Category Archives: Security

Cloud Service Providers And The Law

Cloud Service Providers And The Law

Cloud Service Providers And The Law

Imagine opting out of the continuous struggle to keep software up to date, and essentially getting rid of overburdened corporate IT departments struggling to keep systems functional. This initial flavor of cloud computing given to the public is increasingly holding true to its promise due to numerous benefits such as flexibility, cost reduction, accessibility, and reliability. Undoubtedly, cloud computing presents a potential paradigm shift for all industries and sectors with many benefits such as flexibility, cost reduction, accessibility, and reliability.

While several technical benefits of cloud computing exist, there are few important considerations for users and corporations. One of the most important is the legal repercussions these new technologies may trigger. With the arrival of any new technology, the applicability of existing laws and the possibility of new laws tailored specifically to the new technology remain unclear until precedents are set. The cloud computing phenomena is global in nature challenging the very touchstone of jurisdictional complexities.


(Infographic Source: Business Of Law Blog)

These legal qualms pose significant risks to cloud service providers and users alike. Service providers constantly battle to strike a balance between reward of investing in better and new technologies; on the other hand, they expose themselves to greater risk of potential lawsuits as well as uncertain future regulations. For small businesses, this issue may even be greater as they lack resources to effectively negotiate contracts with large cloud service providers. On the other hand, large corporations may be easier to draft and negotiate a ‘strong’ contract with service providers.

Broadly speaking, there are six widely applicable regulations relating to cloud computing in the United States.

1. Stored Communications Act (SCA)
2. USA Patriot Act
3. The Health Insurance Portability and Accountability Act (HIPAA)
4. US Export Control Regulations
5. Federal Trade Commission Act
6. Communications Privacy Act of 1986 (ECPA).

While laws extensively cover areas related to security and privacy, loopholes are certain when referring matters relating to cloud computing. For instance, in 2011, a class action complaint was lodged against a cloud storage provider in Wong v. Dropbox, Inc., where, it was alleged that the company violated the California Unfair Competition Law and negligently invaded privacy of individuals. The class action complaint against Dropbox arose out of an update that inadvertently allowed anyone to log into any account using any password within a four hour window.

The risks are geared towards confusion as to applicable laws, the changing regulatory climate, and lack of industry standards. Cloud computing does reflect paradigm shift for both users and corporations, as it allows taking advantage of economies of scale as well as specialization to provide a more efficient and economical solution.

As jurisdiction within the cloud is so unclear, the only option would be to come to a mutual agreement or a compromise between cloud provider and user. Therefore, a harmonious and uniform set of laws governing data privacy and security is required which, in turn, would be beneficial in several respects. For instance, service providers would be able to assess their risks more accurately subsequently decreasing the need for them to push their risk onto users through contracts that force the customer to deal with privacy breaches that may be the fault of the service provider.

By Syed Raza

Can You Run Your Business Entirely From A Mobile Device?

Can You Run Your Business Entirely From A Mobile Device?

Can You Run Your Business Entirely From A Mobile Device?

You know the feeling. It’s 8:00 a.m. Your bus is stuck in traffic, so you pull out your phone and start answering work emails. While you may rely on your mobile device’s apps for everything from an alarm clock to a fitness tracker to a recipe finder, you might not put it to quite so much use in your work life. It’s okay for the odd early morning email, but can you really run your business from a mobile device?


It’s actually easier than ever. Now, it’s unlikely PepsiCo and Apple will ditch their computers and go 100 percent mobile (though perhaps their CEOs will follow Salesforce’s Marc Benioff’s lead), but thanks to the cloud mobile devices are becoming a powerful business tool. The cloud allows the complex programs that run businesses to be accessed from smartphones and tablets, something we could scarcely imagine a decade ago.

Maybe you want access to a series of graphs for a meeting or to peruse a PDF during a long plane ride. Tablets are becoming more versatile and portable, which is why it might be appealing to stop lugging a five-pound laptop around and leave everything to your iPad. With the right set of apps, this approach isn’t as crazy as it may seem.

