Category Archives: Contributors

Cashless Society Part 2: Pros and Cons

Cashless Society Part 2: Pros and Cons

The Cashless Society

Having looking at our movement towards a cashless society in Part 1, I thought we should turn our attention to the consequences of a truly cashless society. Could it be a force for good? Or could it lead to banks and governments abusing the power that comes along with it?

The phasing out of cash in the economy would make implementation of certain fiscal policies, such as negative interest rates, far easier and more effective. Kenneth Rogoff, author of “The Curse of Cash”, cites negative interest rates as an important tool for central banks to restore macroeconomic stability; the incentive to borrow and spend help stimulate the economy. By holding all currency in regulated accounts the government can tax savings in the name of monetary policy.

Kenneth RogoffOne of the more widely used arguments in favour of a cashless economy is that of security. France’s finance minister has recently stated that he plans to “fight against the use of cash and anonymity in the French economy” in order to help fight terrorism and other threats. With the ability to track every transaction that takes place, intelligence services could cut down on crime by monitoring purchases and money transfers. However, Rogoff acknowledges the limitations of this policy, in that the removal of paper money will only be effective “provided the government is vigilant about playing whac-a-mole as alternative transaction media come into being“. Although, it is naïve to think that crime could be quashed so easily. If interest rates fall too far below zero, it is quite possible that citizens would find an alternative to cash (drug traffickers certainly would). Money has been reinvented time and again throughout history, as shells, cigarettes and cryptographic code. Going cashless has also been touted as being more secure from theft, with Apple and Google claiming their payment system is more secure than regular banking, as well as being more convenient than cash.

Yet there are a number of concerns that have been raised about the transition to digital money. Advances in tech have allowed credit and debit card purchases to be tracked and evaluated to gauge the validity of a purchase. This has so far been used to prevent fraud and theft, to protect consumers. However, there is a risk of abuse here, for example in 2010 Visa and Mastercard gave in to government pressure, not even physical legislation, and barred all online-betting payments from their systems. They made it virtually impossible for these gambling sites to operate regardless of their jurisdiction or legality. Scott A. Shay, chairman of Signature Bank, suggested in an article on CNBC that “the day might come when the health records of an overweight individual would lead to a situation in which they find that any sugary drink purchase they make through a credit or debit card is declined”. Although this may seem like a stretch, a government with access to this sort of power could quite easily control individual spending.

A cashless society would also increase the difficulties for homeless people to re-integrate into society. Having no fixed address already makes holding a bank account incredibly difficult, a cash free society simply increases the societal barriers that those on the fringes of society have to navigate. There is also the psychological issue, that electronic payment encourages frivolous spending. A student interviewed at the University of Gothenberg commented that she was much more likely to think twice about spending a 500 krona note compared to with a debit or credit card.

The other side of the coin (pardon the pun), is that this power could be used for good, for example placing restrictions on recovering alcoholics from purchasing alcohol. The route which this technology will take is, as is often the case, determined by the government and societal attitude to the situation. There is room for abuse in the technology, more than most, but the benefits are well documented and used sensibly could help prevent terrorism and crime, reduce tax evasion, and help to curb unhealthy spending habits. Ultimately, a cashless society will be what we make of it.

By Josh Hamilton

Politics 2.0: The Age of Cyber-Political Warfare

Politics 2.0: The Age of Cyber-Political Warfare

Cyber-Political Warfare

Do you remember the last time hackers and cybercriminals determined the outcome of a presidential race? Of course not, because it’s never happened. It could happen now. Without even thinking about it, we’ve slipped into a new era. I would dub this the Age of Cyber-Political Warfare. This playing-field is thick with espionage, and it’s dominated by people who have little to no political clout. Instead, they have technical know-how.

It’s common knowledge that the internet is rife with identity theft. Social profiles, email, ecommerce sites, and mobile devices all provide excellent avenues for cyber-thieves. Oftentimes, it doesn’t take hacking skills to get information. The Snapchat employees who had their information stolen were victims of an email phishing scam. All the thief had to do was pretend to be Snapchat’s CEO and ask a single employee for payroll data.


In the case of Hillary Clinton, it wasn’t hard for a cybercriminal to reveal her email activities. Data security firm Kroll points out that the revelation didn’t even technically involve hacking. Rather, it’s a high-profile case of a compromised account. The compromiser, ‘Guccifer’ Marcel Lehel Lazar, used Open Source Intelligence (OSINT) to find out personal information about Sydney Blumenthal, who is a Clinton confidant. He used Open Source information to figure out Blumenthal’s email password. From there, he discovered Clinton was using a private server to email Blumenthal. Then, Guccifer published Clinton’s private email info online.

