Last month we reported that Cloud Datagenius would launch by the end of the month, with technology aiming to bring relational database web apps to non-programmers.
The product is live, with a 14 day free trial (no credit card). Plans start at $49 per month.
More info available at www.clouddatagenius.com.
Last month we reported that Cloud Datagenius would launch by the end of the month, with technology aiming to bring relational database web apps to non-programmers.
The product is live, with a 14 day free trial (no credit card). Plans start at $49 per month.
More info available at www.clouddatagenius.com.
This is not a Top 10 list – it is a list of 10 things I’ve learned along the way. Top 10 lists imply some sort of universal knowledge of the “top” things possible in a given field. Top 10 attractive women, top 10 guitar players, top 10 whatever, they all have one thing in common: They are all ten things the author thinks are the best. I don’t really like to think I know everything so this list is in no particular order. This particular list is on cloud security and, well, it is a big topic that interests me greatly and there is no way I can cover it all in a blog post. As a result I will be doing a presentation around this topic in a few places, including BSides Cleveland.
Anyway, cloud security is tough for a lot of reasons, not least of which is because you, like me, probably only understand the basics of what you interface with in the cloud – the controls the cloud provider allows you to see. This lack of depth of management introduces many security related challenges.
With some of the recent breaches of restaurant chains, I’ve got to think that many of them were related to poor remote access practices. I say this because in all of my years of consulting, I have found that very weak controls around the remote access is a lot more common than one would think. Even today you will commonly find things like POS Servers directly accessible on the Internet via VNC, RDP, or pcAnywhere. I have even seen SQL databases that contain credit card data made directly accessible over the Internet.
Sometimes the organization itself is to blame. Usually because they just don’t know any better. For many, this has been the standard way to connect with their restaurants or stores remotely. They may lack the skills needed to setup secure remote access. Other times, and this is also very common, a vendor or service provider is responsible. I can’t tell you how many times I have found completely unsecure remote access setup and enabled by the POS vendor or service provider that the merchant didn’t even know about—or at least wasn’t told about as far as the risks and compliance issues this creates. In one case I even found that the service provider had opened up a port on the firewall so they could connect directly to the POS SQL database across the Internet. No matter who is to blame, this needs to be fixed right away.
First, these organizations need to stop allowing systems in their restaurants/stores to be directly accessible across the Internet. It’s actually quite easy fix if you have fairly recent firewall hardware. Set yourself up an IPSEC site-to-site VPN tunnel between each of your stores and the central office using some form of two-factor authentication. Certificate-based along with a pre-shared key for authentication isn’t that hard to set up and meets PCI DSS requirements. Now you can provide vendors and service providers with remote access into your central office where you can centrally log their activities and implement restrictions on what they will have access to at each of the stores. And remember that they also need to be using some form of two-factor authentication to access your environment.
If you are the type of business that doesn’t have full time connectivity from your stores back to your central office then remote access is a bit more complex to manage. Each of your locations needs to be configured to support client-to-site VPN connections from your own IT department as well as from your service providers and vendors. IPSEC or SSL VPNs can be set up on most of today’s small firewalls and UTM devices without much fuss. But remember that two-factor authentication is a requirement and some of these devices don’t support such strong authentication methods. For this type of connectivity, some form of hardware or software token or even SMS-based token code authentication is a good choice. Sometimes this involves the implementation of a separate two-factor authentication solution, but some firewall/UTM devices have two-factor authentication features built in. This is a big plus and makes setting up secure remote access less complex and less expensive. If you go with these types of remote access connections—direct connections to the stores—it’s very important to get the logs from remote access activity (as well as all other logs of course) from the firewalls pulled back into a central logging server for analysis and audit purposes.
To get started, your first step should be to review your external PCI ASV scans to see if any remote console services are accessible from the Internet. Look for RDP (tcp port 3389), VNC (tcp port 5900), or PCAnywhere (tcp port 5631 and udp port 5632). Also look for databases such as MS SQL (tcp port 1433), MySQL (tcp port 3306), or PostgreSQL (tcp port 5432). If any of these show up then you should get working on a plan to implement secure and compliant remote access.
