Category Archives: Contributors

5 Simple Tips to Make Strong and Robust Business Continuity Plans

5 Simple Tips to Make Strong and Robust Business Continuity Plans

Business Continuity Plans

Today’s organizations need comprehensive and robust business continuity planning for swift and effective action in case of a disaster or crisis. As the trade and supply chain have gone global, businesses today expect crisis response to be in seconds, not in hours, to ensure that the ripple impact is minimized. As organizations go digital, an IT failure can cripple the whole supply chain and business operations, causing extreme losses within hours and requiring countless hours to recover from the them. Plans to mitigate IT failures are also affected by the complexity of today’s IT infrastructure. As applications and systems are added based on business and market requirements, newer technologies and infrastructure pose new challenges.

Most businesses leverage cloud based platforms for their enterprise needs at least partially. The cloud helps businesses minimize costs and maximize efficiency; made for speed and convenience, it can scale up and down as needs demand and bring flexibility to business operations. However, the added overhead of managing cloud data centers, planning and performing test exercises across multiple locations and vendors as well as managing a crisis recovery, requires that organizations pay critical attention to their cloud solutions in combination with legacy infrastructure.

Today, an effective business continuity plan requires dynamic collection of information across the extended organization in a continuous manner. Organizations need to overcome the traditional fragmented approach to business continuity and formulate the business continuity strategy that adheres to the following five-point agenda:

1. Champion Business Continuity at the Highest Level

With senior management sponsorship, the business continuity plan will occupy its rightful position, high up in business priorities. This is important for sufficient budget, resourcing and training to be assigned to it. Senior leaders must set the tone at the top by insisting on robust crisis planning and regular reviews as a standard practice rather than a mere formality.

In August, Delta suffered a major IT outage that resulted in a $100 million loss in revenues for the airline. The impact was far-reaching, affecting check-in systems, flight information screens, the airline’s website and smartphone apps. The disruption to customers was extensive as well.

This is just one example of many; unfortunately, downtime of one type or another is a common situation in business. According to the Continuity Insights and KPMG, Global BCM 2016 report, 39 percent of global organizations have estimated the cost of business disruption to be $100,000 or less and 27 percent have estimated business disruptions ranging from $100,000 to $5 million or more in the last 12 months . This highlights the need for robust business continuity planning, championed at the highest level.

bcm-costs

Types of Instances and Interruptions in Past Year

bcm-types-of-risks

2. Review, Update and Test Regularly

The business continuity plan is a living document; it isn’t one to be created, filed and never looked at again. Risks evolve. Exercising the plans on a regularly scheduled basis will ensure businesses keep pace with the changing environment and understand what’s needed to protect critical infrastructure and preserve operations during a physical or virtual attack. Companies must learn from their own experience. Worryingly, according to Forrester and the Disaster Recovery Journal, 33 percent of businesses who had to invoke a business continuity plan, said one lesson learned from the experience was that the plan was out of date. Yet, 60 percent never carry out a full simulation of their business continuity plan for the entire organization; most walk through the plan as a document review.

It is of utmost importance that business continuity plans be reviewed by senior management and the planning team. Also, test results should be periodically evaluated and reported to the board, to assess the nature and scope of any changes to the organization’s business.

3. Include Partners, Suppliers and Third Parties

Companies don’t pay enough attention to the significant role of partners, suppliers and third parties in their business continuity. Deloitte found that over 94 percent of survey respondents had low to moderate confidence in the tools and technology used to manage third party risk and 88 percent felt the same about risk management processes. This, despite 87 percent having experienced disruption in the past three years that involved a third party.

Business continuity planning and disaster recovery has to be part of early third party discussions with responsibilities documented in service level agreements. Plans need to be aligned so that it is clear and easy to identify who does what, and where the handover points are when a plan is executed. The tools and systems used for collaboration must support transparency of information so that both parties are able to work from up to date information and take swift action in the event of a crisis.

4. Prioritize Ongoing Business Operations

The continuity plan should demonstrate that the business understands the priority level of its systems and that mitigating plans are in place to restore core operations as quickly as possible.

Cyber Crime DDoS

In the case of the Delta crisis, the outage was so extensive that it paralyzed business critical operations. The range of problems that can disrupt business – natural disasters, industrial action, cybercrime, IT failures, political or economic upheaval, suppliers ceasing to trade and so on – is so vast, and the systems and operations that can be impacted can be so wide that prioritization is a must.

A cloud-based option provides many benefits as an off-site back-up solution to ensure the efficacy of your continuity plan. However, as you develop your plan, ask yourself if a cloud-based option would increase the efficiency and cost-effectiveness of your plan and cover off essential considerations such as due diligence and service reliability with their provider. Another option is establishing a back-up plan that is independent of the cloud by leveraging personalized file backups, cross-device continuity solutions and communication software. The main aim is to get back faster and limit the amount of time that you’re spending without access to critical systems and information, by having a clearly defined continuity plan in place.

5. Define the Communications Plan Clearly

The business continuity plan has to be absolutely clear on how all stakeholders are going to be kept informed and how to enable upstream and downstream communication channels in times of crisis. Stakeholders include employees at all levels of the organization, such as suppliers, partners and customers.

