Cloud Infographic: Cloud Adoption And Risk In 2013
Nice infographic provided by the team at Skyhigh Networks which offers a number of useful and interesting fun facts related to cloud usage.
Infographic Source: Skyhigh Networks
Edward Snowden’s recent disclosures, including concerns about the NSA’s ability to break certain types of encryption, and the extent of surveillance on cloud service providers, put the entire cloud industry into an uproar.
The bad news is that this has eroded companies’ trust that their data can be secure in the cloud. In fact, industry analysts are predicting that these disclosures will cost US cloud service providers between $22 and $35 billion in revenue by 2016.
But there is light at the end of this tunnel, and what will emerge is a safer, more resilient cloud.
In short, no. Expert cryptographer and author of the book “Practical Cryptography,” Bruce Schneier, recently blogged: “Whatever the NSA has up its top-secret sleeves, the mathematics of cryptography will still be the most secure part of any encryption system. I worry a lot more about poorly designed cryptographic products, software bugs, bad passwords, companies that collaborate with the NSA to leak all or part of the keys, and insecure computers and networks. Those are where the real vulnerabilities are, and where the NSA spends the bulk of its efforts.”
Even Snowden has also commented, “Properly implemented strong crypto systems are one of the few things that you can rely on.”
Consequently, we will see continued adoption of encryption technologies in the cloud to protect data in transit and at rest in these shared storage infrastructures.
The evolution of encryption algorithms is nothing new. In recent years, as compute power gets stronger, we’ve seen the migration from DES, to 3DES, to AES-128/256. These longer key lengths are the ‘math’ that prevents computer systems from being able to ‘guess’ an encryption key. The good news here is that as computer systems get more powerful, they can leverage encryption with longer key lengths easily, without degrading performance.
Further, encryption standards are approved by independent bodies like the National Institute of Standards and Technology (NIST), and are put up for extensive public review before they are published. While those who lean toward conspiracy theories hint at intentional ‘backdoors’ built into these algorithms that can be exploited by the NSA or others, it’s highly unlikely these wouldn’t be found during the review process. These reviews will continue to play a critical role as encryption technologies adapt in the future. Furthermore, the details and implementation of encryption algorithms, such as AES, are public domain.
If you use AES encryption with a 256-bit key strength, but your encryption system only uses an eight-character password to access those keys, then you effectively have reduced the strength of your encryption key significantly, since a hacker must only guess your password, instead of the actual key. This is why managing and storing these keys securely is so critical.
Data has become a treasure trove, and the cloud can make an even sweeter target. You can be sure that if the NSA is interested in your data, others are as well. Make sure you clearly understand your cloud service provider’s (CSP) service level agreements, particularly as related to security measures. The cloud will become too cost effective to avoid for most organizations, so continued pressure from cloud clients will be the best way to gain security improvements.
While many CSPs – like Google – have introduced encryption in their cloud offerings, you still need to look a bit deeper. Google’s encryption may protect you from a hacker who manages to get access to their infrastructure, but it won’t prevent Google from giving your data to the Feds. To be sure you are the only one with access to your data, use strong encryption with a good key management system, and make sure YOU keep the keys, not your CSP.
You can use the cloud, but remember that security is ultimately your responsibility.
By Steve Pate
Steve co-founder and CTO of HighCloud Security, has more than 25 years of experience in designing, building, and delivering file system, operating system, and security technologies, with a proven history of converting market-changing ideas into enterprise-ready products. Before HighCloud Security, he built and led teams at ICL, SCO, VERITAS, HyTrust, Vormetric, and others. Steve has published two books on UNIX kernel internals and UNIX file systems. He earned his bachelor’s in computer science from the University of Leeds.
The story reads as if it were pulled from the pages of a Tom Clancy novel: a collection of US banks suddenly starts receiving Distributed Denial of Service (DDoS) attacks that are carefully timed to re-strike just as their systems start to repair themselves. The attacks are carried out by waves of botnet zombies pouring from infected servers across the world and aimed at the United States. The main source of the outbreak is an innocent general interest website based in the UK that has been poisoned by a web design company out of Turkey. The alleged perpetrators of the attack: a shady extremist group based in the Middle East.