Guccifer was sentenced to four years in prison. Is that enough to deter an onlooker from copying his crimes? Apparently not, because Guccifer 2.0 has surfaced to release more stolen information. According to the original Guccifer, this kind of digital detective work is “easy… easy for me, for everybody.” Everybody can hunt down information that could potentially determine the result of a political election. This puts a brand new kind of power in the hands of the many. Anyone smart enough to follow trails of data online can be a player in the Age of Cyber-Political Warfare.

The biggest player here is Russia. The White House is certain that Russia’s state-sponsored hackers compromised Democratic National Committee email accounts, with the intent of influencing the election. Secureworks reports that the hackers used a phishing scam. They made it look like members of the Clinton campaign and the DNC were logging into Gmail accounts. The login page was fake, and through it the hackers gained login data. Reportedly, Russian hacking group Fancy Bear used Bitly to setup the malicious URLs, which read ‘’ instead of Now Bitly isn’t just a customer experience platform and IBM partner. It’s an unwitting tool in the hands of malicious hackers.

Obama promised a proportional response to the hacks. What would cyberwar with Russia look like? If a ‘proportional response’ is coming, we’ll see the release of inside information about Vladimir Putin or other high-ranking Russian officials. But how this would influence Russian politics, no one can be sure. Russia could merely cite our desire to get revenge and brush any sort of leaks off as petty attempts to disparage Russian officials.

One thing is clear: to be a politician now, you have to be, at minimum, cognizant of cyber threats. While American politics is stuck in the binary of red vs. blue, the fluid and fast world of the web is a much more complex place. It’s a place where people wheel-and-deal on a multinational level. It’s a powerful place to reach people and to access their data. Politicians want to use the internet as a tool, but by doing so they’re placing their data and their information at risk. In the Age of Cyber-Political Warfare, that data will continue to be a weapon for invisible and powerful opponents.

By Daniel Matthews

Is a freelance writer at the intersection of current affairs, tech, and business. You can find him on Twitter.

The Next Wave of Cloud Computing: Artificial Intelligence?

The Next Wave of Cloud Computing: Artificial Intelligence?

Cloud Computing and Artificial Intelligence

Over the past few years, cloud computing has been evolving at a rapid rate. It is becoming the norm in today’s software solutions. Forrester believes that that cloud computing will be a $191 billion market by 2020. According to the 2016 State of Cloud Survey conducted by RightScale, 96% of its respondents are using the cloud, with more enterprise workloads shifting towards public and private clouds. Adoption in both hybrid cloud and DevOps have gone up as well.


The AI-Cloud Landscape

So where could the cloud computing market be headed next? Could the next wave of cloud computing involve artificial intelligence? It certainly appears that way. In a market that is primarily dominated by four major companies – Google, Microsoft, Amazon, and IBM – AI could possibly disrupt the current dynamic.

In the past few years, there has been a surge of investment in AI capabilities in cloud platforms. The big four (Google, Microsoft, Amazon and IBM) are making huge strides in the AI world. Microsoft is currently offering more than twenty cognitive services such as language comprehension and analyzing images. Last year, Amazon’s cloud division added an AI service which lets people add analytical and predictive capabilities to their applications.

The current AI-cloud landscape can essentially be categorized into two groups: AI cloud services and cloud machine learning platforms.

AI Cloud Services

Example of AI cloud services involve technologies such as Microsoft Cognitive Services, Google Cloud Vision, and IBM Watson. In this type of model, organizations incorporate AI capabilities in applications without having to invest in expensive AI infrastructures.

Cloud Machine Learning Platforms

On the flip slide, there are cloud machine learning platforms. Machine learning is a method of data analysis which automates analytical model building. It enables for computers to find patterns automatically as well as areas of importance. Azure Machine Learning and AWS Machine Learning are examples of cloud machine learning platforms.

IBM and Google Making Waves


Recently IBM and Google having been making news in the AI realm and it reflects a shift within the tech industry towards deep learning. Just last month, IBM unveiled Project DataWorks, which is supposedly an industry first. It is a cloud-based data and analytics platform which can integrate different types of data and enable AI-powered decision making. The platform provides an environment for collaboration between business users and data professionals. Using technologies like Pixiedust and Brunel, users can create data visualizations with very minimal coding, allowing everyone in the business to gain insights at first look.

Earlier this month at an event in San Francisco, Google unveiled a family of cloud computing services which would allow any developer or business to use machine learning technologies that fuel some of Google’s most powerful services. This move is an attempt by Google to get a bigger foothold in the cloud computing market.

AI-First Cloud

According to Sundar Pichai, chief executive of Google, computing is evolving from a mobile-first to an AI-first world. So what would a next-generation AI-first cloud like? Simply put, it would be one built around AI capabilities. In the upcoming years, we could possibly see AI being key in improving cloud services such as computing and storage. The next wave of cloud computing platforms could also see integrations between AI and the existing catalog of cloud services, such as Paas or SaaS.

