extra capabilities if they are required. Below is the current list of capabilities that are used by Docker.

chown, dac_override, fowner, kill, setgid, setuid, setpcap, net_bind_service, net_raw, sys_chroot, mknod, setfcap, and audit_write.

5) Other Kernel Security Features

It is also possible to control fully established systems like TOMOYO, AppArmor, SELinux, GRSEC, etc with Docker, though Docker only validates capabilities and doesn’t interfere with different systems.

Following are few examples:

1) It is possible for you to run a kernel with GRSEC and PAX. Hence increasing a large number of security controls during compile time and run time thus defeating majority of exploits.
2) Docker containers can even be used out of the box if your distribution comes with security model templates. These templates help in providing a safety shield around Docker containers.
3) It helps you in describing your own approaches by using favourite access control techniques.

Bringing new security features to Docker

In addition to other security features there are new security attributes which are used by Docker for the file system protections and are explained below:

1) Read-only mount points

There are a few Linux kernel file systems that have to be mounted in a container environment otherwise process may fail to run. But luckily nearly all of these can be mounted as “read-only”. Most applications should never require to write to these file systems.

Docker mounts these file systems into the container as “read-only” mount points.
. /sys
. /proc/sys
. /proc/sysrq-trigger
. /proc/irq
. /proc/bus

Privileged container processes can never write to them as these file systems are mounted as read-only and cannot cause a change to the host system. It is even possible to remount the file systems as read/write and restrict the potential of the privileged container processes.

2) Copy-on-write file systems

Docker also makes use of the copy-on-write file systems which give them the power to use the same file system image as the base for the container. Whenever container writes any content to the image it always gets written to a container specific file system and thus prevents one container from noticing the changes of another container even if they write to the same file system image. One container cannot change the image content to affect the processes in another container.


With Docker it’s possible to implement security features of the other containerization systems. The final aim of Docker is to fulfill and perform two supplemental security advancements:

1) Set intended actions to map the root user of a container to a non root user of the Docker host, to reduce the outcome of a container-to-host privilege escalation.
2) To grant Docker daemon to run without root privileges and delegate operations requiring those privileges to be well-audited sub-processes, each with its own scope: virtual network setup, file system management, etc.

By default, Docker containers are secure to great extent as they provide you with a mechanism to take care of running processes inside the containers. They give you privilege to add an extra layer of security by giving you an authority to enable Apparmor, SELinux, GRSEC or any of your favourite hardening resolutions.

By Sudhi Seshachala


CTO @Xervmon Inc Sudhi, a technology entrepreneur, brings 19+ years in software, cloud technologies, IT operations and management. Have led several global teams in HP, Sun/Oracle, SeeBeyond. He has built highly scalable and highly available products, systems management, monitoring and integrated SaaS and on-premise applications. He is a trusted advisor and consults with companies of all sizes to establish DevOps practices, implement docker based CI/CD or AWS deployments in a cost effective scale. His work and expert insight can be followed on CloudTweaks in 2015 as part of the 12/12 contributor program.

Cloud Infographic – IoT and Smart Functions

Cloud Infographic – IoT and Smart Functions

Smart Functions In 2015

Smartwear, Wearable technology, Internet of Things are all big topics of discussion and on many investors radar for areas to look into in 2015 and beyond.  Gartner and IDC estimate that between $300 Billion (Product and service suppliers) to $7.1 Trillion (Worldwide IoT solutions) by 2020.

One of the highest demands for smart functions will be in the area of remote access as seen in the infographic provided below discovered at Adweek.


Is Bigger Better? Not with the Cloud on Your Side

Is Bigger Better? Not with the Cloud on Your Side

Is Bigger Better?

Growing up, bigger almost always equated to better. The bigger kid hit the baseball farther, threw the ball faster, shot the hockey puck harder and usually won the fight. In school, we were taught that larger companies were better than the smaller ones. Bigger, meant better economies of scale, more market share and, efficiency and larger, more profitable revenues.


As a businessman in today’s economic environment, I see things differently. The smaller, more agile companies are disrupting the market, innovating without the baggage of the larger companies, reducing barriers to entry by leveraging cloud services and social media, thereby causing headaches for the larger, slower moving companies. Research provided by Innosight and referenced by Richard Forester, shows that Fortune 500 companies are turning over or going bankrupt at an alarming rate. More than 50 percent of the Fortune 500 had been eliminated from the list since 2000.

Forester states the life span of a corporation is determined by the following three principles:

1. Running operations effectively.
2. Creating new businesses which meet customer needs.
3. Shedding business that once might have been core but now no longer meets company standards for growth and return.

