Category Archives: Technology

Where Are Your Users Learning About The Birds And The Bees Of Cloud?

Where Are Your Users Learning About The Birds And The Bees Of Cloud?

Clouding Around

Where did you learn about the birds and bees – from your adolescent peers? How did that work out for accuracy? Today it’s from peers and the Internet. The same is true for your users and the cloud with the same sometimes disastrous consequences. You’re the CIO, shouldn’t they be learning cloud from you? Stop lamenting like Rodney Dangerfield how IT gets no respect. Step up and reach out.

Cloud use is spreading rapidly but most of your users have a vague or misguided concept of what cloud really is and its promises and pitfalls. Want proof? Often quoted are Gartner’s Top Ten Cloud Myths. But that is just scratching the service. A little digging reveals lots of misconceptions about SaaS, like here and here. Even your peers on the management committee hold foggy notions of how it works but are reluctant to admit it. Instead, they echo some of the buzzwords, quote an article they read in the WSJ, etc. Let’s face it. Your firm is already pregnant with cloud. Why not take a page from what your peers do and get ahead of the curve.

Your head of HR works hard at building and executing an education program for the company’s staff. It’s designed to encompass the many different facets of management and leadership to facilitate employees’ progress. It also points out all the policies and laws that need compliance. Attendance and regular testing is mandatory and for good reason. To grow, your firm needs knowledgeable leadership and a strong culture. To stay out of trouble, employees need to understand the firm’s and society’s norms and boundaries.


Your CFO does the same. Folks are regularly exposed and held accountable to the business metrics and methodologies used to manage and steer the enterprise. The how and why you do what you do is critical for staff to understand, if the firm is going to reach its goals. Likewise, there are a lot of regulations where compliance is essential. They range from those covering all businesses, like SOX or FCPA, to those that are industry specific, like HIPAA or Dodd-Frank.

It’s a good bet that your operations, marketing, and other functions in the company do the same: provide development and tools for success while also pointing out the guard-rails between which actions can be taken in accord with company culture and society norms.

What are you doing for IT leadership? Let’s guess. Odds are you focus on the guardrails. You teach them good passwords, how to avoid phishing emails, perform safe browsing, use corporate data on their mobile devices, etc. All worthy topics but that’s not the half of it. As the fundamentals of your business become increasingly digital they are spending buckets of money on cloud computing. Who is teaching them about cloud? Who is helping the company’s staff make good decisions and avoid bear traps in cloud?

Safe bet it is not you. SaaS vendors go right around you directly to them. Their peers and buddies during meetings and conferences buzz about the latest cloud-based tool – and it’s even free to try! You turn around and surprise, everyone is on and they are asking you to link it to your old Oracle order management system.

Why not get ahead of the curve and emulate your peers. Teach your users about cloud. Give them the basics, dispel the myths and paint relevant case studies to your industry and environment. Give them the big picture, too. Cloud is pretty prominent in the press these days: all the way from how everyone can use it to how it is transforming whole industries.

NetSuite is bought by Oracle. elects to use AWS. Workday announces they will use IBM’s cloud for development. Is any of this relevant for your enterprise? Why not write a short note to all users or a post on your internal social media giving your point of view? Are you too busy to write something? Send a link to an article of blog post you particularly liked.

Make yourself the “go to” guy when different parts of the company contemplate using cloud. Do it for the company and do it for you. The CIO and IT’s role are changing and you need to negotiate a difficult path. Some even predict the CIO position will disappear. Nothing is certain but wouldn’t it be better if your users viewed you as a valuable and essential member of the team?

(Originally published Oct 13th, 2016. You can periodically read John’s syndicated articles here on CloudTweaks. Contact us for more information on these programs)

By John Pientka

Effective Security Management In A Software Defined World

Effective Security Management In A Software Defined World

Effective Security Management

Software defined infrastructure (SDx) along with use of private and public cloud technology is completely changing the way IT departments manage enterprise data centers and application workloads. Automation is a key component of software defined networking (SDN), bringing network, server, storage, security management and other IT functional teams together to transform the data center from a hardware-focused to an application-focused environment.

In the past when organizations deployed new applications, the application owner needed to collaborate with several disparate teams. For example: one team was responsible for installing the required server hardware and operating systems, another team was responsible for connecting the new servers to the network, and yet another team was responsible for provisioning the security and firewall rules.


It was as if the stars, planets and moons (or in this case all the functional teams) had to align in order for all of the necessary components to be provisioned. Then, and only then, could the application owners’ start using the new infrastructure. The result of all these tasks was it would take weeks or even months before the infrastructure was ready and the new application could start to be rolled out.

Today, private and public cloud infrastructures allow IT to automate these manually intensive operations; virtual machines are dynamically created and deployed, operating systems are quickly and easily provisioned, and connecting new services to the network is streamlined and automatic. As a result, pre-configured templates of commonly used and well defined services are available to the application owner. With a single click on a self-service portal, applications can now be quickly provisioned across multiple data centers, within or among private and public clouds.

