Category Archives: Cloud Computing

Some Reasons Behind Cloud Security Vulnerabilities

Some Reasons Behind Cloud Security Vulnerabilities

Some Reasons Behind Cloud Security Vulnerabilities

We have debated back and forth that the Cloud is just as safe as the traditional enterprise option, and even more so. Combined with all the advantages, it is a better option for today’s business world. But the security fears are always just around the corner and pops up again every time there is a discussion about Cloud migration. These fears are not unfounded however; they are very real but quite containable unless they were not considered during migration to the Cloud.

Organizations looking into Cloud security like HP have found very simple and obvious yet often overlooked reasons for the security vulnerabilities that happen when applications and data are migrated to the Cloud. Most of the vulnerabilities are caused by overlooked and unchanged settings when applications and data have been migrated. Here are a few of them.

1) Unchanged hardcoded communication channels

Most enterprises have data policies that have been enforced in their data centers and have been considered as fairly secure. Settings like encrypted or unencrypted data channels, harcoded IP addresses and hardcoded hostnames. These are all fine internally because the data center environment has been evaluated for security and these settings were made for exactly that. But when the data is moved to the Cloud, all the channels become public so internally secure processes like passing plain text content over the network suddenly becomes a huge vulnerability. That is why all migrated programs and applications should conduct all the previously safe intra-component communication over secured and encrypted channels. All of these settings have to be changed to accommodate the change in the control of the network infrastructure.

2) Unsecured logging system


Logs are very important for the enterprise. It allows administrators to diagnose problems and as a forensic tool to find evidence in the event of an attack. Enterprises often have strict rules which govern their logging system and dictates what exactly can be logged and who are privy to this sort of information. These rules are strictly policed and enforced regularly. But when the system is migrated, these rules do not apply anymore. And to avoid repercussions and accusations later on, these rules must be reviewed and reapplied to the Cloud environment through the SLA with the Cloud vendor. This ensures that data logging cannot accidentally leak towards malicious individuals. Attackers can use the log data to determine the vulnerabilities of the system; it is very rich and for hackers. The logging should be minimized, reconfigured and controlled, or even turned off.

3) Adjusting encryption for virtualization

Mirroring of an entire system is a very common practice when provisioning virtual environments. This means that a specific vulnerability with the parent system will ensure that all virtual mirrors will have that same vulnerability, giving an attacker hundreds of doors which can be opened by a single key. Virtual instances must have different encryption keys, so they should never be hardcoded. Hardcoding in an internal data center environment might be fine, but that should be changed when the system goes Cloud.

All of these vulnerabilities are because of the difference in the environment that the system will be residing in. Most of the time migration is so painless because systems work immediately without much tweaking that these very important security liabilities which were not issues before have been ignored and carried over in the public environment. The only solution is a reevaluation of the system’s security after migration and changing all of these variables.

By Abdul Salam

Beyond Test & Development: What The Virtualization Era Can Teach Us

Beyond Test & Development: What The Virtualization Era Can Teach Us

Beyond Test & Development: What The Virtualization Era Can Teach Us About The Next Phase Of Cloud Computing

The cloud revolution we are currently witnessing shares a number of parallels with the virtualization movement that empowered the enterprise datacenter over the last decade. At the core of both of these tectonic shifts were clear platform disruptions spurred by Amazon Web Services (AWS) and VMware respectively. Similar to how VMware jumped out to an early lead in x86 virtualization market, AWS has shown early dominance in the public cloud market. The predominant early adopter use-case at the heart of both of these movements has been test/development environments.

Building on its test/dev era momentum, VMware successfully navigated to its next phase of growth around the end of 2008 as enterprise customers began to migrate production workloads to virtualized environments. Once customer comfort level was established with this use case, VMware license revenue continued its rapid upswing through the end of the decade.

The similarities in the initial adoption profile across these two market disruptions led me to take a closer look at the x86 server virtualization market growth trajectory to see what else we might learn. It turns out that a deeper examination of how this market evolved is an extremely informative exercise to help provide greater comfort and appreciation for the real market growth potential for cloud computing.