The goal of the communications plan is to outline the channels and mechanisms for the sharing of information that will support efforts to resolve an issue at hand and limit the extent of its damage. How a company handles a crisis has an enormous impact on how they come out of the incident – people remember how the organization dealt and reacted to the issue and how convincing they were over the company’s efforts to make things right. For this reason, crisis management communications must be engaged at the earliest opportunity.

Service disruption is damaging to all businesses not only in terms of immediate revenue loss but also in the longer term brand and reputational impact. The business continuity plan is an essential, living document that aims to protect the ongoing sustainability of the business. Those that plan and execute well will see better performance in the long-run and be best-placed to weather the storms, whatever form they take.

By Vibhav Agarwal

How the Cloud Is Improving DNA Sequencing

How the Cloud Is Improving DNA Sequencing

DNA Sequencing

For many of us, the cloud is part of our daily lives.

We use these virtual storage servers to hold our pictures, our memories and our work documents, just to name a few. Cloud storage is also making its mark in the medical industry, with electronic health records making patient care easier no matter where you’re making your appointments.

This utilization of virtual information storage is also being used to improve the speed and accuracy of DNA sequencing. How can cloud storage change the way we look at DNA?

The Importance of DNA Sequencing

dna sequencingDNA, which stands for deoxyribonucleic acid, is the smallest building block of life. It’s found in almost all living things on the planet. Your DNA, found in every cell in your body, holds the blueprint that governs why you are the way you are.

Do you have red hair, or blue eyes? That’s written into your DNA. Are you tall, short, fat, skinny or athletic? You guessed it — that’s written into your DNA as well. Do you hate cilantro and think it tastes like soap? Believe it or not, that’s something that’s written into your DNA too.

In that DNA blueprint, there are answers to thousands of questions that we’ve been posing for centuries, including things like how long we’ll live, what diseases we may be predisposed to, and many others. That is where DNA sequencing comes in.

To stick with our same metaphor from a moment ago, you wouldn’t be able to read a blueprint without a key to tell you what different symbols mean, right? DNA sequencing provides researchers with the key to our DNA blueprint. By learning the order of the four base amino acids that make up DNA, researchers can determine which combinations of genes produce what result.

Old Tech, New Tech

Until now, DNA sequencing was performed on non-networked computers. While breakthroughs were being made, they were limited by the small subset of information available and the insufficient computer processing speeds. In other words, individual computers used for DNA sequencing are limited by the amount of processing power that they can possess.

Moore’s Law, coined by Gordon Moore — one of the founders of Intel — suggests that computers are limited by the number of transistors that can be placed on a single chip. He stated that this number would likely double every two years, and all current trends show that even with today’s advances, Moore’s Law still holds true.

Advances in DNA sequencing are appearing exponentially, and in many cases are only being limited by the available processing power.

Predictive Analytics

Predictive analytics, or the study of patterns to make predictions, has already made its way into the medical fields. When applied to DNA sequencing, it’s often dubbed Predictive Genomics. Cloud computing is a key component in the success of predictive genomics for a variety of reasons, including:

  • The amount of data — The sheer amount of data in one human being’s genome is almost mind-boggling. Each individual’s genome has up to 25,000 genes. These genes are made up of almost 3 million base pairs. When you break that down into digital data, you’re looking at upwards of 100 gigabytes of data per person.
  • The cost — Right now, having your personal genetic code sequenced costs between $1,500 and $4,000. This also plays a large role in the high cost of testing for specific genetic markers, like the BRCA1 and BRCA2 genes that indicate a higher chance of breast cancer.

The use of cloud computing and predictive genomics can reduce costs, ensure quality and improve accuracy throughout the world of DNA sequencing.

Amazon, our favorite online shopping mall, is doing what they can to help in the world of cloud computing and genomics. Amazon Web Services provides a cloud computing service that a number of companies, including DNAnexus and Helix, are using to improve the speed and accuracy of their genome sequencing.

There’s an App for That

While sending off a saliva-soaked q-tip to have your DNA tested isn’t a new concept, this is the first time it’s heading to both the cloud and the App Store.

A new startup from Silicon Valley named Helix has recently hit the DNA sequencing market with a new twist on the DNA game. Now, not only can you have your DNA tested for all sorts of information, but you can also have your genetic ancestry analyzed by the minds at National Geographic.

As the icing on the cake, all of your information will be stored on the cloud and accessible through Helix’s app.

Cloud computing is becoming an invaluable tool for a variety of different industries, with DNA sequencing as just the latest in a long line of innovations. As this advancement becomes more mainstream, only time will tell what secrets our DNA holds, and what we’ll be able to do with them once we find them.

By Kayla Matthews

Is Machine Learning Making Your Data Scientists Obsolete?

Is Machine Learning Making Your Data Scientists Obsolete?

Machine Learning and Data Scientists

In a recent study, almost all the businesses surveyed stated that big data analytics were fundamental to their business strategies. Although the field of computer and information research scientists is growing faster than any other occupation, the increasing applicability of data science across business sectors is leading to an exponential deficit between supply and demand.