In this software defined world where new apps are instantly created or moved to a different location as the infrastructure gets provisioned, changed and elastically scaled based on demand, security officers are challenged to enforce security policies and retain full visibility of security incidents. In fact, security often lags far behind the application developer’s ability to provision new infrastructure since traditional security controls remain fixed at protecting the network perimeter and don’t easily extend into the highly dynamic and automated software defined infrastructure. As such, security remains a key challenge for organizations looking to get full visibility and control of their threat landscape and plug any vulnerabilities in their cloud-based environments.

It turns out the keys to getting control back are creating dynamic security policies, API scoping and security management consolidation.

Creating Dynamic Security Policies

Dynamic security policies in modern networks are achieved by close integration with network virtualization and public IaaS solutions like VMware NSX, Cisco ACI, OpenStack, AWS or Microsoft Azure. By tightly integrating with these solutions, objects defined by those systems such as groups and tags can be learned and utilized in network security policies. This allows for the creation of dynamic security policies where changes in the software-defined environment are immediately translated and instantly reflected into an effective and active security policy that is applied to all traffic automatically – without human intervention.


Exposed or published APIs in popular SDN or cloud services controllers provides the logical integration point for creating dynamic security policies. Data defined by the controller – such security groups, VM or host names, tags, and more – can be exchanged with network security tools to create meaningful context for both security personnel and network administrators. Now, instead of arbitrary or meaningless IP addresses, the security in a software-defined network can leverage meaningful information about the network to ensure the right policies always follow application data and workloads – wherever they go.

Additionally, leveraging and populating this contextual information in log files gives security admins the ability to better understand and investigate any security incident. Security solutions for cloud-based networks must be able to integrate with leading cloud and network virtualization tools to not only provide advanced threat protection for both east-west and north-south traffic but also make use of dynamic cloud and other SDN objects in the security policy and logs for effective security management.

API scoping

In order to completely automate the deployment of new applications, organizations need to grant developer’s access to APIs that in many cases involve modification of security policies. It is vital to ensure this access is scoped or limited appropriately; otherwise, a mistake by a developer could potentially alter the security policy of the entire organization making it vulnerable to threats.

Scoping access to APIs example:

The printer admin use an app to add printers to the network. In doing so, this involves modifying firewall rules using an API. The security policy must ensure that the printer application can only add new printers – nothing else – and is only permitted within relevant network segments.

Incorporating sub policies in the security management solution is the best way to allow scoping API access down to a rule level, thus eliminating the possibility of inadvertently modifying the security posture and exposing the entire organization to new threats. This also ensures delegation of administrative duties down to specific use cases to streamline security management while maintaining oversight of all activities.

Security Management Consolidation

Consolidation of management functions is necessary to gain complete and holistic visibility of security policies and incidents across the entire organization’s infrastructure. Without management consolidation incidents are difficult to identify, correlate and analyze across the various cloud networks, making it operationally impossible to secure these environments.

The new software-defined infrastructure is complex, constantly changing and being driven by functional teams who don’t always understand the security implications that come from defining new infrastructure. In addition, organizations still have physical or legacy networks to maintain. It is now more difficult than ever to get a handle on not only where data center traffic goes – north-south, east-west, virtual and physical, private and public cloud – but how exposed an organization’s infrastructure is to vulnerabilities and threats.

Cloud-based security solutions must be able to provide customers with a unified solution that consolidates policy management, visibility and reporting across private and public clouds – all from a single pane of glass. It should be intuitive and scalable enough to handle security deployments wherever customer data goes while providing detailed analysis and correlation of security events across the entire enterprise network.

By Yoav Shay Daniely

Three Reasons Cloud Adoption Can Close The Federal Government’s Tech Gap

Three Reasons Cloud Adoption Can Close The Federal Government’s Tech Gap

Federal Government Cloud Adoption

No one has ever accused the U.S. government of being technologically savvy. Aging software, systems and processes, internal politics, restricted budgets and a cultural resistance to change have set the federal sector years behind its private sector counterparts. Data and information security concerns have also been a major contributing factor inhibiting the adoption of new technologies such as the cloud. Keeping data on-premise has long-been considered to be the more secure option; however, ever-increasing incidents of hacking, data breaches and even cyber terrorism within government entities from the IRS to most recently, the Office of Personnel Management (OPM), indicate that change is needed, and fast.