Smartphones aren’t renowned for their memory capacity, but with file-hosting services such as Dropbox, they don’t need to be. There are different tiers, depending on how much storage you need, which helps keep costs down. If you happen to lose your device, your files aren’t gone forever and can be accessed as soon as you get a replacement for your hardware. So your device doesn’t turn into a nearly useless brick should you stumble into a WiFi-free zone, an app such as Instapaper can make documents and emails available for offline reading.

If Gmail’s nearly unlimited amount of space doesn’t entice you, rest assured that mobile versions of products such as Outlook are becoming near clones of their computer counterparts, with all the bells and whistles you rely on for your business tasks. Whether you use MailChimp for newsletters or Keynote for presentations, almost every software company in business today recognizes the demand for a mobile version of their product. In fact, newer startups are start designing their programs and products for mobile and cloud, instead of retrofitting them from a computer-compatible version. (Try using Square to collect payments on a laptop.)

With your smartphone attached to your hip, it’s easier than ever to stay organized, too. There are myriad calendar apps to remind you of your next meeting (provided you remembered to schedule it), and something such as Evernote makes notes, links, and to-do lists searchable. Never go through the agony of a lost dinner receipt again with Shoeboxed, which lets you take pictures of your receipts and generates an expense report.

Then there’s a phone’s most basic function — helping you keep in touch. Aside from the obvious — phone calls and texting — apps such as Skype and Google Hangouts also facilitate collaboration, even when you’re out of the office. The iPad’s built-in Facetime capabilities are wonderful, provided you’re not working in your bathrobe and have showered in the past few days. For the socially minded, HootSuite has mobile options for managing your Twitter, Facebook, and LinkedIn accounts.

Because these devices are so portable, their size does come with one downside: Lack of a keyboard and mouse. However, Bluetooth keyboards or styluses might work for those who can’t live without such accessories.

Aside from the obvious ability to roam where you want to with your device, another nice thing about doing everything from your smartphone or tablet is customization. Many apps on the market put the power in the hands of the user, letting him or her decide if, for example, the hours between 11:00 p.m. and 6:00 a.m. are “do not disturb” time. Or maybe you have a strict budget that Mint will help you organize and track.

If you really want your mobile device to power your business, you’ll want to invest in some apps created specifically for that purpose. Business management software that can manage CRM, keep track of invoices, and monitor warehouse data is more valuable to your company than a game in the Apple store, and you get what you pay for: a robust program that can handle the tasks necessary to run your business, while you’re en route to your next meeting, whether it’s down the street or across a few time zones. Personally, I wouldn’t be nearly as effective in my role as CEO without the ability to access customer information, look up orders, and check pipelines on the fly. Luckily, I work for a company whose software was designed to do all that and more.

Now you’ve got everything you need to take your business and run with it. Additional information about Acumatica’s cloud ERP services including demos and pricing are available at here.

(Image Source: Jesse Sanz /Shutterstock) 

By Jon Roskill

Pinup: BitSight Provides Comprehensive Ratings System For Business-Tech Security

Pinup: BitSight Provides Comprehensive Ratings System For Business-Tech Security


Conducting business and communicating with business associates over the internet can be dangerous. From corporate competitors looking to gain insight into your proprietary information, to the black-hat hacker, whose primary goal is chaos and destruction, the internet can many times be just as treacherous as it is helpful.

This certainty is what makes a service like BitSight such a welcome addition to virtually any company that does business in cyberspace.

BitSight was founded in 2011 by MIT-graduates, Nagarjuna Venna and Stephen Boyer. In 2012, BitSight was joined by former Q1 Labs veteran, Shaun McConnon. Since its inception, BitSight has received over $24 million in series-A funding from a veritable who’s who of venture capital firms. These include Globespan Capital Partners, Menlo Ventures, Flybridge Capital Partners, and Commonwealth Capital Ventures.

We are excited to bring a new evidence based approach to quantifying security risks while providing our customers with actionable insight to quickly respond to emerging data security threats,” says CEO, Shaun McConnon “BitSight is well positioned to drive innovation in the security risk management market. We are continuing to hire the best people in their fields of expertise to enhance BitSight’s innovative platform.”