It remains to be seen whether AI can disrupt the current cloud computing market, but it will definitely influence and inspire a new wave of cloud computing platforms.

By Joya Scarlata

Where Are Your Users Learning About The Birds And The Bees Of Cloud?

Where Are Your Users Learning About The Birds And The Bees Of Cloud?

Clouding Around

Where did you learn about the birds and bees – from your adolescent peers? How did that work out for accuracy? Today it’s from peers and the Internet. The same is true for your users and the cloud with the same sometimes disastrous consequences. You’re the CIO, shouldn’t they be learning cloud from you? Stop lamenting like Rodney Dangerfield how IT gets no respect. Step up and reach out.

Cloud use is spreading rapidly but most of your users have a vague or misguided concept of what cloud really is and its promises and pitfalls. Want proof? Often quoted are Gartner’s Top Ten Cloud Myths. But that is just scratching the service. A little digging reveals lots of misconceptions about SaaS, like here and here. Even your peers on the management committee hold foggy notions of how it works but are reluctant to admit it. Instead, they echo some of the buzzwords, quote an article they read in the WSJ, etc. Let’s face it. Your firm is already pregnant with cloud. Why not take a page from what your peers do and get ahead of the curve.

Your head of HR works hard at building and executing an education program for the company’s staff. It’s designed to encompass the many different facets of management and leadership to facilitate employees’ progress. It also points out all the policies and laws that need compliance. Attendance and regular testing is mandatory and for good reason. To grow, your firm needs knowledgeable leadership and a strong culture. To stay out of trouble, employees need to understand the firm’s and society’s norms and boundaries.


Your CFO does the same. Folks are regularly exposed and held accountable to the business metrics and methodologies used to manage and steer the enterprise. The how and why you do what you do is critical for staff to understand, if the firm is going to reach its goals. Likewise, there are a lot of regulations where compliance is essential. They range from those covering all businesses, like SOX or FCPA, to those that are industry specific, like HIPAA or Dodd-Frank.

It’s a good bet that your operations, marketing, and other functions in the company do the same: provide development and tools for success while also pointing out the guard-rails between which actions can be taken in accord with company culture and society norms.

What are you doing for IT leadership? Let’s guess. Odds are you focus on the guardrails. You teach them good passwords, how to avoid phishing emails, perform safe browsing, use corporate data on their mobile devices, etc. All worthy topics but that’s not the half of it. As the fundamentals of your business become increasingly digital they are spending buckets of money on cloud computing. Who is teaching them about cloud? Who is helping the company’s staff make good decisions and avoid bear traps in cloud?

Safe bet it is not you. SaaS vendors go right around you directly to them. Their peers and buddies during meetings and conferences buzz about the latest cloud-based tool – and it’s even free to try! You turn around and surprise, everyone is on and they are asking you to link it to your old Oracle order management system.

Why not get ahead of the curve and emulate your peers. Teach your users about cloud. Give them the basics, dispel the myths and paint relevant case studies to your industry and environment. Give them the big picture, too. Cloud is pretty prominent in the press these days: all the way from how everyone can use it to how it is transforming whole industries.

NetSuite is bought by Oracle. elects to use AWS. Workday announces they will use IBM’s cloud for development. Is any of this relevant for your enterprise? Why not write a short note to all users or a post on your internal social media giving your point of view? Are you too busy to write something? Send a link to an article of blog post you particularly liked.

Make yourself the “go to” guy when different parts of the company contemplate using cloud. Do it for the company and do it for you. The CIO and IT’s role are changing and you need to negotiate a difficult path. Some even predict the CIO position will disappear. Nothing is certain but wouldn’t it be better if your users viewed you as a valuable and essential member of the team?

(Originally published Oct 13th, 2016. You can periodically read John’s syndicated articles here on CloudTweaks. Contact us for more information on these programs)

By John Pientka

Effective Security Management In A Software Defined World

Effective Security Management In A Software Defined World

Effective Security Management

Software defined infrastructure (SDx) along with use of private and public cloud technology is completely changing the way IT departments manage enterprise data centers and application workloads. Automation is a key component of software defined networking (SDN), bringing network, server, storage, security management and other IT functional teams together to transform the data center from a hardware-focused to an application-focused environment.

In the past when organizations deployed new applications, the application owner needed to collaborate with several disparate teams. For example: one team was responsible for installing the required server hardware and operating systems, another team was responsible for connecting the new servers to the network, and yet another team was responsible for provisioning the security and firewall rules.