The Test & Development Era in the Cloud

In November of 2012, almost seven years into the adoption of its Simple Storage Service (S3), AWS announced that greater than 1.3 trillion objects had been stored in the S3 service. Given AWS’ initial market dominance, the number of objects stored in their S3 repository serves as the most accurate proxy for growth and adoption in this early phase of the cloud market. In the same vein, the x86 virtualization market was initially dominated by VMware’s success in test and development. Consequently, VMware’s software license revenue through this period from ’02-‘08 serves as the most accurate measure of early server virtualization market growth. Overlaying the growth trajectories from the initial ramp of the cloud and virtualization platforms in their formative years shows a remarkably similar early adoption profile.

The Test/Development Era – x86 Virtualization vs. Cloud


Entering The Production Era

Projecting out the next phase of growth in cloud computing surely will be dependent on the ability for cloud service providers to architect a VMware-like market transition from primarily test and development workloads to production applications. However, no single service provider, not even AWS, can affect this transition alone. Driving the delivery of production workloads from the cloud requires commitment and innovation across the cloud ecosystem equal or greater than that demonstrated by the ISV and hardware vendor community that supports VMware. Today’s cloud ecosystem vendors are stepping up to support cloud’s advancement by building in features to support multi-tenancy, self-service via automation, and leveraging new architectures to drive increased scale. Similarly, Amazon continues to add services to support production environments including Route 53, VPCs, Direct Connect and traditional relational database certifications. If the revenue growth realized by VMware from successfully navigating their transition is any indication, the potential returns to be had from investing in the Production Era of cloud computing will more than offset the upfront investments.

The Production Opportunity

Building off the Test/Dev era comparison from earlier, the graph below plots VMware’s actual license revenue growth over the ten-year period from ’02 (YR1) to ’12 (YR11) against early cloud computing growth in its first 7 years (using AWS S3 objects as the proxy). Missing from this graph, as the history is still to be written, is what happens in the next phase of cloud computing. AWS announced that, only 1/3rd of the way through 2013, S3 objects stored had eclipsed the 2 trillion mark. If this pace continues, by the end of 2013 cloud adoption will show a significantly accelerated growth trajectory relative to the same period of x86 virtualization adoption. In this context, cloud computing’s initial adoption trajectory is pretty impressive, especially considering we are only now just scratching the surface of the opportunity for production applications.

The Production Era Opportunity


Bridging The Gap

While the x86 server virtualization market evolution has presented us with an intriguing template for what could lie ahead in the cloud computing market, it is not yet a forgone conclusion that things will materialize in a similar fashion. Certainly the early parallels between the test/development phases of these markets are too compelling to ignore. But continued innovation needs to occur across the cloud infrastructure ecosystem to yield similar growth rates compared to what was experienced in the Production Era of server virtualization.

Similar to the “virtualization first” mandate that helped drive the majority of incremental workloads to virtualized environments; IT departments are increasingly subjecting applications to “cloud-first” scrutiny. With this type of adoption stimulant in place, the opportunity for cloud providers to help facilitate the Production Era of cloud computing is there for the taking. For the market to have any chance of realizing its full potential, service providers must be able to confidently, and economically, address the more stringent demands of mission and business critical applications. In the x86 server virtualization market VMware was able to answer the bell. In the cloud computing market the time is now for service providers to do the same.

By Dave Cahill / Director of Strategic Alliances, SolidFire

davecahillbwDave comes to SolidFire with 10 years of experience in and around the enterprise storage industry. Prior to SolidFire, Dave was the founder of Diligence Technology Advisors, a strategy consulting practice focused on emerging enterprise technologies. He started his career at EMC as an early member of the Centera business unit. After EMC, Dave spent 6 years on Wall Street in analyst and investor capacities, including at RBC Capital Markets, where he was a key contributor on one of Wall Street’s top equity research teams in storage. At SolidFire Dave leads the company’s strategic alliance efforts.

Report Traces Cloud Computing Security Errors To Errant Humans

Report Traces Cloud Computing Security Errors in India, other Countries to Errant Humans

While India has attracted a number of big giants in the Information Technology and cloud computing niches, it still ranks as one of the top guns that suffer security compromises. A report that came out early June, with a focus on the 2012 cloud environment around the globe, and particularly the subcontinent, showed a trend of rising cost-per-safety-compromise that is likely to hike where humans botch up their digital work. The report finds crossroads between the three-quarters of data the Indian subcontinent lost over the past year to human laxity, in organizational matters, and system hitches. At the same time, the global equivalent of these compromises that had similar causes to that of India, the human and the technical, were two-thirds.