Slowly, but surely, a technology revolution is taking place within the public sector. Due in large part to the introduction of the Obama administration’s “Cloud First” policy in late 2010, the establishment of the Federal Risk and Authorization Management Program (FedRAMP), a standardized approach for conducting security assessments, authorizations and monitoring for cloud technologies, as well as innovations in cloud offerings themselves, cloud adoption among federal agencies is taking off. The General Services Administration (GSA), Department of the Interior (DOI), the Department of Agriculture (USDA), NASA, and even the Central Intelligence Agency (CIA) and NSA are just a few of the many agencies who have embraced cloud solutions in recent months and years. Further, with IDC’s recent Federal Cloud Forecast projecting sustained growth through 2018, the public sector is nearing its tipping point in cloud adoption.

Should this trend continue as expected, below are three reasons that cloud adoption can be the answer to close the federal government’s technology gap.

Availability of Clear Guidelines for Cloud Adoption

In the past, government agencies lacked a clear roadmap for evaluating and selecting authorized cloud providers, making it difficult for the technology to break through in the federal sector. According to the FedRAMP website, this resulted in, “a redundant, inconsistent, time-consuming, costly and inefficient risk management approach to cloud adoption.”

The introduction of FedRAMP has provided agencies with much-needed guidelines and structure to accelerate the use of cloud technology in all facets of the government. Today, cloud systems are authorized in a defined (and repeatable) three-step process: security assessment, leveraging & authorization, and ongoing assessment & authorization. Among its benefits, the federal program estimates that its framework will decrease costs by 30-40 percent and will reduce both time and staff resources associated with redundant cloud assessments across agencies.

Incentives to Focus on Cyber-Security

In October 2015, U.S. federal government CIO Tony Scott professed his support for the cloud during a Google at Work webcast, saying:

I see the big cloud providers in the same way I see a bank. They have the incentive, they have skills and abilities, and they have the motivation to do a much better job of security than any one company or any one organization can probably do.”

He’s right, and his comments represent a stark departure from the general consensus in the public sector just a few short years ago. Applying the same security measures and best practices to legacy, on-premise solutions requires both time and significant spend—both of which the government lacks. The competitive nature of the cloud business in recent years has challenged providers to adopt agile security practices, resulting in solutions that are secure, reliable and execute seamlessly. From email management systems to data storage services, continued cloud adoption at the federal-level will enable agencies to achieve long-term benefits that will eventually be impossible to achieve with on-premise systems, including advanced cybersecurity capabilities, guaranteed business continuity, as well as enhanced performance management functionality.


Bring Greater Efficiency in IT Spending

In February 2015, the International Association of Information Technology Asset Managers (IAITAM) released a report criticizing the U.S. government on its IT spending. The report suggested that while the federal government spends over six times more on IT per employee than its private sector counterpart, it also wastes 50 percent of its more than $70 billion IT budget due to a lack of standardization and controls. Combined, these factors have created a breeding ground for IT failures and exploits from threats inside and outside government walls. This is further indication that the existing status quo is inefficient and is putting the government (and U.S. citizens) at risk.

Over time, leveraging the “pay-as-you-go” model of the cloud, federal sector can decrease its IT spending, creating new efficiencies. Software and application management for example, which requires abundant resources to oversee in on-premise deployments, is virtually eliminated with a cloud-based solution. From business continuity and software maintenance to eventually, compliance and IT risk-related activities, the onus, falls on the cloud provider, not the customer. Thus, federal IT workers are freed up to focus on more mission-critical initiatives, rather than spinning wheels on inefficient technology, programs and processes.

While it will take some time before the cloud truly takes off in the federal sector, it’s hard to ignore the benefits that both the private sector and forward-thinking government agencies have seen with the technology to date. The time is now to make a change for good. If the U.S. wants to be viewed as one of the most technologically advanced nations in the world, it’s prudent that the government itself practice what it preaches, doing what’s needed to establish the country as a leader, rather than a follower, in this rapidly-evolving digital age.

By Vibhav Agarwal

The Five Rules of Security and Compliance in the Public Cloud Era

The Five Rules of Security and Compliance in the Public Cloud Era

Security and Compliance 

With technology at the heart of businesses today, IT systems and data are being targeted by criminals, competitors and even foreign governments. Every day, we hear about how another retailer, bank or Internet company has been hacked and private information of customers or employees stolen. Governments and oversight organizations are responding to these attacks with calls for tighter control and regulations, from the Society for Worldwide Interbank Financial Telecommunication (SWIFT) beefing up its requirements for members to new proposed regulations targeting financial institutions in the State of New York. It is no wonder that as enterprises embrace the public cloud to run their critical applications, (See image) compliance remains one of the top concerns.

Biggest Barriers Holding You Back


Enterprises used to regard IT compliance audits and certifications, e.g., HIPAA for hospital IT systems or PCI DSS for banks and e-commerce companies, primarily from the perspective of staying on the right side of the law. But this is changing – companies across all industries are now willing to spend on IT security and compliance, not only to deal with legal requirements but also to win customer trust and ensure that they don’t make headlines for the wrong reasons.

