Category Archives: Contributors

Why a White Label Cloud for Emerging Economies

Why a White Label Cloud for Emerging Economies

White Label Cloud 

Given our starting point, one of the inquiries we field every now and then is: ‘why did we opt to go SaaS?’ By not going the B2C route (like Dropbox and OneDrive), we laid out what we believe to be our roadmap to success. With an eye for emerging economies, I’ll take you through the process of why we chose the SaaS route.

What is White Label?

In the mobile carrier cloud space, one word you will hear tossed around quite a bit is ‘white label’. What white label means for us is that mobile carriers can choose to brand our cloud service as their own. The term has roots in the music industry (for those wondering), and basically it’s an umbrella term for products you can brand as your own.

For reference, here’s our cloud offered as Vestel’s Vestel Cloud. By design, you will not find one hint of Cloudike on the website because the cloud has been branded and marketed as if it were Vestel’s own.

When we thought about how we wanted to proceed, we saw telecoms as our best shot at building a sustainable business. For us, these were the points that helped us favour a B2B2C model rather a B2C:

  • For a B2C product in emerging markets, new market entry is a very difficult feat: Everything from local partners to marketing has to be done from the ground up – even finding someone on the ground to manage all these things is a hurdle.
  • Mobile carriers have an existing customer base: This means we can bypass any need to spend tremendous capital on marketing, ads, and other methods to acquire users.
  • ARPU in emerging markets is not particularly high: E-commerce still a relatively new concept for many in the emerging market and given lower incomes, consumers are not racing to spend money online. With mobile carriers however, spending on cloud services could instead be bundled with their mobile phone billing; a process most consumers are already familiar with.

Why the Emerging Market?

From a market standpoint, we found that mobile carriers in the US and Western Europe had adopted cloud services already and that companies were fighting tooth and nail for opportunities.

On the other hand, we examined emerging markets and saw the increasing rates of mobile and internet connectivity. Both of which were very promising.

If you take a look at this report by the Asia Cloud Computing Association in 2016, nearly every emerging economy has some variation of a government assistance program that aims at increasing web infrastructure and connectivity. Given research that points towards connected users naturally inclining towards cloud services, we knew it was only a matter of time before these markets reach potential.

Take into consideration that one of the few entities in emerging markets that can afford data centres to install cloud are mobile carriers. If you can put two and two together, you can see our thought process three years ago.

Our Results

So when you factor in the new market entry requirements plus the infrastructure hurdle, the logical direction for us was a cloud platform for mobile carriers.

However, unlike B2C or even SMB B2B, signing a mobile carrier to a service is a far more difficult endeavour. As you can imagine, entities with 100,000+ customers are not going to be easy to sway.

business-ny

Even as we have refined our pitch to mobile carriers on how to best roll out our service, signing a client is still a ~8 month process. Even with references from other telecoms and major OEMs, there are still many hoops we have to jump through before we have everything ready to go for mobile carrier customers. This includes everything from software security tests, implementation timeline, and of course the contract negotiations themselves.

That said, we take the wait time as a cost of doing business. Given our product and where we like to operate, we have no doubt that our way is the most secure and success-bound path.

Status Now

I think if there’s one thing we’ve been sure of, it’s the fact that our built three years ago, was the right one. We’ve found the mobile carriers who’ve found a need for cloud in emerging markets and we’ve discovered that trends such as the adoption for cloud, has proven true as evident by our business pipeline.

While we still believe our product has many innovative upgrades to come, we feel that SaaS in emerging markets model thus far has been the right one.

By Max Azarov

Update: Timeline of the Massive DDoS DYN Attacks

Update: Timeline of the Massive DDoS DYN Attacks

DYN DDOS Timeline

This morning at 7am ET a DDoS attack was launched at Dyn (the site is still down at the minute), an Internet infrastructure company whose headquarters are in New Hampshire. So far the attack has come in 2 waves, the first at 11.10 UTC and the second at around 16.00 UTC. So far details have been vague, though there are a number of theories starting to surface in the aftermath of the attack. The attack took down numerous websites including Twitter, Amazon, Spotify and Reddit for a period – you can find the full list of affected sites here. PSN and Xbox live apps have also been affected!

scan-iot

The timeline of events according to the DYN updates is as follows:

11:10 UTC- We began monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure. Some customers may experience increased DNS query latency and delayed zone propagation during this time.

12:45 UTC – This attack is mainly impacting US East and is impacting Managed DNS customers in this region. Our Engineers are continuing to work on mitigating this issue.

13:36 UTC – Services have been restored to normal as of 13:20 UTC.

16:06 UTC – As of 15:52 UTC, we have begun monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure. Our Engineers are continuing to work on mitigating this issue.

16:48 UTC – This DDoS attack may also be impacting Dyn Managed DNS advanced services with possible delays in monitoring. Our Engineers are continuing to work on mitigating this issue.