The Expense

The approach of this report is that of costs that emanate from the act of security infiltration for each time it happens. The median for the planet’s compromises in 2012 was worth about 7360 Indian Rupees, which comes to mean a lot of data bucks going down the drain, and machines crashing. The Indian equivalent of this breach reaches to 2271 Rupees per hit, infection or data loss. If one were to multiply these instances, it would mean a whole industry collapsing from too much occurrences of an ugly character.

Not quite surprising, the industries that rely mostly on cloud computing are the major victims of this breach on their servers. These include companies in the pharmacy industry, one of the mainstays of the Indian merchant economy, medical sector and finance. Interestingly, the sectors, in spite of being the most close to call, for they enjoy close surveillance by the administration, underwent security barrages of above 70%, in cost, than the rest.

The Solution

Despite the proliferation of insecurity in the cloud computing dispensation in India, there is still a light at the end of the tunnel in the name of departmental approach. The report delineated contexts where companies with CISO or officials who look into the security wing of the compute, storage or software offering in a company, had less malfunctions than the rest. This is because the technical officers routed out the clout in the eye of companies from within: the employees. Indeed, firms in India, or elsewhere, who only approach security from an offshore server perspective, are increasingly suffering breaches than those that guide their staff to secure their in-house systems.

The other factor is to undertake extensive response projections, to ensure that any new security incident will be easy to counter. Training the staff on the same is part of the bargain, for an organization does not rely on a security officer alone. The head of a high-profile institute in India has revealed, on the peripheries of this latest report, that an eight-year reconnaissance on data safety has revealed to them that staff habit is one of the most important disadvantages. In fact, between the unveiling of the last and this report, the breaches that link directly to staff have upped by 22%, perhaps due to the consciousness of the social web that has caught up with people, everywhere.

The recommendation is to keep data in the cloud secure by adopting the departmental approaches, above. Companies that have evolved dynamic safety frameworks have shown staying power. They have kept their employees’ private data, that of the organization and that of consumers, secure, to degrees that are 20% on the lower side of the global mean. This is because they know that security is not all about the sites or servers, but the devices, which can include cell phones, computers or any other gadget.

The report reveals much about cloud computing security that is not just Indian but global. From small-scale theft of data though flash discs to high-profile cyber phishing, companies, on the modern platform, have to deal with complex safety issues. However, as the Indian case has revealed, the best way is to start from below, by dispelling the petty data theft issues, before inching up the staff ladder, appropriating response mechanisms, and finally, incorporating CISOs to oversee organizational cloud security framework.

By John Omwamba

PRISM – A Fireball To The Advancing Public Cloud?

PRISM – A Fireball To The Advancing Public Cloud?

PRISM – A Fireball To The Advancing Public Cloud?


It’s all over the news. Blogs are filled with discussions, analysis – both critical and realistic but what’s clear is that no one is trying to justify it. The big question however, remains to be asked: What impact will PRISM has on the rapid advancement and penetration of public Cloud in our lives? Before we attempt to look at some of the possible ways the industry, specifically public Cloud service providers may choose to adopt, let’s briefly look at what PRISM really is.

It all started with Washington Post publishing a report on a secret Government (NSA?) program to fetch information on your communications, transactions and data directly from the datacenters of the big internet companies. There have been rumors floating around before WP published the report but the report added the needed fuel to the fire.

Among the companies which were reported to have granted unrestricted access to the Government bots to scoop data right from their servers were the big giants like Google, Microsoft and Apple. The post revealed that the documents it received indicated grant of “voluntary” access by these and 6 other big internet companies to query data. This would mean unrestricted access to terabytes, in fact petabytes of image, voice, textual and metadata formats of your personal data. The US Government was quick to respond to the report and clarify the even though PRISM does exist in some form, it does not spy on Americans, only foreigners and that all access to the data is approved and court supervised. You could imagine the importance of this clarification by the fact that Obama himself clarified this while he was in the middle of an important series of meetings with the new Chinese premier.