Security and compliance in public-cloud environments are fundamentally different from private datacenter security. Old techniques and controls (e.g., connecting to physical switch TAP/SPAN ports and sniffing traffic, installing gateway firewalls at perimeters) do not work in the cloud any more. With compliance playing a key role in IT security and governance, it is important to keep a few guidelines in mind when it comes to managing public-cloud environments.

1. Start with a dose of security common sense: Common data and information security best practices lie at the heart of compliance standards such as HIPAA and PCI DSS as well as of security frameworks such as the CIS Benchmarks for Amazon Web Services (AWS). For example, compliance rulesets for cloud environments typically stipulate password policies, encryption of sensitive data and configuration of security groups. Enterprise IT and security teams would do well to incorporate these rules into their security management, irrespective of compliance requirements.

2. Remember the shared-responsibility model: Public cloud providers such as AWS follow a shared-responsibility model; they manage the security of the cloud and leave security in the cloud (environment) to the customer. These clouds have invested heavily to build security into their products and develop customer confidence. AWS has robust controls in place to maintain security and compliance with industry standards such as PCI and ISO 27001. In going from datacenters to public cloud environments, security administrators need to understand what aspects of security compliance they are responsible for in the cloud. This requires cross-functional collaboration between the operations and security teams to map the security controls in the datacenter to those in public-cloud environments.

3. Stay compliant all the time: In the software-defined world of public clouds, where a simple configuration change can expose a private database or application server to the world, there are no second chances. Enterprises are going from periodic security checks to continuous enforcement and compliance. Businesses that develop and deploy applications in clouds need to bake security and compliance checks into the development and release process. A software build that causes a security regression or does not meet the bar for compliance should not be released to a product environment. Enterprise IT needs to ensure that the tools they use for compliance monitoring and enforcement allow them to check applications for compliance before they are deployed.

4. Automate or die: Manual security and compliance processes don’t work in the dynamic, scalable world of the public cloud. When a business’ cloud environment spans hundreds or thousands of instances across accounts, regions and virtual private clouds, just the process of gathering the data required to run a compliance audit can take days or weeks, driving up the time to compliance and increasing the risk of errors. Even a team of qualified security personnel may not be able to detect vulnerabilities and respond in a timely manner. Automation is key to survival in the public cloud. It is no wonder that Michael Coates, the trust and infosec officer of Twitter, said “Automate or die. This is the biggest thing I stick by in this day and age.” In selecting the tools to manage compliance in cloud environments, enterprise IT must regard automated data aggregation, compliance checking and enforcement of security gold standards as table stakes.

5. Don’t just find it, fix it: There is an abundance of security-monitoring products in the market today that allow administrators to find security misconfigurations and vulnerabilities but do not offer the control to fix these issues. These tools are limited in scope and utility and force enterprise IT to use a patchwork of tools to manage the security and compliance lifecycle. Businesses should pick comprehensive “find it, fix it, stay fixed” platforms that do not stop at identifying issues with the environment but offer the tools required to fix them and put safeguards and controls in place to ensure that security best practices are enforced.

Public clouds are transforming the world of enterprise IT by offering unprecedented agility and a pay-as-you-grow operational model. Clouds are also changing the rules of the game for IT security and compliance management by offering new controls and capabilities. The tools and processes that served IT well in datacenter environments will not work in the public cloud. It is time for security and compliance to be transformed as well.

By Suda Srinivasan, Vice President of Growth at Dome9

suda_dome9Suda is the Vice President of Growth at Dome9, where he oversees marketing and customer growth. Prior to Dome9, Suda held a senior marketing role at Nutanix where he was responsible for defining, communicating and driving the execution of the go-to-market strategy for the company’s enterprise cloud platform. Suda is a seasoned leader with extensive experience in technology, having worked in engineering, strategy consulting and marketing roles at Nutanix, Microsoft, Coraid and Deloitte

Is Complete Cyber Security Possible?

Is Complete Cyber Security Possible?

Cyber Security Concerns

Every minute, we are seeing about half a million attack attempts that are happening in cyberspace.” – Derek Manky, Fortinet global security strategist

Pricewaterhouse Coopers has predicted that cyber security will be one of the top risks facing financial institutions over the course of the next 5 years. They have pointed at a number of risk factors, such as the rapid growth of the Internet of Things, increased use of mobile technology, and cross border data exchange, that will contribute to this ever growing problem.

Gartner has estimated that by 2020, the number of connected devices will jump from around 6.4 billion to more than 20 billion connected devices. In other words, there will be between two and three connected devices for every human being on the planet. Derek Manky of Fortinet, told CNBC that “The largest we’ve seen to date is about 15 million infected machines controlled by one network with an attack surface of 20 billion devices. Certainly that number can easily spike to 50 million or more“. So in a world where Cyber Security seems almost unattainable, is it still possible for you, or for large companies, to remain protected?