Bitsight’s goal is to deliver a clear method, which measures just how safe and secure your company’s data actually is. Primary methods that make this possible are:

BitSight Security Rating Platform

The BitSight Security Rating Platform is designed to gather mountains of data on a daily basis, using sensors that have been deployed across the world. Once this data has been collected, it is separated into several categories based on perceived risk. These risks include the usual suspects, such as botnets, spam and malware.

Once these classifications have been made, BitSight maps the data to your known network. Once completed, the data and paths are analyzed for how often these problems can occur based on your current network configuration. This information is used to assign a rating on just how secure your network is.


BitSight has developed a ratings system that is similar in many ways to the way credit scores work with average individuals. Rating numbers range between 250 to 900, with higher scores denoting a more secure network.

The ratings provided by the BitSight Security Rating Platform are very flexible and can be configured to gauge things by whole company to individual user groups. These ratings can then be used to evaluate performance, as well as help leverage third-party risk management and cyber-insurance policies.

While security will always be a matter of concern when dealing with virtual business activities, a service like BitSight can provide clear indication of just how secure your business actually is.

By Joe Pellicone

Don’t Forget Networking In Your Travel Plans To The Cloud

Don’t Forget Networking In Your Travel Plans To The Cloud

Don’t Forget Networking In Your Travel Plans To The Cloud

The term “cloud” was first used by the telecomm industry in early schematics of the Internet to identify the various, non-specific uses data was put to at the end of their cables. The transmission of data was the telecomm industry’s primary focus. What happened in the cloud was someone else’s concern.

Today the attention has shifted so much to all the amazing uses data can be put to within a cloud environment that there is an unfortunate tendency to overlook how all your data is going to get safely and reliably to the cloud and back. It’s a little like focusing on all the great things you plan to do in Paris without considering how you’re actually going to get there.

Critically evaluating your network options may be less exciting than focusing on your ambitions in the cloud, but before you send your data off on its great adventure, you better be sure you know how it’s going to get there and get back.

Rest assured: You can safely assume that there are secure network options for every cloud implementation, but there are many details to be considered to before you decide which options are best suited to your needs and resources.

Admittedly, unless you are a network geek, thinking about networking can be a daunting task so, if you don’t know CCIE from TCP, here’s a primer on the network options you can use to connect to the cloud

There are basically three basic network options to connect to the cloud:

  1. Encrypted Virtual Private Network (VPN) over the Internet
  2. Adding a cloud environment as a node on your current Wide Area Network (WAN).
  3. Point-to-point circuits, i.e., leased lines.

Encrypted VPN over the Internet

Virtual private network technology makes it possible for businesses to securely and affordably create geographically dispersed business networks on top of the public Internet infrastructure. A key advantage to VPN access is that it is relatively inexpensive because your data is traveling for free over the Internet. It is also relatively uncomplicated to implement. These advantages essentially launched a wave of businesses into the Internet, and from there to the cloud.

VPNs provide security by the use of tunneling protocols and through security procedures such as encryption. Encryption protocols include Internet Protocol Security (IPSec), Transport Layer Security (SSL/TLS) and Datagram Transport Layer Security (DTLS).

While your data is out hopping from router to router around the Internet, it is also kept separate from everyone else’s data by Multiple Protocol Label Switching (MPLS), a mechanism that basically establishes a virtual path for your data between your outgoing router and its final cloud destination. MPLS is the technical counterpart to the multi-tenant technology which keeps your data secure in its own virtual container in a public cloud environment.Downtime-Data-Centers

A Node on your WAN

Wide area networks connect multiple Local Area Networks(LANs) across an enterprise. Most WANs include virtual LANs (VLANs) that are connected by VPNs through local exchange carriers to the Internet. Here again MPLS protocol protects your data from mingling with other data within your WAN or on the Internet.

Organizations that adopt this option still take advantage of free Internet transmission of their data. Implementation, however, is more expensive and complicated. Accessing the cloud as a VPN extranet on your WAN is appropriate for mid-sized organizations that have a widely distributed WAN environment.

Point to Point Connections

If you can’t get comfortable with the idea of your data hopping around the Internet with everyone else’s, point-to-point leased line connections (also known as private circuits) provide dedicated, always-on, fixed bandwidth connectivity between your data center and your cloud environment.