Tech giants were quick in rectifying and the executives themselves with Facebook’s Mark denying that he knew about PRISM and also clearly stating that no such access has been granted to any Government agency and that Facebook continues to uphold the privacy of its users.

In the backdrop of this huge privacy bubble, what would be its impact on the public cloud service providers? A strong statement coming from the top execs of the companies which were named in the report was the right decision and it did help but in the long run when there is already a heated debate on the true privacy and protection of personal data, which hundreds of millions of us, in fact billions, share through services hosted on the public cloud. Data residency on the cloud is still something which is evolving, with big enterprises showing growing interest for cloud security solutions that offer data encryption in-house before sending it off to the cloud. This new development will definitely add more energy into this direction.

By Salam UI Haq

(Image Source: Shutterstock)

Cloud Infographic: Costs Of Repairs Or Data Recovery

Cloud Infographic: Costs Of Repairs Or Data Recovery

Cloud Infographic: Costs Of Repairs Or Data Recovery

Cloud storage has revolutionized the way we keep our files and because most of the established cloud storage providers use the best security and encryption technology available, most of us tend to forget that we have our own part to do in ensuring the safety of our own files. While cloud storage can free us from such worries as having malicious programs sneak into our computer system, there are still practices that we have to observe to keep our data safe in the cloud. If you’re already taking advantage of online storage or plan to move your digital luggage online, here are some tips that can help prevent data loss and unauthorized access to your files.

Below is a terrific infographic courtesy of Backblaze which delves a little into a number of underlying concerns with big data, storage and security today, and in the future.


Infographic Source: Backblaze

Invisible Computing: How Cloud Is Forcing Software And Hardware Apart

Invisible Computing: How Cloud Is Forcing Software And Hardware Apart

Invisible Computing: How Cloud Is Forcing Software And Hardware Apart

By 2018, Gartner predicts that 70 per cent of professionals will conduct their work on personal mobile devices, enabled by the revolutionary concept of cloud computing.

Cloud computing essentially separates software from the logical functionality of local hardware. In other words, instead of needing computing power to be housed locally, major computing functions will instead be accessible from afar, usually via the Internet.

The obvious benefit here is that risk of ownership of software is eliminated, as well as the need to hire in-house resources to service them.

What will this do to the market?

In the case of hardware, cloud computing is likely to open the market up by lowering barriers to entry for manufacturing. The recent emergence of Bring Your Own Device (BYOD) in the workplace presents renewed scope and opportunity for the hardware market, as by 2016, 38 per cent of businesses expect to stop providing devices to staff, allowing them instead to select their own.

The real question is how cloud computing will fundamentally alter the landscape of the software market. Ever since computers have been adopted for wide scale use in offices, the market has largely operated in the same way. That is to say, businesses have always owned the software that they use.

The switch to cloud computing poses major challenges for software providers in that:

  • They will need to reconsider how their products are designed to ensure optimum functionality via cloud hosting, and;

  • They will need to deal with hugely disruptive business model changes; the lump-sum software sales prices and annual maintenance fees that software creators are used to will have to be converted into monthly subscription fees, distributed at a different pace to what they’re accustomed to.

In addition, customers will pay only for the software and service they actually use, rather than licensing the whole package. What isn’t yet clear is the extent of these financial implications for software providers.

What will this mean for business?


Businesses will effectively be shifting expense from capital to operational, typically with little to no upfront costs. They will also save considerable time and space by no longer needing to house and maintain their own server.

But perhaps more interestingly, as software drifts apart from hardware, businesses’ ability to map infrastructure will become a thing of the past. In fact, when software is accessed via cloud services, activity will take place in a highly abstract space. This is quite revolutionary for business practise and is already raising questions of security.

Cybercriminals are always one step ahead in developing new ways to abuse the online community, and experts predict that cloud computing will be no different. However, well-established Hosting providers should be able to make assurances about their security policy and when implemented with due care, cloud-based technology can offer a wealth of benefits to the business world.

By Ali Raza,

This guest blog is written by Ali Raza on behalf of Ali is a very keen blogger and writes content to please the audience and to add value to their lives. In his free time, Ali likes to get things ticked off from his bucket list.

