Category Archives: Security

Three Reasons Cloud Adoption Can Close The Federal Government’s Tech Gap

Three Reasons Cloud Adoption Can Close The Federal Government’s Tech Gap

Federal Government Cloud Adoption

No one has ever accused the U.S. government of being technologically savvy. Aging software, systems and processes, internal politics, restricted budgets and a cultural resistance to change have set the federal sector years behind its private sector counterparts. Data and information security concerns have also been a major contributing factor inhibiting the adoption of new technologies such as the cloud. Keeping data on-premise has long-been considered to be the more secure option; however, ever-increasing incidents of hacking, data breaches and even cyber terrorism within government entities from the IRS to most recently, the Office of Personnel Management (OPM), indicate that change is needed, and fast.

Slowly, but surely, a technology revolution is taking place within the public sector. Due in large part to the introduction of the Obama administration’s “Cloud First” policy in late 2010, the establishment of the Federal Risk and Authorization Management Program (FedRAMP), a standardized approach for conducting security assessments, authorizations and monitoring for cloud technologies, as well as innovations in cloud offerings themselves, cloud adoption among federal agencies is taking off. The General Services Administration (GSA), Department of the Interior (DOI), the Department of Agriculture (USDA), NASA, and even the Central Intelligence Agency (CIA) and NSA are just a few of the many agencies who have embraced cloud solutions in recent months and years. Further, with IDC’s recent Federal Cloud Forecast projecting sustained growth through 2018, the public sector is nearing its tipping point in cloud adoption.

Should this trend continue as expected, below are three reasons that cloud adoption can be the answer to close the federal government’s technology gap.

Availability of Clear Guidelines for Cloud Adoption

In the past, government agencies lacked a clear roadmap for evaluating and selecting authorized cloud providers, making it difficult for the technology to break through in the federal sector. According to the FedRAMP website, this resulted in, “a redundant, inconsistent, time-consuming, costly and inefficient risk management approach to cloud adoption.”

The introduction of FedRAMP has provided agencies with much-needed guidelines and structure to accelerate the use of cloud technology in all facets of the government. Today, cloud systems are authorized in a defined (and repeatable) three-step process: security assessment, leveraging & authorization, and ongoing assessment & authorization. Among its benefits, the federal program estimates that its framework will decrease costs by 30-40 percent and will reduce both time and staff resources associated with redundant cloud assessments across agencies.

Incentives to Focus on Cyber-Security

In October 2015, U.S. federal government CIO Tony Scott professed his support for the cloud during a Google at Work webcast, saying:

I see the big cloud providers in the same way I see a bank. They have the incentive, they have skills and abilities, and they have the motivation to do a much better job of security than any one company or any one organization can probably do.”

He’s right, and his comments represent a stark departure from the general consensus in the public sector just a few short years ago. Applying the same security measures and best practices to legacy, on-premise solutions requires both time and significant spend—both of which the government lacks. The competitive nature of the cloud business in recent years has challenged providers to adopt agile security practices, resulting in solutions that are secure, reliable and execute seamlessly. From email management systems to data storage services, continued cloud adoption at the federal-level will enable agencies to achieve long-term benefits that will eventually be impossible to achieve with on-premise systems, including advanced cybersecurity capabilities, guaranteed business continuity, as well as enhanced performance management functionality.


Bring Greater Efficiency in IT Spending

In February 2015, the International Association of Information Technology Asset Managers (IAITAM) released a report criticizing the U.S. government on its IT spending. The report suggested that while the federal government spends over six times more on IT per employee than its private sector counterpart, it also wastes 50 percent of its more than $70 billion IT budget due to a lack of standardization and controls. Combined, these factors have created a breeding ground for IT failures and exploits from threats inside and outside government walls. This is further indication that the existing status quo is inefficient and is putting the government (and U.S. citizens) at risk.

Over time, leveraging the “pay-as-you-go” model of the cloud, federal sector can decrease its IT spending, creating new efficiencies. Software and application management for example, which requires abundant resources to oversee in on-premise deployments, is virtually eliminated with a cloud-based solution. From business continuity and software maintenance to eventually, compliance and IT risk-related activities, the onus, falls on the cloud provider, not the customer. Thus, federal IT workers are freed up to focus on more mission-critical initiatives, rather than spinning wheels on inefficient technology, programs and processes.

While it will take some time before the cloud truly takes off in the federal sector, it’s hard to ignore the benefits that both the private sector and forward-thinking government agencies have seen with the technology to date. The time is now to make a change for good. If the U.S. wants to be viewed as one of the most technologically advanced nations in the world, it’s prudent that the government itself practice what it preaches, doing what’s needed to establish the country as a leader, rather than a follower, in this rapidly-evolving digital age.