All three network options are secure, but point-to-point connections are the most secure. They are also the fastest and by far the most expensive option.

Point to point connections are appropriate for large organizations that have critical need and/or compliance requirements that require an exclusive, direct connection to the cloud. These could include financial organizations that require very high speed bandwidth, government agencies and suppliers that require absolute security, and healthcare organizations that need to guarantee the privacy of patient data.

Mix and Match

There are many variations and levels of speed, quality and security within each of these three options. Drilling down into the pros and cons of those variations is beyond the scope of this column. Suffice to say, one, or some combination of them, can be tailored to adequately and securely get your data to your cloud environment.

Combining more than one option, in fact, is the only way to guarantee against downtime. Every connection has the potential to go down—even direct point-to-point circuits, so having more than one connection is the only way to protect against the risk of losing access to your data in the cloud.

Acceptable risk varies with the criticality of the use case. If you are just spinning up virtual servers for a test dev sandbox environment, you don’t have to worry about losing access to your data. If you are a hedge fund involved in high-speed trades, on the other hand, any risk of downtime is unacceptable.  (See Infographic:

Bandwidth and Latency

There are two other key considerations you need to address in your choice of network option: bandwidth and latency.

Bandwidth requirements depend on what you plan to do with the cloud services. If you are accessing IaaS in the cloud, it takes little or no bandwidth to manage monitor and maintain the virtual container a cloud provider provides you. If you are going to run a SQL database or do transactions in real-time or nightly backups in bulk, however, you are going to need additional bandwidth to accomplish your tasks within an acceptable timeframe.

Most application providers publish bandwidth guidelines. According to Microsoft, for example, a SQL database requires bandwidth ranges of 3 megabits per second (Mbps) (dual T1) and greater with latencies less than 100 milliseconds (ms) – operational range. You can quantify your bandwidth requirements by adding up the required throughput of the applications and services you intend to access from the cloud. If you are already accessing these services within your data center, you should know that number

Latency is basically a measure of the delay between when a packet of data is dispatched and when it arrives at its destination. Every medium of transmission—cable, optical fibre, etc.—causes latency. Latency limitations determine the distance you can be from your cloud environment.

Latency is also determined by the relative well being of your network environment. It’s not your ISP’s fault of data from your cloud is delayed unduly because your firewalls, routers and servers delay transmission once the data arrives at you door. With all the demands that virtualization, collaboration, BYOD and a host of other hot trends have made on your network environment, if you haven’t done a comprehensive assessment of the health and capacity of your network, making that a priority before your journey to the cloud would be an excellent idea

One World

Using the cloud metaphor for the underlying technologies involved in delivering IT as a service runs the risk of encouraging a sense that the cloud is some stack of servers out in the ether that belongs to someone else. As soon as you make a commitment to use cloud-based services, in fact, you expand your corporate environment to encompass your internal IT environment, your network connection to the cloud and the cloud itself. They are each mutually interdependent and need to be addressed as integral parts of a whole system. Nothing works, unless they all do. Leave one out of your overall IT strategy, as a result, and no matter how innovative, creative, and cost effective your cloud destination may appear, you still won’t be able to get there from here.

By Mike Johnson


As Logicalis Director of Unified Communications Architectures and Solutions, Mike is responsible for managing a team of pre-sales engineers focused on the development and design of unified communications and networking, specifically mobility and security solutions. Mike has a 14-year track record of successful management of go-to-market strategies, customer solution design, implementation and pre/post sales support in the managed services, healthcare and manufacturing industries.

Cloud Infographic: Saving Means Sacrificing

Cloud Infographic: Saving Means Sacrificing

Cloud Infographic: Saving Means Sacrificing

One of the biggest deciding factors in selecting a cloud service provider are the costs. Companies want to save money and saving money is not only a good thing – but a great thing! Unfortunately, low prices in most cases will reflect in the quality of the services you pay for which can be greatly detrimental to your business. Low prices can mean hindered site performance, inexperienced support, increased security concerns and a whole slew of other issues that can, and will arise. You must take a look at the whole picture and budget accordingly.