Balancing three of these principles can been quite difficult, especially for a large company. Creating new business, while trying to maintain operational excellence of existing business is tough to do and we all know about the companies that did not shed core business to seek new opportunities—Kodak, Blockbuster…enough said. While this is all true, companies were able to somehow to maintain dominance for a much longer period than they are now as depicted by the following statement: “Fifty years ago, life expectancy of a firm in the Fortune 500 was around 75 years. Today, it’s less than 15 years and declining all the time.” So, what changed to cause this drastic shift in power?

What did not exist 50 years ago was the rapid pace of innovation, ease of taking an idea to a business almost instantly, direct reach to customers and agility to move at lightning speed that now comprises the DNA of today’s business environment. Companies build upon these genes are disrupting the market, constructed from the ground up to execute with excellence and meet customer demands, while remaining agile to change business strategy at a moment’s notice.

How are they doing this?

Businesses are leveraging the cloud and its three main services; Infrastructure as a Service (IaaS), Software as a Service (SaaS), and Platform as a Service (PaaS). IaaS provides these companies with an instant, on demand platform for their servers, storage and backup. No big capital expense is required; merely a monthly payment for what is used.

SaaS provides access to business application, such as Salesforce, email, accounting applications and customer relationship management (CRM) applications, all without having to hire people to manage these applications or the infrastructure upon which they reside—another pay as you go model, allowing minimal up-front investment.  PaaS allows these companies to leverage existing infrastructures for application development, reducing the cost and complexity of managing these environments in-house, also enabling the ability to quickly move new features and code from development to test to production. For example, Amazon adds a new feature every 10 seconds while its competition takes seven to nine months. Now that is a competitive advantage.


As you can see, these new companies have all of their needs taken care of for a monthly fee, and can keep their employees focused on the core needs of the company. The on-demand nature of the cloud gives them the agility they need while access to cloud-based social media such as Twitter, Facebook and Linkedin, gives them instant access to their customers, enabling instant feedback on their product ideas, allowing them to quickly address customer demand. Additionally, crowd-funding sites, such as KickStarter and Indiegogo allow an idea to become a reality in months. No longer do companies need to write a 50-page business plan, seek investment funding, test market and then deliver a product. The barriers of entry to a market have been eliminated by the Cloud and its’ benefits.

This is not to say that all big companies are doomed, but they should take a page out of the book of these disruptors; leverage the cloud for the transformative technology it is, capture its benefits, continue to innovate at a rapid pace, never rest on your laurels and stay in tune with your customers’ ever-changing needs.

Marc Malizia

The Lighter Side Of The Cloud – Resolutions

The Lighter Side Of The Cloud – Resolutions


By Al Johnson

Please feel free to share our comics via social media. For questions regarding the licensing and commercial reuse for websites and print, please contact us for more information.

Logicalis Recognized as Cisco Application Centric Infrastructure Authorized Technology Provider in the U.S.

Logicalis Recognized as Cisco Application Centric Infrastructure Authorized Technology Provider in the U.S.

NEW YORK, Dec. 30, 2014 /PRNewswire/ — Logicalis US, an international IT solutions and managed services provider (, announced today that it has achieved Application Centric Infrastructure (ACI) Authorized Technology Provider (ATP) designation from Cisco. The designation recognizes Logicalis as having fulfilled the training requirements and program prerequisites to sell, deploy and support Cisco Application Centric Infrastructure products and solutions.

Participation in the Cisco ACI ATP Program allows Logicalis to offer its customers a new data center architecture designed to simplify operations and greatly reduce provision time through automation for their applications.

Logicalis US is proud to have been recognized for the training we’ve undergone and the significant sales support resources we have put in place to be able to offer our customers Cisco’s Application Centric Infrastructure,” says Renae Johnson, Vice President, Cisco Solutions, Logicalis US.  “It’s becoming very clear that, today, information technology is a business in transition, shifting from a focus on technology to a services focus.  To accommodate these changes, CIOs are adopting more agile and automated development techniques, and Cisco’s ACI offers the kind of centralized automation and network programmability that gives our clients the ability to rapidly deploy new applications while scaling resources up or down as needed, quickly and efficiently.”

To earn the ACI ATP designation, Logicalis US fulfilled Cisco application centric infrastructure training and exam requirements. Logicalis also met the personnel and post-sales support requirements set forth by Cisco.

The Cisco Authorized Technology Provider Program is part of the Cisco go-to-market strategy for emerging technologies. The program helps Cisco to define the knowledge, skills and services that channel partners need to successfully sell, deploy and support an emerging technology practice.

Want to Learn More?