It was as if the stars, planets and moons (or in this case all the functional teams) had to align in order for all of the necessary components to be provisioned. Then, and only then, could the application owners’ start using the new infrastructure. The result of all these tasks was it would take weeks or even months before the infrastructure was ready and the new application could start to be rolled out.

Today, private and public cloud infrastructures allow IT to automate these manually intensive operations; virtual machines are dynamically created and deployed, operating systems are quickly and easily provisioned, and connecting new services to the network is streamlined and automatic. As a result, pre-configured templates of commonly used and well defined services are available to the application owner. With a single click on a self-service portal, applications can now be quickly provisioned across multiple data centers, within or among private and public clouds.

In this software defined world where new apps are instantly created or moved to a different location as the infrastructure gets provisioned, changed and elastically scaled based on demand, security officers are challenged to enforce security policies and retain full visibility of security incidents. In fact, security often lags far behind the application developer’s ability to provision new infrastructure since traditional security controls remain fixed at protecting the network perimeter and don’t easily extend into the highly dynamic and automated software defined infrastructure. As such, security remains a key challenge for organizations looking to get full visibility and control of their threat landscape and plug any vulnerabilities in their cloud-based environments.

It turns out the keys to getting control back are creating dynamic security policies, API scoping and security management consolidation.

Creating Dynamic Security Policies

Dynamic security policies in modern networks are achieved by close integration with network virtualization and public IaaS solutions like VMware NSX, Cisco ACI, OpenStack, AWS or Microsoft Azure. By tightly integrating with these solutions, objects defined by those systems such as groups and tags can be learned and utilized in network security policies. This allows for the creation of dynamic security policies where changes in the software-defined environment are immediately translated and instantly reflected into an effective and active security policy that is applied to all traffic automatically – without human intervention.


Exposed or published APIs in popular SDN or cloud services controllers provides the logical integration point for creating dynamic security policies. Data defined by the controller – such security groups, VM or host names, tags, and more – can be exchanged with network security tools to create meaningful context for both security personnel and network administrators. Now, instead of arbitrary or meaningless IP addresses, the security in a software-defined network can leverage meaningful information about the network to ensure the right policies always follow application data and workloads – wherever they go.

Additionally, leveraging and populating this contextual information in log files gives security admins the ability to better understand and investigate any security incident. Security solutions for cloud-based networks must be able to integrate with leading cloud and network virtualization tools to not only provide advanced threat protection for both east-west and north-south traffic but also make use of dynamic cloud and other SDN objects in the security policy and logs for effective security management.

API scoping

In order to completely automate the deployment of new applications, organizations need to grant developer’s access to APIs that in many cases involve modification of security policies. It is vital to ensure this access is scoped or limited appropriately; otherwise, a mistake by a developer could potentially alter the security policy of the entire organization making it vulnerable to threats.

Scoping access to APIs example:

The printer admin use an app to add printers to the network. In doing so, this involves modifying firewall rules using an API. The security policy must ensure that the printer application can only add new printers – nothing else – and is only permitted within relevant network segments.

Incorporating sub policies in the security management solution is the best way to allow scoping API access down to a rule level, thus eliminating the possibility of inadvertently modifying the security posture and exposing the entire organization to new threats. This also ensures delegation of administrative duties down to specific use cases to streamline security management while maintaining oversight of all activities.

Security Management Consolidation

Consolidation of management functions is necessary to gain complete and holistic visibility of security policies and incidents across the entire organization’s infrastructure. Without management consolidation incidents are difficult to identify, correlate and analyze across the various cloud networks, making it operationally impossible to secure these environments.

The new software-defined infrastructure is complex, constantly changing and being driven by functional teams who don’t always understand the security implications that come from defining new infrastructure. In addition, organizations still have physical or legacy networks to maintain. It is now more difficult than ever to get a handle on not only where data center traffic goes – north-south, east-west, virtual and physical, private and public cloud – but how exposed an organization’s infrastructure is to vulnerabilities and threats.

Cloud-based security solutions must be able to provide customers with a unified solution that consolidates policy management, visibility and reporting across private and public clouds – all from a single pane of glass. It should be intuitive and scalable enough to handle security deployments wherever customer data goes while providing detailed analysis and correlation of security events across the entire enterprise network.

By Yoav Shay Daniely

Three Reasons Cloud Adoption Can Close The Federal Government’s Tech Gap

Three Reasons Cloud Adoption Can Close The Federal Government’s Tech Gap

Federal Government Cloud Adoption

No one has ever accused the U.S. government of being technologically savvy. Aging software, systems and processes, internal politics, restricted budgets and a cultural resistance to change have set the federal sector years behind its private sector counterparts. Data and information security concerns have also been a major contributing factor inhibiting the adoption of new technologies such as the cloud. Keeping data on-premise has long-been considered to be the more secure option; however, ever-increasing incidents of hacking, data breaches and even cyber terrorism within government entities from the IRS to most recently, the Office of Personnel Management (OPM), indicate that change is needed, and fast.