When a 2012 article in the Harvard Business Review, co-written by U.S. chief data scientist DJ Patil, declared the role of data scientist “the sexiest job of the 21st century,” it sparked a frenzy of hiring people with an understanding of data analysis. Even today, enterprises are scrambling to identify and build analytics teams that can not only analyze the data received from a multitude of human and machine sources, but also can put it to work creatively.

One of the key areas of concern has been the ability of machines to gain cognitive power as their intelligence capacities increase. Beyond the ability to leverage data to disrupt multiple white-collar professions, signs that machine learning has matured enough to execute roles traditionally done by data scientists are increasing. After all, advances in deep learning are automating the time-consuming and challenging tasks of feature engineering.

While reflecting on the increasing power of machine learning, one disconcerting question comes to mind: Would advances in machine learning make data scientists obsolete?

The Day the Machines Take Over

machine

Advances in the development of machine learning platforms from leaders like Microsoft, Google, and a range of startups mean that a lot of work done by data scientists would be very amenable to automation — including multiple steps in data cleansing, determination of optimal features, and development of domain-specific variations for predictive models.

With these platforms’ increasing maturity and ability to create market-standard models and data-exchange interfaces, the focus shifts toward tapping machine-learning algorithms with a “black box” approach and away from worrying about the internal complexities.

However, as with any breakthrough technology, we need to recognize that the impact of the technology is limited unless it is well-integrated into the overall business flow. Some of the most successful innovations have been driven not by a single breakthrough technology but by reimagining an end-to-end business process through creative integration of multiple existing components. Uber and Netflix offer prime examples of intelligence gleaned from data being integrated seamlessly into a company’s process flow. Data scientists play a key role in this by leveraging data to orchestrate processes for better customer experience and by optimizing through continuous experimentation.

While organizations across industries increasingly see a more strategic role for data, they often lack clarity around how to make it work. Their tendency to miss the big picture by looking for “easy wins” and working with traditional data sources means that data scientists have an opportunity to help frame problems and to clearly articulate the “realm of the possible.

From Data to Strategy

It is easy to get carried away by the initial hype that machine learning will be a panacea that can solve all the problems and concerns around its impact on the roles of data science practitioners. However, let us recall the AI winters in the mid-’70s, and later in the ’90s, when the journey to the “promised land” did not pan out.

data-cloud

Today, we don’t see the same concerns as in the past — lack of data, data storage costs, limitations of compute power — but we still find true challenges in identifying the right use cases and applying AI in a creative fashion. At the highest of levels, it helps to understand that machine learning capability needs to translate into one of two outcomes:

  • Interaction: Understanding user needs and building better and more seamless engagement
  • Execution: Meeting customer needs in the most optimal manner with ability to self-correct and fine-tune

Stakeholder management becomes extremely important throughout the process. Framing key business problems as amenable to data-led decision-making (in lieu of traditional gut feel) to secure stakeholder buy-in is critical. Consequently, multiple groups need to be involved in identifying the right set of data sources (or best alternatives) while staying conscious of data governance and privacy considerations. Finally, stakeholders need to be fully engaged to ensure that the insights feed into business processes.

Data Scientists Become Core Change Agents

Given the hype surrounding big data analytics, data scientists need to manage responses that fall on opposite ends of the spectrum by tempering extreme optimism and handling skepticism. A combination of the following skills that go beyond platforms and technology are thus needed:

  • Framing solutions to business problems as hypotheses that will require experimentation, incorporating user input as critical feedback
  • Identifying parameters by which outcomes can be judged and being sensitive to the need for learning and iteration
  • Safeguarding against correlations being read as causal factors
  • Ensuring the right framework for data use and governance, given the potential for misuse

This requires pivoting a data scientist’s remit in a company from a pure data-analysis function into a more consultative role, engaging across business functions. Data scientists are not becoming obsolete. They are becoming bigger, more powerful, and more central to organizations, morphing from technician into change agents through the use of data.

By Guha Ramasubramanian

guha-rGuha heads Corporate Business Development at Wipro Technologies and is focused on two strategic themes at the intersection of technology and business: cybersecurity framed from a business risk perspective and how to leverage machine learning for business transformation.

Guha is currently leading the development and deployment of Apollo, an anomaly detection platform that seeks to mitigate risk and improve process velocity through smarter detection.

Zero-Rating and Data Consumption

Zero-Rating and Data Consumption

Zero-Rating

The ordinary mobile user often feels the need to backup their personal files only after they’ve lost it. It’s almost a cliché where a grad student loses their research because a laptop was lost or the father who loses years worth of their kids photos when their phone is stolen.

To combat this, cloud services have tried to become easier to use. Everything from automatic uploads to cross platform access has been implemented.

However, only one addresses the external circumstance that is the data cap: zero-rating.

To be frank, if not for zero-rating, you could argue that not many people would use the cloud as the round-the-clock backup it was intended to be.

So what is Zero-Rating?