17:53 UTC – Our engineers continue to investigate and mitigate several attacks aimed against the Dyn Managed DNS infrastructure.

18:23 UTC – Dyn Managed DNS advanced service monitoring is currently experiencing issues. Customers may notice incorrect probe alerts on their advanced DNS services. Our engineers continue to monitor and investigate the issue.

18:52 UTC – At this time, the advanced service monitoring issue has been resolved. Our engineers are still investigating and mitigating the attacks on our infrastructure.

20:37 UTC – Our engineers continue to investigate and mitigate several attacks aimed against the Dyn Managed DNS infrastructure.

Cloud Disaster Recovery

The attack has come only a few hours after Doug Madory, DYN researcher, presented a talk (you can watch it here) on DDoS attacks in Dallas at a meeting of the North American Network Operators Group (NANOG). Krebs on Security has also drawn links between reports of extortion threats posted on this thread, with the threats clearly referencing DDoS attacks – “If you will not pay in time, DDoS attack will start, your web-services will go down permanently. After that, price to stop will be increased to 5 BTC with further increment of 5 BTC for every day of attack.”

They do however, distance themselves from making any actual claims of extortion, “Let me be clear: I have no data to indicate that the attack on Dyn is related to extortion, to Mirai or to any of the companies or individuals Madory referenced in his talk this week in Dallas

However, this isn’t the only theory circulating at the moment. Dillon Townsel from IBM security has tweeted:

Heavy.com has reported that hacking group PoodleCorp are being blamed for the attack by Product-reviews.net because of the cryptic tweet that they posted 2 days ago, “October 21st #PoodleCorp will be putting @Battlefield in the oven

PoodleCorp famously took down the Pokemon Go servers in July. Homeland Security and the FBI are investigating the attack and are yet to deem who was responsible.

Today’s attack is very different to the DDoS style that Anonymous rose to fame with. Instead of attacking and taking out an individual website for short periods of time, hackers took down a massive piece of the internet backbone for an entire morning, not once but twice with new reports of a potential 3rd wave. At the moment there have been no claims of ownership for the attack nor has there been any concrete evidence of who perpetrated the attack.

Dyn are well known for publishing detailed reports on attacks of this nature so we can only hope they will do the same for their own servers.

Until then you can follow any updates that Dyn are releasing here.

DDoS Attack – Update 10/24/2016

As of 22.17 UTC on October 21st Dyn declared the massive IoT attack, which had crippled large parts of the internet, to be over. However, details surrounding the attack are still emerging.

In the midst of the chaos, WikiLeaks tweeted this,  “Mr. Assange is still alive and WikiLeaks is still publishing. We ask supporters to stop taking down the US internet. You proved your point.

ddos-graph

– suggesting that they knew who the perpetrators were. Perhaps even that they requested that attack, although this is pure speculation at this point.

A senior U.S. intelligence official spoke to NBC News, he commented that the current assessment is that this is a case of “internet vandalism”. At this point, they do not believe that it was any kind of state-sponsored or directed attack.

Hangzhou Xiongmai Technology, who specialise in DVRs and internet-connected cameras, said on Sunday that its products security vulnerabilities inadvertently played a role in the cyberattack, citing weak default passwords in its products as the cause.

Security researchers have discovered that malware known as Mirai was used to take advantage of these weaknesses by infecting the devices and using them to launch huge distributed denial-of service attacks. Mirai works by infecting and taking over IoT devices to create a massive connected network, which then overloads sites with requests and takes the website offline.

At this point we do not know when the identity of the hackers will become clear. Watch this page for more updates as they become available.

By Josh Hamilton

Cashless Society Part 2: Pros and Cons

Cashless Society Part 2: Pros and Cons

The Cashless Society

Having looking at our movement towards a cashless society in Part 1, I thought we should turn our attention to the consequences of a truly cashless society. Could it be a force for good? Or could it lead to banks and governments abusing the power that comes along with it?

The phasing out of cash in the economy would make implementation of certain fiscal policies, such as negative interest rates, far easier and more effective. Kenneth Rogoff, author of “The Curse of Cash”, cites negative interest rates as an important tool for central banks to restore macroeconomic stability; the incentive to borrow and spend help stimulate the economy. By holding all currency in regulated accounts the government can tax savings in the name of monetary policy.

Kenneth RogoffOne of the more widely used arguments in favour of a cashless economy is that of security. France’s finance minister has recently stated that he plans to “fight against the use of cash and anonymity in the French economy” in order to help fight terrorism and other threats. With the ability to track every transaction that takes place, intelligence services could cut down on crime by monitoring purchases and money transfers. However, Rogoff acknowledges the limitations of this policy, in that the removal of paper money will only be effective “provided the government is vigilant about playing whac-a-mole as alternative transaction media come into being“. Although, it is naïve to think that crime could be quashed so easily. If interest rates fall too far below zero, it is quite possible that citizens would find an alternative to cash (drug traffickers certainly would). Money has been reinvented time and again throughout history, as shells, cigarettes and cryptographic code. Going cashless has also been touted as being more secure from theft, with Apple and Google claiming their payment system is more secure than regular banking, as well as being more convenient than cash.

