Category Archives: Security

Three Challenges of Network Deployment in Hyperconverged Infrastructure for Private Cloud

Three Challenges of Network Deployment in Hyperconverged Infrastructure for Private Cloud

Hyperconverged Infrastructure

In this article, we’ll explore three challenges that are associated with network deployment in a hyperconverged private cloud environment, and then we’ll consider several methods to overcome those challenges.

The Main Challenge: Bring Your Own (Physical) Network

Some of the main challenges of deploying a hyperconverged infrastructure software solution in a data center are the diverse physical configurations. The smart network layer may be the leading component that is tasked with the need to automatically learn the physical network layer’s topology and capabilities. Modern data center operations are expected to be automated and fast. There is no place for traditional, customized and cumbersome installation and integration processes. When deploying hyperconverged smart software on top of a data center infrastructure, running a fast and automated deployment is necessary.

data

In every organization, IT operations leaders have their own philosophy about how to deploy, integrate and manage network traffic. From our discussions with enterprise network experts, I’ve found that every leader has their own specific “network philosophy” that generally includes the following phrases:

“We believe in running internal and guest networks over the same physical network.”

“We believe in running the external communications over the 1G on-board configuration interface, while the rest of the traffic runs on 10G.”

“We like to keep things super simple and run everything on a single Interface.”   

  1. Deploying Logical Over Physical

Physical networks consist of groups of appliances that are connected using protocols. Logical networks are constructed out of different types of traffic and are completely agnostic to physical networks, but they still need to run on them.

For example, let’s assume that data center traffic can be segmented into three types: red, green and blue. Let’s also assume that according to the network admin’s philosophy, red is 1G, routed externally, and green and blue are both 10G, isolated and non-routable. It is important to ensure that each node is linked to each of the three different logical networks on certain physical interfaces. We can only connect the logical layer when the physical one is connected. This can be done by separating the types of traffic from the physical source (the node), then allocating each logical type of traffic to a physical network. In the end, each of the networks (red, green and blue) is connected to the related physical interface.

  1. Automatic and Scalable Deployment

In comparison to custom deployments that tend to involve cumbersome processes mainly completed by integrators, building a hyperconverged smart solution needs to deploy an environment with hundreds of nodes in a matter of minutes.  To achieve this, the deployment must be automatic, easy and bulletproof. Additionally, deployment techniques should not require user intervention per node (users should not have to manually configure the network, or analyze how each server is physically connected to the network). Smart hyperconverged solutions need to automatically discover and analyze an underlying network’s infrastructure.

Automatic network deployment also requires an ‘infection’ mode, where several high-availability network seeders infect all of the servers that connect with them, and in turn, immediately infect their networks. Once all of the nodes are infected, the hyperconverged solution has access to them and can retrieve and analyze information accordingly. After the seeder absorbs all of the network philosophy from the infecting servers, the current state of the physical network is analyzed. Once the scale goes beyond the capacity of normal broadcast domains, the cluster should cross over broadcast domains and start deploying over L3 and IP networks.

  1. Resilient Deployment

When deploying hundreds of nodes in a short period of time, the deployment process needs to adjust to faults and changes. Automatic deployment must assume that the nodes may fail during installation, but cluster deployment should still continue. In addition to making the system prone to errors, it is important to make relevant services highly available when dealing with deployment issues  to auto-detect and notify admins.

Returning to our example, let’s say that one of the servers is not connected to the red network, or that one of the servers has the red and green networks crossed. If not corrected in deployment, these errors must be passed to the admin for intervention without affecting the deployment of the rest of the cluster. It is important to note that this is an ongoing process. The system must be able to auto-tune itself according to physical changes and faults to maintain its reliability.

Final Note

To align with the data center leaders’ philosophy, a smart hyperconverged solution should enable the input of specific configuration preferences at the start of the process. Once the system goes into its “infection” mode, this specific philosophy can be embedded into the network.

By Ariel Maislos, CEO of Stratoscale

ariel-maislosAriel brings over twenty years of technology innovation and entrepreneurship to Stratoscale. 

In 2006 Ariel founded Pudding Media, an early pioneer in speech recognition technology, and Anobit, the leading provider of SSD technology acquired by Apple (AAPL) in 2012. At Apple, he served as a Senior Director in charge of Flash Storage, until he left the company to found Stratoscale. Ariel is a graduate of the prestigious IDF training program Talpiot, and holds a BSc from the Hebrew University of Jerusalem in Physics, Mathematics and Computer Science (Cum Laude) and an MBA from Tel Aviv University. 