Zero-Rating is the practise of mobile carriers allowing users to use a data-consuming service without counting the data used against their cap. Meaning if video streaming app X is zero-rated, I can as much data as I choose through the app and it would not have an impact on my total data cap with the carrier.

cloudtweaks-pokemon-comic

For example, when Pokemon GO first launched in the US, T-Mobile offered customers a limited time offer where data used through the app had no impact on the customer’s data cap.

In short, it’s an incentive tool for mobile carrier that gives customers access to everything from content streaming to gaming on mobile.

But how does zero-rating affect cloud?

It comes back to the issue of round-the-clock protection.

Even with 3.4 billion mobile users across the world, almost 1 in 3 report data loss on mobile. While the circumstances for data loss varies, a big component of why people don’t backup constantly revolves around data caps. Simply put, no one wants to use precious MB to back up personal files because it’s conceivable that they would lose a device (or data in said device) that is with them 24/7.

Yet, mobile users are a walking contradiction when it comes to valuing their data and backing it up. One study found that while 90% of users value the data on their mobile devices. only 10% reported that they backed up their data on a daily basis. Furthermore, 72% of people polled reported that photos and videos were their most important assets on mobile – and every now and then, you hear about these users who lose chunks of precious moments stored on mobile devices.

mobile-cloud

You could argue that the decision to not back up stems more from our own psyche than any technical obstacle. Psychology Today reports that human beings are ill-prepared to deal with risk that do not pose as an immediate consequence.

In some ways, cloud adoption to prevent data loss suffers from the same branch of logic. While it takes a good personal cloud service less than 5 minutes to upload a day’s worth of photos, many of us don’t think to do it because we fail to foresee a mobile disaster. Hence, when disaster strikes, we may end up missing that pivotal group of files and photos that just so happened to remain in the queue to be uploaded.

This is where zero-rating comes into play.

In the aforementioned study, ‘ease of use’ was cited as the highest obstacle to users backing up their data. I would argue that it’s not easy to use an app intended to be automatic when you have to manually find Wi-Fi and enable the app to operate in those locations.

I mean with zero-rating cloud storage resembles car insurance except it has all the perks and nowhere near the price and headaches insurance companies cost.

So does Zero-Rating work?

Given the adoption of zero-rated service across telecoms across the world, my answer would be that zero-rating certainly has an appeal to customer. However, most of the fanfare as it relates to zero-rating revolves around content and OTT messenger services like HBO GO and WhatsApp rather than any cloud services.

From our own internal research, between cloud options that are provided with zero-service and without it, the difference is staggering. Between two mobile service providers in the same market, cloud options with zero-rating enabled have about 10x more growth in users per month than non-zero-rated clouds. A substantial endorsement for zero-rating cloud if it needed any further validation.

With the advent of services from mobile carriers – such as RCS – zero-rating is set to become even more prevalent than it is now. A trend which we have no doubt, would help reduce that total amount of data loss statistically significantly.

By Max Azarov

IoT, Smart Cities and the Future

IoT, Smart Cities and the Future

Smarter IoT

When we use the term smart cities, a series of frames begin to run in front of our very eyes. The reason behind this is pretty simple; over the last few years, the definition of a ‘SMART CITY’ has changed drastically. However, amidst these series of definitions, two things have remained consistent: Information and Communication Technology (ICT) and the Internet itself.

Here in this article, the latter is our primary point of discussion. As a tremendously growing urban population and various organizations have started to switch over to IoT, I presume that here that an important question arises:

What exactly is IoT in the first place?

Evolution-IoT

Internet of Things, popularly known as IoT, is essentially a networked connection between physical objects to create a dynamic, smarter approach to just about everything we do in our daily lives.

Let us take an example: today, we have abundant access to the internet through our smartphones, tablets, PCs, televisions, etc. and are personally connected with each other through prominent social networking sites like Instagram, Twitter, and Facebook.

While IoT is hard at work making our smart cities smarter, we can save a lot of time and effort, in converting an increasing amount of raw data into final useful information.

For some time now , it has been readily apparent that the use of IoT will not only help the private sector, but also the public sector.

In lieu of this paradigm shift, we have a couple of applications we will be rolling out to assist the cities in becoming smarter.

Mobile applications contributing to building IoT-powered smart cities

In this article, it was mentioned earlier that the IoT entails connectivity between anything and everything. There are certain mobile applications that have been introduced with the same ideas in mind, including:

Tado: An application that will help you control your home heating. The application calculates the distance you have to travel and the time you’ll take to reach home. With the collected data, this gadget will adjust your room heating accordingly. You can more accurately understand how this technology works via the following screen-shot.

  • Smart Lighting: This application allows you to control the lighting in your home or office directly through your smartphone. With this, you can have command over everything, starting from the brightness up to the color. Now, let your surroundings match your mood without any special effort on your part.
  • SIM Tools: SIM is basically known as Smart Identity Management Tools. This application will prevent you from carrying keys all the time with you by giving you a smarter lock system. This gadget will allow you to leave all your worries behind linked with theft or losing/misplacing your keys.
  • Bluesmart Suitcases: This piece of tech belongs to the same family as SIM tools, but this time it’s for your suitcase. With this application loaded in your mobile phone, you can lock and unlock your suitcase with the touch of a button.
  • Flower Power H2O: Imagine having a personalized guide to show you how much water your plants need—all at the right time and in a right manner, and automatically tracked and monitored via your smartphone. Sounds exciting, does it not?