Yet there are a number of concerns that have been raised about the transition to digital money. Advances in tech have allowed credit and debit card purchases to be tracked and evaluated to gauge the validity of a purchase. This has so far been used to prevent fraud and theft, to protect consumers. However, there is a risk of abuse here, for example in 2010 Visa and Mastercard gave in to government pressure, not even physical legislation, and barred all online-betting payments from their systems. They made it virtually impossible for these gambling sites to operate regardless of their jurisdiction or legality. Scott A. Shay, chairman of Signature Bank, suggested in an article on CNBC that “the day might come when the health records of an overweight individual would lead to a situation in which they find that any sugary drink purchase they make through a credit or debit card is declined”. Although this may seem like a stretch, a government with access to this sort of power could quite easily control individual spending.

A cashless society would also increase the difficulties for homeless people to re-integrate into society. Having no fixed address already makes holding a bank account incredibly difficult, a cash free society simply increases the societal barriers that those on the fringes of society have to navigate. There is also the psychological issue, that electronic payment encourages frivolous spending. A student interviewed at the University of Gothenberg commented that she was much more likely to think twice about spending a 500 krona note compared to with a debit or credit card.

The other side of the coin (pardon the pun), is that this power could be used for good, for example placing restrictions on recovering alcoholics from purchasing alcohol. The route which this technology will take is, as is often the case, determined by the government and societal attitude to the situation. There is room for abuse in the technology, more than most, but the benefits are well documented and used sensibly could help prevent terrorism and crime, reduce tax evasion, and help to curb unhealthy spending habits. Ultimately, a cashless society will be what we make of it.

By Josh Hamilton

Politics 2.0: The Age of Cyber-Political Warfare

Politics 2.0: The Age of Cyber-Political Warfare

Cyber-Political Warfare

Do you remember the last time hackers and cybercriminals determined the outcome of a presidential race? Of course not, because it’s never happened. It could happen now. Without even thinking about it, we’ve slipped into a new era. I would dub this the Age of Cyber-Political Warfare. This playing-field is thick with espionage, and it’s dominated by people who have little to no political clout. Instead, they have technical know-how.

It’s common knowledge that the internet is rife with identity theft. Social profiles, email, ecommerce sites, and mobile devices all provide excellent avenues for cyber-thieves. Oftentimes, it doesn’t take hacking skills to get information. The Snapchat employees who had their information stolen were victims of an email phishing scam. All the thief had to do was pretend to be Snapchat’s CEO and ask a single employee for payroll data.

hacks

In the case of Hillary Clinton, it wasn’t hard for a cybercriminal to reveal her email activities. Data security firm Kroll points out that the revelation didn’t even technically involve hacking. Rather, it’s a high-profile case of a compromised account. The compromiser, ‘Guccifer’ Marcel Lehel Lazar, used Open Source Intelligence (OSINT) to find out personal information about Sydney Blumenthal, who is a Clinton confidant. He used Open Source information to figure out Blumenthal’s email password. From there, he discovered Clinton was using a private server to email Blumenthal. Then, Guccifer published Clinton’s private email info online.

Guccifer was sentenced to four years in prison. Is that enough to deter an onlooker from copying his crimes? Apparently not, because Guccifer 2.0 has surfaced to release more stolen information. According to the original Guccifer, this kind of digital detective work is “easy… easy for me, for everybody.” Everybody can hunt down information that could potentially determine the result of a political election. This puts a brand new kind of power in the hands of the many. Anyone smart enough to follow trails of data online can be a player in the Age of Cyber-Political Warfare.

The biggest player here is Russia. The White House is certain that Russia’s state-sponsored hackers compromised Democratic National Committee email accounts, with the intent of influencing the election. Secureworks reports that the hackers used a phishing scam. They made it look like members of the Clinton campaign and the DNC were logging into Gmail accounts. The login page was fake, and through it the hackers gained login data. Reportedly, Russian hacking group Fancy Bear used Bitly to setup the malicious URLs, which read ‘accounts-google.com’ instead of accounts.google.com. Now Bitly isn’t just a customer experience platform and IBM partner. It’s an unwitting tool in the hands of malicious hackers.

Obama promised a proportional response to the hacks. What would cyberwar with Russia look like? If a ‘proportional response’ is coming, we’ll see the release of inside information about Vladimir Putin or other high-ranking Russian officials. But how this would influence Russian politics, no one can be sure. Russia could merely cite our desire to get revenge and brush any sort of leaks off as petty attempts to disparage Russian officials.