Included is an infographic provided by Cloudamize which covers some of the Myths vs Facts related to Cloud computing.


Is Your Smart TV A Secure TV?

Is Your Smart TV A Secure TV?

Is Your Smart TV a Secure TV?smart-tv-secure

We tend to think of security problems as the exclusive domain of computers and all too often forget about the other devices and gadgets in our homes. Phones, TVs, tablets, hi-fi systems and any other web-connected smart home appliances are all at risk of being compromised by hackers and criminals, often without the owners even being aware of the situation.

New research by Yossi Oren and Angelos Keromytis at the Columbia University Network Security Lab has now claimed that smart and interactive TVs are the most ‘at risk’ group. The ‘Red Button’ attack can be conducted quickly and discreetly from anywhere in the neighbourhood, and could quickly take control of your printer, online accounts and Wi-Fi router to severely disrupt your life.

The report found that any television which uses the new HbbTV standard is vulnerable. With almost all of Europe using the standard and with the US slowly catching up, the problem puts hundreds of millions of people at risk.

Oren and Keromytis claim that a hacker with a $250 1-watt amplifier could cover a 1.4 sq kilometre area. Oren mapped New York City neighbourhoods by population density overlaid with the locations of big digital broadcast antennas. By positioning the retransmission gear at a good height and within line of sight of a tower (for example, on a drone or tall building), a hacker in Queens could deliver malicious content via the Home Shopping Network to a potential audience of 100,000 people. With a more powerful 25-watt amp (about $1,500) the hacker can could cover nearer 35 sq kilometres, taking the reach of the attack into the hundreds of thousands of people.

A few characteristics of the method make it extremely dangerous. Firstly, neither the TV nor its owner would be aware that they are under attack. Secondly, the virus will remain active until the TV is entirely powered off. Finally, the virus is totally anonymous and untraceable because the hackers never present themselves on the internet with a source IP address or DNS server. All this means a person might be completely unaware an attack has happened until long after the event.

What can be done? The most extreme solution would be to completely cut off internet access to all broadcast-delivered HTML content, though this is unlikely to be do-able or practical for most home users. Another solution is monitoring smart TVs as a network. A single smart TV doesn’t know that its signal is being hijacked but the incoming signal data from multiple TV sets in the same area could be monitored to show abnormally high spikes in signal strength or application usage. Something as simple as asking users to confirm the launch of an app could also work.

Broadcasters would have lots of privacy issues to work out before any solution could be chosen however, and whichever method is ultimately selected will face the difficult task of acquiring an industry-wide and government-wide consensus to implement it. Do you use a smart TV? Have you taken any precautionary security measures? Let us know in the comments below.

(Infographic Source: iYogi)

By Daniel Price

Gartner Says Organizations Must Prepare For The Security Implications Of The Digital Workplace

Gartner Says Organizations Must Prepare For The Security Implications Of The Digital Workplace

PRESS RELEASE – STAMFORD, Conn., June 9, 2014

Gartner Says Organizations Must Prepare For The Security Implications Of The Digital Workplace


Analysts to Focus on Top Security Trends at Gartner’s 2014 Security and Risk Management Summits, June 23-26 in National Harbor, MD, August 25-26 in Sydney, September 8-9 in London and September 15-16 in Dubai

Increasing adoption of a more mobile, social, data-driven and consumer-like workplace is causing the breakdown of traditional security models and strategies, according to Gartner, Inc. Gartner predicts that by 2018, 25 percent of large organizations will have an explicit strategy to make their corporate computing environments similar to a consumer computing experience. Security organizations and leaders that fail to alter strategies to accommodate a more consumerized workforce will be sidelined by engaged organizations.

Tom-ScholtzSignificant changes that impact an organization’s approach to security are underway,” said Tom Scholtz, vice president and Gartner Fellow. “Employee digital literacy has led to a growing consumerization movement within most enterprises, with employees using a wide variety of consumer-oriented apps for business purposes. Other workplace trends — such as out-tasking, globalization, networked reporting structures, shadow IT and a desire to foster employee engagement — are all impacting IT strategies. As organizations shift toward a more digital workplace, long-held approaches to security need to be re-examined.