According to Cross Domain Solutionscomprehensive security is possible by making all security data accessible and automating security procedures”, which allows threats to dealt with in real time. They suggest an approach focused on data confidentiality, data integrity and the authenticity of users and data placeholders. Although it is theoretically possible, this is unlikely to provide total cyber security in practical situations.

The expansion and widespread adoption of the Internet of Things (IoT) has become the most pressing cyber security issue over the last 5 years. Smart phones, smart watches, smart TVs and smart homes, amongst other devices, have increased the surface area for hackers to take advantage of exponentially. This combined with the problems of perimeter security in cloud-based services, the sheer size of data collection by IoT devices, and the lack of security on many modern IoT devices, mean that complete cyber security (for businesses or individuals) will become increasingly more difficult. In a move that shocked the world earlier this year, hackers made off with tens of millions of dollars from Bangladesh’s central bank by using malware to gain access to accounts. Cyber Security is a very real issue for any business that has valuable information or assets stored digitally.

james-lewisIt has been suggested that we should focus on strategies to reduce risk that use formulas such as cyber risk = threats X vulnerabilities X consequences; thus by reducing one of the factors to zero we can achieve complete Cyber security. The Common Vulnerabilities and Exposures list has more than 50,000 recorded vulnerabilities (with more added every hour), so it is almost impossible to ensure your network can deal with an incessant wall of hackers trying to get in. James Lewis, a cybersecurity expert at the Washington DC-based Center for Strategic and International Studies (CSIS), commented recently that businesses need to stop worrying about preventing intruders from accessing their networks. They should instead be concentrating on minimising the damage they cause when they do gain access. According to the Cisco 2015 Annual Security Report, “Security is no longer a question of if a network will be compromised. Every network will, at some point, be compromised”.

Fortunately for the tech world, the same capabilities that make networks more vulnerable can help to strengthen defences as well. Financial institutions are able to utilise big data analytics to monitor for covert threats, helping them to identify evolving external and internal security risks and react much more quickly. Whilst total cyber security may not be practically possible, the technology exists for businesses to be as security conscious as they feel they want to be. Both consumers and businesses should be assigning cyber security as the highest priority.

By Josh Hamilton

SAP Digital Consumer Insight: SAP’s Data-as-a-Service Tool Helps Business Owners Know Their Customers

SAP Digital Consumer Insight: SAP’s Data-as-a-Service Tool Helps Business Owners Know Their Customers

SAP’s Data-as-a-Service Tool

There was a point not too long ago when futurologists believed that all retail would be going online, with anonymous transactions and drone deliveries meaning you would never have to leave your couch to satisfy all your shopping needs. In fact, the opposite has happened. Brick and mortar retail stores have embraced and incorporated big data, cloud computing and the internet to deliver a much-improved retail experience for business owners and consumers alike.

When Jud and Julie Soderborg opened the fashion boutique Koan in New York’s East Village, they wanted to really understand the identity and the behaviors of the people who were walking by their store, and could be potential customers. So the husband and wife team initiated a three-day data gathering project using SAP’s Digital Consumer Insight tool. They began by focusing on when foot traffic peaked and when it was at its lowest, then dug deeper to find out where people were coming from, who they were in terms of age & gender and even what sort of devices these people were using.

Peak Traffic

When they collated all the data, they discovered that the foot traffic past their location was primarily millennials from the Williamsburg / East Village area who were using Apple devices. As a result Koan was able to shape their offerings accordingly and target their marketing tone to suit the foot traffic, confident that they were appealing to the correct demographic.

You can read more of their story, as well as many more use cases here:

E-commerce retailers have known for a long time who their customers are, due to their ability to track their clicks and their online behavior. SAP’s Chief Digital Officer Jonathan Becher explains, “This offering does to retail stores what Web marketing has done for websites.” For example, an online retailer can track the path to purchase, the time to taken to get there and the demographics of a consumer. “What we’ve done for the first time is to take all this information that people have figured out in the digital world, and make it available to the physical world.

Where are they coming from?

The benefit of these insights can be applied in a number of ways for retailers. Everything from proximity marketing to location planning, sales strategies and campaigns will benefit from the snapshots provided by SAP Digital Consumer Insight. Through the data, retailers are striving to achieve a way of delivering a consistent, personalized product mix to customers across multiple channels that local consumers will relate to. It stands to reason that the deeper the understanding of customer behavior that there is, the easier it becomes to attract loyalty and increase the conversion rate and average basket value of purchases.

Consumers need not fear that their privacy is being violated in any way. The data which is collected and presented via Digital Insights is anonymized and aggregated, thus giving the business owner a snapshot of the traffic in the area while maintaining the privacy of the individuals.