One thing is clear: to be a politician now, you have to be, at minimum, cognizant of cyber threats. While American politics is stuck in the binary of red vs. blue, the fluid and fast world of the web is a much more complex place. It’s a place where people wheel-and-deal on a multinational level. It’s a powerful place to reach people and to access their data. Politicians want to use the internet as a tool, but by doing so they’re placing their data and their information at risk. In the Age of Cyber-Political Warfare, that data will continue to be a weapon for invisible and powerful opponents.

By Daniel Matthews

The Next Wave of Cloud Computing: Artificial Intelligence?

The Next Wave of Cloud Computing: Artificial Intelligence?

Cloud Computing and Artificial Intelligence

Over the past few years, cloud computing has been evolving at a rapid rate. It is becoming the norm in today’s software solutions. Forrester believes that that cloud computing will be a $191 billion market by 2020. According to the 2016 State of Cloud Survey conducted by RightScale, 96% of its respondents are using the cloud, with more enterprise workloads shifting towards public and private clouds. Adoption in both hybrid cloud and DevOps have gone up as well.

cloud-report

The AI-Cloud Landscape

So where could the cloud computing market be headed next? Could the next wave of cloud computing involve artificial intelligence? It certainly appears that way. In a market that is primarily dominated by four major companies – Google, Microsoft, Amazon, and IBM – AI could possibly disrupt the current dynamic.

In the past few years, there has been a surge of investment in AI capabilities in cloud platforms. The big four (Google, Microsoft, Amazon and IBM) are making huge strides in the AI world. Microsoft is currently offering more than twenty cognitive services such as language comprehension and analyzing images. Last year, Amazon’s cloud division added an AI service which lets people add analytical and predictive capabilities to their applications.

The current AI-cloud landscape can essentially be categorized into two groups: AI cloud services and cloud machine learning platforms.

AI Cloud Services

Example of AI cloud services involve technologies such as Microsoft Cognitive Services, Google Cloud Vision, and IBM Watson. In this type of model, organizations incorporate AI capabilities in applications without having to invest in expensive AI infrastructures.

Cloud Machine Learning Platforms

On the flip slide, there are cloud machine learning platforms. Machine learning is a method of data analysis which automates analytical model building. It enables for computers to find patterns automatically as well as areas of importance. Azure Machine Learning and AWS Machine Learning are examples of cloud machine learning platforms.

IBM and Google Making Waves

640px-IBM_Watson

Recently IBM and Google having been making news in the AI realm and it reflects a shift within the tech industry towards deep learning. Just last month, IBM unveiled Project DataWorks, which is supposedly an industry first. It is a cloud-based data and analytics platform which can integrate different types of data and enable AI-powered decision making. The platform provides an environment for collaboration between business users and data professionals. Using technologies like Pixiedust and Brunel, users can create data visualizations with very minimal coding, allowing everyone in the business to gain insights at first look.

Earlier this month at an event in San Francisco, Google unveiled a family of cloud computing services which would allow any developer or business to use machine learning technologies that fuel some of Google’s most powerful services. This move is an attempt by Google to get a bigger foothold in the cloud computing market.

AI-First Cloud

According to Sundar Pichai, chief executive of Google, computing is evolving from a mobile-first to an AI-first world. So what would a next-generation AI-first cloud like? Simply put, it would be one built around AI capabilities. In the upcoming years, we could possibly see AI being key in improving cloud services such as computing and storage. The next wave of cloud computing platforms could also see integrations between AI and the existing catalog of cloud services, such as Paas or SaaS.

It remains to be seen whether AI can disrupt the current cloud computing market, but it will definitely influence and inspire a new wave of cloud computing platforms.

By Joya Scarlata

Where Are Your Users Learning About The Birds And The Bees Of Cloud?

Where Are Your Users Learning About The Birds And The Bees Of Cloud?

Clouding Around

Where did you learn about the birds and bees – from your adolescent peers? How did that work out for accuracy? Today it’s from peers and the Internet. The same is true for your users and the cloud with the same sometimes disastrous consequences. You’re the CIO, shouldn’t they be learning cloud from you? Stop lamenting like Rodney Dangerfield how IT gets no respect. Step up and reach out.

Cloud use is spreading rapidly but most of your users have a vague or misguided concept of what cloud really is and its promises and pitfalls. Want proof? Often quoted are Gartner’s Top Ten Cloud Myths. But that is just scratching the service. A little digging reveals lots of misconceptions about SaaS, like here and here. Even your peers on the management committee hold foggy notions of how it works but are reluctant to admit it. Instead, they echo some of the buzzwords, quote an article they read in the WSJ, etc. Let’s face it. Your firm is already pregnant with cloud. Why not take a page from what your peers do and get ahead of the curve.

