It’s funny when I see articles around security that focus on how Anti-Virus is the key to computer security. I know that yes, the risks from malware and virus-laden attachments are a pain in the butt for security professionals, and even regular computer users, but is A/V really the key to computer security? If you ask me, it’s really about education and process than anything. Continue reading
It may come as no surprise that I read a lot about cloud and security. I mean A LOT. My Twitter feeds are rammed with representation from all things cloud. As Martha Stewart would say, “It’s a good thing.”. So when I’m not doing my day job, I’m busy writing this daily blog, writing for another awesome Canadian blog, http://cloudbestpractices.net, some vendor sites, and writing whitepapers for various conferences, doing research with the Cloud Security Alliance and the like. I do this so that I can help educate the market, particularly the Canadian market, on cloud. Continue reading
I had an interesting discussion yesterday about cloud and platforms and what the market is seeing, and I started thinking back to the OpenStack movement and the whole idea about open source clouds. The question is is open source cloud something to consider when transitioning your business to a cloud or virtualized model? Continue reading
I’ve been knee deep in enterprise cloud work lately, so I thought I would take a bit of a break and focus on a neat little home cloud solution that I stumbled upon from one of my favorite gear companies, D-Link. I never really thought about D-Link and cloud, but yesterday I came across their new cloud services offering and I thought it was pretty cool.
So we all know D-Link as being responsible for our favorite modems and routers. Oh, and my favorite device of all, Boxee Box. But they recently released a neat device called their Cloud Router, which is really the basis for a bunch of neat cloud solutions for those of us who take our home network a little too seriously.
D-Link has been focusing lately on creating a home network cloud for consumers which allow them to access all their content with either 3G/4G or 802.11. This means you can access not just files but cameras at any time from anywhere. But it also has some neat intrusion detection tools and can show you web history of any devices. Oh, and did I mention it does motion control triggers and you can set recording schedules?
What I like is basically the router acts as a cloud gateway, and you can connect any storage device to it. This is not the first time we have seen the personal cloud movement (Dropbox, iCloud etc come to mind), but it’s really cool that we are seeing companies like D-Link step in the game, especially since they’ve already done a great job with media.
It’s been awhile since I’ve written about security, but last week I came across a really great (but frightening) example of how security is affected with virtual environments. An organization who was running a virtual environment suddenly lost access to their entire infrastructure. It wasn’t a result of a badly configured virtual environment, it was arguably one of the first examples that I have come across of an attack against a virtual environment. I don’t know if it was intentional, but it’s a very interesting story of just how the threat landscape is adapting.
Essentially what happened was that the Windows server their virtual environment was running on had suffered a malware infection. The worst thing was that it was a known exploit, but hadn’t been patched. What the exploit did was cause the server to hit the network stack with enough traffic to cause a DDoS attack against the management console. This brought not just everything down, but rendered the environment unavailable.
Can you imagine if this type of vulnerability happens in production environment, such as in a financial or e-commerce organization? Aside from the financial ramifications of not being available to customers, but if you couldn’t recover any of your data? This type of attack could theoretically cause irreparable damage to a company.
I know the whole concept of securing virtual environments is a new thing. I work with several research groups within the Cloud Security Alliance so I am aware of just how little information there is out there as it relates to best practices. But when a real-world example of how these types of attacks are starting to affect virtual environments, it makes it clear just how important these conversations are.
Now I am not sure what happened to the organization who was the unfortunate victim of the attack. I hope that the fact that they figured out it was a network issue means that once the vulnerability is patched the VMs can be restarted. But I doubt that this is a rare and isolated example, which means that it is officially time for security and infrastructure folks to step up their game.
Yesterday the latest security report from Verizon was released, with some much-expected statistics around hacktivism and security breaches. As it relates to cloud, the statistics are already hinting about where organizations need to focus.
Some of the key points are that internal breaches have been reduced significantly (hopefully through corporate security education), and physical attacks account for around 10% of all breached records.
But the really staggering statistic is around breaches themselves. 97% of them were avoidable had simple security measures been in place. 97 percent! 96% of the victims were required to comply with PCI DSS guidelines but sadly didn’t meet the requirements.
So what all this mean as it relates to cloud? It means that if breaches are still happening and that if requiring compliance to PCI isn’t stopping it, cloud isn’t going to help. As organizations start pushing content to the cloud, security will be even more important as hacktivists are scanning all web-facing content for potential victims. There is no longer a “we’re not big/important enough to be a victim” excuse. Cloud is going to make everything more available, and make security trickier to manage.
So what can organizations do to help reduce this risk? First thing is to make sure that you know where your data is. If you don’t know what you have, you don’t know what to protect.
Second, look for weaknesses in your security posture. There are so many great tools out there to help identify these, such as Qualys etc.