This, however, is not fiction. It happened in January 2013 and exists now as one of the case studies/success stories of Incapsula, (www.incapsula.com) a cloud-based website security company based in Redwood Shores, a short drive from San Francisco.
As computing technology has grown in sophistication and power over the years, so has the criminal element that seeks to exploit it. Individual interest groups, religious factions, even entire countries are at work seeking any and every weakness available inside lines of code, forms, executable files and any other seemingly innocuous paths that can lead eventually to disruption, destruction, theft and chaos.
In this case, the computers and the experts at Incapsula were able to detect and thwart the attack before any major damage occurred, but as Incapsula security analyst Ronen Atias writes in his account of the event, “this is just another demonstration of how security [on] the internet is always determined by the weakest link.” He points out that the simple mismanagement of an administrative password on the UK website was quickly exploited by the botnet shepherds in Turkey. “This is a good example,” he says, “of how we are all just a part of a shared ecosystem where website security should be a shared goal and a shared responsibility.”
Incapsula CEO Gur Shatz agrees. As a veteran security specialist and former captain in the Intelligence Corps of the Israeli Air Force, he has seen it all, and he sees the problem as growing in sophistication.
“The reason for the rise in Advanced Persistent Threats (APTs) is less about who the perpetrators are, and more about risk versus reward,” he says. “The inadequacies of today’s defenses, juxtaposed with the ever-rising value of the information that can be stolen, represent a huge opportunity for cybercriminals. Personal or corporate devices are a tremendous intelligence source, carrying richer and more accurate data than ever before, but protections on these devices still mostly rely on outdated technologies such as passwords.”
The interconnectedness of cloud technology presents both a good news and bad news scenario when it comes to the criminal element, Shatz says. The bad news is that the interconnected nature of the cloud has increased the exposure of an organization’s infrastructure. The good news, though, is that the cloud is a much less heterogeneous environment than the jungle of personal devices (smartphones, laptops, etc.), which means that the cloud-based production environment can be made more secure much more easily than corporate networks, which is where Incapsula comes in.
Shatz points out that in general, hackers are lazy and will almost always take the easiest path to infiltrate their target. The fact that an alarmingly large number of incidents involve simple password theft indicates that this is still a major issue. However, targeted attacks on more security-conscious companies certainly require more sophisticated tools, which are readily available to cybercriminals.
When assessing a company’ risk for exposure to APTs, is common for some to take a head-in-the-sand approach, thinking, for example, “I’m not a bank, I make farm equipment, so I do not have to worry.” But Shatz points out a company without any major secrets or critical online functionality is still subject to being used as a “mule” to conduct cybercrime, as with the “Tom Clancy” scenario mentioned earlier. “Even small online businesses such as ecommerce sites,” are vulnerable,” he says, “because downtime or slowness costs them both money and reputation damage. This makes them target to DDoS extortion (which is essentially the online version of the protection racket for physical stores).” Incapsula has seen several instances of this type of attack over the past six months.
Ultimately, Shatz says, shying away from the cloud rather than risking attacks of this sort is not an option, since even if you don’t go online, your competitors will. So it’s really a question of how secure your cloud environment and web applications actually are. Various types of solutions are available from companies like Incapsula and others. But avoiding the cloud, which is equivalent to putting your head in the sand and keeping it there, is not a solution.
By Steve Prentice
Project management, regardless of how big or how small, obviously involves many factors; from team member management and tasks management to resource management and budgeting. Effective project management starts with clear communication; though clear communication can get lost in and amongst the multiple project meetings, emails, phone conversations and more. However, if all communications were gathered together onto one platform, effective communication is enhanced immensely. Swyvel is just that platform; the software includes top of the line management elements for project managers, as well as a team member facet where team members can view their specific tasks, task time frames, level of completion and more.
Swyvel began in February of last year, though it wasn’t until November that Swyvel started offering services to those outside its beta testing group. Jeffery Potvin, CEO of Hardboot Inc., thought up Swyvel out of necessity when he experienced firsthand just how challenging it was to manage the various elements (i.e. utilizing multiple applications for project employment, team communication, etc.) of company projects. Considering Hardboot Inc. has around 150 employees and has conducted around 500 projects since its start back in 2007, it is no wonder why Mr. Potvin created such an all inclusive platform that is Swyvel.