By Vibhav Agarwal

The Five Rules of Security and Compliance in the Public Cloud Era

The Five Rules of Security and Compliance in the Public Cloud Era

Security and Compliance 

With technology at the heart of businesses today, IT systems and data are being targeted by criminals, competitors and even foreign governments. Every day, we hear about how another retailer, bank or Internet company has been hacked and private information of customers or employees stolen. Governments and oversight organizations are responding to these attacks with calls for tighter control and regulations, from the Society for Worldwide Interbank Financial Telecommunication (SWIFT) beefing up its requirements for members to new proposed regulations targeting financial institutions in the State of New York. It is no wonder that as enterprises embrace the public cloud to run their critical applications, (See image) compliance remains one of the top concerns.

Biggest Barriers Holding You Back


Enterprises used to regard IT compliance audits and certifications, e.g., HIPAA for hospital IT systems or PCI DSS for banks and e-commerce companies, primarily from the perspective of staying on the right side of the law. But this is changing – companies across all industries are now willing to spend on IT security and compliance, not only to deal with legal requirements but also to win customer trust and ensure that they don’t make headlines for the wrong reasons.

Security and compliance in public-cloud environments are fundamentally different from private datacenter security. Old techniques and controls (e.g., connecting to physical switch TAP/SPAN ports and sniffing traffic, installing gateway firewalls at perimeters) do not work in the cloud any more. With compliance playing a key role in IT security and governance, it is important to keep a few guidelines in mind when it comes to managing public-cloud environments.

1. Start with a dose of security common sense: Common data and information security best practices lie at the heart of compliance standards such as HIPAA and PCI DSS as well as of security frameworks such as the CIS Benchmarks for Amazon Web Services (AWS). For example, compliance rulesets for cloud environments typically stipulate password policies, encryption of sensitive data and configuration of security groups. Enterprise IT and security teams would do well to incorporate these rules into their security management, irrespective of compliance requirements.

2. Remember the shared-responsibility model: Public cloud providers such as AWS follow a shared-responsibility model; they manage the security of the cloud and leave security in the cloud (environment) to the customer. These clouds have invested heavily to build security into their products and develop customer confidence. AWS has robust controls in place to maintain security and compliance with industry standards such as PCI and ISO 27001. In going from datacenters to public cloud environments, security administrators need to understand what aspects of security compliance they are responsible for in the cloud. This requires cross-functional collaboration between the operations and security teams to map the security controls in the datacenter to those in public-cloud environments.

3. Stay compliant all the time: In the software-defined world of public clouds, where a simple configuration change can expose a private database or application server to the world, there are no second chances. Enterprises are going from periodic security checks to continuous enforcement and compliance. Businesses that develop and deploy applications in clouds need to bake security and compliance checks into the development and release process. A software build that causes a security regression or does not meet the bar for compliance should not be released to a product environment. Enterprise IT needs to ensure that the tools they use for compliance monitoring and enforcement allow them to check applications for compliance before they are deployed.

4. Automate or die: Manual security and compliance processes don’t work in the dynamic, scalable world of the public cloud. When a business’ cloud environment spans hundreds or thousands of instances across accounts, regions and virtual private clouds, just the process of gathering the data required to run a compliance audit can take days or weeks, driving up the time to compliance and increasing the risk of errors. Even a team of qualified security personnel may not be able to detect vulnerabilities and respond in a timely manner. Automation is key to survival in the public cloud. It is no wonder that Michael Coates, the trust and infosec officer of Twitter, said “Automate or die. This is the biggest thing I stick by in this day and age.” In selecting the tools to manage compliance in cloud environments, enterprise IT must regard automated data aggregation, compliance checking and enforcement of security gold standards as table stakes.

5. Don’t just find it, fix it: There is an abundance of security-monitoring products in the market today that allow administrators to find security misconfigurations and vulnerabilities but do not offer the control to fix these issues. These tools are limited in scope and utility and force enterprise IT to use a patchwork of tools to manage the security and compliance lifecycle. Businesses should pick comprehensive “find it, fix it, stay fixed” platforms that do not stop at identifying issues with the environment but offer the tools required to fix them and put safeguards and controls in place to ensure that security best practices are enforced.

Public clouds are transforming the world of enterprise IT by offering unprecedented agility and a pay-as-you-grow operational model. Clouds are also changing the rules of the game for IT security and compliance management by offering new controls and capabilities. The tools and processes that served IT well in datacenter environments will not work in the public cloud. It is time for security and compliance to be transformed as well.