“Implementation of a digital workplace exacerbates the IT department’s loss of control over endpoint devices, servers, the network and applications,” said Mr. Scholtz. “In a fully consumerized workplace, the information layer becomes the primary infrastructure focal point for security control. This reality necessitates a shift toward a more information-focused security strategy.”

The sheer volume of devices and access vectors implied by a digital workplace, coupled with the increase in sophisticated, dynamic attack methods and insider threats, makes the traditional approach of focusing on preventive controls (such as signature-based anti-malware, network and host intrusion prevention systems, pervasive encryption and continuous patching) increasingly ineffective. While the value of and need for preventive controls will never go away, the digital workplace reinforces the need to focus more on detective and reactive controls. In practice, this means increasing investments in context-aware security monitoring for internal and external environments, threat intelligence assessment capabilities and incident response. Pervasive, context-based monitoring and security information analytics will form the core of next-generation security architectures.

Strategies such as the digital workplace implicitly recognize that users will be given more freedom in how they use technology and information. This implies a higher level of trust that users will exhibit appropriate behavior in dealing with enterprises’ information resources. Key elements of a behavior-focused security communication strategy include considering “just in time” security awareness techniques, which remediate or reward user behavior based on the appropriateness of that behavior within the user’s context.

Effective behavior management is not produced by the mere deployment of an education program,” said Mr. Scholtz. “In addition to an education program that is focused on measurable behavioral outcomes, security leaders should develop their ability to collaborate with personnel and line-of-business managers to modify job descriptions and reward mechanisms so that they are aligned with desired security performance.”

Gartner believes that trusting the motives and behavior of individual users is a key enabler for the digital workplace. Conventional approaches to information security tend to treat everyone, including employees, with distrust. By implication, such an attitude will impede the digital workplace. However, a more people-centric approach to security will contribute to the potential success of the initiative. People-centric security (PCS) is a strategic approach to information security that emphasizes individual accountability and trust, and that de-emphasizes restrictive, preventive security controls.

PCS is based on a set of key principles, and on the rights and related responsibilities of individuals. The premise of PCS is that employees have certain rights — but these are linked to specific responsibilities. These rights and responsibilities are based on an understanding that, if an individual does not fulfill his or her responsibilities, or does not behave in a manner that respects the rights of colleagues and the stakeholders of the enterprise, then the individual will be subject to sanction. While a wholesale PCS strategy is certainly inadvisable for many organizations, it is certainly a viable concept that should be considered as part of the digital workplace.

The digital workplace implies new and different security risks,” said Mr. Scholtz. “Hence, it is imperative for the impact of the digital workplace to be properly risk-assessed. Owners of information assets involved in the initiative must be informed of the risks, and the security team must help them assess the potential impact of the risks against the expected business benefits of the digital workplace. Also, the affected information owners must sign off on any additional risk that they are willing to accept in the interest of the digital workplace.

More detailed analysis is available in the report “Prepare for the Security Implications of the Digital Workplace.” The report is available on Gartner’s website at

This research is part of the Gartner special report “The Nexus of Forces: Social, Mobile, Cloud and Information.” The report is available on Gartner’s website at It includes links to reports, webinars and video commentary that examine the impact of the Nexus of Forces on enterprises.

About Gartner Security & Risk Management Summit

Gartner analysts will take a deeper look at the outlook for security solutions at the Gartner Security & Risk Management Summits taking place June 23-26 in National Harbor, Maryland, August 25-26 in Sydney, Australia, September 8-9 in London, U.K and September 15-16 in Dubai, UAE. More information on the U.S. event can be found at Details on the Australia event are at More information on the U.K. event is at Details on the Dubai Summit are at

Gartner, Inc. (NYSE: IT) is the world’s leading information technology research and advisory company. Gartner delivers the technology-related insight necessary for its clients to make the right decisions, every day. From CIOs and senior IT leaders in corporations and government agencies, to business leaders in high-tech and telecom enterprises and professional services firms, to technology investors, Gartner is a valuable partner in more than 14,000 distinct organizations. Through the resources of Gartner Research, Gartner Executive Programs, Gartner Consulting and Gartner Events, Gartner works with every client to research, analyze and interpret the business of IT within the context of their individual role. Founded in 1979, Gartner is headquartered in Stamford, Connecticut, USA, and has 6,100 associates, including more than 1,460 research analysts and consultants, and clients in 85 countries. For more information, visit:

Cooks And The Cloud

Cooks And The Cloud

Cooks And The Cloud 

Bouillabaisse is a French dish that loosely translates to fish stew. Well-made and it is one of the best dinners you will ever have. Poorly made and you will spend the night wishing you hadn’t stopped by the midnight street Bouillabaisse stand. Bouillabaisse is also a fantastic metaphor for cloud computing. Cloud Bouillabaisse is cloud soup. First off it is market driven (fresh fish = good bouillabaisse) as the cloud is (cost, cost, cost). The time taken in preparation and acquisition can greatly impact the soup you serve (Fish or Cloud). That to me is the key for cloud solutions. The time to prepare the stew is as important as how you serve it. Transitioning that to cloud solutions it’s about planning, preparing and migrating your solutions to their new cloud home.


So we start with the stock. In this case the first step is the CSP you choose. I met a chef once in Paris who went every day to the fresh market to get the things for his Bouillabaisse. The same isn’t possible for cloud service providers today, someday maybe but not today. We can however evaluate the provider and the overall capacity of that provider to host our solution. Noisy neighbors, like three day old fish don’t often make a good Bouillabaisse.

Do we have the ingredients we need in our pantry?

Our initial assumption is that we have already picked the Cloud Service Provider (CSP) and that providers are able to meet our technology needs (servers and connectivity) as we start our Cloud Bouillabaisse. Frankly the CSP is a broth for our soup – bad broth equals bad soup so choose wisely. Now we carefully prepare everything we are adding. This includes planning the following “ingredients”:
· Security: what does the provider have today, what additional things do we need?

  • Migration: has the CSP done this before? It isn’t bad if they haven’t it just changes how you cook a little. Instead of sampling at various times you now have to sample all the time. More work but again we are aiming for a great stew here.
  • Migration: If the CSP hasn’t done this before go get a partner who has. Or a partner you trust to make sure as you are sampling they are continuing to stir your wonderful Cloud Bouillabaisse.
  • Cost: did we mention it has to be cheaper than the solution we are running in our data centers today? The nature of stew is not always using the best and most tender cuts of fish, simply that you cook them slowly for a long time breaking them down and making them more appetizing. We can’t break down our cloud provider by boiling them for hours, so we have to start off with the shared cost model of cloud reducing our price from day one.

Does the CSP offer the security our solution requires?

This one has been bouncing around cloud solutions for years. “The cloud is not secure.” Reality here is that in fact the cloud can be secure. Bouillabaisse is as much a process as it is a dinner. From making the stock from fish parts to cutting the vegetables it’s as much how you do it as what you do. The stringent nature of FedRAMP and the requirements around monitoring what is happening in a solution end up being game changers. Adding security monitoring to a FedRAMP cleared solution isn’t horribly hard. Expanding the operational framework to include both the monitoring for security and FedRAMP creates a stronger overall solution. However that said it critical when considering cloud solutions that you evaluate the security capabilities and offerings of your CSP carefully. Simply put it isn’t just enough to taste the Bouillabaisse from time to time, we have to make sure no one else can get into our kitchen and ruin it.

Making a fine Bouillabaisse and building a cloud solution have a lot of things in common. While I have yet to end up with Cloud on my shirt during lunch there are many other common components. Pick the right ingredients, make sure your process works and in the end serve the solution with proper garnishment. I think a fine Cloud Pumpernickel would be perfect with my Cloud Bouillabaisse.