Your head of HR works hard at building and executing an education program for the company’s staff. It’s designed to encompass the many different facets of management and leadership to facilitate employees’ progress. It also points out all the policies and laws that need compliance. Attendance and regular testing is mandatory and for good reason. To grow, your firm needs knowledgeable leadership and a strong culture. To stay out of trouble, employees need to understand the firm’s and society’s norms and boundaries.

cloud_19

Your CFO does the same. Folks are regularly exposed and held accountable to the business metrics and methodologies used to manage and steer the enterprise. The how and why you do what you do is critical for staff to understand, if the firm is going to reach its goals. Likewise, there are a lot of regulations where compliance is essential. They range from those covering all businesses, like SOX or FCPA, to those that are industry specific, like HIPAA or Dodd-Frank.

It’s a good bet that your operations, marketing, and other functions in the company do the same: provide development and tools for success while also pointing out the guard-rails between which actions can be taken in accord with company culture and society norms.

What are you doing for IT leadership? Let’s guess. Odds are you focus on the guardrails. You teach them good passwords, how to avoid phishing emails, perform safe browsing, use corporate data on their mobile devices, etc. All worthy topics but that’s not the half of it. As the fundamentals of your business become increasingly digital they are spending buckets of money on cloud computing. Who is teaching them about cloud? Who is helping the company’s staff make good decisions and avoid bear traps in cloud?

Safe bet it is not you. SaaS vendors go right around you directly to them. Their peers and buddies during meetings and conferences buzz about the latest cloud-based tool – and it’s even free to try! You turn around and surprise, everyone is on Salesforce.com and they are asking you to link it to your old Oracle order management system.

Why not get ahead of the curve and emulate your peers. Teach your users about cloud. Give them the basics, dispel the myths and paint relevant case studies to your industry and environment. Give them the big picture, too. Cloud is pretty prominent in the press these days: all the way from how everyone can use it to how it is transforming whole industries.

NetSuite is bought by Oracle. Salesforce.com elects to use AWS. Workday announces they will use IBM’s cloud for development. Is any of this relevant for your enterprise? Why not write a short note to all users or a post on your internal social media giving your point of view? Are you too busy to write something? Send a link to an article of blog post you particularly liked.

Make yourself the “go to” guy when different parts of the company contemplate using cloud. Do it for the company and do it for you. The CIO and IT’s role are changing and you need to negotiate a difficult path. Some even predict the CIO position will disappear. Nothing is certain but wouldn’t it be better if your users viewed you as a valuable and essential member of the team?

(Originally published Oct 13th, 2016. You can periodically read John’s syndicated articles here on CloudTweaks. Contact us for more information on these programs)

By John Pientka

Three Reasons Cloud Adoption Can Close The Federal Government’s Tech Gap

Three Reasons Cloud Adoption Can Close The Federal Government’s Tech Gap

Federal Government Cloud Adoption

No one has ever accused the U.S. government of being technologically savvy. Aging software, systems and processes, internal politics, restricted budgets and a cultural resistance to change have set the federal sector years behind its private sector counterparts. Data and information security concerns have also been a major contributing factor inhibiting the adoption of new technologies such as the cloud. Keeping data on-premise has long-been considered to be the more secure option; however, ever-increasing incidents of hacking, data breaches and even cyber terrorism within government entities from the IRS to most recently, the Office of Personnel Management (OPM), indicate that change is needed, and fast.

Slowly, but surely, a technology revolution is taking place within the public sector. Due in large part to the introduction of the Obama administration’s “Cloud First” policy in late 2010, the establishment of the Federal Risk and Authorization Management Program (FedRAMP), a standardized approach for conducting security assessments, authorizations and monitoring for cloud technologies, as well as innovations in cloud offerings themselves, cloud adoption among federal agencies is taking off. The General Services Administration (GSA), Department of the Interior (DOI), the Department of Agriculture (USDA), NASA, and even the Central Intelligence Agency (CIA) and NSA are just a few of the many agencies who have embraced cloud solutions in recent months and years. Further, with IDC’s recent Federal Cloud Forecast projecting sustained growth through 2018, the public sector is nearing its tipping point in cloud adoption.

Should this trend continue as expected, below are three reasons that cloud adoption can be the answer to close the federal government’s technology gap.

Availability of Clear Guidelines for Cloud Adoption

In the past, government agencies lacked a clear roadmap for evaluating and selecting authorized cloud providers, making it difficult for the technology to break through in the federal sector. According to the FedRAMP website, this resulted in, “a redundant, inconsistent, time-consuming, costly and inefficient risk management approach to cloud adoption.”