By Suda Srinivasan, Vice President of Growth at Dome9

suda_dome9Suda is the Vice President of Growth at Dome9, where he oversees marketing and customer growth. Prior to Dome9, Suda held a senior marketing role at Nutanix where he was responsible for defining, communicating and driving the execution of the go-to-market strategy for the company’s enterprise cloud platform. Suda is a seasoned leader with extensive experience in technology, having worked in engineering, strategy consulting and marketing roles at Nutanix, Microsoft, Coraid and Deloitte

Is Complete Cyber Security Possible?

Is Complete Cyber Security Possible?

Cyber Security Concerns

Every minute, we are seeing about half a million attack attempts that are happening in cyberspace.” – Derek Manky, Fortinet global security strategist

Pricewaterhouse Coopers has predicted that cyber security will be one of the top risks facing financial institutions over the course of the next 5 years. They have pointed at a number of risk factors, such as the rapid growth of the Internet of Things, increased use of mobile technology, and cross border data exchange, that will contribute to this ever growing problem.

Gartner has estimated that by 2020, the number of connected devices will jump from around 6.4 billion to more than 20 billion connected devices. In other words, there will be between two and three connected devices for every human being on the planet. Derek Manky of Fortinet, told CNBC that “The largest we’ve seen to date is about 15 million infected machines controlled by one network with an attack surface of 20 billion devices. Certainly that number can easily spike to 50 million or more“. So in a world where Cyber Security seems almost unattainable, is it still possible for you, or for large companies, to remain protected?


According to Cross Domain Solutionscomprehensive security is possible by making all security data accessible and automating security procedures”, which allows threats to dealt with in real time. They suggest an approach focused on data confidentiality, data integrity and the authenticity of users and data placeholders. Although it is theoretically possible, this is unlikely to provide total cyber security in practical situations.

The expansion and widespread adoption of the Internet of Things (IoT) has become the most pressing cyber security issue over the last 5 years. Smart phones, smart watches, smart TVs and smart homes, amongst other devices, have increased the surface area for hackers to take advantage of exponentially. This combined with the problems of perimeter security in cloud-based services, the sheer size of data collection by IoT devices, and the lack of security on many modern IoT devices, mean that complete cyber security (for businesses or individuals) will become increasingly more difficult. In a move that shocked the world earlier this year, hackers made off with tens of millions of dollars from Bangladesh’s central bank by using malware to gain access to accounts. Cyber Security is a very real issue for any business that has valuable information or assets stored digitally.

james-lewisIt has been suggested that we should focus on strategies to reduce risk that use formulas such as cyber risk = threats X vulnerabilities X consequences; thus by reducing one of the factors to zero we can achieve complete Cyber security. The Common Vulnerabilities and Exposures list has more than 50,000 recorded vulnerabilities (with more added every hour), so it is almost impossible to ensure your network can deal with an incessant wall of hackers trying to get in. James Lewis, a cybersecurity expert at the Washington DC-based Center for Strategic and International Studies (CSIS), commented recently that businesses need to stop worrying about preventing intruders from accessing their networks. They should instead be concentrating on minimising the damage they cause when they do gain access. According to the Cisco 2015 Annual Security Report, “Security is no longer a question of if a network will be compromised. Every network will, at some point, be compromised”.

Fortunately for the tech world, the same capabilities that make networks more vulnerable can help to strengthen defences as well. Financial institutions are able to utilise big data analytics to monitor for covert threats, helping them to identify evolving external and internal security risks and react much more quickly. Whilst total cyber security may not be practically possible, the technology exists for businesses to be as security conscious as they feel they want to be. Both consumers and businesses should be assigning cyber security as the highest priority.

By Josh Hamilton

SAP Digital Consumer Insight: SAP’s Data-as-a-Service Tool Helps Business Owners Know Their Customers

SAP Digital Consumer Insight: SAP’s Data-as-a-Service Tool Helps Business Owners Know Their Customers

SAP’s Data-as-a-Service Tool

There was a point not too long ago when futurologists believed that all retail would be going online, with anonymous transactions and drone deliveries meaning you would never have to leave your couch to satisfy all your shopping needs. In fact, the opposite has happened. Brick and mortar retail stores have embraced and incorporated big data, cloud computing and the internet to deliver a much-improved retail experience for business owners and consumers alike.

When Jud and Julie Soderborg opened the fashion boutique Koan in New York’s East Village, they wanted to really understand the identity and the behaviors of the people who were walking by their store, and could be potential customers. So the husband and wife team initiated a three-day data gathering project using SAP’s Digital Consumer Insight tool. They began by focusing on when foot traffic peaked and when it was at its lowest, then dug deeper to find out where people were coming from, who they were in terms of age & gender and even what sort of devices these people were using.

Peak Traffic

When they collated all the data, they discovered that the foot traffic past their location was primarily millennials from the Williamsburg / East Village area who were using Apple devices. As a result Koan was able to shape their offerings accordingly and target their marketing tone to suit the foot traffic, confident that they were appealing to the correct demographic.