What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

DDoS Attacks

October 21st, 2016 went into the annals of Internet history for the large scale Distributed Denial of Service (DDoS) attacks that made popular Internet properties like Twitter, SoundCloud, Spotify and Box inaccessible to many users in the US.

The DDoS attack happened in three waves targeting DNS service provider Dyn, resulting in a total of about three hours of service outage. The attack was orchestrated using a botnet of connected devices including a large number of webcams sold by a single manufacturer, which simultaneously made tens of millions of DNS requests on Dyn’s servers. Given the impact and severity, Dyn was quick to release a statement that more fully explained the incident from their side.

DDoS attacks can be carried out in many ways and can either target individual properties, or services that support a multiple Internet properties. DNS services are common targets because they are essential to the operation of cloud-based services.

Cyber Attacks are Getting Increasingly Sophisticated

comic-dating-gameThere’s a growing trend of increasingly sophisticated DDoS attacks targeting governments, political organizations, financial institutions and businesses in general. Victims of high-profile breaches in recent years include Target, eBay, Home Depot, JPMorgan Chase, LinkedIn, FDIC and Ashley Madison, but these are only a few notable names.

Even as government and private organizations embrace cloud-based services, attacks such as the one on 10/21 should compel them to reevaluate “all in on the cloud” approaches to platforms, applications and data. While I am not advocating completely pulling back from the cloud and into on-premises systems, this is a situation that pleads for a diversified risk mitigation strategy.

Organizations need to have solutions in place that will not interrupt operations and kill productivity during situations like this. As we have always advocated, a hybrid solution can certainly mitigate risk and give organizations alternative ways to work in the event of attacks or outages.

The Polarity Problem

A major problem for many organizations is their polar philosophies around infrastructure, the thinking that everything has to be in one place or another – either in the cloud or on-premises. Here’s where hybrid approaches come into their own. What if your application ran on the public cloud, but failed over to an on-premises or private cloud instance in the event of a public-cloud outage? What if your content (data) could reside in the cloud, on-premises or in both places simultaneously, depending how business critical, voluminous or regulated it is?

Consider the Enterprise File Synchronization and Sharing (EFSS) solution space. Cloud-only providers like Box and Dropbox – that emerged as consumer services and subsequently moved into the business segment – arguably don’t account for the mission-critical use cases of governments and businesses, and their need for business continuity in the event of such outages.

Consider how your organization will be impacted if all its corporate information resided in the cloud, and a DDoS attack or other form of cyber attack (or even a natural calamity) brought the cloud infrastructure down for several hours. How will it affect employee productivity? What would the revenue impact be? How would your brand image be affected?

For most organizations, the impact of a cloud outage will be very significant. As such, exploring hybrid approaches becomes mission critical.

Hybrid is the Answer

MJM, a marketing and communications agency owned by WPP, initially used a cloud-only EFSS service for file sharing and collaboration but moved over to Egnyte a few years ago after realizing that what it really needed was a hybrid file sharing solution. Thankfully they did, as disaster struck in 2012 during Hurricane Sandy, devastated the Northeast Coastline in the United States. With no internet and power going in and out, the employees at MJM were still able to work through the disaster and not lose any time or money.

DDoS Attacks

When it comes to the enterprise, we have a steadfast philosophy that:

1) Enterprises need purpose-built solutions. From our inception, we’ve had a razor-sharp focus on serving the file sharing needs of organizations rather than consumers.

2) While we enthusiastically embraced the cloud, we’ve always been aware that our customers need safeguards. Our hybrid approach to file sharing allows customers to leverage the advantages of both cloud and on-premises infrastructures for agility, reliability and business continuity.

If your cloud provider suffers an outage, a hybrid solution can seamlessly failover to your on-premises infrastructure and ensure that users, business processes and workflows remain unaffected. What’s more, these solutions can seamlessly failover to your on-premises infrastructure and ensure that users, business processes and workflows remain unaffected.

It is best to assume that Internet outages are inevitable, and plan for continued access to essential files when your cloud infrastructure or Internet connectivity become unavailable. When the next outage occurs, will you be prepared?

kris lahiriBy Kris Lahiri, VP Operations and Chief Security Officer

Kris is a co-founder of Egnyte. He is responsible for Egnyte’s security and compliance, as well as the core infrastructure, including storage and data center operations. Prior to Egnyte, Kris spent many years in the design and deployment of large-scale infrastructures for Fortune 100 customers of Valdero and KPMG Consulting.

Kris has a B.Tech in Engineering from the Indian Institute of Technology, Banaras, and an MS from the University of Cincinnati.