SAP built its formidable reputation working with big businesses, but 80% of their customers are small and mid-sized so the company learned how to take what works at enterprise-level and adapt it for smaller businesses that realize how much they can benefit from actionable information.

Small business owners don’t have the time, skills or resources to build complicated data analysis systems. SAP Digital Consumer Insight is the perfect vehicle to address those concerns. Consumers can simply purchase a single data ‘Insight’ for $439.00, or they can select a bundle of five data ‘Insights’ for $1,429.00 – and begin to see their Insights instantly.

Visit the SAP Store to purchase the SAP Digital Consumer Insight package and take a massive step towards understanding who your customers are and what they need.

Sponsored spotlight series by SAP

By Jeremy Daniel

5 Ways Cloud-based Tools Can Help Accountants Escape The IT Treadmill

5 Ways Cloud-based Tools Can Help Accountants Escape The IT Treadmill

Accountant Cloud Tools

Digital tools and software have become an inseparable part of any accountant’s profession. There are software for almost every need of accountants. From managing payrolls to filing taxes, technology is able to automate them and offer a great simplicity to the accountants. Now to maintain the best of productivity and remain competent in the market, it is important for the accountants to find a solution that avails the optimum utilization of the available accounting tools. This is where cloud solutions come in handy for the accountants.

Cloud accounting or online accounting allows you to run the applications and store the accounting data on a remote server for better accessibility, agility, features and more. Here are some detailed benefits that accounting professionals can gain by switching to cloud-bases software:

  1. Streamlined Integration

The software market has a number of options to offer that need to be integrated together to deliver a reliable accounting automation. For example, a fine amalgamation of ship tracking, inventory management, CRM, ERP, and accounting software is required automate the all-end accounting of a manufacturing business. Considering that you are using the desktop version of these software, there are inevitable challenges you would be facing. Limitations of the local server resources (memory, storage, processing speed, etc.) to first of those challenges. Then on, specification necessities with Operating System and cross-compatibility factors are further hassles one needs to deal.


Going with the cloud-based accounting software allows an ease of scalability for resources as required. So, you can choose resources and upscale or downscale them as you add or remove any accounting tool. Moreover, the integration between different tools is easier as the specification requirements of the local machine don’t hold significance anymore. Self-governed version upgrades add more convenience to the integration capabilities of the cloud.

  1. Enhanced Automation

Offline software may be able to process the information and commands, once provided. However, information update is mostly a manual task with offline software, which limits the ability to pace up the processing and chances of error with the information are higher. Also, with the growth in online transaction and payment mediums, the necessity for the instant, remote, and automated update has also grown. Think about it – a sales order is received and updated on CRM, now your accounting software, banking applications, and inventory management software will have dependent actions to take. So, you will have to update them all separately.

Integrate on the same platform, and all the actions (update the sale on CRM, the books on accounting software, status on inventory tool and payment verification in banking app) can be processed automatically. This automation takes off the chances of delay and errors significantly.

  1. Better Workforce Distribution

Managing the entire accounting operations for a business or a number of clients is a herculean job and therefore, various tasks are distributed for timely and smoother actions. To and fro of the email exchange, multiple copies of the same files, limited control and tracking of the changes made by different users – these are some of the hassles that traditional accounting setups face.

Cloud-based applications have a great advantage in managing a large number of users working together. Firstly, admin holds the right to create and restrict the access of different users. Then, it also allows different users to work on the same file at the same time, even from different locations. So, the chances of file redundancy, storage limitation, and sharing hassles are nullified. At the same time, user tracking remains enabled to track which user made what changes and you can even recover changes if required. So, the task assigned to the workforce is immensely simplified and to enhance the productivity.

  1. More Secure and Reliable

As mentioned in the above section, cloud-based tools are centralized under the surveillance and control of the admin. It allows a reliable control on all users and the automated integration of different tools reduces the chances of errors and delays. But that is not all that cloud has to offer for the accounting solutions. Cloud technology rides on the automated backup and data protection advantages.

Most of the cloud-based tools enable multiple backups of the latest data to keep it available in case of any data loss – be it a manual mistake or a natural disaster. Further secured with the encryption, firewall, and other security features, it offers an impeccable environment for running accounting applications and storage of the data.

  1. There’s More Saving

The first and biggest saving that cloud introduces is that it does not require any dedicated local machines and servers to run applications. Since hardware makes one of the biggest expenses, cloud saves the significant amount. But the savings do not end with it. Cloud computing solutions save plenty on the maintenance, upgrading and other IT expenses. As most of the hardware remain with the hosting provider, its maintenance is their task. Serving a larger group of the hardware for a number of clients, the overall charges are much lower at the hosting provider’s end.

Other factors that contribute to the cost-cutting with cloud are because of reduced local infrastructure and on-the-go accessibility, which enables the modern work cultures, such as – BYOD and Work from Home. With so many of the ways available to save money, no accounting professional would like to miss on them.