You can read more of their story, as well as many more use cases here:

E-commerce retailers have known for a long time who their customers are, due to their ability to track their clicks and their online behavior. SAP’s Chief Digital Officer Jonathan Becher explains, “This offering does to retail stores what Web marketing has done for websites.” For example, an online retailer can track the path to purchase, the time to taken to get there and the demographics of a consumer. “What we’ve done for the first time is to take all this information that people have figured out in the digital world, and make it available to the physical world.

Where are they coming from?

The benefit of these insights can be applied in a number of ways for retailers. Everything from proximity marketing to location planning, sales strategies and campaigns will benefit from the snapshots provided by SAP Digital Consumer Insight. Through the data, retailers are striving to achieve a way of delivering a consistent, personalized product mix to customers across multiple channels that local consumers will relate to. It stands to reason that the deeper the understanding of customer behavior that there is, the easier it becomes to attract loyalty and increase the conversion rate and average basket value of purchases.

Consumers need not fear that their privacy is being violated in any way. The data which is collected and presented via Digital Insights is anonymized and aggregated, thus giving the business owner a snapshot of the traffic in the area while maintaining the privacy of the individuals.

SAP built its formidable reputation working with big businesses, but 80% of their customers are small and mid-sized so the company learned how to take what works at enterprise-level and adapt it for smaller businesses that realize how much they can benefit from actionable information.

Small business owners don’t have the time, skills or resources to build complicated data analysis systems. SAP Digital Consumer Insight is the perfect vehicle to address those concerns. Consumers can simply purchase a single data ‘Insight’ for $439.00, or they can select a bundle of five data ‘Insights’ for $1,429.00 – and begin to see their Insights instantly.

Visit the SAP Store to purchase the SAP Digital Consumer Insight package and take a massive step towards understanding who your customers are and what they need.

Sponsored spotlight series by SAP

By Jeremy Daniel

Around The Cloud – Top Tech News For The Week

Around The Cloud – Top Tech News For The Week

Amazon and VMWare

The biggest corporate news this week was that Amazon and VMWare are now partners, in a bid to win corporate customer’s hearts by combining the two. The new “VMWare on AWS Cloud” service will be available in the latter half of 2017. Dell and VMWare will be teaming up together to sell this new service, which promises to make it a lot easier to combine the usage of VMWare’s cloud software with AWS services, Fortune Magazine reports.

Cloud Security


Cloud security has also been the hot buzz word of the week again as more statistics have been released revealing flaws in the way companies are currently handling the cloud. InformationWeek reported the most shocking statistic by far: 80% of IT professionals report that their users are setting up and using unapproved cloud services. 40% claim these users have gone behind their backs at least five times to make this possible. Cloud storage services top the list, but email services such as Outlook and Yahoo are included as well. It is suggested that IT professionals educate their users on the risks involved in using such services unapproved, and restrict what websites they visit and software they install.

It’s very worrisome indeed that with so many employees using unapproved cloud and email services, cloud security Netskope revealed that 48% of the companies they surveyed don’t scan their cloud services for malware, either. 12% said they were unsure if they scan or not… but 57% of all the companies surveyed said they had found malware stored in their cloud. Interestingly, their survey also reveals that while 49% of the data stored in the cloud is known to these companies, 45% of the data stored is completely unknown to them. When asked about security worries, the top concern among the companies covered was a loss of control over the security of data and end-user. Next was loss or theft of intellectual property and compliance violations. BetaNews gives the full scoop on the statistics of this report.

So it really should come as no surprise that 43% of IT professionals say that it is difficult to secure data that is stored in the cloud! Over at eSecurityPlanet, an article on how 73% of IT professionals would prefer to store data locally was one of the top trending topics in technology this week. Another eye catching number in this story includes that 90% of the IT professionals interviewed believe that the cloud is forcing them to learn new job skills. “The cloud is ideal for businesses that need a cost effective, scalable and flexible means to transform their IT environments,” Philip Lieberman, the president and CEO of Lieberman Software, said in a statement. “Yet IT professionals are still reluctant to put sensitive data in the cloud because they say it is difficult to secure… What organizations need to understand is that the same security problems they face on premises follow them into the cloud… Migrating to the cloud doesn’t mean they face any more or less security risk than keeping data on premises.

By Jonquil McDaniel

The Value of Business Intelligence

The Value of Business Intelligence

Business Intelligence

Though there’s still some debate around the complete definition of business intelligence, it’s accepted to be a powerful tool that is quickly making its way through the ranks; once gracing only the largest organizations, business intelligence is today available to many smaller businesses thanks to advances in data management, analytics, and cloud developments. It’s generally accepted that business intelligence encompasses the fields of big data, its collection, and the analysis of it, as well as the visualizations of these disciplines for better business management and strategizing. Business Intelligence platforms include complex analytics facilities, predictive modeling, and powerful data mining tools that provide users with the insight and drive to better their organizations.