Key Takeaways From Dyn’s DDoS Attack

Key Takeaways From Dyn’s DDoS Attack

DDoS Attack Takeaways 

If you tried to access some of the world’s most popular websites, such as Twitter, Spotify, CNN, Netflix and The New York Times last Friday, you may have run into some trouble. Millions in the U.S. and Europe lost access to much of the internet in the wake of a cyberattack.

Hackers targeted Dyn Inc., a major provider of Domain Name System services in a distributed denial of service (DDoS) attack. The hackers used a malware called Mirai to flood Dyn’s servers with fake traffic through a botnet of internet-enabled devices including DVRs, storage devices and cameras.

Researchers do not yet know the motive for the attack and are unsure of who the perpetrator is. However, they believe that users of  a hacking forum may be responsible, and not the foreign governments, WikiLeaks supporters and political activists who were originally suspected.

Looking back at Friday’s cyberattack, here are four key takeaways.

The ‘Internet of Things’ Presents New Challenges

spybot-IoT

Devices such as webcams, DVRs, video doorbells and refrigerators that can connect to the internet are known as the Internet of Things (IoT). These devices provide us with new opportunities and make our lives easier, but also present new, unexplored security risks.

After the recent attacks, Chinese company Hangzhou Xiongmai Technology, recalled 4.3 million internet-connected cameras, which hackers infiltrated.

Many IoT devices (especially the cheaper ones) are unsophisticated and susceptible to hacking. Many users also never change their passwords from the default settings on IoT devices. Buying devices that allow you to change the default password, and changing the default password when possible, may help to stop these kinds of attacks in the future.

DDoS Protection Is Becoming Centralized

When it comes to DDoS attacks, whoever has the most computing power wins. This makes smaller companies more vulnerable. Larger companies can usually fend off hacking attempts. The use of the botnet in the recent attacks presented a new challenge, however, that Dyn was not prepared for.

Since being bigger makes a company more effective at preventing DDoS attacks, and the attacks are getting larger and more difficult to manage, websites must increasingly seek refuge with large, powerful companies. This is causing a centralization of DDoS protection.

These powerful companies can protect against these hacks more effectively, but the centralization also creates a risk. As demonstrated in Friday’s attack, a single attack can now disable a greater portion of the internet.

Imposters Can and Will Take Credit for Cyber Attacks

hacker-cloud

It can be difficult to ascertain who exactly is responsible for cyberattacks, and this creates the opportunity for imposters to take the credit.

Researchers at Flashpoint believe they have linked the attacks to users of the site Hack Forums. Users of this site frequently hack just for attention or fun, but sometimes also charge money for hacking services.

At first, many believed that Russia or WikiLeaks supporters were behind the attacks. A group called “New World Hackers” took credit for the attack, saying that they did it in response to the Ecuadorian government’s removal of Julian Assange’s Internet connection. WikiLeaks seemed to accept this assertion as true in a tweet. Activist group “Anonymous” also apparently took credit in a tweet. However, researchers believe these claims are false.

It’s Time to Take Cyber Security Seriously

Companies, schools and other organizations provide safety training and conduct fire drills, tornado drills and active shooter drills. Many also have metal detectors and security guards.

But these organizations rarely provide cyber security training. However, as the recent attacks show, cyber security is important and increasingly at risk. IoT technology presents us with new risks and places the responsibility for security more heavily on the average consumer.

Individuals and companies should ensure they are educated about their cyber security risks in order to protect themselves and other internet users.

Friday’s large-scale DDoS attack represents the opening of a new chapter in cyber security. As technology changes, new challenges arise that must be met to keep the internet secure. Hacking and cyber security will likely become an increasingly important issue, so it is imperative that individuals and companies educate and protect themselves however they can.

By Kayla Matthews

Report: Cloud Management Platform A Necessity

Report: Cloud Management Platform A Necessity

Cloud Management Report

Research completed by 451 Research on behalf of Embotics suggests an increased use of third-party clouds and notes ‘Amazon + 1’ is turning out to be ‘the CIO’s organizing principle.’ Managing the now typically multi-cloud environments in a business efficiently is making cloud management platforms more and more necessary.