Wrapping Up

Technology gifts simplicity of use even with the most complex operation. Cloud has been doing that to a number of industries. Accounting is one of the industries that adopted it quite late, but its potential is immense. Citing which the shift to cloud solutions is noticeable and still growing. If you are still not sure if the cloud is a fine choice, you are probably going to miss out on a lot of opportunities.

By Kirti Khanna

The DDoS That Came Through IoT: A New Era For Cyber Crime

The DDoS That Came Through IoT: A New Era For Cyber Crime

A New Era for Cyber Crime

Last September, the website of a well-known security journalist was hit by a massive DDoS attack. The site’s host stated it was the largest attack of that type they had ever seen. Rather than originating at an identifiable location, the attack seemed to come from everywhere, and it seemed to have been driven through a botnet that included IoT-connected devices like digital cameras. This was something special and unusual, and a stark warning about the future of cyber warfare.

The attack was so large and relentless that the journalist’s site had to be taken down temporarily. The exercise of fending off the attack and then repairing and rebuilding was extremely expensive. Given that the target was a writer and expert on online security and cybercrime, the attack was not only highly destructive but also symbolic: a warning to security specialists everywhere that the war has changed.

Chris Sellards, a Texas-based Certified Cloud Security Professional (CCSP) agrees. He points to the sheer volume of IoT connected devices – a number that is growing exponentially, with Gartner forecasting 6.4 billion devices to be connected this year.

PC users have become a little more sophisticated with regard to security in recent years,” Sellards says. “They used to be the prime target when creating a botnet and launching DDoS attacks because they rarely patched their systems and browser configuration settings were lax by default. However, with automatic upgrades and an increased use of personal firewalls and security apps, PCs have become a little more of a challenge to penetrate. Attackers almost always take the path of least resistance.”

Consequently, IoT devices have become the new playground. They are the new generation of connected machines that use default passwords, hard coded passwords, and inadequate patching. The rush to make everything IoT compatible and affordable leaves little time or incentive for manufacturers to build in sophisticated security layers. In addition, there is an innocence factor at play. Who would ever suspect their digital camera, fitness tracker or smart thermostat of being an accomplice to cybercrime?


Sellards points out that one of the most interesting aspects of the attack was that GRE (Generic Routing Encapsulation protocol) was used instead of the normal amplification techniques used in most DDoS attacks. This represents a change in tactic specifically designed to take advantage of the high bandwidth internet connections that IP based video cameras use.

These developments have experts like Sellards worried, given the huge – and growing – number of IoT devices that form part of the nation’s critical infrastructure. “If default and hardcoded passwords can be compromised to install malware that launches DDoS attacks, they can also be compromised to launch more nefarious attacks with significantly higher consequences,” he says. It shows IoT installs are insecure and not hardened. They are exposed to the Internet without firewall filtering. “All best business practices we’ve spent decades developing have gone right out the window.” 

IoT in general represents a fascinating new chapter in convenience and communication for businesses and consumers alike. But as all security experts already know, the bad guys never rest. The way in which they discovered and exploited both the weaknesses and the built-in features of IoT shows a creativity and dedication that must never be ignored. Thus the value of a CCSP having a seat at the executive table has just increased exponentially.

For more on the CCSP certification from (ISC)2, please visit their website. Sponsored by (ISC)2.

By Steve Prentice

CloudTweaks Comics
Reuters News: Powerfull DDoS Knocks Out Several Large Scale Websites

Reuters News: Powerfull DDoS Knocks Out Several Large Scale Websites

DDoS Knocks Out Several Websites Cyber attacks targeting the internet infrastructure provider Dyn disrupted service on major sites such as Twitter and Spotify on Friday, mainly affecting users on the U.S. East Coast. It was not immediately clear who was responsible. Officials told Reuters that the U.S. Department of Homeland Security and the Federal Bureau…

The Conflict Of Net Neutrality And DDoS-Attacks!

The Conflict Of Net Neutrality And DDoS-Attacks!

The Conflict Of Net Neutrality And DDoS-Attacks! So we are all cheering as the FCC last week made the right choice in upholding the principle of net neutrality! For the general public it is a given that an ISP should be allowed to charge for bandwidth and Internet access but never to block or somehow…

Cloud Infographic: Security And DDoS

Cloud Infographic: Security And DDoS

Security, Security, Security!! Get use to it as we’ll be hearing more and more of this in the coming years. Collaborative security efforts from around the world must start as sometimes it feels there is a sense of Fait Accompli, that it’s simply too late to feel safe in this digital age. We may not…

Timeline of the Massive DDoS DYN Attacks

Timeline of the Massive DDoS DYN Attacks

DYN DDOS Timeline This morning at 7am ET a DDoS attack was launched at Dyn (the site is still down at the minute), an Internet infrastructure company whose headquarters are in New Hampshire. So far the attack has come in 2 waves, the first at 11.10 UTC and the second at around 16.00 UTC. So…