If you’re looking for more information, I’ll be hosting a security webinar on July 18th to cover common security mistakes and how your organization can avoid many of them!
With the Olympic Games just around the corner, one wonders whether, in a time where cloud computing is coming on leaps and bounds and gaining popularity by the day, it will be ready to service the Olympics.
Now the Olympics will of course be taking place in London this summer, one of the financial and technological hubs of the world, and during the Olympics a huge computing infrastructure will be required that generates a huge peak of data, so some form of cloud hosting solution, on paper, would be ideal.
The London 2012 Olympics kicks off in just 15 days, so it’s fast approaching now and most of the tech work has already been carried out.
It has been revealed that nearly a quarter of the budget of the organising committee is spent on technology with 110,000 pieces of equipment being deployed with around 5,500 technical …
Not all major changes are visible to the naked eye. Standing next to a glacier it is difficult to determine direction (does it grow or shrink across seasons) and watching continents move takes even some stamina for the casual observer. Luckily this is not the case for cloud computing.
Apart from the very noticeable cloud hype (more on the cycle of that soon) there is also very noticeable growth. At the end of a deep and wide group effort, Gartner published its «Forecast: Public Cloud Services, Worldwide, 2010-2016, 2Q12 Update» accompanied by Market Definitions and Methodology: Public Cloud Services. As I highlighted several years ago in Can the Real Cloud Market Size Please Stand Up? definitions are all important when trying to compare various cloud forecasts and especially cloud forecast categories.
According to Dan Vesset, program vice president for IDC’s Business Analytics Solutions, the business analytics software market «has crossed the chasm into the mainstream mass market.»
In 2011, Vesset explains, the business analytics market extended its post-2009 recovery with another stellar performance by growing worldwide revenues 14.1% year over year.
International Data Corporation forecasts, in fact, that it will continue to grow at a 9.8% compound annual growth rate (CAGR) through 2016 to reach $50.7 billio
Cloud security and cloud encryption are a significant challenge for any organization migrating to the cloud. Deploying proper cloud encryption while maintaining control of the encryption keys is an issue we’ve covered in previous blogs as well as in this whitepaper. But when it comes to big data, there are several additional challenges.
ActiveState has announced the general availability of Stackato 2.0, the application platform for creating a private Platform-as-a-Service (PaaS). The private PaaS solution now supports .NET applications, offers web-based visual cluster management and delivers performance improvements that foster enterprise development agility. In conjunction with the release, ActiveState also announced a Stackato enterprise customer relationship with Aeroflex.
According to Bart Copeland, CEO at ActiveState, «Stackato 2.0 redefines private PaaS for the enterprise, enabling more agile development, greater DevOps transparency, more efficient cloud management and faster time to market.»
The Stackato 2.0 release extends Stackato’s market leadership in PaaS polyglot compatibility. Enterprises can now deploy .NET applications to Stackato via technology integration with the Iron Foundry platform: Stackato’s automatic configuration tool links with Iron Foundry to support .NET apps in a Stackato PaaS cloud. In addition to .NET, Stackato supports applications coded in enterprise development languages like Java, Ruby, Python, Perl, PHP, Node.JS, Clojure, Scala, Erlang and more.
Cloud computing is bringing massive computing power once reserved for government and research institutions to every organization in the world. Problems that involve intensive calculations or simulations can benefit from the computing capabilities that the cloud provides. Whether through scale out architectures like Grid / Cluster / Hadoop or completely new approaches like GPU there are a variety of emerging high performance computing options coming to the cloud.
In his session at the 11th International Cloud Expo, Dan Rosanova, Senior Architect at West Monroe Partners, will describe the problem spaces and architectural techniques that are well served by cloud based high performance computing.