Interest In Private Cloud Area Shapes Up As The Market Matures

Interest In Private Cloud Area Shapes Up As The Market Matures

Interest in Private Cloud Area  Shapes Up as the Market Matures

As their market matures, many companies are contemplating about using a private cloud for their operation, keeping in mind the convenience, better security and control that they can exercise with their internal technology platforms. The use of a private cloud allows a company’s IT department to exercise more flexibility in terms of controlling the internal environment of their servers. However, there are some skeptical views regarding the use of private cloud by companies and whether it is indeed a viable technology that will deliver the results they expect from using the same in their business.Cloud-Store

Private cloud overview

A cloud storage service is a viable tool that companies can use in storing data in their system and making it accessible within their network. Using a private cloud storage will help companies to actively use the data that they need some degree of control from. The data is stored within an infrastructure in their data center which optimizes the company’s employees to access and exchange information with enhanced performance and security. This works like an in-house private cloud that is available within a company’s IT data system. A private cloud computing service is one that deploys an on-premises cloud service through a virtual data center within the company’s IT infrastructure that works with a self service portal.

Growing numbers of companies to use private cloud in the near future

According to surveys, there are a growing number of enterprises that want to use private cloud in the near future to optimize their business. The TechTarget survey revealed that there are different reasons why companies want to pursue private cloud in their operation, reasons among which include improving the company’s financial costs and enhancing the IT operation for their business. But the most obvious outcome of the survey showed that the number of companies looking forward to pursuing private cloud is growing.

The use of private cloud computing is certainly on the rise and there a number of reasons why this kind of technology is becoming popular in affecting the IT market these days. The main reason seen as reported in TechTarget for this growing popularity of private computing is the private cloud cost savings benefits. The technology is seen to unburden the IT systems and maintenance requirements which essentially helps a company to enjoy more productive profits owing to this cost saving effect on the IT workloads and software maintenance. IT managers find the use of a private cloud computing as viable for their computing services.

The survey revealed that small and large companies are more ready to use the private cloud computing system as compared to the medium sized companies because of the unique needs of these companies. Private cloud computing is more convenient in small businesses because they use modest resources of their IT system and using private cloud is a less traditional method that they could adapt to their system. Large companies are more concerned about the cost saving benefit of private cloud computing to offload some of their less critical workloads and projects that do not require stringent compliance on IT system.

Are companies ready to embrace private cloud?

Apparently, not all companies are not too well versed on what a private cloud computing system really is. There has been a misconception about running a virtualized environment for data management from using private cloud computing as described by the Vice President of the Cloud Technology Partners, John Treadway. Even the Chief Executive Officer of Logicworks, Ken Ziegler raised the issue on the common misconceptions regarding private cloud computing and about “cloudwashing” where vendors are selling their public cloud services as bundles of a private cloud package. If you own the data as your company asset but use the services of a third party vendor that is plugged to your own data center, then you are not using a private cloud at all. This can cost you more by using the services of another vendor. A private cloud system is one that should be available from your company’s in-house IT infrastructure and should not be connected in any way to another vendor’s IT server.

With the advent of the private cloud computing IT solution, more companies are getting a better perspective in understanding what a private cloud really means. Although private cloud computing is not something new in the IT industry, the whole system is not yet fully understood. Thus, it would suffice to say that this cloud computing is neither on its infancy nor in its maturity stage in affecting the fields of IT service management and engineering systems in corporate companies. But many companies are now getting ready to completely embrace the latest IT solution in the form of private cloud computing and with the growing need for using a private cloud, this type of computing system will likely become the future IT service management that companies will soon deploy in their business IT system.

By Stacy Carter,

Stacy Carter is a crazy amateur to cover technology news via online exposures. She writes about cloud computing, content marketing, various applications, Android and iPhone apps. She contributes for many websites.

The Lighter Side Of The Cloud – The IT Department

The Lighter Side Of The Cloud – The IT Department

By David Fletcher

Are you looking to supercharge your Newsletter, Powerpoint presentation, Social media campaign or Website? Our universally recognized tech related comics can help you. Contact us for information on our commercial licensing rates. 