Better Decisions with Business Intelligence

Though Gartner expects that by 2020 “only 50% of chief analytics officers will have successfully created a narrative to respond to rapid change and link financial objectives to business intelligence and analytics initiatives and investments,” many business leaders recognize to some degree the ability for business intelligence to improve the competitiveness of their organizations through the clear benefits of increased revenue, lowered costs, and the tools to better read their markets for more rapid innovation and transformation. At the heart of this is the ability to make calculated business decisions.

Beyond cost reductions and operational efficiencies, Gartner recognizes the importance of using business intelligence applications to create workable insights which aid companies in superior customer engagement and greater value delivery. Technology and its constant transformation are disrupting and developing most industries today; for those business leaders willing to embrace new intelligence and revolution, business intelligence provides the information for effective decision making and business strategies that keep organizations at the top of their game.


Integrated Apps

In the past, business intelligence systems were highly complex, requiring trained analysts to operate and extract meaningful information. Though competent analysts are still in high demand to get the most out of such systems, some business intelligence platforms are broadening the user field with applications that allow more direct access to personnel through ‘self-service’ analytics. Such apps integrated into the business environment provide focused intelligence and insight to specific departments and encourage a more complete use of data and its insights.

What Not to Neglect

The benefits of implementing business intelligence solutions should be obvious, but taking advantage of these platforms requires effort and some key failures must be avoided:

  • Data Security: Data volumes grow daily and with it storage requirements. Finding cost effective solutions is necessary; finding secure solutions imperative. Once data is secured, implementing compliance programs can help ensure both secure access and storage is sustained.
  • Setting Objectives: Collecting data is relatively straightforward, but analyzing it and outputting relevant findings will require clearly defined business objectives. Knowing what an organization wants to accomplish ensures business intelligence outcomes don’t muddy the waters with many generalities but instead speak to business development.
  • Identify Irregularities: It’s important not to let the search for a particular pattern blind you to the unexpected; data will often back up notions we already hold, but what would be the point of business intelligence if not to point out original information? Noticing the differences is the start of the process towards shrewd decisions and unique strategies which could be putting the business one step ahead of its competitors.

No matter the absolute explanation of precisely what business intelligence is, the tools and features such platforms provide are delivering the technology that helps us put big data to good, and precise, use leading companies to greater competition, and eliminating both customer and employee frustrations. Exploiting these platforms holds the promise of progressive solutions, innovative products and services, and enhanced business processes.

By Jennifer Klostermann

IBM Redefines Security, Availability and Economics of Storing Data in the Hybrid Cloud

IBM Redefines Security, Availability and Economics of Storing Data in the Hybrid Cloud

ARMONK, NY – 13 Oct 2016: IBM (NYSE: IBM) today is introducing a new cloud object storage service that redefines the security, availability and economics of storing, managing and accessing massive amounts of digital information across hybrid clouds. The company’s breakthrough new IBM Cloud Object Storage offering derives from IBM’s acquisition of Cleversafe and its significant portfolio of patents which are designed to deliver clients better value with industry-leading security.

Though organizations are flocking to the cloud for improved efficiencies and IT agility, clients see a gap in their ability to store increasingly larger volumes of data – on premises and off premises. Presently companies have to choose between storing data on internal servers and storage systems, or in the cloud. It’s a dilemma that has hindered business flexibility and raised infrastructure costs. As data volumes continue to grow across industries, the need to create flexible hybrid cloud storage solutions has intensified.

The new IBM Cloud Object Storage storage-as-a-service offerings will enable clients for the first time to scale large unstructured data volumes across on-premises systems as well as public and private clouds quickly and easily. This will dramatically increase IT system flexibility and security. In a price comparison of identical object storage capacity running on a competitive cloud, the new IBM Cloud Object Storage demonstrated more than 25% lower costs for the capacity, environment and locations compared. Built on an innovation called SecureSlice from industry leader, Cleversafe, (acquired by IBM in 2015), IBM Cloud Object Storage is designed to make storing and managing that data on the IBM Cloud reliable and available across regions and around the clock.

As clients continue to move massive workloads to hybrid clouds there is a need for an easier, more secure and economical way to store and manage mounting volumes of digital information,” said Robert LeBlanc, Senior Vice President, IBM Cloud. “With today’s announcement, IBM becomes the leading cloud vendor to provide clients the flexibility and availability of object data storage across on-premises and public clouds.”