  • Logicalis has the skills and experience to deliver certified Cisco services across the entire IT environment; learn more here:
  • A Cisco Gold Certified Partner, Logicalis is also one of Cisco’s top 10 partners in the world:
  • Find out how Logicalis and Cisco work together to help customers create the workplace of tomorrow, then watch as Mike Johnsonpresents Logicalis’ perspective on the Service Defined Enterprise at Cisco Live 2014:

About Cisco Application Centric Infrastructure
Application Centric Infrastructure (ACI) in the data center is a holistic architecture with centralized automation and policy-driven application profiles. ACI delivers innovative software flexibility with the scalability of hardware performance.  An ACI network is deployed, monitored, and managed in a fashion that supports DevOps and rapid application change. ACI does so through the reduction of complexity and a common policy framework that can automate provisioning and managing of resources.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries.

About Logicalis
Logicalis is an international IT solutions and managed services provider with a breadth of knowledge and expertise in communications and collaboration, data center and cloud services, and managed services.

Logicalis employs over 3,800 people worldwide, including highly trained service specialists who design, specify, deploy and manage complex IT infrastructures to meet the needs of almost 6,000 corporate and public sector customers.  To achieve this, Logicalis maintains strong partnerships with technology leaders such as Cisco, HP, IBM, CA Technologies, EMC, NetApp, Microsoft, VMware and ServiceNow.

The Logicalis Group has annualized revenues of $1.6 billion from operations in Europe, North America, Latin America and Asia Pacificand is one of the leading IT and communications solution integrators specializing in the areas of advanced technologies and services.

The Logicalis Group is a division of Datatec Limited, listed on the Johannesburg and London AIM Stock Exchanges, with revenues of approximately $6 billion.

For more information, visit

Cloud, CMS and Security

Cloud, CMS and Security

The Growing Interest for Security and CMS

CMS services are allowing more people to run their own successful websites without needing to know HTML or any web programming languages.

CMS, which stands for content management system, is software you install on your web host/server that allows you to manage the content of your website through an admin control panel. That way you don’t have to go into the coding and manually add the content, which is what you used to have to do with HTML websites. Some of the most notable CMS services are WordPress, Joomla and Drupal which are all free services.


Along with the increasing popularity of CMS services running in the cloud, there is also an increasing demand for security. Since CMS software is open source and many people use it, this allows hackers to study the programming and develop strategies for intercepting the basic security that comes preinstalled with the software. Once they figure this out, they will be able to hack multiple websites that run on the software because it is the same software everyone else is using.

Therefore, businesses need to take extra measures to secure their website in order to make sure hackers cannot access their website’s content management system. Whether you run a personal blog or business, maintaining the security of your CMS is just as vital as protecting your servers. You are not only protecting your information, but you are protecting the information of the customers and subscribers who have signed up through your website as well.

The type of security you will need depends on your hosting in general. For big business CMS websites, they are likely going to be run on dedicated or cloud hosting servers.  As for personalized websites, they are typically run on shared web hosting servers. These are more susceptible to attacks because the servers are shared with potentially hundreds of thousands of other users. Many of these users could very well be the same type you are looking to precisely guard and defend your site against. So you must be careful.

Backup Plan

There are several methods which can help protect your website such as utilizing security Plugins (WordPress), CDNs (Incapsula, CloudFlare…) and Backup/Storage services (Box, VaultPress, Dropbox…) Keep in mind, nothing is 100% guaranteed as seen with the recent Sony outages nonetheless, you’ll sleep better at night knowing you are trying to do something about it.

Provided is a sponsored infographic by which offers a comparision between the 3 leading CMS website builders in the market today.


By Glenn Blake

Cloud Infographic – SME’s Cloud Guide

Cloud Infographic – SME’s Cloud Guide

The SME’s Guide to Moving to the Cloud

There is a fair bit of complex information out there which does not fully address the fundamental business reasons for moving to the cloud. Considering that 4 in 5 companies could potentially cut costs by 10% or more by using cloud technology and the forecast for the cloud computing industry is to reach revenues of $240 billion by 2020, the demand for the cloud has never been higher.

This infographic is a clear and concise outline for an SME owner ranging from the basic checklist to put in place first when considering migrating to the cloud, the types of cloud platforms on offer, the business benefits and the some of the cloud based apps business people are using but don’t even realise are cloud based apps.

Provided is an infographic courtesy of


Artificial Intelligence And Deep Learning

Artificial Intelligence And Deep Learning

The most striking research results in AI came from the field of deep learning, which involves using crude simulated neurons to process data.