CloudTweaks Comics
Cloud Infographic – DDoS attacks, unauthorized access and false alarms

Cloud Infographic – DDoS attacks, unauthorized access and false alarms

DDoS attacks, unauthorized access and false alarms Above DDoS attacks, unauthorized access and false alarms, malware is the most common incident that security teams reported responding to in 2014, according to a recent survey from SANS Institute and late-stage security startup AlienVault. The average cost of a data breach? $3.5 million, or $145 per sensitive…

Reuters News: Powerfull DDoS Knocks Out Several Large Scale Websites

Reuters News: Powerfull DDoS Knocks Out Several Large Scale Websites

DDoS Knocks Out Several Websites Cyber attacks targeting the internet infrastructure provider Dyn disrupted service on major sites such as Twitter and Spotify on Friday, mainly affecting users on the U.S. East Coast. It was not immediately clear who was responsible. Officials told Reuters that the U.S. Department of Homeland Security and the Federal Bureau…

Update: Timeline of the Massive DDoS DYN Attacks

Update: Timeline of the Massive DDoS DYN Attacks

DYN DDOS Timeline This morning at 7am ET a DDoS attack was launched at Dyn (the site is still down at the minute), an Internet infrastructure company whose headquarters are in New Hampshire. So far the attack has come in 2 waves, the first at 11.10 UTC and the second at around 16.00 UTC. So…

The Conflict Of Net Neutrality And DDoS-Attacks!

The Conflict Of Net Neutrality And DDoS-Attacks!

The Conflict Of Net Neutrality And DDoS-Attacks! So we are all cheering as the FCC last week made the right choice in upholding the principle of net neutrality! For the general public it is a given that an ISP should be allowed to charge for bandwidth and Internet access but never to block or somehow…

Micro-segmentation – Protecting Advanced Threats Within The Perimeter

Micro-segmentation – Protecting Advanced Threats Within The Perimeter

Micro-segmentation Changing with the times is frequently overlooked when it comes to data center security. The technology powering today’s networks has become increasingly dynamic, but most data center admins still employ archaic security measures to protect their network. These traditional security methods just don’t stand a chance against today’s sophisticated attacks. That hasn’t stopped organizations…

Achieving Network Security In The IoT

Achieving Network Security In The IoT

Security In The IoT The network security market is experiencing a pressing and transformative change, especially around access control and orchestration. Although it has been mature for decades, the network security market had to transform rapidly with the advent of the BYOD trend and emergence of the cloud, which swept enterprises a few years ago.…

Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

The 80-20 Rule For Security Practitioners  Everyday we learn about yet another egregious data security breach, exposure of customer data or misuse of data. It begs the question why in this 21st century, as a security industry we cannot seem to secure our most valuable data assets when technology has surpassed our expectations in other regards.…

Maintaining Network Performance And Security In Hybrid Cloud Environments

Maintaining Network Performance And Security In Hybrid Cloud Environments

Hybrid Cloud Environments After several years of steady cloud adoption in the enterprise, an interesting trend has emerged: More companies are retaining their existing, on-premise IT infrastructures while also embracing the latest cloud technologies. In fact, IDC predicts markets for such hybrid cloud environments will grow from the over $25 billion global market we saw…

3 Keys To Keeping Your Online Data Accessible

3 Keys To Keeping Your Online Data Accessible

Online Data Data storage is often a real headache for businesses. Additionally, the shift to the cloud in response to storage challenges has caused security teams to struggle to reorient, leaving 49 percent of organizations doubting their experts’ ability to adapt. Even so, decision makers should not put off moving from old legacy systems to…

Digital Transformation: Not Just For Large Enterprises Anymore

Digital Transformation: Not Just For Large Enterprises Anymore

Digital Transformation Digital transformation is the acceleration of business activities, processes, and operational models to fully embrace the changes and opportunities of digital technologies. The concept is not new; we’ve been talking about it in one way or another for decades: paperless office, BYOD, user experience, consumerization of IT – all of these were stepping…

Don’t Be Intimidated By Data Governance

Don’t Be Intimidated By Data Governance

Data Governance Data governance, the understanding of the raw data of an organization is an area IT departments have historically viewed as a lose-lose proposition. Not doing anything means organizations run the risk of data loss, data breaches and data anarchy – no control, no oversight – the Wild West with IT is just hoping…


Sponsored Partners