Key Findings

Surveying 166 US-based enterprise IT organizations with regard to use of cloud infrastructure as well as the automation and management of associated processes and technologies, 451 Research observed five significant conclusions:

  • Enterprise IT environments are rapidly transforming with the majority of respondents stating current or near future use of container and orchestration technologies. 63% of those surveyed have or plan to adopt automation technology.
  • Multi-cloud environments are the norm with 75% of surveyed organizations currently using more than one cloud.
  • IT is being forced to rethink cloud management; though most of those surveyed have a cloud management platform in place, and many others are piloting such technology, the current cloud management tools are considered too slow, with a lack of single interface to view entire environments, difficulties creating, managing and tracking digital assets, and a growing VM sprawl.
  • Hybrid cloud use is increasing the need for management technologies able to assist through virtualization, consolidation, automation, and orchestration, delivering customer experiences that leave the infrastructure effectively hidden.
  • The opportunity to provide cross-cloud capabilities able to address technology evolution and business demands for improved speed and agility is notable, and cloud management platforms are required to support this IT transformation.

The Benefits of Cloud Management Platform Implementation

Cloud management platforms enable data-driven decision-making, and while many businesses are wrestling with virtualization and consolidation, cloud management platforms enable an incremental transformation from virtualization to automation and orchestration. Cloud management platforms also support fixed-term and dynamic sourcing, thus providing planned and unplanned options, and typically fewer difficulties are encountered regarding contract complexity and vendor management. Providing ease of use and access options, cloud management platforms also support a combination of old- and new-style IT services, and automation is found to improve user satisfaction without any requirements to raise staff levels.

Cloud Management Platform Challenges

It is, of course, always a balancing act, and cloud management platforms have to calculate and manage the needs of different stakeholders, including the business, IT and developers. It’s also necessary for organizations to have both the maturity and political will to make the changes required to drive cloud management platform adoption throughout, and the end-user IT literacy levels within must be carefully considered. Regarding dealings with cloud service providers and cloud management platform providers, SLAs and agreements need to be devised concerning relationships, responsibilities, and customization work to ensure that what’s expected by the organization is in fact what will be delivered.

Navigating the Journey

Cloud adoption is accelerating and with it the demand for services able to navigate the journey and manage the transformation. Not only assisting in these complex IT revolutions, as well as virtualization and consolation, automation and orchestration, cloud management platforms can aid users struggling to manage VM sprawl. They further assist users in the application of cloud decision criteria to locate, access and employ cloud applications and services through criteria such as cost, compliance, utility, governance and auditability with rules applied to every application. And of further consequence, policy-based cloud management platforms allow for less time devoted to compliance issues when selecting multiple individual services and instead move the focus to more strategic risk assessments in the selection of federated services. For cloud services that are secure, well priced, offering optimal performance, and supporting the needs of various user groups, more and more organizations find that cloud management platforms are necessary to automate and orchestrate processes and ensure business goals are met.

For the detailed research, view the PDF 451 Research: The State of Cloud Management – A New Business Imperative Emerges.

By Jennifer Klostermann

The DDoS Attack That Shook The World

The DDoS Attack That Shook The World

DDoS Attack: Update 2

6 days after the DDoS attack that rocked the internet to its core, Dyn have released detailed analysis of the attack and further details have emerged. The attack has been confirmed to have been the largest of its kind in history, and the Mirai botnet has been cited as the official cause.

Dyn have estimated that there were roughly “100,000 malicious endpoints” involved in the attack, which reportedly registered a massive strength of 1.2Tbps. If these reports are found to be true, that would make this twice as strong as any other attack on record! The strongest DDoS attack prior to this also involved the Mirai botnet, in an attack on the information security blog Krebs on Security, which registered 665 Gbps.

ofer-gayerWorryingly, Ofer Gayer, a security researcher with Imperva (a DDoS mitigation provider), has suggested that the hackers could well have even more power at their disposal, “Maybe this was just a warning shot. Maybe [the hackers] knew it was enough and didn’t need their full arsenal”.

Some researchers have commented that up to 500,000 devices could have been infected through the Mirai botnet attack, so perhaps as even stronger attack is on the horizon.

Ironically, Dyn even suggested that legitimate users refreshing their browsers may have been contributing to the problem; causing the site to become even more overloaded with traffic. So next time the site is down, don’t just keep hitting refresh!

You can find the full analysis by Dyn themselves on the whole attack and aftermath here.

By Josh Hamilton

Cashless Society Part 3 – Digital Wallets and More…

Cashless Society Part 3 – Digital Wallets and More…

Digital Wallets and More…

To finish off our Cashless Society series I want to look at the Fintech giants that are leading the digital money revolution. Whilst services like Apple Pay and Google Wallet have become more widely available, they haven’t quite taken off yet. They seem to be offering the transition to the digital economy that we are told is all but inevitable, but they haven’t managed to take off in the way that say, contactless cards have.