These are just a few members of the IoT family. Mobile apps are indeed a better way to make our IoT-powered smart cities smarter. Here are three benefits of such mobile apps:

1- Ease of Use: This undoubtedly stands first in the list, as smartness is all about doing things in a better way with the least amount of time, resources and effort. And as we all know that these three benefits most important requirements to live a truly smart life.

2- Security: Second on our list is the security that these applications provide. You’ll soon have all the commands in your password-protected smartphone that sits right nearby in your pocket. Be it your home, your locker, or your suitcase—each is waiting for a touch on your smartphone.

3- No more Irregularity: With these IoT applications around, you’ll have better, more consistent knowledge about the things which are not only related to your individual needs, but also with everything around you. With most events happening in real-time and in the way they were meant to, you will barely have to lift a finger and to keep track of things. I don’t think anyone could wish for something better—or rather smarter—than a nice dose of peace and relaxation.

So friends, at this point I must sign out; I trust that the information presented here is of immediate value and use. I hope you will have a smarter life in the (near) future.

By Shahid Mansuri

Combining IoT Gizmo Kits With Your 3D Printer

Combining IoT Gizmo Kits With Your 3D Printer

IoT and 3D Printing

The 3D printer in my cubicle keeps printing name tags without my name and only cube number instead—should I be worried about this?

Imagine a future where an “organizational” 3D printer is stationed in every cube. You are working away on a project, when suddenly the printer comes to life. You remotely check it from time to time, just to see what it is printing. As the object begins to take shape, you recognize it to be a nameplate. Eventually, you see your cube number, but a different name has been printed on the nameplate. Am I unemployed? Am I moving to a new cube? These are just a few questions which may come to mind. Something like this situation could very well happen, and maybe sooner than you might think. I have been using 3D printers for more than four years now, and during that time, I have learned several lessons about 3D materials, printing and ultimately how to start getting up to speed on this amazing tech. First off, there are many 3D printers out there in the market right now.

You can purchase printers that sit in your home and print just about anything you can imagine. You can send a picture of yourself off, and get a 3D print of you. Alternatively, there are companies that offer print services where you send them what you want printed and they print it and send it back to you in a matter of days.

Why, then am I talking about this market and technology on a site that focuses primarily on Big data, Cloud and IoT, you may be asking? Well, that is a very interesting question. The first part of that question is simply that 3D printing is a very intriguing market. For small companies which either create or are considering creating new products, a 3D printer can help them move their dream quickly forward. Building architects can easily print out their designs in three dimensions. No more hours of model building; simply create the 3D file and print your building. Making massive changes to your fleet of planes? That’s ok, create the 3D file again and print away.

In the growing world of new and innovative IoT creations and objects, a 3D printer is a great starting point to launch your idea. You can print the object you are considering to help achieve proof of concept. Then, you can iterate the case, the boards and all of the component pieces. You can design precisely how everything fits together. And you can easily figure out how much will actually fit in your creation.

All of this and more helps innovators perform rapid prototyping and save a lot of time and energy in the process. It allows for the real-time changes in your innovation, which in turn helps it move to production faster (in theory, of course). You can also get printable material that conducts electricity; with the use of a 3D printer or pen, you can print in metal or flexible plastic, and with some of the 3D pens, you can even create a Henna-style tattoo on a person (there are pens that print cool – you cannot use a regular 3D pen on a human, for it would not only burn their skin, but isn’t designed to “stick” onto the skin in the first place).

cloudtweaks-comic-data-3d-printing

Now, the question is: Will a 3D printer be the centerpiece of the home of tomorrow? I’ve seen various future living spaces featuring 3D printers, and I am not convinced that in the majority of people will have one of these things in their living rooms. I do think a number of 3D printers will exist, however. For the most part , the price is far too high now for most people to invest and have one in their home. But in the next few years, we could see a drop in prices to help make 3D printers more of a mainstay in homes and small businesses.

Where I see this technology really making a huge impact—beyond increasing the velocity of innovation itself—is in schools and universities. There are IoT toolkits you can buy right now that include the “guts” of IoT connections, like Bluetooth, Raspberry PI, Wi-Fi and even cellular connections to cloud-based controls. Combine these IoT gizmo kits with a 3D printer, and you now have the capacity to create IoT devices that include custom forms.  Imagine a robot that resembles a Labrador Retriever or a tiny lamp that actually lights up on its own. These are just a few examples of creations that even younger students can dream up.

iot-lamp

So, while I believe there probably won’t be a 3D printer in every living room anytime soon, I do think there will be many 3D-printed objects we can use in our everyday lives. If you wander the various internet sites that offer you 3D objects you can print on demand, or the various companies that have created books to create 3D objects with 3D pens, you will find almost anything you could possibly want to print and use. For schools, inventors, building architects and people that simply dream in all three dimensions, the awesome reality of 3D printing is nearly here.

Now, if someone could direct me to the nearest body shop that can 3D print a fender for my newly dented car, I would be thrilled!