Slowly, but surely, a technology revolution is taking place within the public sector. Due in large part to the introduction of the Obama administration’s “Cloud First” policy in late 2010, the establishment of the Federal Risk and Authorization Management Program (FedRAMP), a standardized approach for conducting security assessments, authorizations and monitoring for cloud technologies, as well as innovations in cloud offerings themselves, cloud adoption among federal agencies is taking off. The General Services Administration (GSA), Department of the Interior (DOI), the Department of Agriculture (USDA), NASA, and even the Central Intelligence Agency (CIA) and NSA are just a few of the many agencies who have embraced cloud solutions in recent months and years. Further, with IDC’s recent Federal Cloud Forecast projecting sustained growth through 2018, the public sector is nearing its tipping point in cloud adoption.

Should this trend continue as expected, below are three reasons that cloud adoption can be the answer to close the federal government’s technology gap.

Availability of Clear Guidelines for Cloud Adoption

In the past, government agencies lacked a clear roadmap for evaluating and selecting authorized cloud providers, making it difficult for the technology to break through in the federal sector. According to the FedRAMP website, this resulted in, “a redundant, inconsistent, time-consuming, costly and inefficient risk management approach to cloud adoption.”

The introduction of FedRAMP has provided agencies with much-needed guidelines and structure to accelerate the use of cloud technology in all facets of the government. Today, cloud systems are authorized in a defined (and repeatable) three-step process: security assessment, leveraging & authorization, and ongoing assessment & authorization. Among its benefits, the federal program estimates that its framework will decrease costs by 30-40 percent and will reduce both time and staff resources associated with redundant cloud assessments across agencies.

Incentives to Focus on Cyber-Security

In October 2015, U.S. federal government CIO Tony Scott professed his support for the cloud during a Google at Work webcast, saying:

I see the big cloud providers in the same way I see a bank. They have the incentive, they have skills and abilities, and they have the motivation to do a much better job of security than any one company or any one organization can probably do.”

He’s right, and his comments represent a stark departure from the general consensus in the public sector just a few short years ago. Applying the same security measures and best practices to legacy, on-premise solutions requires both time and significant spend—both of which the government lacks. The competitive nature of the cloud business in recent years has challenged providers to adopt agile security practices, resulting in solutions that are secure, reliable and execute seamlessly. From email management systems to data storage services, continued cloud adoption at the federal-level will enable agencies to achieve long-term benefits that will eventually be impossible to achieve with on-premise systems, including advanced cybersecurity capabilities, guaranteed business continuity, as well as enhanced performance management functionality.


Bring Greater Efficiency in IT Spending

In February 2015, the International Association of Information Technology Asset Managers (IAITAM) released a report criticizing the U.S. government on its IT spending. The report suggested that while the federal government spends over six times more on IT per employee than its private sector counterpart, it also wastes 50 percent of its more than $70 billion IT budget due to a lack of standardization and controls. Combined, these factors have created a breeding ground for IT failures and exploits from threats inside and outside government walls. This is further indication that the existing status quo is inefficient and is putting the government (and U.S. citizens) at risk.

Over time, leveraging the “pay-as-you-go” model of the cloud, federal sector can decrease its IT spending, creating new efficiencies. Software and application management for example, which requires abundant resources to oversee in on-premise deployments, is virtually eliminated with a cloud-based solution. From business continuity and software maintenance to eventually, compliance and IT risk-related activities, the onus, falls on the cloud provider, not the customer. Thus, federal IT workers are freed up to focus on more mission-critical initiatives, rather than spinning wheels on inefficient technology, programs and processes.

While it will take some time before the cloud truly takes off in the federal sector, it’s hard to ignore the benefits that both the private sector and forward-thinking government agencies have seen with the technology to date. The time is now to make a change for good. If the U.S. wants to be viewed as one of the most technologically advanced nations in the world, it’s prudent that the government itself practice what it preaches, doing what’s needed to establish the country as a leader, rather than a follower, in this rapidly-evolving digital age.

By Vibhav Agarwal

The Five Rules of Security and Compliance in the Public Cloud Era

The Five Rules of Security and Compliance in the Public Cloud Era

Security and Compliance 

With technology at the heart of businesses today, IT systems and data are being targeted by criminals, competitors and even foreign governments. Every day, we hear about how another retailer, bank or Internet company has been hacked and private information of customers or employees stolen. Governments and oversight organizations are responding to these attacks with calls for tighter control and regulations, from the Society for Worldwide Interbank Financial Telecommunication (SWIFT) beefing up its requirements for members to new proposed regulations targeting financial institutions in the State of New York. It is no wonder that as enterprises embrace the public cloud to run their critical applications, (See image) compliance remains one of the top concerns.