Bitly Migrates 1 Billion Datasets to IBM Cloud Object Storage; Adopts IBM as its Exclusive Cloud Platform

Bitly, the world’s leading customer experience platform, is continually looking for new ways to help organizations use its software platform to gain actionable insights about their customers. The company has adopted the new IBM Cloud Object Storage service to more quickly and easily analyze historical data that is being produced by the more than 10 billion clicks it processes each month across the world. This historical data, up to 500TB, includes user interactions across online channels – useful information for marketers that are using Bitly to deliver and measure their efforts across all marketing channels.

With more than 400 million new links created every month, the Bitly platform is growing at an explosive rate,” said Robert Platzer, CTO, Bitly. “We turned exclusively to IBM Cloud because of its leadership in data services. Through this partnership IBM will help us transform our business and build a variety of new cloud services – from advanced analytics and data mining to data research – into our software platform. The new IBM Cloud Object Storage service will enable us to manage all the data from our on-premises and cloud infrastructure with ease and flexibility.”

Bitly’s adoption of IBM Cloud Object Storage is part of a deep multi-year partnership with IBM. With today’s announcement, IBM Cloud has become the exclusive cloud platform for Bitly. Earlier this year, the company moved 25 billion data-infused links to IBM Cloud to take advantage of the high performance and global scale of IBM’s nearly 50 global Cloud Data Centers. With that migration complete, the company has turned its attention to managing all 1 billion datasets of the historical interactions behind those links with IBM Cloud Object Storage.

IBM Breaks the Constraints of Today’s Storage Architecture

At the heart of the new IBM Cloud Object Storage service is IBM’s innovative SecureSlice, which combines encryption and erasure coding for greater security and information dispersal which enhances data availability. These fundamental technologies can help clients satisfy their data compliance security requirements and maintain access to critical data even in the face of a regional outage. These capabilities are also delivered without having to make expensive copies of data, resulting in improved economics to clients. Specifically:


IBM is the only company to have combined erasure coding with encryption and decryption. When data comes into the IBM Cloud Object Storage system, SecureSlice automatically encrypts each segment of data before it is erasure coded and dispersed. The content can only be re-assembled through IBM Cloud’s “Accesser” technology at the client’s primary data center, where the data was originally received, and decrypted by SecureSlice.


Because of these innovations, IBM Cloud Object Storage can tolerate even catastrophic regional outages without interruption of access to data or the need for customer intervention. Continuous availability is inherent in the architecture. Some traditional cloud storage providers, place the burden of data management and the cost for creating and maintaining a second copy for regional fault tolerance on the client.


As a result of the technology’s robust hybrid capabilities, IBM Cloud Object Storage has demonstrated it can, for the compared capacity, environment and locations, reduce certain overall costs of cloud storage. For example, based on internal IBM testing comparing IBM Cloud Object Storage Vault Cross-Region Services to a leading vendor in head-to-head Cross Region service managing ½ petabyte (PB) of data, the IBM solution was close to 24% less expensive for the location and workload compared, and at 5PB the service was more than 25% less expensive.

Delivering the Flexibility Clients Need to Meet Business Requirements

IBM Cloud Object Storage is offered in two public, multi-tenant services: Cross Region Service, which sends the sliced data to at least three geographically dispersed regions across IBM Cloud data centers; and Regional Service, which holds the data in multiple data centers in a given region. Both the Regional and Cross Region services provide SecureSlice, encrypted erasure coding to protect the data. The new services complement the company’s existing IBM Cloud Object Storage System for on premises object storage, and the IBM Cloud Object Storage Dedicated Service, a private cloud offering that runs on bare-metal servers on IBM Cloud. All of the IBM Cloud Object Storage services on or off-premises support Amazon S3 and OpenStack Swift interfaces for greater programming flexibility.

IBM Brings Cloud Object Storage to hundreds of Storage Platforms with Transparent Cloud Tiering

Finally, for the first time, IT organizations with on-premises storage will be able to move data seamlessly to and from the cloud. IBM Spectrum Virtualize will add hybrid cloud capabilities to nearly 400 platforms, both IBM and non-IBM. IBM Spectrum Virtualize, IBM Spectrum Protect and IBM Spectrum Scale, use Transparent Cloud Tiering to extend traditional storage to the cloud with policy driven, automated simplicity, security and control.

IBM Cloud Object Storage is available now for enterprise clients across IBM Cloud data centers in the US and Europe and will be available in the Asia Pacific region in December. Availability via digital channels, with swipe-and-go credit card support, will begin in the US starting in December and Europe soon thereafter.