By Scott Andersen

The Cloud Isn’t a Security Issue; It’s a Security Opportunity

The Cloud Isn’t a Security Issue; It’s a Security Opportunity

Security Issue

In order to stay ahead in today’s competitive business landscape, companies need to constantly innovate. Development teams must continually release new products, features or services and cloud technology, along with agile development practices, make this perpetual iterating feasible.

Cloud technology has undoubtedly enabled companies to innovate quickly and frequently, however, historically it’s introduced a myriad of security concerns, often causing development, operations and security teams to become overwhelmed and distracted. Today, though, security doesn’t have to hold back high-velocity, cloud-based product development cycles. Companies can achieve complete cloud security and compliance without a security issue impacting delivery speed, as long as they use the right tools and best practices across their organization.

Security Issue

Below are three key tips companies should consider in order to overcome any lingering security concerns and scale quickly and securely in the cloud:

1. Educate your team

For companies moving to a cloud-based infrastructure for the first time, it’s essential to discuss the change and make sure everyone understands how they will be affected before any data is migrated over. A key part of this discussion should be explaining that security is no longer just about perimeter defense and prevention; understanding the behavior of your workloads, users and environment is critical knowledge that needs to be shared. It’s important that everyone on the development, operations and security teams understand what all of their assets are doing and what’s taking place within the cloud workload at all times, as this is the best way to detect real cloud security threats as soon as they take place.

2. Track the ephemeral

Back in the days of ‘racking and stacking,’ it was easy to know what servers you had and where they were. But with cloud-based infrastructures, one of the key value propositions is elasticity: you might spin up an EC2 instance or cluster, for instance, do some data analysis for an hour or two, and then turn it off. There are advantages to such elasticity; however, it’s crucial to also have the ability to go back in time and view activity to ensure compliance and potentially investigate any risks. Additionally, as you’re building up and burning down, you want to know that those transient systems and workloads were compliant with your security posture. All too often companies focus on catching cloud security incidents only when they’re happening. But to remain consistently secure and compliant, security teams need to be able to ‘rewind’ and look at instances that may no longer exist.

3. Embrace software-defined everything

The beauty of the software-defined nature of the cloud is that it can actually make security teams’ jobs easier; they’re able to inject themselves throughout the infrastructure landscape and lifecycle. They no longer need to figure out how to capture information from switches, routers, and other devices at various layers of the network and try to correlate the data, because it’s all tied together. Additionally, integrations with tools like PagerDuty and Slack enable internal dialogues that empower non-security team members to collaborate on detection and response to potential issues. And when it’s time for security teams to intervene and investigate, deep audit trails make it possible to track not just whether a user logged in, but what processes they kicked off (and whether it was really them).

Some companies think cloud technology introduces a new layer of vulnerability, however in reality, it’s just the opposite. The cloud presents companies with an opportunity to evaluate their security requirements and reconsider their strategy and processes. It can enable security teams to focus on more strategic initiatives and also improve collaboration with Operations and Engineering teams. This, in turn, allows development, operations and security teams to spend more time on projects that drive real business value and less time frantically checking for potential security gaps.

Don’t let a past security issue prevent your company from migrating to the cloud and reaping its benefits. Discuss the change in detail and address any concerns with everyone in your organization well in advance. Track historical instances in order to ensure security and compliance, and consider implementing a cloud security solution to help gain deep insight into your environment in real-time, because software-defined everything is only possible with complete visibility (and vice versa).

By Chris Gervais

Why An Inside-Out Approach to Cloud Security Is Your Safest Bet

Why An Inside-Out Approach to Cloud Security Is Your Safest Bet

Cloud Security

In September, McKinsey released what might be looked back upon as a seminal survey. It opened the report with a simple, powerful declaration: “The cloud debate is over.” The data told a story that the pace of IT workloads moving to cloud is now at a “material” level and the impact would ripple across the industry. The survey reaffirmed the view of CIO’s and IT executives that security and compliance continue to be the top concerns of cloud adoption.

Now that the cloud is just accepted as a safe and viable growth path, it’s important that decision makers think about budgeting for cloud security differently. They are no longer buying hardware appliances and enterprise software. They need agile SaaS tools that can can scale and adapt to their cloud-based infrastructures to grow confidently and allow them to move even faster.

The Current State of Cloud Security

The growth of cloud adoption brings with it a serious need for more disciplined security practices. Between the MICROS/Oracle breach, the SWIFT Network attacks and a rash of healthcare industry data breaches, it seems every week there’s another major story about vulnerable data getting into the wrong hands. In today’s cloud-based business landscape, it’s no longer a question of if your organization will be targeted; it’s when.

complience-cloud-risks

While major cybersecurity breaches continue to dominate the news, the reality is only 3% of companies experience catastrophic losses worth more than $1 million. Smaller, internal threats are far more common for most organizations, and they can still cost companies significant capital. In fact, the Ponemon Institute found that insider activity is the most expensive ongoing cybersecurity threat to date, costing companies an average of $144,542 annually.