Biggest Barriers Holding You Back


Enterprises used to regard IT compliance audits and certifications, e.g., HIPAA for hospital IT systems or PCI DSS for banks and e-commerce companies, primarily from the perspective of staying on the right side of the law. But this is changing – companies across all industries are now willing to spend on IT security and compliance, not only to deal with legal requirements but also to win customer trust and ensure that they don’t make headlines for the wrong reasons.

Security and compliance in public-cloud environments are fundamentally different from private datacenter security. Old techniques and controls (e.g., connecting to physical switch TAP/SPAN ports and sniffing traffic, installing gateway firewalls at perimeters) do not work in the cloud any more. With compliance playing a key role in IT security and governance, it is important to keep a few guidelines in mind when it comes to managing public-cloud environments.

1. Start with a dose of security common sense: Common data and information security best practices lie at the heart of compliance standards such as HIPAA and PCI DSS as well as of security frameworks such as the CIS Benchmarks for Amazon Web Services (AWS). For example, compliance rulesets for cloud environments typically stipulate password policies, encryption of sensitive data and configuration of security groups. Enterprise IT and security teams would do well to incorporate these rules into their security management, irrespective of compliance requirements.

2. Remember the shared-responsibility model: Public cloud providers such as AWS follow a shared-responsibility model; they manage the security of the cloud and leave security in the cloud (environment) to the customer. These clouds have invested heavily to build security into their products and develop customer confidence. AWS has robust controls in place to maintain security and compliance with industry standards such as PCI and ISO 27001. In going from datacenters to public cloud environments, security administrators need to understand what aspects of security compliance they are responsible for in the cloud. This requires cross-functional collaboration between the operations and security teams to map the security controls in the datacenter to those in public-cloud environments.

3. Stay compliant all the time: In the software-defined world of public clouds, where a simple configuration change can expose a private database or application server to the world, there are no second chances. Enterprises are going from periodic security checks to continuous enforcement and compliance. Businesses that develop and deploy applications in clouds need to bake security and compliance checks into the development and release process. A software build that causes a security regression or does not meet the bar for compliance should not be released to a product environment. Enterprise IT needs to ensure that the tools they use for compliance monitoring and enforcement allow them to check applications for compliance before they are deployed.

4. Automate or die: Manual security and compliance processes don’t work in the dynamic, scalable world of the public cloud. When a business’ cloud environment spans hundreds or thousands of instances across accounts, regions and virtual private clouds, just the process of gathering the data required to run a compliance audit can take days or weeks, driving up the time to compliance and increasing the risk of errors. Even a team of qualified security personnel may not be able to detect vulnerabilities and respond in a timely manner. Automation is key to survival in the public cloud. It is no wonder that Michael Coates, the trust and infosec officer of Twitter, said “Automate or die. This is the biggest thing I stick by in this day and age.” In selecting the tools to manage compliance in cloud environments, enterprise IT must regard automated data aggregation, compliance checking and enforcement of security gold standards as table stakes.

5. Don’t just find it, fix it: There is an abundance of security-monitoring products in the market today that allow administrators to find security misconfigurations and vulnerabilities but do not offer the control to fix these issues. These tools are limited in scope and utility and force enterprise IT to use a patchwork of tools to manage the security and compliance lifecycle. Businesses should pick comprehensive “find it, fix it, stay fixed” platforms that do not stop at identifying issues with the environment but offer the tools required to fix them and put safeguards and controls in place to ensure that security best practices are enforced.

Public clouds are transforming the world of enterprise IT by offering unprecedented agility and a pay-as-you-grow operational model. Clouds are also changing the rules of the game for IT security and compliance management by offering new controls and capabilities. The tools and processes that served IT well in datacenter environments will not work in the public cloud. It is time for security and compliance to be transformed as well.

By Suda Srinivasan, Vice President of Growth at Dome9

suda_dome9Suda is the Vice President of Growth at Dome9, where he oversees marketing and customer growth. Prior to Dome9, Suda held a senior marketing role at Nutanix where he was responsible for defining, communicating and driving the execution of the go-to-market strategy for the company’s enterprise cloud platform. Suda is a seasoned leader with extensive experience in technology, having worked in engineering, strategy consulting and marketing roles at Nutanix, Microsoft, Coraid and Deloitte

5 Ways Cloud-based Tools Can Help Accountants Escape The IT Treadmill

5 Ways Cloud-based Tools Can Help Accountants Escape The IT Treadmill

Accountant Cloud Tools

Digital tools and software have become an inseparable part of any accountant’s profession. There are software for almost every need of accountants. From managing payrolls to filing taxes, technology is able to automate them and offer a great simplicity to the accountants. Now to maintain the best of productivity and remain competent in the market, it is important for the accountants to find a solution that avails the optimum utilization of the available accounting tools. This is where cloud solutions come in handy for the accountants.