By Scott Andersen

CloudTweaks Comics
Update: Timeline of the Massive DDoS DYN Attacks

Update: Timeline of the Massive DDoS DYN Attacks

DYN DDOS Timeline This morning at 7am ET a DDoS attack was launched at Dyn (the site is still down at the minute), an Internet infrastructure company whose headquarters are in New Hampshire. So far the attack has come in 2 waves, the first at 11.10 UTC and the second at around 16.00 UTC. So…

Cloud Infographic: Security And DDoS

Cloud Infographic: Security And DDoS

Security, Security, Security!! Get use to it as we’ll be hearing more and more of this in the coming years. Collaborative security efforts from around the world must start as sometimes it feels there is a sense of Fait Accompli, that it’s simply too late to feel safe in this digital age. We may not…

A New CCTV Nightmare: Botnets And DDoS attacks

A New CCTV Nightmare: Botnets And DDoS attacks

Botnets and DDoS Attacks There’s just so much that seems as though it could go wrong with closed-circuit television cameras, a.k.a. video surveillance. With an ever-increasing number of digital eyes on the average person at all times, people can hardly be blamed for feeling like they’re one misfortune away from joining the ranks of Don’t…

Reuters News: Powerfull DDoS Knocks Out Several Large Scale Websites

Reuters News: Powerfull DDoS Knocks Out Several Large Scale Websites

DDoS Knocks Out Several Websites Cyber attacks targeting the internet infrastructure provider Dyn disrupted service on major sites such as Twitter and Spotify on Friday, mainly affecting users on the U.S. East Coast. It was not immediately clear who was responsible. Officials told Reuters that the U.S. Department of Homeland Security and the Federal Bureau…

Using Private Cloud Architecture For Multi-Tier Applications

Using Private Cloud Architecture For Multi-Tier Applications

Cloud Architecture These days, Multi-Tier Applications are the norm. From SharePoint’s front-end/back-end configuration, to LAMP-based websites using multiple servers to handle different functions, a multitude of apps require public and private-facing components to work in tandem. Placing these apps in entirely public-facing platforms and networks simplifies the process, but at the cost of security vulnerabilities. Locating everything…

Are CEO’s Missing Out On Big Data’s Big Picture?

Are CEO’s Missing Out On Big Data’s Big Picture?

Big Data’s Big Picture Big data allows marketing and production strategists to see where their efforts are succeeding and where they need some work. With big data analytics, every move you make for your company can be backed by data and analytics. While every business venture involves some level of risk, with big data, that risk…

5 Things To Consider About Your Next Enterprise Sharing Solution

5 Things To Consider About Your Next Enterprise Sharing Solution

Enterprise File Sharing Solution Businesses have varying file sharing needs. Large, multi-regional businesses need to synchronize folders across a large number of sites, whereas small businesses may only need to support a handful of users in a single site. Construction or advertising firms require sharing and collaboration with very large (several Gigabytes) files. Financial services…

Do Not Rely On Passwords To Protect Your Online Information

Do Not Rely On Passwords To Protect Your Online Information

Password Challenges  Simple passwords are no longer safe to use online. John Barco, vice president of Global Product Marketing at ForgeRock, explains why it’s time the industry embraced more advanced identity-centric solutions that improve the customer experience while also providing stronger security. Since the beginning of logins, consumers have used a simple username and password to…

Staying on Top of Your Infrastructure-as-a-Service Security Responsibilities

Staying on Top of Your Infrastructure-as-a-Service Security Responsibilities

Infrastructure-as-a-Service Security It’s no secret many organizations rely on popular cloud providers like Amazon and Microsoft for access to computing infrastructure. The many perks of cloud services, such as the ability to quickly scale resources without the upfront cost of buying physical servers, have helped build a multibillion-dollar cloud industry that continues to grow each…

Adopting A Cohesive GRC Mindset For Cloud Security

Adopting A Cohesive GRC Mindset For Cloud Security

Cloud Security Mindset Businesses are becoming wise to the compelling benefits of cloud computing. When adopting cloud, they need a high level of confidence in how it will be risk-managed and controlled, to preserve the security of their information and integrity of their operations. Cloud implementation is sometimes built up over time in a business,…

Part 1 – Connected Vehicles: Paving The Way For IoT On Wheels

Part 1 – Connected Vehicles: Paving The Way For IoT On Wheels

Connected Vehicles From cars to combines, the IoT market potential of connected vehicles is so expansive that it will even eclipse that of the mobile phone. Connected personal vehicles will be the final link in a fully connected IoT ecosystem. This is an incredibly important moment to capitalize on given how much time people spend…


Sponsored Partners