To combat cybercrime and proactively protect your organization, a more evolved approach to cloud security is necessary. Many organizations implement an outside-in approach, working to protect their infrastructure perimeter and company assets from malicious intruders who may be trying to gain access. However, this approach doesn’t take into account the possibility of internal threats, or hackers who have already gained access. Organizations and cloud security professionals need to focus on thwarting the advanced threats within cloud environments themselves, all while maintaining total compliance, of course.

This inside-out approach to cloud security isn’t always easy, however, and it can be made more difficult by the fact that cloud security professionals capable of handling the cloud’s advanced threats and compliance issues are becoming increasingly rare. Case in point? Cybersecurity Ventures found that the cybersecurity workforce shortage is expected to reach 1.5 million by 2019. This is creating a need for better tools to help operations teams level-up on security, thus improving operational efficiency. The big benefit: empowering those closest to the infrastructure to make the rapid changes necessary to improve security and continuously manage their security state over time.

Inside-Out Cloud Security Monitoring Considerations

Monitoring needs to occur at the workload layer, because here, activity can be monitored across multiple areas deep within the environment to accurately identify and stop inappropriate internal behavior before it causes damage.

security watch

It’s equally important for organizations to consider their Operations team when evaluating cloud security monitoring services or tools. Given the increasing overlap between Operations and security, monitoring tools should be able to integrate security alerts directly into “DevOps” workflows so teams can respond quickly and with context about what occurred. In other words, security information needs to move to where your teams are working every day and you need to choose platforms that can integrate easily and surface alerts and context in situations that matter.

One example of an inside-out approach to cloud security monitoring includes vulnerability management, which is used for scanning three key areas particularly prone to attacks: web applications, operating systems and everyday packages. With access to production, for example, a misguided or malicious employee could easily install an unauthorized package in your base AMI, or worse yet, install a package directly on production environments. With vulnerability management implemented as an inside-out strategy, however, DevOps teams can verify the attack surface of every installed package before it goes live and wreaks havoc.

By continuously monitoring for suspicious or unauthorized behaviors, organizations can identify internal threats before they spiral out of control. Real-time cloud security monitoring can aid organizations in their efforts to combat cybercrime and thankfully, such technology doesn’t require designated, in-house security professionals. However, it’s important to ensure monitoring is conducted from within the cloud workload itself and that it provides immediate and actionable alerts so DevOps teams can rapidly plan and carry out effective remediation. Lastly, to effectively protect your organization’s data, systems, customers and brand reputation, it’s critical to implement monitoring technology that can analyze normal system behavior as well as anomalous trends, so that any new or suspicious activities can be swiftly identified and contained before a breach occurs.

By Chris Gervais

CloudTweaks Comics
Surprising Facts and Stats About The Big Data Industry

Surprising Facts and Stats About The Big Data Industry

Facts and Stats About The Big Data Industry If you start talking about big data to someone who is not in the industry, they immediately conjure up images of giant warehouses full of servers, staff poring over page after page of numbers and statistics, and some big brother-esque official sat in a huge government building…

5 Ways The Internet of Things Will Drive Cloud Growth

5 Ways The Internet of Things Will Drive Cloud Growth

5 Ways The Internet of Things Will Drive Cloud Growth The Internet of Things is the latest term to describe the interconnectivity of all our devices and home appliances. The goal of the internet of things is to create universal applications that are connected to all of the lights, TVs, door locks, air conditioning, and…

Three Factors For Choosing Your Long-term Cloud Strategy

Three Factors For Choosing Your Long-term Cloud Strategy

Choosing Your Long-term Cloud Strategy A few weeks ago I visited the global headquarters of a large multi-national company to discuss cloud strategy with the CIO. I arrived 30 minutes early and took a tour of the area where the marketing team showcased their award winning brands. I was impressed by the digital marketing strategy…

Digital Marketing Driven by Cloud, Big Data and IoT

Digital Marketing Driven by Cloud, Big Data and IoT

Digital Marketing Successful digital marketing campaigns are being driven largely by trending technologies, specifically the Internet of Things (IoT), Big Data, and The Cloud. These may be used for a huge number of marketing applications, from optimizing the performance of sports teams to improving science and research, even helping to aid law enforcement. Amazon Web…

Cloud Infographic: Programming Languages To Build Your Cloud

Cloud Infographic: Programming Languages To Build Your Cloud

Programming Languages What programming languages are the building blocks to help develop and facilitate these present and future cloud platforms? Where can we learn and develop these skills in order to help us build our own careers? A couple of options would be to visit sites such as Stackoverflow which can provide you with a good source of information.…

Cloud Computing Myths That SMBs Should Know

Cloud Computing Myths That SMBs Should Know

Cloud Computing and SMBs Cloud Computing is the hottest issue among IT intellects of Small and Medium Businesses (SMBs). Like any other computer-orientated technology, Cloud Computing has some misconceptions and myths that often kick-start arguments among the two opposing groups: Cloud Supporters and Cloud Opponents. Both of these groups have their own ideology and reasons…