Cloud accounting or online accounting allows you to run the applications and store the accounting data on a remote server for better accessibility, agility, features and more. Here are some detailed benefits that accounting professionals can gain by switching to cloud-bases software:

  1. Streamlined Integration

The software market has a number of options to offer that need to be integrated together to deliver a reliable accounting automation. For example, a fine amalgamation of ship tracking, inventory management, CRM, ERP, and accounting software is required automate the all-end accounting of a manufacturing business. Considering that you are using the desktop version of these software, there are inevitable challenges you would be facing. Limitations of the local server resources (memory, storage, processing speed, etc.) to first of those challenges. Then on, specification necessities with Operating System and cross-compatibility factors are further hassles one needs to deal.


Going with the cloud-based accounting software allows an ease of scalability for resources as required. So, you can choose resources and upscale or downscale them as you add or remove any accounting tool. Moreover, the integration between different tools is easier as the specification requirements of the local machine don’t hold significance anymore. Self-governed version upgrades add more convenience to the integration capabilities of the cloud.

  1. Enhanced Automation

Offline software may be able to process the information and commands, once provided. However, information update is mostly a manual task with offline software, which limits the ability to pace up the processing and chances of error with the information are higher. Also, with the growth in online transaction and payment mediums, the necessity for the instant, remote, and automated update has also grown. Think about it – a sales order is received and updated on CRM, now your accounting software, banking applications, and inventory management software will have dependent actions to take. So, you will have to update them all separately.

Integrate on the same platform, and all the actions (update the sale on CRM, the books on accounting software, status on inventory tool and payment verification in banking app) can be processed automatically. This automation takes off the chances of delay and errors significantly.

  1. Better Workforce Distribution

Managing the entire accounting operations for a business or a number of clients is a herculean job and therefore, various tasks are distributed for timely and smoother actions. To and fro of the email exchange, multiple copies of the same files, limited control and tracking of the changes made by different users – these are some of the hassles that traditional accounting setups face.

Cloud-based applications have a great advantage in managing a large number of users working together. Firstly, admin holds the right to create and restrict the access of different users. Then, it also allows different users to work on the same file at the same time, even from different locations. So, the chances of file redundancy, storage limitation, and sharing hassles are nullified. At the same time, user tracking remains enabled to track which user made what changes and you can even recover changes if required. So, the task assigned to the workforce is immensely simplified and to enhance the productivity.

  1. More Secure and Reliable

As mentioned in the above section, cloud-based tools are centralized under the surveillance and control of the admin. It allows a reliable control on all users and the automated integration of different tools reduces the chances of errors and delays. But that is not all that cloud has to offer for the accounting solutions. Cloud technology rides on the automated backup and data protection advantages.

Most of the cloud-based tools enable multiple backups of the latest data to keep it available in case of any data loss – be it a manual mistake or a natural disaster. Further secured with the encryption, firewall, and other security features, it offers an impeccable environment for running accounting applications and storage of the data.

  1. There’s More Saving

The first and biggest saving that cloud introduces is that it does not require any dedicated local machines and servers to run applications. Since hardware makes one of the biggest expenses, cloud saves the significant amount. But the savings do not end with it. Cloud computing solutions save plenty on the maintenance, upgrading and other IT expenses. As most of the hardware remain with the hosting provider, its maintenance is their task. Serving a larger group of the hardware for a number of clients, the overall charges are much lower at the hosting provider’s end.

Other factors that contribute to the cost-cutting with cloud are because of reduced local infrastructure and on-the-go accessibility, which enables the modern work cultures, such as – BYOD and Work from Home. With so many of the ways available to save money, no accounting professional would like to miss on them.

Wrapping Up

Technology gifts simplicity of use even with the most complex operation. Cloud has been doing that to a number of industries. Accounting is one of the industries that adopted it quite late, but its potential is immense. Citing which the shift to cloud solutions is noticeable and still growing. If you are still not sure if the cloud is a fine choice, you are probably going to miss out on a lot of opportunities.