Jordan McKee, an analyst at 451 research commented that, “Mobile wallets haven’t yet proven they are measurably better than incumbent payment mechanisms, which general work quite well”. Avivah Litan, an Analyst at Gartner, put the lack of uptake of digital wallets down to the ease of current systems,

“It’s incredibly easy to swipe or dip a credit or debit card at a payment terminal and U.S. consumers are used to this mature payment application where they know they are well protected from financial loss…..It will take a lot of persuasion and financial incentives to get consumers to change their payment habits.”

Apple Pay

Apple Pay is built around contactless payment technology. It pulls your credit cards, debit cards, and other sensitive-payment data from the Wallet app, enabling you to use an iPhone or Apple Watch like a contactless card at store checkouts.

AppleWatch

Apple Pay is growing fast as well, with some experts commenting that it could well be Apple’s saviour. Users of Apple Pay completed more transactions in September 2016 than they did in the entire year of 2015. And on top of that transaction volume was up 500% in the fourth quarter, compared to the same quarter in 2015. Someone in Kensington, England, even used the service to pay for a 1964 Aston Martin DB5 worth over $1 million.

This growth can be partially attributed to the expansion in service from just the US and the UK, to now include Switzerland, Canada, Australia, China, France, Hong Kong, Singapore, Japan and Russia, with Spain soon to follow. Apple has also expanded the payment service to the web, to enable it to be used on mobile phones and desktop computers through Safari, and to be used in apps like Uber or Starbucks. According to CEO Tim Cook, hundreds of thousands of websites are now Apple Pay ready.

Google Wallet/Android Pay

Android Pay has been developed by Google to power NFC (Near Field Communication) payments with phones, tablets, and watches, as a rival to Apple Pay. At the minute, they are only in the US, UK, Singapore, Hong Kong and Australia – lagging behind Apple on the availability of the service – though they are rumoured to be starting up in Canada in the near future! They have also have benefitted from the expansion of MasterPass to cover Google Wallet transactions online, expanding their coverage and viability as an alternative to Apple Pay.

Android pay is available to use, in the countries it operates, nearly everywhere that Apple Pay is (though you might not see branding in quite the same way) and has a major bonus in that you can collect rewards for purchases, unlike Apple Pay.

These digital wallets operate under varied circumstances, but the premise and underlying goals remain similar. Yet, despite their adoption by major providers, there are still alternatives that are being implemented by retailers and businesses.

Retailers Alternatives

apple-iwatch

Aside from all the fanfare of mega-investments from Apple, Samsung and Google in NFC on smartphones, Starbucks, Dunkin’ Donuts and Walmart Pay allow customers to pay using a QR code displayed on a smartphone, which is a much most cost effective alternative. Starbucks customers spent an estimated $3 billion using the Starbucks app, though the success of apps of this nature can be partially attributed to the customer loyalty that the apps build with vouchers and offers for users.

Nitesh Patel, an analyst at Strategy Analytics, suggested that this could be the main reason for their success over digital wallets, “so far, mobile wallets, particularly NFC, have yet to integrate payments with loyalty in a compelling way…. You need a single tap to redeem or accumulate points and coupons”. Ultimately, the frills of the service are what is going to sell it to the general public, and digital wallets just don’t have those frills yet (especially Apple Pay, though it makes up for it somewhat in its widespread adoption).

Ultimately, we are still very early on in the transition to a cashless society. The technology is all but there, but the infrastructure and cultural acceptance hasn’t quite got there. It isn’t clear quite yet as to whether the digital wallet market will remain as open or competitive, or whether it will become an Android vs Apple battle. We shall simply have to wait and see who establishes themselves as the frontrunner.

By Josh Hamilton

Cyber Security Tips For Digital Collaboration

Cyber Security Tips For Digital Collaboration

Cyber Security Tips

October is National Cyber Security Awareness Month – a joint effort by the Department of Homeland Security and private industry to ensure that citizens and businesses alike have the resources they need to use the Internet safely and securely. Today’s cyber criminals are ingenious and constantly probing for vulnerabilities, and when breaches occur they can put the whole company at risk. Don’t give them the opportunity!

cloudtweaks.com-comicOne of the biggest security challenges companies face is that the way we work together has changed dramatically – a transformation that is still ongoing. The term “workplace” is becoming an anachronism as people find new ways to collaborate digitally, anywhere, at any time. Sensitive information needs to be shared among dispersed teams that may include co-workers, partners, customers and other stakeholders. Some of these individuals are vetted and trusted, others…not so much.

Since most security breaches start with human error, now is a fitting time to share some reminders for employees and business users. Think of these as your first line of defense when collaborating in an unsafe world.