Third, if you have anything facing the web, invest in security. Web Application Firewalls (WAF), Cloud DDoS, and perimeter security tools. If you don’t have the internal expertise to manage these controls, look to service providers to manage it for you.
You can also look at migrating your important data to a cloud provider who meets the compliance requirements applicable to your organization. This saves you the headache of going through all the rigor of audits and remediation. Outsourcing is a great resource for this, and very cost effective for mid/small organizations who just want to focus on their business.
In 5 years I am sure this type of report is going to shift dramatically towards cloud attacks and mobile technology attacks. The best thing organizations can do is to use these as a guide to secure their environment, or reach out to someone who can offer security as a service.
To read the full report, visit www.infoworld.com
In keeping up with cloud and all things related, I read a great article yesterday about how BYOD is driving unified communications (UC). As someone who uses a voip phone, and a cloud-hosted phone (on top of the smart phone), the ability to consolidate all my various phone numbers into a single source that can follow me around is a huge benefit. And companies are seeing this too, making it a critical element of business transformation. Continue reading
Last week I was at a conference where several Canadian organizations spoke about how cloud helped them transform their organization. The funny thing is that if you scanned the names of the companies each speaker represented, you would’ve immediately thought there was no connection since only tech companies could possibly understand the benefits cloud brings to the organization.
But cloud isn’t just about technology, in fact when it comes down to it, cloud is about looking at new ways of doing business.
The key benefit for organizations when it comes to cloud -and not just large enterprises, but organizations of all sizes- is that it lets you act like a large company with tons of resources when you need it, but keep your core business lean and efficient. Think of it like hiring extra seasonal employees during peak periods. Cloud allows you to scale your internal IT teams in line with your business, without having to purchase tons of capital assets only to have them lie in dormancy.
IT departments have been under pressure to deliver more innovative ways for organizations to operate. New systems and applications to take over old database ones that cannot keep up with modern processes, or hiring virtualization specialists to manage new infrastructure to lower operating costs are all on the minds of Directors and CIOs, but realistically these projects require large amounts of capital and skillsets that aren’t easily found within the organization. Instead of pushing these projects back, organizations should be looking to cloud providers to help them transform their businesses.
Imagine if suddenly your IT department starts generating income for the organization instead of costing it? This is the premise behind cloud. Cloud enables your organization to create value for your customers, internal and external. Internal processes can be streamlined to reduce costs, new applications and services created with a fraction of the resources, and more flexibility in designing new business platforms. External customers benefit from new services that help them grow their own businesses. Cloud is therefore like a trickle-down effect, from the cloud providers all the way down to the end customers.
As part of Technology Tuesday, I am excited to highlight a great company I had the pleasure of meeting last week, RackForce. If you’re not familiar with them, they are a Canadian cloud provider from Kelowna, BC. What I particularly appreciate from a provider such as RackForce is that they are Canadian born and bred, which means if you thought you could get away with a Patriot Act excuse, think again. Oh, and did I mention that they work with some of the biggest cloud vendors in the world?
RackForce started back in 2001, but really seemed to pick up speed in 2005-2007 when they started developing strategic relationships with the likes of IBM, Cisco and Microsoft. It was through these partnerships that a new breed of Enterprise-class services emerged.
Their current service lineup spans the entire spectrum from the network, through infrastructure services and up to the management layer with managed services and disaster recovery services. What I love is that they also have a hybrid hosting model which allows for the support of IT platform services that spans all kinds of services, and even a whitelabel model.
On top of all this, as a VMware partner which means their services are vCloud Powered. This means that you can migrate workloads from your own internal VMware environment to RackForce without headaches, or use their services as an extension of your own IT capabilities. It’s not a bad proposition when you look at their laundry list of services and capabilities.
And if you’re still not sold, there is another key area where RackForce is making some noise. Their data centre is perhaps the most efficient and green data centre in North America. They have some impressive stats to back this up, including that their carbon footprint is around 1/20th the size of a typical competitors. The fact that they located their datacentre in Kelowna and take advantage of the cool Canadian air, and green hydro power makes them the greenest in the business.
A good-karma, environmentally friendly Canadian company that delivers services to rival it’s biggest competitors is the reason RackForce is going to be a cloud force to be reckoned with.
For more information on RackForce, visit them at www.rackforce.com
As part of my regular cloud reading, I stumbled upon a great article last week about the role of the CFO as it relates to cloud. I personally never really considered the role of the CFO, usually because I am more afraid that should I get a call from the finance department it’s usually around business performance or some unfiled expense report. But as it relates to cloud, CFOs generally have a love-hate relationship. One one hand they understand the financial benefits, but at the same time it means that costs are tied very closely with the cloud market, making it difficult to predict future expenditures. Continue reading