The introduction of FedRAMP has provided agencies with much-needed guidelines and structure to accelerate the use of cloud technology in all facets of the government. Today, cloud systems are authorized in a defined (and repeatable) three-step process: security assessment, leveraging & authorization, and ongoing assessment & authorization. Among its benefits, the federal program estimates that its framework will decrease costs by 30-40 percent and will reduce both time and staff resources associated with redundant cloud assessments across agencies.

Incentives to Focus on Cyber-Security

In October 2015, U.S. federal government CIO Tony Scott professed his support for the cloud during a Google at Work webcast, saying:

I see the big cloud providers in the same way I see a bank. They have the incentive, they have skills and abilities, and they have the motivation to do a much better job of security than any one company or any one organization can probably do.”

He’s right, and his comments represent a stark departure from the general consensus in the public sector just a few short years ago. Applying the same security measures and best practices to legacy, on-premise solutions requires both time and significant spend—both of which the government lacks. The competitive nature of the cloud business in recent years has challenged providers to adopt agile security practices, resulting in solutions that are secure, reliable and execute seamlessly. From email management systems to data storage services, continued cloud adoption at the federal-level will enable agencies to achieve long-term benefits that will eventually be impossible to achieve with on-premise systems, including advanced cybersecurity capabilities, guaranteed business continuity, as well as enhanced performance management functionality.

human-business

Bring Greater Efficiency in IT Spending

In February 2015, the International Association of Information Technology Asset Managers (IAITAM) released a report criticizing the U.S. government on its IT spending. The report suggested that while the federal government spends over six times more on IT per employee than its private sector counterpart, it also wastes 50 percent of its more than $70 billion IT budget due to a lack of standardization and controls. Combined, these factors have created a breeding ground for IT failures and exploits from threats inside and outside government walls. This is further indication that the existing status quo is inefficient and is putting the government (and U.S. citizens) at risk.

Over time, leveraging the “pay-as-you-go” model of the cloud, federal sector can decrease its IT spending, creating new efficiencies. Software and application management for example, which requires abundant resources to oversee in on-premise deployments, is virtually eliminated with a cloud-based solution. From business continuity and software maintenance to eventually, compliance and IT risk-related activities, the onus, falls on the cloud provider, not the customer. Thus, federal IT workers are freed up to focus on more mission-critical initiatives, rather than spinning wheels on inefficient technology, programs and processes.

While it will take some time before the cloud truly takes off in the federal sector, it’s hard to ignore the benefits that both the private sector and forward-thinking government agencies have seen with the technology to date. The time is now to make a change for good. If the U.S. wants to be viewed as one of the most technologically advanced nations in the world, it’s prudent that the government itself practice what it preaches, doing what’s needed to establish the country as a leader, rather than a follower, in this rapidly-evolving digital age.

By Vibhav Agarwal

The Five Rules of Security and Compliance in the Public Cloud Era

The Five Rules of Security and Compliance in the Public Cloud Era

Security and Compliance 

With technology at the heart of businesses today, IT systems and data are being targeted by criminals, competitors and even foreign governments. Every day, we hear about how another retailer, bank or Internet company has been hacked and private information of customers or employees stolen. Governments and oversight organizations are responding to these attacks with calls for tighter control and regulations, from the Society for Worldwide Interbank Financial Telecommunication (SWIFT) beefing up its requirements for members to new proposed regulations targeting financial institutions in the State of New York. It is no wonder that as enterprises embrace the public cloud to run their critical applications, (See image) compliance remains one of the top concerns.

Biggest Barriers Holding You Back

cloud-barriers-security

Enterprises used to regard IT compliance audits and certifications, e.g., HIPAA for hospital IT systems or PCI DSS for banks and e-commerce companies, primarily from the perspective of staying on the right side of the law. But this is changing – companies across all industries are now willing to spend on IT security and compliance, not only to deal with legal requirements but also to win customer trust and ensure that they don’t make headlines for the wrong reasons.

Security and compliance in public-cloud environments are fundamentally different from private datacenter security. Old techniques and controls (e.g., connecting to physical switch TAP/SPAN ports and sniffing traffic, installing gateway firewalls at perimeters) do not work in the cloud any more. With compliance playing a key role in IT security and governance, it is important to keep a few guidelines in mind when it comes to managing public-cloud environments.

1. Start with a dose of security common sense: Common data and information security best practices lie at the heart of compliance standards such as HIPAA and PCI DSS as well as of security frameworks such as the CIS Benchmarks for Amazon Web Services (AWS). For example, compliance rulesets for cloud environments typically stipulate password policies, encryption of sensitive data and configuration of security groups. Enterprise IT and security teams would do well to incorporate these rules into their security management, irrespective of compliance requirements.