Don’t Intermingle Work and Personal Files

Always keep business and personal files separate, otherwise you’re asking for trouble. (A certain presidential candidate learned this the hard way!) For cloud apps, use separate accounts. If work and personal files must be on the same device, store them as far apart as possible, using different directory paths.

Use Strong Passwords and Keep Them Safe

According to Verizon’s 2016 Data Breach Investigations Report, 63% of confirmed data breaches involved leveraging weak, default or stolen passwords. Employees, contractors and everyone else in your business ecosystem should be required to use unique credentials with strong, unique passwords, rather than the name of their pet goldfish over and over. Even if a password is exposed just once, the potential consequences are enough to make a security manager cringe. Remind people that the infamous Target breach began when some hacker stole a heating contractor’s credentials, while at Home Depot, someone used a vendor’s username and password to steal credit card info for more than 50 million people.

Verify Email Addresses Are Correct

According to a Ponemon Institute survey of over 1000 IT professionals, 63% of respondents have accidentally sent files to the wrong recipients – people who clearly were not authorized to see them. Here’s a simple suggestion: if an employee needs to send an email to someone for the first time, have the intended recipient send an initial email so the employee can respond to it and use it thereafter. This eliminates the chance they’ll get the address wrong – misspell a company name, forget a dash (or add one), use “.com” instead of “.org“, etc., and send a file goodness knows where.

Don’t Send Sensitive Files using a Consumer-Grade Service

data-science

When employees need to share a file that’s too large for email, it’s tempting to send it through Dropbox, Box or some other consumer-grade file sharing service – or simply park it there for convenience. While many of these consumer-grade services have improved their security measures in recent years, they lack the file-level security and controls necessary for protecting sensitive data. For example, a file may be intended for information only, but people are saving it, renaming it, forwarding it others, pasting sections into a competitor’s sales campaign or misusing it in other ways that the sender never intended.

Have Remote Erase Capabilities, or an Effective Alternative

People are always losing their devices – at the airport, in the back of a taxi, at a restaurant, etc. If a device is used to store sensitive data, it also needs a remote wipe feature to be able to erase that data in the event the device is lost or stolen. (NASA learned this lesson the hard way.) Another approach that’s much more flexible is to use information rights management (IRM) software that can delete sensitive files instantly, on any device.

Don’t Share Your Devices with Family and Friends

With the holidays approaching, many people will be receiving new devices (laptops, phones, etc.) as gifts, and family and friends will be pleading for a chance to use them. According to a survey by Kaspersky Lab, one third of respondents reported sharing their personal devices, and of those, 32% took no precautions to protect their information. Why tempt people? In addition, some family members probably have minimal awareness or understanding of today’s cyber threats, and how cunning the perpetrators can be.

Stay Safe Online – and Collaborate with Confidence

Since most security breaches start with human error, educating your staff is an obvious way to reduce the risk. But we also have to remember that training only goes so far – whenever human beings are involved, there’s always the chance of risky behaviors and silly mistakes. And if someone takes advantage of a security lapse to sneak onto your network and steal sensitive data, the damage may not be apparent for weeks or months.

Thus a company has to back up its first line of defense with other measures to keep its information safe. Consider a solution that embeds encryption and user privileges directly into a file, including who is authorized to access it and what operations they can perform with it. These permissions then follow the file wherever it goes on, on any device it lands on. If sensitive data falls into the wrong hands, access can be immediately revoked. Companies get control over their files that’s not available with email or traditional file sharing. As business becomes increasingly powered by digital collaboration, it’s the way to keep sensitive information secure while using it to full advantage.

By Daren Glenister

The Managed DNS Industry

The Managed DNS Industry

DNS Industry 

The SaaS industry has been going through a major shift in just the last few years, which is redefining how platforms are designed. System and network administrators are demanding all-in-one platforms for a variety of management tasks. The managed DNS industry, for one, has been radically altered by this shift. Both new and existing DNS providers are rolling out integrated platforms, which combine the analytical power of monitoring with advanced query management.

The Internet has been abuzz as the skeptical sys admins question how these integrated platforms can fix issues their predecessors couldn’t. And can you replace your current toolset with an all-in-one platform?

The principal idea behind these platforms is synergy, a mutually dependent relationship between monitoring and management. This technology is made possible by the cloud, which allows information to be shared between the two services in real time. The cloud foundations for all-in-one platforms have also proven to make these subscription services noticeably cheaper.

So what is this synergistic secret sauce that makes these all-in-one services so revolutionary? In the case of DNS management, network monitoring is integral to efficient query routing. What’s the point of making changes to your network configurations if you can’t monitor and analyze the results? This can also be applied the other way around: what’s the point in monitoring your network if you can’t fix the problems that you identify?

security-tips

Traffic management should never feel like a shot in the dark, rather it should be informed and calculated to provide the best result for each individual end-user. The new integrated platform push is forcing admins to rethink how they manage their organizations’ traffic.