Cloud Infographic – DDoS attacks, unauthorized access and false alarms

Cloud Infographic – DDoS attacks, unauthorized access and false alarms

DDoS attacks, unauthorized access and false alarms Above DDoS attacks, unauthorized access and false alarms, malware is the most common incident that security teams reported responding to in 2014, according to a recent survey from SANS Institute and late-stage security startup AlienVault. The average cost of a data breach? $3.5 million, or $145 per sensitive…

A New CCTV Nightmare: Botnets And DDoS attacks

A New CCTV Nightmare: Botnets And DDoS attacks

Botnets and DDoS Attacks There’s just so much that seems as though it could go wrong with closed-circuit television cameras, a.k.a. video surveillance. With an ever-increasing number of digital eyes on the average person at all times, people can hardly be blamed for feeling like they’re one misfortune away from joining the ranks of Don’t…

The DDoS That Came Through IoT: A New Era For Cyber Crime

The DDoS That Came Through IoT: A New Era For Cyber Crime

A New Era for Cyber Crime Last September, the website of a well-known security journalist was hit by a massive DDoS attack. The site’s host stated it was the largest attack of that type they had ever seen. Rather than originating at an identifiable location, the attack seemed to come from everywhere, and it seemed…

Using Cloud Technology In The Education Industry

Using Cloud Technology In The Education Industry

Education Tech and the Cloud Arguably one of society’s most important functions, teaching can still seem antiquated at times. Many schools still function similarly to how they did five or 10 years ago, which is surprising considering the amount of technical innovation we’ve seen in the past decade. Education is an industry ripe for innovation…

Connecting With Customers In The Cloud

Connecting With Customers In The Cloud

Customers in the Cloud Global enterprises in every industry are increasingly turning to cloud-based innovators like Salesforce, ServiceNow, WorkDay and Aria, to handle critical systems like billing, IT services, HCM and CRM. One need look no further than Salesforce’s and Amazon’s most recent earnings report, to see this indeed is not a passing fad, but…

Using Private Cloud Architecture For Multi-Tier Applications

Using Private Cloud Architecture For Multi-Tier Applications

Cloud Architecture These days, Multi-Tier Applications are the norm. From SharePoint’s front-end/back-end configuration, to LAMP-based websites using multiple servers to handle different functions, a multitude of apps require public and private-facing components to work in tandem. Placing these apps in entirely public-facing platforms and networks simplifies the process, but at the cost of security vulnerabilities. Locating everything…

The Rise Of BI Data And How To Use It Effectively

The Rise Of BI Data And How To Use It Effectively

The Rise of BI Data Every few years, a new concept or technological development is introduced that drastically improves the business world as a whole. In 1983, the first commercially handheld mobile phone debuted and provided workers with an unprecedented amount of availability, leading to more productivity and profits. More recently, the Cloud has taken…

5 Things To Consider About Your Next Enterprise Sharing Solution

5 Things To Consider About Your Next Enterprise Sharing Solution

Enterprise File Sharing Solution Businesses have varying file sharing needs. Large, multi-regional businesses need to synchronize folders across a large number of sites, whereas small businesses may only need to support a handful of users in a single site. Construction or advertising firms require sharing and collaboration with very large (several Gigabytes) files. Financial services…

Ending The Great Enterprise Disconnect

Ending The Great Enterprise Disconnect

Five Requirements for Supporting a Connected Workforce It used to be that enterprises dictated how workers spent their day: stuck in a cubicle, tied to an enterprise-mandated computer, an enterprise-mandated desk phone with mysterious buttons, and perhaps an enterprise-mandated mobile phone if they traveled. All that is history. Today, a modern workforce is dictating how…

Maintaining Network Performance And Security In Hybrid Cloud Environments

Maintaining Network Performance And Security In Hybrid Cloud Environments

Hybrid Cloud Environments After several years of steady cloud adoption in the enterprise, an interesting trend has emerged: More companies are retaining their existing, on-premise IT infrastructures while also embracing the latest cloud technologies. In fact, IDC predicts markets for such hybrid cloud environments will grow from the over $25 billion global market we saw…


Sponsored Partners

Security Training Through Practical Experience
Security: The Goodwill Virus That Keeps On Giving
Collaborative Economy – Customer Appreciation Day
Salesforce Service Cloud: Air Traffic Control For Your Customer
Collaborative Economy – The Death Of “Death By Meeting”
Competing Cloud Security Demands Call For Credentialed Professionals
Watching You Shop: Stores And Mannequins “Read” Their Customers And Respond
Help Your Business Improve Security By Choosing The Right Cloud Provider
Internet Performance Management In Today’s Volatile Online Environment
SAP HANA® And Global Healthcare