From a management perspective, Swyvel enhances project management productivity through easy to use tools and automatic time calculations. Swyvel tools include Gantt chart capabilities, project tracking, milestone setting and tracking, as well as the ability to assign tasks to individual team members and groups and time tracking on all tasks and the project as a whole. With Swyvel, managers are also able to add notes to tasks and projects, which can be displayed privately or publically, and communicate to all or just a few team members as needed. Further, Swyvel assists managers with easily tracking resources and budgeting. All this and more with one application really is the highlight of the startup.
As for team members, Swyvel helps keep up momentum and enthusiasm for every project by lessening email and task confusion that can occur when project tools are scattered across various platforms. When tasks are assigned, questions can be answered and progress can be tracked all in one location, team members know better what is expected of them. This can boost confidence, moral and over all enthusiasm for each project.
For a quick tour, the Swyvel team created a short clip which briefly glances over the elements of Swyvel capabilities.
Clear communication about the required tasks, deadlines and more is essential to stimulating staff members and efficiency. Swyvel is an amazing piece of software that brings all the team members together; providing an effective and efficient platform for all involved. This, of course, will save time, money and reduce typical project management challenges.
By Glenn Blake
Internet privacy is not just under siege from the NSA. Google is fighting two huge class action suits based upon privacy violations. Facebook recently settled two privacy-based class action lawsuits. These lawsuits are colossal because Google and Facebook are two mammoth companies with enormous numbers of customers. One class is comprised of everyone who has a Gmail account or sent a message to a GMail account over the last two years. How huge is that? The last time Google released the number of Gmail accounts was in June, 2012: 425 million worldwide. I’ve opened two myself since then. But that’s only the number of Gmail accounts and doesn’t include everyone sending messages to Gmail accounts. Facebook boasts over 1 billion users. We mean huge.
(Image Source: Shutterstock)
The second Google case is In re Google Street View Electronic Communications Litigation. This class is every person in the US whose home WiFi Google tapped to perform its street view mapping. No one knows how many people that is, but it could be in the millions.
While lawyers typically look for moneyed defendants, the problem with lawsuits of this magnitude is that each privacy violation has a statutory penalty of up to $10,000 under the Wiretap Act. When the class of plaintiffs is so large, the penalties rapidly hit billions or even trillions of dollars – that is if every class member decides to participate.
So what does this really look like? Facebook lucked out on its class action, Fraley v. Facebook, when the judge approved a settlement in August to pay each class member $15. The potential class included 150 million users but only 615,000 filed claims. Facebook paid $20 million into a settlement fund with $9,225,000 going to class members; $5,000,000 to Internet privacy watch dog groups, called cy pres awards; and $3.5 million in attorneys’ fees. So Facebook is lucky because $20 million is far less than $2.25 billion (150 million members x $15). If each class member got $1,000, more would likely have signed up and well, you can do the math.
Facebook managed to settle its next class action on the Beacon program (Let’s broadcast details about our users’ personal lives!) with a $6 million cy pres award to a privacy group Facebook controls. Clearly Facebook thought it “cracked the code” on managing its privacy problems but the case is being appealed. And what’s more, settling class actions with cy pres awards in lieu of compensating individuals is now losing favor in the 9th Circuit where Google and Facebook live.
The Google cases have been progressing through the litigation process with the plaintiffs largely winning. Even with gross revenues of $50 billion in 2012, awarding significant damages to each class member would likely bankrupt Google, leaving the claimants without payments and hundreds of millions without services.
Some commentators are arguing that the suits are “Too Big to Settle”. In the class action world, once the class is certified by the court, settlements are very difficult. What usually happens is that prior to certification, the parties come up with their proposed settlement and present it to the court for approval. Once the class is certified, it’s up to the court to define the award. If the court won’t accept a cy pres award and applies statutory damages to each class member, we are looking at staggering judgments.
It’s reminiscent of the “Too Big to Fail” arguments of the big banks and auto companies. But do they warrant it? However you feel about class action suits, shouldn’t Google and Facebook be held accountable for privacy violations even though they are so large – or because they are so large? Would the impact of Google’s or Facebook’s demise be similar to bringing down the banking system or the auto industry? Or would the Internet ecosystem hiccup and move on?