The problem is, too many admins think these tools are only used for anticipating DDoS or resolving attacks and outages. To be frank, outages are rare, but they can be devastating. DNS management has shifted from outage resolution to performance optimization. Next-generation managed DNS solutions will take a look at your entire network and implement changes to improve the experience for all of your end-users—individually optimized for each user’s location, browser, IP connectivity, and more.

Admins aren’t wrong for wanting to use query management for security reasons. That’s because DNS traffic operates at a critical ingress point for managing incoming traffic; as in, you can filter and root out malicious traffic before it even reaches your site. But what most admins seem to forget is these same management tools can be used to eliminate latency and improve network performance.

End-users are demanding faster load times, especially from mobile sites. DNS resolution times are only one portion of load time, but 50% of page load time is taken up by network latency overhead. Admins have to leverage every layer of the stack for optimal performance, or get left behind.

All-in-one management solutions are proving to be invaluable during high traffic periods. You can analyze traffic loads and redirect segments of traffic so that it’s balanced across many different resources or locations. You can also use this technology to minimize resolution times, by ensuring queries are being answered at the nearest possible server, or most optimally performing server (in case the closest one is under strain or underperforming).

These platforms are also incorporating Artificial Intelligence (AI) to analyze areas causing performance degradation and then make changes to alleviate them before they can cause appreciable affects to end-users. Some AI’s are paired with automated services that are able to recognize performance trends and patterns. They then use the analytics to anticipate and even predict potential attacks or fluctuations.

These all-in-one suites have created a new breed of traffic management, called Internet Traffic Optimization Services (ITOS). This new industry seeks to redefine the way admins manage their networks, by harnessing the power of analytics to make informed proactive changes. DNS is a user’s first and most impactful step when accessing a website, which is why ITOS places a strong emphasis on informed DNS management.

In the end, it all comes down to the cold hard stats. In order to get the most ROI out of a service, you need to look for reliability, cost efficiency, and proven performance improvements. All-in-one and ITOS solutions may still be in their formative years, but these solutions provide admins with all the tools they need in one platform. Now admins can see the performance improvement of their configurations in real time, while still costing less than non-integrated services.

By Steven Job

CloudTweaks Comics
Cloud Security Risks: The Top 8 According To ENISA

Cloud Security Risks: The Top 8 According To ENISA

Cloud Security Risks Does cloud security risks ever bother you? It would be weird if it didn’t. Cloud computing has a lot of benefits, but also a lot of risks if done in the wrong way. So what are the most important risks? The European Network Information Security Agency did extensive research on that, and…

Cloud Infographic – The Data Scientist

Cloud Infographic – The Data Scientist

Data Scientist Report The amount of data in our world has been exploding in recent years. Managing big data has become an integral part of many businesses, generating billions of dollars of competitive innovations, productivity and job growth. Forecasting where the big data industry is going has become vital to corporate strategy. Enter the Data…

The Industries That The Cloud Will Change The Most

The Industries That The Cloud Will Change The Most

The Industries That The Cloud Will Change The Most Cloud computing is rapidly revolutionizing the way we do business. Instead of being a blurry buzzword, it has become a facet of everyday life. Most people may not quite understand how the cloud works, but electricity is quite difficult to fathom as well. Anyway, regardless of…

What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

DDoS Attacks October 21st, 2016 went into the annals of Internet history for the large scale Distributed Denial of Service (DDoS) attacks that made popular Internet properties like Twitter, SoundCloud, Spotify and Box inaccessible to many users in the US. The DDoS attack happened in three waves targeting DNS service provider Dyn, resulting in a total of about…

How Data Science And Machine Learning Is Enabling Cloud Threat Protection

How Data Science And Machine Learning Is Enabling Cloud Threat Protection

Data Science and Machine Learning Security breaches have been consistently rising in the past few years. Just In 2015, companies detected 38 percent more security breaches than in the previous year, according to PwC’s Global State of Information Security Survey 2016. Those breaches are a major expense — an average of $3.79 million per company,…

5 Essential Cloud Skills That Could Make Or Break Your IT Career

5 Essential Cloud Skills That Could Make Or Break Your IT Career

5 Essential Cloud Skills Cloud technology has completely changed the infrastructure and internal landscape of both small businesses and large corporations alike. No professionals in any industry understand this better than IT pros. In a cutthroat field like IT, candidates have to be multi-faceted and well-versed in the cloud universe. Employers want to know that…

The Storytelling Machine: Big Content and Big Data

The Storytelling Machine: Big Content and Big Data

Bridging The Gap Between Big Content and Big Data Advances in cloud computing, along with the big data movement, have transformed the business IT landscape. Leveraging the cloud, companies are now afforded on demand capacity and mobile accessibility to their business-critical systems and information. At the same time, the amount of structured and unstructured data…

Cloud Infographic – What Is The Internet of Things?