About IBM

For more on IBM Cloud, visit

For more on IBM Storage, visit

For more information on IBM Cloud Object Storage, visit

The DDoS That Came Through IoT: A New Era For Cyber Crime

The DDoS That Came Through IoT: A New Era For Cyber Crime

A New Era for Cyber Crime

Last September, the website of a well-known security journalist was hit by a massive DDoS attack. The site’s host stated it was the largest attack of that type they had ever seen. Rather than originating at an identifiable location, the attack seemed to come from everywhere, and it seemed to have been driven through a botnet that included IoT-connected devices like digital cameras. This was something special and unusual, and a stark warning about the future of cyber warfare.

The attack was so large and relentless that the journalist’s site had to be taken down temporarily. The exercise of fending off the attack and then repairing and rebuilding was extremely expensive. Given that the target was a writer and expert on online security and cybercrime, the attack was not only highly destructive but also symbolic: a warning to security specialists everywhere that the war has changed.

Chris Sellards, a Texas-based Certified Cloud Security Professional (CCSP) agrees. He points to the sheer volume of IoT connected devices – a number that is growing exponentially, with Gartner forecasting 6.4 billion devices to be connected this year.

PC users have become a little more sophisticated with regard to security in recent years,” Sellards says. “They used to be the prime target when creating a botnet and launching DDoS attacks because they rarely patched their systems and browser configuration settings were lax by default. However, with automatic upgrades and an increased use of personal firewalls and security apps, PCs have become a little more of a challenge to penetrate. Attackers almost always take the path of least resistance.”

Consequently, IoT devices have become the new playground. They are the new generation of connected machines that use default passwords, hard coded passwords, and inadequate patching. The rush to make everything IoT compatible and affordable leaves little time or incentive for manufacturers to build in sophisticated security layers. In addition, there is an innocence factor at play. Who would ever suspect their digital camera, fitness tracker or smart thermostat of being an accomplice to cybercrime?


Sellards points out that one of the most interesting aspects of the attack was that GRE (Generic Routing Encapsulation protocol) was used instead of the normal amplification techniques used in most DDoS attacks. This represents a change in tactic specifically designed to take advantage of the high bandwidth internet connections that IP based video cameras use.

These developments have experts like Sellards worried, given the huge – and growing – number of IoT devices that form part of the nation’s critical infrastructure. “If default and hardcoded passwords can be compromised to install malware that launches DDoS attacks, they can also be compromised to launch more nefarious attacks with significantly higher consequences,” he says. It shows IoT installs are insecure and not hardened. They are exposed to the Internet without firewall filtering. “All best business practices we’ve spent decades developing have gone right out the window.” 

IoT in general represents a fascinating new chapter in convenience and communication for businesses and consumers alike. But as all security experts already know, the bad guys never rest. The way in which they discovered and exploited both the weaknesses and the built-in features of IoT shows a creativity and dedication that must never be ignored. Thus the value of a CCSP having a seat at the executive table has just increased exponentially.

For more on the CCSP certification from (ISC)2, please visit their website. Sponsored by (ISC)2.

By Steve Prentice

CloudTweaks Comics
Cloud Infographic – DDoS attacks, unauthorized access and false alarms

Cloud Infographic – DDoS attacks, unauthorized access and false alarms

DDoS attacks, unauthorized access and false alarms Above DDoS attacks, unauthorized access and false alarms, malware is the most common incident that security teams reported responding to in 2014, according to a recent survey from SANS Institute and late-stage security startup AlienVault. The average cost of a data breach? $3.5 million, or $145 per sensitive…

The Conflict Of Net Neutrality And DDoS-Attacks!

The Conflict Of Net Neutrality And DDoS-Attacks!

The Conflict Of Net Neutrality And DDoS-Attacks! So we are all cheering as the FCC last week made the right choice in upholding the principle of net neutrality! For the general public it is a given that an ISP should be allowed to charge for bandwidth and Internet access but never to block or somehow…

Timeline of the Massive DDoS DYN Attacks

Timeline of the Massive DDoS DYN Attacks

DYN DDOS Timeline This morning at 7am ET a DDoS attack was launched at Dyn (the site is still down at the minute), an Internet infrastructure company whose headquarters are in New Hampshire. So far the attack has come in 2 waves, the first at 11.10 UTC and the second at around 16.00 UTC. So…

Cloud Infographic: Security And DDoS

Cloud Infographic: Security And DDoS

Security, Security, Security!! Get use to it as we’ll be hearing more and more of this in the coming years. Collaborative security efforts from around the world must start as sometimes it feels there is a sense of Fait Accompli, that it’s simply too late to feel safe in this digital age. We may not…

The DDoS That Came Through IoT: A New Era For Cyber Crime

The DDoS That Came Through IoT: A New Era For Cyber Crime

A New Era for Cyber Crime Last September, the website of a well-known security journalist was hit by a massive DDoS attack. The site’s host stated it was the largest attack of that type they had ever seen. Rather than originating at an identifiable location, the attack seemed to come from everywhere, and it seemed…