Work in deep learning often focuses on images, which are easy for humans to understand but very difficult for software to decipher. Researchers at Facebook used that approach to make a system that can tell almost as well as a human whether two different photos depict the same person. Google showed off a system that can describe scenes using short sentences.

Read the source article at MIT

CloudTweaks Comics
The Conflict Of Net Neutrality And DDoS-Attacks!

The Conflict Of Net Neutrality And DDoS-Attacks!

The Conflict Of Net Neutrality And DDoS-Attacks! So we are all cheering as the FCC last week made the right choice in upholding the principle of net neutrality! For the general public it is a given that an ISP should be allowed to charge for bandwidth and Internet access but never to block or somehow…

Cloud Infographic – DDoS attacks, unauthorized access and false alarms

Cloud Infographic – DDoS attacks, unauthorized access and false alarms

DDoS attacks, unauthorized access and false alarms Above DDoS attacks, unauthorized access and false alarms, malware is the most common incident that security teams reported responding to in 2014, according to a recent survey from SANS Institute and late-stage security startup AlienVault. The average cost of a data breach? $3.5 million, or $145 per sensitive…

A New CCTV Nightmare: Botnets And DDoS attacks

A New CCTV Nightmare: Botnets And DDoS attacks

Botnets and DDoS Attacks There’s just so much that seems as though it could go wrong with closed-circuit television cameras, a.k.a. video surveillance. With an ever-increasing number of digital eyes on the average person at all times, people can hardly be blamed for feeling like they’re one misfortune away from joining the ranks of Don’t…

Cloud Infographic: Security And DDoS

Cloud Infographic: Security And DDoS

Security, Security, Security!! Get use to it as we’ll be hearing more and more of this in the coming years. Collaborative security efforts from around the world must start as sometimes it feels there is a sense of Fait Accompli, that it’s simply too late to feel safe in this digital age. We may not…

Micro-segmentation – Protecting Advanced Threats Within The Perimeter

Micro-segmentation – Protecting Advanced Threats Within The Perimeter

Micro-segmentation Changing with the times is frequently overlooked when it comes to data center security. The technology powering today’s networks has become increasingly dynamic, but most data center admins still employ archaic security measures to protect their network. These traditional security methods just don’t stand a chance against today’s sophisticated attacks. That hasn’t stopped organizations…

Three Tips To Simplify Governance, Risk and Compliance

Three Tips To Simplify Governance, Risk and Compliance

Governance, Risk and Compliance Businesses are under pressure to deliver against a backdrop of evolving regulations and security threats. In the face of such challenges they strive to perform better, be leaner, cut costs and be more efficient. Effective governance, risk and compliance (GRC) can help preserve the business’ corporate integrity and protect the brand,…

Staying on Top of Your Infrastructure-as-a-Service Security Responsibilities

Staying on Top of Your Infrastructure-as-a-Service Security Responsibilities

Infrastructure-as-a-Service Security It’s no secret many organizations rely on popular cloud providers like Amazon and Microsoft for access to computing infrastructure. The many perks of cloud services, such as the ability to quickly scale resources without the upfront cost of buying physical servers, have helped build a multibillion-dollar cloud industry that continues to grow each…

Do Not Rely On Passwords To Protect Your Online Information

Do Not Rely On Passwords To Protect Your Online Information

Password Challenges  Simple passwords are no longer safe to use online. John Barco, vice president of Global Product Marketing at ForgeRock, explains why it’s time the industry embraced more advanced identity-centric solutions that improve the customer experience while also providing stronger security. Since the beginning of logins, consumers have used a simple username and password to…

How To Humanize Your Data (And Why You Need To)

How To Humanize Your Data (And Why You Need To)

How To Humanize Your Data The modern enterprise is digital. It relies on accurate and timely data to support the information and process needs of its workforce and its customers. However, data suffers from a likability crisis. It’s as essential to us as oxygen, but because we don’t see it, we take it for granted.…

5 Ways To Ensure Your Cloud Solution Is Always Operational

5 Ways To Ensure Your Cloud Solution Is Always Operational

Ensure Your Cloud Is Always Operational We have become so accustomed to being online that we take for granted the technological advances that enable us to have instant access to everything and anything on the internet, wherever we are. In fact, it would likely be a little disconcerting if we really mapped out all that…

Cloud-based GRC Intelligence Supports Better Business Performance

Cloud-based GRC Intelligence Supports Better Business Performance

Cloud-based GRC Intelligence All businesses need a strategy and processes for governance, risk and compliance (GRC). Many still view GRC activity as a burdensome ‘must-do,’ approaching it reactively and managing it with non-specialized tools. GRC is a necessary business endeavor but it can be elevated from a cost drain to a value-add activity. By integrating…


Sponsored Partners