Cloud Infographic – What Is The Internet of Things?

What Is The Internet of Things? “We’re still in the first minutes of the first day of the Internet revolution.”  – Scott Cook The Internet of Things (IOT) and Smart Systems are based on the notions of Sensors, Connectivity, People and Processes. We are creating a new world to view and measure anything around us through…

A New CCTV Nightmare: Botnets And DDoS attacks

A New CCTV Nightmare: Botnets And DDoS attacks

Botnets and DDoS Attacks There’s just so much that seems as though it could go wrong with closed-circuit television cameras, a.k.a. video surveillance. With an ever-increasing number of digital eyes on the average person at all times, people can hardly be blamed for feeling like they’re one misfortune away from joining the ranks of Don’t…

What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

DDoS Attacks October 21st, 2016 went into the annals of Internet history for the large scale Distributed Denial of Service (DDoS) attacks that made popular Internet properties like Twitter, SoundCloud, Spotify and Box inaccessible to many users in the US. The DDoS attack happened in three waves targeting DNS service provider Dyn, resulting in a total of about…

7 Common Cloud Security Missteps

7 Common Cloud Security Missteps

Cloud Security Missteps Cloud computing remains shrouded in mystery for the average American. The most common sentiment is, “It’s not secure.” Few realize how many cloud applications they access every day: Facebook, Gmail, Uber, Evernote, Venmo, and the list goes on and on… People flock to cloud services for convenient solutions to everyday tasks. They…

How Formal Verification Can Thwart Change-Induced Network Outages and Breaches

How Formal Verification Can Thwart Change-Induced Network Outages and Breaches

How Formal Verification Can Thwart  Breaches Formal verification is not a new concept. In a nutshell, the process uses sophisticated math to prove or disprove whether a system achieves its desired functional specifications. It is employed by organizations that build products that absolutely cannot fail. One of the reasons NASA rovers are still roaming Mars…

Protecting Devices From Data Breach: Identity of Things (IDoT)

Protecting Devices From Data Breach: Identity of Things (IDoT)

How to Identify and Authenticate in the Expanding IoT Ecosystem It is a necessity to protect IoT devices and their associated data. As the IoT ecosystem continues to expand, the need to create an identity to newly-connected things is becoming increasingly crucial. These ‘things’ can include anything from basic sensors and gateways to industrial controls…

Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

The 80-20 Rule For Security Practitioners  Everyday we learn about yet another egregious data security breach, exposure of customer data or misuse of data. It begs the question why in this 21st century, as a security industry we cannot seem to secure our most valuable data assets when technology has surpassed our expectations in other regards.…

Adopting A Cohesive GRC Mindset For Cloud Security

Adopting A Cohesive GRC Mindset For Cloud Security

Cloud Security Mindset Businesses are becoming wise to the compelling benefits of cloud computing. When adopting cloud, they need a high level of confidence in how it will be risk-managed and controlled, to preserve the security of their information and integrity of their operations. Cloud implementation is sometimes built up over time in a business,…

5 Things To Consider About Your Next Enterprise Sharing Solution

5 Things To Consider About Your Next Enterprise Sharing Solution

Enterprise File Sharing Solution Businesses have varying file sharing needs. Large, multi-regional businesses need to synchronize folders across a large number of sites, whereas small businesses may only need to support a handful of users in a single site. Construction or advertising firms require sharing and collaboration with very large (several Gigabytes) files. Financial services…

Digital Twin And The End Of The Dreaded Product Recall

Digital Twin And The End Of The Dreaded Product Recall

The Digital Twin  How smart factories and connected assets in the emerging Industrial IoT era along with the automation of machine learning and advancement of artificial intelligence can dramatically change the manufacturing process and put an end to the dreaded product recalls in the future. In recent news, Samsung Electronics Co. has initiated a global…

Achieving Network Security In The IoT

Achieving Network Security In The IoT

Security In The IoT The network security market is experiencing a pressing and transformative change, especially around access control and orchestration. Although it has been mature for decades, the network security market had to transform rapidly with the advent of the BYOD trend and emergence of the cloud, which swept enterprises a few years ago.…