A New CCTV Nightmare: Botnets And DDoS attacks

A New CCTV Nightmare: Botnets And DDoS attacks

Botnets and DDoS Attacks There’s just so much that seems as though it could go wrong with closed-circuit television cameras, a.k.a. video surveillance. With an ever-increasing number of digital eyes on the average person at all times, people can hardly be blamed for feeling like they’re one misfortune away from joining the ranks of Don’t…

Reuters News: Powerfull DDoS Knocks Out Several Large Scale Websites

Reuters News: Powerfull DDoS Knocks Out Several Large Scale Websites

DDoS Knocks Out Several Websites Cyber attacks targeting the internet infrastructure provider Dyn disrupted service on major sites such as Twitter and Spotify on Friday, mainly affecting users on the U.S. East Coast. It was not immediately clear who was responsible. Officials told Reuters that the U.S. Department of Homeland Security and the Federal Bureau…

The Importance of Cloud Backups: Guarding Your Data Against Hackers

The Importance of Cloud Backups: Guarding Your Data Against Hackers

The Importance of Cloud Backups Cloud platforms have become a necessary part of modern business with the benefits far outweighing the risks. However, the risks are real and account for billions of dollars in losses across the globe per year. If you’ve been hacked, you’re not alone. Here are some other companies in the past…

How The CFAA Ruling Affects Individuals And Password-Sharing

How The CFAA Ruling Affects Individuals And Password-Sharing

Individuals and Password-Sharing With the 1980s came the explosion of computing. In 1980, the Commodore ushered in the advent of home computing. Time magazine declared 1982 was “The Year of the Computer.” By 1983, there were an estimated 10 million personal computers in the United States alone. As soon as computers became popular, the federal government…

How Formal Verification Can Thwart Change-Induced Network Outages and Breaches

How Formal Verification Can Thwart Change-Induced Network Outages and Breaches

How Formal Verification Can Thwart  Breaches Formal verification is not a new concept. In a nutshell, the process uses sophisticated math to prove or disprove whether a system achieves its desired functional specifications. It is employed by organizations that build products that absolutely cannot fail. One of the reasons NASA rovers are still roaming Mars…

Adopting A Cohesive GRC Mindset For Cloud Security

Adopting A Cohesive GRC Mindset For Cloud Security

Cloud Security Mindset Businesses are becoming wise to the compelling benefits of cloud computing. When adopting cloud, they need a high level of confidence in how it will be risk-managed and controlled, to preserve the security of their information and integrity of their operations. Cloud implementation is sometimes built up over time in a business,…

Are CEO’s Missing Out On Big Data’s Big Picture?

Are CEO’s Missing Out On Big Data’s Big Picture?

Big Data’s Big Picture Big data allows marketing and production strategists to see where their efforts are succeeding and where they need some work. With big data analytics, every move you make for your company can be backed by data and analytics. While every business venture involves some level of risk, with big data, that risk…

The Security Gap: What Is Your Core Strength?

The Security Gap: What Is Your Core Strength?

The Security Gap You’re out of your mind if you think blocking access to file sharing services is filling a security gap. You’re out of your mind if you think making people jump through hoops like Citrix and VPNs to get at content is secure. You’re out of your mind if you think putting your…

Virtual Immersion And The Extension/Expansion Of Virtual Reality

Virtual Immersion And The Extension/Expansion Of Virtual Reality

Virtual Immersion And Virtual Reality This is a term I created (Virtual Immersion). Ah…the sweet smell of Virtual Immersion Success! Virtual Immersion© (VI) an extension/expansion of Virtual Reality to include the senses beyond visual and auditory. Years ago there was a television commercial for a bathing product called Calgon. The tagline of the commercial was Calgon…

3 Keys To Keeping Your Online Data Accessible

3 Keys To Keeping Your Online Data Accessible

Online Data Data storage is often a real headache for businesses. Additionally, the shift to the cloud in response to storage challenges has caused security teams to struggle to reorient, leaving 49 percent of organizations doubting their experts’ ability to adapt. Even so, decision makers should not put off moving from old legacy systems to…


Sponsored Partners

Collaborative Economy – Customer Appreciation Day
Help Your Business Improve Security By Choosing The Right Cloud Provider
Cyber Security: An Ounce of Prevention
Collaborative Economy – The Death Of “Death By Meeting”
Unscrambling An Egg: How CIOs Can Enable Business Through Unstructured Data
Security Training Through Practical Experience
Salesforce Service Cloud: Air Traffic Control For Your Customer
Hybrid IT Matures Just In Time To Tackle Complex Challenges
Watching You Shop: Stores And Mannequins “Read” Their Customers And Respond
SAP HANA® And Global Healthcare