By Kirti Khanna

CloudTweaks Comics
A New CCTV Nightmare: Botnets And DDoS attacks

A New CCTV Nightmare: Botnets And DDoS attacks

Botnets and DDoS Attacks There’s just so much that seems as though it could go wrong with closed-circuit television cameras, a.k.a. video surveillance. With an ever-increasing number of digital eyes on the average person at all times, people can hardly be blamed for feeling like they’re one misfortune away from joining the ranks of Don’t…

Cloud Infographic: Security And DDoS

Cloud Infographic: Security And DDoS

Security, Security, Security!! Get use to it as we’ll be hearing more and more of this in the coming years. Collaborative security efforts from around the world must start as sometimes it feels there is a sense of Fait Accompli, that it’s simply too late to feel safe in this digital age. We may not…

Cloud Infographic – DDoS attacks, unauthorized access and false alarms

Cloud Infographic – DDoS attacks, unauthorized access and false alarms

DDoS attacks, unauthorized access and false alarms Above DDoS attacks, unauthorized access and false alarms, malware is the most common incident that security teams reported responding to in 2014, according to a recent survey from SANS Institute and late-stage security startup AlienVault. The average cost of a data breach? $3.5 million, or $145 per sensitive…

Reuters News: Powerfull DDoS Knocks Out Several Large Scale Websites

Reuters News: Powerfull DDoS Knocks Out Several Large Scale Websites

DDoS Knocks Out Several Websites Cyber attacks targeting the internet infrastructure provider Dyn disrupted service on major sites such as Twitter and Spotify on Friday, mainly affecting users on the U.S. East Coast. It was not immediately clear who was responsible. Officials told Reuters that the U.S. Department of Homeland Security and the Federal Bureau…

Maintaining Network Performance And Security In Hybrid Cloud Environments

Maintaining Network Performance And Security In Hybrid Cloud Environments

Hybrid Cloud Environments After several years of steady cloud adoption in the enterprise, an interesting trend has emerged: More companies are retaining their existing, on-premise IT infrastructures while also embracing the latest cloud technologies. In fact, IDC predicts markets for such hybrid cloud environments will grow from the over $25 billion global market we saw…

Three Reasons Cloud Adoption Can Close The Federal Government’s Tech Gap

Three Reasons Cloud Adoption Can Close The Federal Government’s Tech Gap

Federal Government Cloud Adoption No one has ever accused the U.S. government of being technologically savvy. Aging software, systems and processes, internal politics, restricted budgets and a cultural resistance to change have set the federal sector years behind its private sector counterparts. Data and information security concerns have also been a major contributing factor inhibiting the…

5 Ways To Ensure Your Cloud Solution Is Always Operational

5 Ways To Ensure Your Cloud Solution Is Always Operational

Ensure Your Cloud Is Always Operational We have become so accustomed to being online that we take for granted the technological advances that enable us to have instant access to everything and anything on the internet, wherever we are. In fact, it would likely be a little disconcerting if we really mapped out all that…

Are CEO’s Missing Out On Big Data’s Big Picture?

Are CEO’s Missing Out On Big Data’s Big Picture?

Big Data’s Big Picture Big data allows marketing and production strategists to see where their efforts are succeeding and where they need some work. With big data analytics, every move you make for your company can be backed by data and analytics. While every business venture involves some level of risk, with big data, that risk…

The Fully Aware, Hybrid-Cloud Approach

The Fully Aware, Hybrid-Cloud Approach

Hybrid-Cloud Approach For over 20 years, organizations have been attempting to secure their networks and protect their data. However, have any of their efforts really improved security? Today we hear journalists and industry experts talk about the erosion of the perimeter. Some say it’s squishy, others say it’s spongy, and yet another claims it crunchy.…

Achieving Network Security In The IoT

Achieving Network Security In The IoT

Security In The IoT The network security market is experiencing a pressing and transformative change, especially around access control and orchestration. Although it has been mature for decades, the network security market had to transform rapidly with the advent of the BYOD trend and emergence of the cloud, which swept enterprises a few years ago.…

3 Keys To Keeping Your Online Data Accessible

3 Keys To Keeping Your Online Data Accessible

Online Data Data storage is often a real headache for businesses. Additionally, the shift to the cloud in response to storage challenges has caused security teams to struggle to reorient, leaving 49 percent of organizations doubting their experts’ ability to adapt. Even so, decision makers should not put off moving from old legacy systems to…


Sponsored Partners

Collaborative Economy – Customer Appreciation Day
Skin Based Technology – The Intelligent Tattoo
Hybrid IT Matures Just In Time To Tackle Complex Challenges
Watching You Shop: Stores And Mannequins “Read” Their Customers And Respond
The Many Hats Of Today’s IT Managers
Security Training Through Practical Experience
Security: The Goodwill Virus That Keeps On Giving
Competing Cloud Security Demands Call For Credentialed Professionals
Help Your Business Improve Security By Choosing The Right Cloud Provider
AT&T Pinpoints 4 Key Elements To Achieving Security With The Internet of Things
Salesforce Service Cloud: Air Traffic Control For Your Customer