2. Remember the shared-responsibility model: Public cloud providers such as AWS follow a shared-responsibility model; they manage the security of the cloud and leave security in the cloud (environment) to the customer. These clouds have invested heavily to build security into their products and develop customer confidence. AWS has robust controls in place to maintain security and compliance with industry standards such as PCI and ISO 27001. In going from datacenters to public cloud environments, security administrators need to understand what aspects of security compliance they are responsible for in the cloud. This requires cross-functional collaboration between the operations and security teams to map the security controls in the datacenter to those in public-cloud environments.

3. Stay compliant all the time: In the software-defined world of public clouds, where a simple configuration change can expose a private database or application server to the world, there are no second chances. Enterprises are going from periodic security checks to continuous enforcement and compliance. Businesses that develop and deploy applications in clouds need to bake security and compliance checks into the development and release process. A software build that causes a security regression or does not meet the bar for compliance should not be released to a product environment. Enterprise IT needs to ensure that the tools they use for compliance monitoring and enforcement allow them to check applications for compliance before they are deployed.

4. Automate or die: Manual security and compliance processes don’t work in the dynamic, scalable world of the public cloud. When a business’ cloud environment spans hundreds or thousands of instances across accounts, regions and virtual private clouds, just the process of gathering the data required to run a compliance audit can take days or weeks, driving up the time to compliance and increasing the risk of errors. Even a team of qualified security personnel may not be able to detect vulnerabilities and respond in a timely manner. Automation is key to survival in the public cloud. It is no wonder that Michael Coates, the trust and infosec officer of Twitter, said “Automate or die. This is the biggest thing I stick by in this day and age.” In selecting the tools to manage compliance in cloud environments, enterprise IT must regard automated data aggregation, compliance checking and enforcement of security gold standards as table stakes.

5. Don’t just find it, fix it: There is an abundance of security-monitoring products in the market today that allow administrators to find security misconfigurations and vulnerabilities but do not offer the control to fix these issues. These tools are limited in scope and utility and force enterprise IT to use a patchwork of tools to manage the security and compliance lifecycle. Businesses should pick comprehensive “find it, fix it, stay fixed” platforms that do not stop at identifying issues with the environment but offer the tools required to fix them and put safeguards and controls in place to ensure that security best practices are enforced.

Public clouds are transforming the world of enterprise IT by offering unprecedented agility and a pay-as-you-grow operational model. Clouds are also changing the rules of the game for IT security and compliance management by offering new controls and capabilities. The tools and processes that served IT well in datacenter environments will not work in the public cloud. It is time for security and compliance to be transformed as well.

By Suda Srinivasan, Vice President of Growth at Dome9

suda_dome9Suda is the Vice President of Growth at Dome9, where he oversees marketing and customer growth. Prior to Dome9, Suda held a senior marketing role at Nutanix where he was responsible for defining, communicating and driving the execution of the go-to-market strategy for the company’s enterprise cloud platform. Suda is a seasoned leader with extensive experience in technology, having worked in engineering, strategy consulting and marketing roles at Nutanix, Microsoft, Coraid and Deloitte

CloudTweaks Comics
The Internet of Things – Redefining The Digital World As We Know It

The Internet of Things – Redefining The Digital World As We Know It

Redefining The Digital World According to Internet World Stats (June 30th, 2015), no fewer than 3.2 billion people across the world now use the internet in one way or another. This means an incredible amount of data sharing through the utilization of API’s, Cloud platforms and inevitably the world of connected Things. The Internet of Things is a…

Cloud Computing – The Game Changer

Cloud Computing – The Game Changer

Global Cloud Index In October, Cisco released its Global Cloud Index (GCI) report for 2014-2019, projecting a near 3-fold growth of global data center traffic, with predictions that this traffic will reach 8.6 zettabytes (cloud data center traffic) and 10.4 zettabytes (total data center traffic) per year in 2019 and 80% of it will come…

What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

DDoS Attacks October 21st, 2016 went into the annals of Internet history for the large scale Distributed Denial of Service (DDoS) attacks that made popular Internet properties like Twitter, SoundCloud, Spotify and Box inaccessible to many users in the US. The DDoS attack happened in three waves targeting DNS service provider Dyn, resulting in a total of about…

Do Small Businesses Need Cloud Storage Service?

Do Small Businesses Need Cloud Storage Service?

Cloud Storage Services Not using cloud storage for your business yet? Cloud storage provides small businesses like yours with several advantages. Start using one now and look forward to the following benefits: Easy back-up of files According to Practicalecommerce, it provides small businesses with a way to back up their documents and files. No need…

Cloud Infographic – The Internet Of Things In 2020

Cloud Infographic – The Internet Of Things In 2020

The Internet Of Things In 2020 The growing interest in the Internet of Things is amongst us and there is much discussion. Attached is an archived but still relevant infographic by Intel which has produced a memorizing snapshot at how the number of connected devices have exploded since the birth of the Internet and PC.…