The U.S. Supreme Court should announce if they will take the appeal of the Beacon Facebook class action and its cy pres award on Monday. Any bets?
By Cindy Wolf
Cindy is a Colorado lawyer with more than 25 years experience representing large and small domestic and multinational companies. Her expertise is in helping companies enter the cloud safely, either as providers or users. She also practices in the areas of corporate law and commercial contracting, with an emphasis on international issues. She can be reached at email@example.com.
(Note: This publication is provided for informational purposes only. It does not constitute legal advice. There is no implicit guarantee that this information is correct, complete, or up to date. This publication is not intended to and does not create an attorney-client relationship between you and the author.)
Participants in the Online VMware Forum to be held on October 22 will have the opportunity to earn Cloud Cred points and win prizes while learning how to radically simplify IT infrastructure across the datacenter to the virtual workspace in this free online event. As computing through the cloud becomes a bigger part of IT management globally, having Cloud Cred can only increase your value to your organization.
More than the points and other gamification rewards that participants can earn through CloudCred, however, the VMware Forum is all about building team environments for the virtualization of the datacenter.
By using a virtualized environment to produce and host the event, VMware, parent company EMC, and the other partner sponsors will enable cloud professionals to convene, communicate, experiment, and learn about the latest developments in cloud computing without the expense and bother of travel.
The immersive virtualized environment will feature exhibits concerning all the key elements of cloud computing and how they are developing. These include a 3D virtual environment with interactive booths staffed by VMware partners. Product experts will be available to guide participants through VMware products using a hands-on lab environment that was launched at VMworld. Demonstrating the capabilities of virtualization in a virtualized environment is clearly raising the bar for cloud-based professional educational events.
Regardless of their location, IT professionals will be able to test virtualization solutions and interact with virtualization experts without the installation of any software on their own machines. For those who are interested in going beyond the introductory sessions, sponsors will also be hosting so-called “technical deep dives” as live breakout sessions.
Perhaps the most valuable aspect of the Online VMware Forum is the opportunity to meet and network with others who are pushing the virtualization envelope. Given that IT professionals are too often isolated in their datacenters, set apart from others in their workplace, connecting with peers at an event like this can lead to career opportunities within and beyond one’s current organization. That’s where the gamification and Cloud Cred come in.
VMware designs its conferences to ensure that people connect and stay connected. At the recent event in San Francisco, CloudTweaks spoke to many attendees who commented favorably on how well the conference encouraged networking and team building.
For the virtualized event on October 22, the agenda includes sessions on vSphere and vCloud Suite, Virtualization Management, Virtualization 101, Cloud Management, End User Computing, Business Continuity/Disaster Recovery, Public and Hybrid Cloud, Networking and Storage, Virtualizing Applications, and Tier 1 Applications.
Link to information and registration details for this free event here.
Post Sponsored By VMware
Many of today’s businesses find themselves caught in a snarl of internal data, paralyzed by internal silos, and executing antiquated marketing approaches. As a result, consumers are losing patience, shareholders are clamoring for growth and differentiation, and marketers are left struggling to untangle the massive mess. Big Data Marketing provides a strategic road map for executives who want to clear the chaos and start driving competitive advantage and top line growth. Using real-world examples, non-technical language, additional downloadable resources, and a healthy dose of humor, Big Data Marketing will help you discover the remedy offered by data-driven marketing… Read: “The Big Data Marketing: Engage Your Customers More Effectively and Drive Value” for more information.
Below is a fantastic infographic provided by the group at: http://www.alteryx.com which illustrates a number of insightful statistics related to Big Data.
Infographic Source: http://www.alteryx.com
As the sun rose over Barcelona this week, it was obvious to many attendees of VMworld Europe 2013 that exciting things were afoot and that that the partnership between VMware and Hitachi Data Systems continues to change the face of computing with its innovative approach to cloud technology. In his keynote address, kicking off the convention’s first day, VMware CEO Pat Gelsinger pointed out how his worldwide team is “on a journey, helping firms move from [just] using VMware to cut costs to helping them use it to improve quality of service, to getting to the point of being able to deliver IT as a Solution (ITaaS).”