Digital Marketing Hubs And The Cloud

Digital Marketing Hubs And The Cloud

Digital Market Hubs Gartner’s recently released research, Magic Quadrant for Digital Marketing Hubs, recognizes the big four marketing cloud vendors as leaders, but also points to many challengers. Adobe, Marketo, Oracle, and Salesforce inhabit the leader’s block of the Magic Quadrant, reflecting both their growing capabilities as well as marketing technology platform scopes. Gartner believes…

Cloud Infographic: The Future of File Storage

Cloud Infographic: The Future of File Storage

 The Future of File Storage A multi-billion dollar market Data storage has been readily increasing for decades. In 1989, an 8MB Macintosh Portable was top of the range; in 2006, the Dell Inspiron 6400 became available, boasting 160GB; and now, we have the ‘Next Generation’ MacBook Pro with 256GB of storage built in. But, of course,…

Why Cloud Compliance Doesn’t Need To Be So Overly Complicated

Why Cloud Compliance Doesn’t Need To Be So Overly Complicated

Cloud Compliance  Regulatory compliance is an issue that has not only weighed heavily on the minds of executives, security and audit teams, but also today, even end users. Public cloud adds more complexity when varying degrees of infrastructure (depending on the cloud model) and data fall out of the hands of the company and into…

4 Industries Being Transformed By The Internet of Things

4 Industries Being Transformed By The Internet of Things

Compelling IoT Industries Every year, more and more media organizations race to predict the trends that will come to shape the online landscape over the next twelve months. Many of these are wild and outlandish and should be consumed with a pinch of salt, yet others stand out for their sober and well-researched judgements. Online…

Digital Twin And The End Of The Dreaded Product Recall

Digital Twin And The End Of The Dreaded Product Recall

The Digital Twin  How smart factories and connected assets in the emerging Industrial IoT era along with the automation of machine learning and advancement of artificial intelligence can dramatically change the manufacturing process and put an end to the dreaded product recalls in the future. In recent news, Samsung Electronics Co. has initiated a global…

Your Biggest Data Security Threat Could Be….

Your Biggest Data Security Threat Could Be….

Paying Attention To Data Security Your biggest data security threat could be sitting next to you… Data security is a big concern for businesses. The repercussions of a data security breach ranges from embarrassment, to costly lawsuits and clean-up jobs – particularly when confidential client information is involved. But although more and more businesses are…

The Cloud Is Not Enough! Why Businesses Need Hybrid Solutions

The Cloud Is Not Enough! Why Businesses Need Hybrid Solutions

Why Businesses Need Hybrid Solutions Running a cloud server is no longer the novel trend it once was. Now, the cloud is a necessary data tier that allows employees to access vital company data and maintain productivity from anywhere in the world. But it isn’t a perfect system — security and performance issues can quickly…

Beacons Flopped, But They’re About to Flourish in the Future

Beacons Flopped, But They’re About to Flourish in the Future

Cloud Beacons Flying High When Apple debuted cloud beacons in 2013, analysts predicted 250 million devices capable of serving as iBeacons would be found in the wild within weeks. A few months later, estimates put the figure at just 64,000, with 15 percent confined to Apple stores. Beacons didn’t proliferate as expected, but a few…

The Rise Of BI Data And How To Use It Effectively

The Rise Of BI Data And How To Use It Effectively

The Rise of BI Data Every few years, a new concept or technological development is introduced that drastically improves the business world as a whole. In 1983, the first commercially handheld mobile phone debuted and provided workers with an unprecedented amount of availability, leading to more productivity and profits. More recently, the Cloud has taken…

Despite Record Breaches, Secure Third Party Access Still Not An IT Priority

Despite Record Breaches, Secure Third Party Access Still Not An IT Priority

Secure Third Party Access Still Not An IT Priority Research has revealed that third parties cause 63 percent of all data breaches. From HVAC contractors, to IT consultants, to supply chain analysts and beyond, the threats posed by third parties are real and growing. Deloitte, in its Global Survey 2016 of third party risk, reported…

Three Challenges of Network Deployment in Hyperconverged Infrastructure for Private Cloud

Three Challenges of Network Deployment in Hyperconverged Infrastructure for Private Cloud

Hyperconverged Infrastructure In this article, we’ll explore three challenges that are associated with network deployment in a hyperconverged private cloud environment, and then we’ll consider several methods to overcome those challenges. The Main Challenge: Bring Your Own (Physical) Network Some of the main challenges of deploying a hyperconverged infrastructure software solution in a data center are the diverse physical…

Do Not Rely On Passwords To Protect Your Online Information

Do Not Rely On Passwords To Protect Your Online Information

Password Challenges  Simple passwords are no longer safe to use online. John Barco, vice president of Global Product Marketing at ForgeRock, explains why it’s time the industry embraced more advanced identity-centric solutions that improve the customer experience while also providing stronger security. Since the beginning of logins, consumers have used a simple username and password to…

The Future Of Cloud Storage And Sharing…

The Future Of Cloud Storage And Sharing…

Box.net, Amazon Cloud Drive The online (or cloud) storage business has always been a really interesting industry. When we started Box in 2005, it was a somewhat untouchable category of technology, perceived to be a commodity service with low margins and little consumer willingness to pay. All three of these factors remain today, but with…