Infographic: IoT Programming Essential Job Skills

Infographic: IoT Programming Essential Job Skills

Learning To Code As many readers may or may not know we cover a fair number of topics surrounding new technologies such as Big data, Cloud computing , IoT and one of the most critical areas at the moment – Information Security. The trends continue to dictate that there is a huge shortage of unfilled…

5 Essential Cloud Skills That Could Make Or Break Your IT Career

5 Essential Cloud Skills That Could Make Or Break Your IT Career

5 Essential Cloud Skills Cloud technology has completely changed the infrastructure and internal landscape of both small businesses and large corporations alike. No professionals in any industry understand this better than IT pros. In a cutthroat field like IT, candidates have to be multi-faceted and well-versed in the cloud universe. Employers want to know that…

Cloud Computing Price War Rages On

Cloud Computing Price War Rages On

Cloud Computing Price War There’s little question that the business world is a competitive place, but probably no area in business truly defines cutthroat quite like cloud computing. At the moment, we are witnessing a heated price war pitting some of the top cloud providers against each other, all in a big way to attract…

The CloudTweaks Archive - Posted by
Cloud Infographic – Interesting Big Data Facts

Cloud Infographic – Interesting Big Data Facts

Big Data Facts You Didn’t Know The term Big Data has been buzzing around tech circles for a few years now. Forrester has defined big data as “Technologies and techniques that make capturing value from data at an extreme scale economical.” The key word here is economical. If the costs of extracting, processing, and making use…

New Report Finds 1 Out Of 3 Sites Are Vulnerable To Malware

New Report Finds 1 Out Of 3 Sites Are Vulnerable To Malware

1 Out Of 3 Sites Are Vulnerable To Malware A new report published this morning by Menlo Security has alarmingly suggested that at least a third of the top 1,000,000 websites in the world are at risk of being infected by malware. While it’s worth prefacing the findings with the fact Menlo used Alexa to…

The Security Gap: What Is Your Core Strength?

The Security Gap: What Is Your Core Strength?

The Security Gap You’re out of your mind if you think blocking access to file sharing services is filling a security gap. You’re out of your mind if you think making people jump through hoops like Citrix and VPNs to get at content is secure. You’re out of your mind if you think putting your…

How To Humanize Your Data (And Why You Need To)

How To Humanize Your Data (And Why You Need To)

How To Humanize Your Data The modern enterprise is digital. It relies on accurate and timely data to support the information and process needs of its workforce and its customers. However, data suffers from a likability crisis. It’s as essential to us as oxygen, but because we don’t see it, we take it for granted.…

Adopting A Cohesive GRC Mindset For Cloud Security

Adopting A Cohesive GRC Mindset For Cloud Security

Cloud Security Mindset Businesses are becoming wise to the compelling benefits of cloud computing. When adopting cloud, they need a high level of confidence in how it will be risk-managed and controlled, to preserve the security of their information and integrity of their operations. Cloud implementation is sometimes built up over time in a business,…

Cloud Security Risks: The Top 8 According To ENISA

Cloud Security Risks: The Top 8 According To ENISA

Cloud Security Risks Does cloud security risks ever bother you? It would be weird if it didn’t. Cloud computing has a lot of benefits, but also a lot of risks if done in the wrong way. So what are the most important risks? The European Network Information Security Agency did extensive research on that, and…

Virtual Immersion And The Extension/Expansion Of Virtual Reality

Virtual Immersion And The Extension/Expansion Of Virtual Reality

Virtual Immersion And Virtual Reality This is a term I created (Virtual Immersion). Ah…the sweet smell of Virtual Immersion Success! Virtual Immersion© (VI) an extension/expansion of Virtual Reality to include the senses beyond visual and auditory. Years ago there was a television commercial for a bathing product called Calgon. The tagline of the commercial was Calgon…

Cloud-Based or On-Premise ERP Deployment? Find Out

Cloud-Based or On-Premise ERP Deployment? Find Out

ERP Deployment You know how ERP deployment can improve processes within your supply chain, and the things to keep in mind when implementing an ERP system. But do you know if cloud-based or on-premise ERP deployment is better for your company or industry? While cloud computing is becoming more and more popular, it is worth…

Having Your Cybersecurity And Eating It Too

Having Your Cybersecurity And Eating It Too

The Catch 22 The very same year Marc Andreessen famously said that software was eating the world, the Chief Information Officer of the United States was announcing a major Cloud First goal. That was 2011. Five years later, as both the private and public sectors continue to adopt cloud-based software services, we’re interested in this…

Digital Twin And The End Of The Dreaded Product Recall

Digital Twin And The End Of The Dreaded Product Recall

The Digital Twin  How smart factories and connected assets in the emerging Industrial IoT era along with the automation of machine learning and advancement of artificial intelligence can dramatically change the manufacturing process and put an end to the dreaded product recalls in the future. In recent news, Samsung Electronics Co. has initiated a global…