Such a concept, IT-as-a-Solution, is at the heart of the virtualization revolution, and represents a significant leap forward in how IT issues are handled, mainly by replacing the quickly-aging and jumbled legacy systems of the physical world with a more seamless overseer, entirely software based, called, in VMware parlance at least, the Software-Defined Data Center (SDDC). Although this is still an emerging concept, it is growing quickly, with a market value expected to reach USD 3.7 billion by 2016 by some estimates. In short, the SDDC streamlines all of the tasks involved with computing, storage, networking, and security, and provides a layer of software that develops policies for its administration.
The advantages to this approach are numerous, and include greater scalability, flexibility and a more streamlined operating procedure, replacing the patchwork quilt of applications and systems that still remain at the heart of many companies’ current IT structure.
A recent white paper published jointly by VMware and Hitachi Data Systems compares the traditional data center as “museum of IT past,” with its loose collection of technologies, each requiring its own proprietary vertical stack, and with a general lack of cohesion, which ultimately costs money in maintenance, upgrades, patches, consultants, and a permanent host of other expenses.
But as Gelsinger pointed out in his Barcelona keynote, “the time is now for virtual networks, since the number of virtual ports is higher than physical ports.” As such, virtualization, offers to smoothen the landscape of IT in a way that could not have happened even a few short years ago. It is only now that technology is powerful and fast enough to start to offer it.
VMware is not the only major high-tech player on the virtualization bandwagon of course. A great many of the other big names have, or are starting to develop their own approaches to virtualization and cloud solutions, but it the unique partnership of VMware and Hitachi Data Systems that has attracted the attention of a very large number of IT specialists, as is evident in the attendance at both VMworld conferences, both Barcelona, and earlier in San Francisco.
The companies’ joint effort can be summed up in one word: integration: the Hitachi vCenter management console pairs with the VMware system and allows everything to be run seamlessly. It fulfils the definition: a data centre that is truly “software defined.”
As with many new technologies, there are critics that worry that such new innovations are will bring with them their own set of problems, as customers or vendors seek to tweak the component applications, making them less consistent, reliable or seamless, but such issues come with all innovations, especially high-tech. But this is where the strength of reputable companies such as VMware and Hitachi come in handy. It was fitting, then, that Bill Fathers, SVP of Hybrid cloud for VMware, followed Gelsinger as the next keynote presenter, and demonstrated through case studies (Harley Davidson Dealer Systems and Columbia Sportswear) just how effective cloud deployment can be, building, in their respective cases, a hybrid cloud approach that offered the flexibility of the public cloud while meeting specific regulatory and compliance guidelines. These are the types of solutions that are empowering companies to achieve more and to stay competitive.
The world of computing has undergone a major change thanks to the development of the cloud. The concepts of virtualization and cloud computing are rewriting the rulebooks on how business is being done, and it is apparent to the attendees here on Day 1 of the Barcelona conference that VMware is leading the field in ensuring that its effective deployment remains reliable and economic.
By Steve Prentice
Post Sponsored By VMware/Hitachi Data Systems
Enabling Business Strategies The cloud is not really the final destination: It’s mid-2015, and it’s clear that the cloud paradigm is here to stay. Its services are growing exponentially and, at this time, it’s a fluid model with no steady state on the horizon. As such, adopting cloud computing has been surprisingly slow and seen more…
Will Your Internet of Things Device Testify Imagine this: Your wearable device is subpoenaed to testify against you. You were driving when you were over the legal alcohol limit and data from a smart Breathalyzer device is used against you. Some might argue that such a use case could potentially safeguard society. However, it poses…
Review Before Investing In Data Analytics Big data, when handled properly, can lead to big change. Companies in a wide variety of industries are partnering with data analytics companies to increase operational efficiency and make evidence-based business decisions. From Kraft Foods using business intelligence (BI) to cut customer satisfaction analysis time in half, to a…
Benefits of Cloud Computing Based on Aberdeen Group’s Computer Intelligence Dataset, there are more than 1.6 billion permutations to choose from when it comes to cloud computing solutions. So what, on the face of it, appears to be pretty simple is actually both complex and dynamic regardless of whether you’re in the market for networking,…
The Evolving Cloud From as early as the onset of modern computing, the possibility of resource distribution has been explored. Today’s cloud computing environment goes well beyond what most could even have imagined at the birth of modern computing and innovation in the field isn’t slowing. A Brief History Matillion’s interactive timeline of cloud begins…
The Future of Cybersecurity In 2013, President Obama issued an Executive Order to protect critical infrastructure by establishing baseline security standards. One year later, the government announced the cybersecurity framework, a voluntary how-to guide to strengthen cybersecurity and meanwhile, the Senate Intelligence Committee voted to approve the Cybersecurity Information Sharing Act (CISA), moving it one…
Shadow IT To Remain A Focus Shadow IT, a phenomenon defined as building internal IT systems without the official organizational approval has been a growing concern for CIOs over the last few years. In 2015, it climbed to the top of the list of the emerging IT threats, with as much as 83% CIOs reporting…
ERP Deployment You know how ERP deployment can improve processes within your supply chain, and the things to keep in mind when implementing an ERP system. But do you know if cloud-based or on-premise ERP deployment is better for your company or industry? While cloud computing is becoming more and more popular, it is worth…
5 Essential Cloud Skills Cloud technology has completely changed the infrastructure and internal landscape of both small businesses and large corporations alike. No professionals in any industry understand this better than IT pros. In a cutthroat field like IT, candidates have to be multi-faceted and well-versed in the cloud universe. Employers want to know that…
The Cloud Movement Like it or not, cloud computing permeates many aspects of our lives, and it’s going to be a big part of our future in both business and personal spheres. The current and future possibilities of global access to files and data, remote working opportunities, improved storage structures, and greater solution distribution have…
Infrastructure-as-a-Service Security It’s no secret many organizations rely on popular cloud providers like Amazon and Microsoft for access to computing infrastructure. The many perks of cloud services, such as the ability to quickly scale resources without the upfront cost of buying physical servers, have helped build a multibillion-dollar cloud industry that continues to grow each…
Customers in the Cloud Global enterprises in every industry are increasingly turning to cloud-based innovators like Salesforce, ServiceNow, WorkDay and Aria, to handle critical systems like billing, IT services, HCM and CRM. One need look no further than Salesforce’s and Amazon’s most recent earnings report, to see this indeed is not a passing fad, but…
Cloud Email Migration In today’s litigious society, preserving your company’s data is a must if you (and your legal team) want to avoid hefty fines for data spoliation. But what about when you move to the cloud? Of course, you’ve probably thought of this already. You’ll have a migration strategy in place and you’ll carefully…
The IoT Machine Learning Shift While early artificial intelligence (AI) programs were a one-trick pony, typically only able to excel at one task, today it’s about becoming a jack of all trades. Or at least, that’s the intention. The goal is to write one program that can solve multi-variant problems without the need to be…
Secure Third Party Access Still Not An IT Priority Research has revealed that third parties cause 63 percent of all data breaches. From HVAC contractors, to IT consultants, to supply chain analysts and beyond, the threats posed by third parties are real and growing. Deloitte, in its Global Survey 2016 of third party risk, reported…
Five Requirements for Supporting a Connected Workforce It used to be that enterprises dictated how workers spent their day: stuck in a cubicle, tied to an enterprise-mandated computer, an enterprise-mandated desk phone with mysterious buttons, and perhaps an enterprise-mandated mobile phone if they traveled. All that is history. Today, a modern workforce is dictating how…
Cost of the Cloud Cloud computing is more than just another storage tier. Imagine if you’re able to scale up 10x just to handle seasonal volumes or rely on a true disaster-recovery solution without upfront capital. Although the pay-as-you-go pricing model of cloud computing makes it a noticeable expense, it’s the only solution for many…
Data Governance Data governance, the understanding of the raw data of an organization is an area IT departments have historically viewed as a lose-lose proposition. Not doing anything means organizations run the risk of data loss, data breaches and data anarchy – no control, no oversight – the Wild West with IT is just hoping…
Box.net, Amazon Cloud Drive The online (or cloud) storage business has always been a really interesting industry. When we started Box in 2005, it was a somewhat untouchable category of technology, perceived to be a commodity service with low margins and little consumer willingness to pay. All three of these factors remain today, but with…