2014 was a year of cloud security and compliance accomplishments and 2015 will certainly bring new challenges and new successes.
In 2014, we worked closely with many customers who needed to adhere to HIPAA and PCI DSS compliance requirements. We made sure all bases were covered, data was protected, and compliance was achieved.
Though PCI DSS 3.0 was officially released on November 7, 2013 and became effective on January 1, 2014, its compliance deadline took effect a year later, on January 1, 2015. This infographic explains what you need to know about PCI DSS 3.0.
Archivo mensual: enero 2015
Easy Internet of Things Integration By @AgilePoint | @ThingsExpo [#IoT]
Today’s enterprise is being driven by disruptive competitive and human capital requirements to provide enterprise application access through not only desktops, but also mobile devices. To retrofit existing programs across all these devices using traditional programming methods is very costly and time consuming – often prohibitively so.
In his session at @ThingsExpo, Jesse Shiah, CEO, President, and Co-Founder of AgilePoint Inc., discussed how you can create applications that run on all mobile devices as well as laptops and desktops using a visual drag-and-drop application – and eForms-building techniques in 10% of the time it would take for traditional programming. Connect to all your existing in-house systems and databases as well as third-party applications like Salesforce, SAP, Office 365, etc., through easy-to-create and maintain process-centric enterprise workflow applications your team can create in days.
Announcing @ActiveState Named “Silver Sponsor” of @DevOpsSummit New York [#DevOps]
SYS-CON Events announced today that ActiveState, the leading independent Cloud Foundry and Docker-based PaaS provider, has been named “Silver Sponsor” of SYS-CON’s DevOps Summit New York, which will take place June 9-11, 2015, at the Javits Center in New York City, NY.
ActiveState believes that enterprises gain a competitive advantage when they are able to quickly create, deploy and efficiently manage software solutions that immediately create business value, but they face many challenges that prevent them from doing so. The Company is uniquely positioned to help address these challenges through our experience with enterprises, people and technology.
DevOps Security with @EvidentdotIO | @DevOpsSummit [#DevOps]
“We are strong believers in the DevOps movement and our staff has been doing DevOps for large enterprise environments for a number of years. The solution that we build is intended to allow DevOps teams to do security at the speed of DevOps,» explained Justin Lundy, Founder & CTO of Evident.io, in this SYS-CON.tv interview at DevOps Summit, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
Internet of Things Supply Chains By @Microsoft | @ThingsExpo [#IoT]
Disruptive macro trends in technology are impacting and dramatically changing the «art of the possible» relative to supply chain management practices through the innovative use of IoT, cloud, machine learning and Big Data to enable connected ecosystems of engagement. Enterprise informatics can now move beyond point solutions that merely monitor the past and implement integrated enterprise fabrics that enable end-to-end supply chain visibility to improve customer service delivery and optimize supplier management. Learn about enterprise architecture strategies for designing connected systems that integrate physical and digital supply chains with your enterprise systems, leveraging IoT devices, hybrid cloud and network service providers to enable innovative business models while mitigating risk, managing security and increasing capacity to meet customer changing SLA requirements.
Cloud Healthcare with HIPAA Compliance By @Ariel_Dan | @CloudExpo [#Cloud]
Orbograph is an innovative healthcare ISV that provides Healthcare Revenue Cycle Management (HRCM) solutions, online medical scheduling, PHR, and other services to hospitals and clinics.
The Leader: Ran Rothschild, Director of Operations
The Project: The company’s next generation of products launched as a cloud service.
Orbograph was seeking to benefit from the advantages of cloud computing (elasticity, flexibility, cost-effectiveness) without compromising full compliance with HIPAA, Safe Harbor, and the utmost protection for its sensitive customer and corporate data.
Tracking Your CloudFlare DNS Configuration By @ScriptRock | @DevOpsSummit [#DevOps]
Email is a mission critical application that is relied on to power business communication and collaboration capabilities on a day-to-day basis. It is a vital component of modern business and being able to send and receive email is of paramount importance. If you were to make a list of applications to track and control configuration changes of, email would be at the top of that list.
Key Challenges for Data Center Migration | @CloudExpo @TufinTech [#Cloud]
Tufin is spearheading a drive to help companies understand and overcome the network and security challenges involved in migrating data centers. The company has outlined three key challenges to effective data center migration faced by businesses – including application connectivity management, security and compliance – and how these can be overcome with the help of Tufin’s Orchestration Suite.
Five tips to secure your cloud future
(c)iStock.com/maxkabakov
The cloud has been central to the business workings of organisations. Reliance on the cloud as a central storage tool highlights the importance of security. With important data and documents and sensitive information stored away on the cloud, there is too much at stake. Intense effort and investment needs to be put into making sure cloud providers are providing these five main security features:
Standards based integration with identity management providers
Forming an integrated identity is crucial as it has become a key enabler, both to provision and de-provision access to company resources and data. Having an identity solution for their management tools that allows fast and easy integration with existing processes used by the customer helps facilitate this. This is done through a standards-based mechanism such as Security Assertion Markup Language (SAML) 2.0, OAuth 2.0 with OpenID Connect.
Another benefit is the complete control over password complexity rules, expiration and the ability to require various forms of multi-factor authentication. In addition to standards-based integration, the service should also provide an easy-to-use, stand-alone multi-factor authentication (MFA) mechanism for those customers who don’t already have an existing identity management solution. This encourages the customer to implement strong authentication measures which can help prevent malicious actors from being able to take over control of their accounts.
Securing specific API cells
Allowing for the integration flexibility is something business users have come to expect from cloud providers, and many cloud providers regularly provide application programming interfaces (APIs) that allow customers to integrate management of their cloud service into 3rd party management platforms or their own internally built applications.
This flexibility enables business customers to mould cloud services around their unique business needs, customising workflows or integrating cloud automations into their existing corporate or customer-facing applications. This enhances business agility, and competitive advantage, as well as provides valuable business capabilities for customers.
However, this also opens businesses up to risk as it introduces additional attack surface that must be properly protected. To safeguard against possible attacks, service providers should give customers API authentication mechanisms that are resistant to replay or man-in-the middle attacks and can be used to provide cryptographic validation of the API messages being sent. These authentication mechanisms should ensure that API commands can only be issued by properly authenticated endpoints, and that each message is authentic and hasn’t been tampered with using cryptographically sound techniques.
Multi-tier user management and billing
As businesses become increasingly complex, their needs become increasingly intricate as well. Cloud providers need to constantly evolve their services to match the expectations of their customers, especially in providing a flexible account structure that allows easy rollup of billing and usage information at the top level. All this while enforcing complete segregation of networks and hosts at the sub-account level.
The most important thing though is customer control – the customer should have complete control over which sub-accounts must be completely isolated, even from the parent account, and which sub-accounts are allowed to exchange data freely. This allows the segregation of production and development/QA, or perhaps meets a regulatory requirement that two different business units are prohibited from being able to share data between their systems.
Logging and reporting
Intricate services and functionalities are typically the focus of many cloud providers, and often, in their haste to meet customer expectation, they marginalise seemingly mundane tasks like collecting logging from the cloud environment and reporting.
While not a main focus of cloud providers, at a minimum, service providers should be able to provide detailed logging of all management actions performed through the provider’s user interface or through API calls. Access to this logging data should be provided both in the user interface as a reporting function, and in a real-time publish/subscribe method so it can easily be consumed by the customer’s existing log management system.
For those customers who don’t already have a well-developed log management and alerting mechanism, it would be ideal for the service to have an integrated add-on capability to perform log management and alerting within the customer’s cloud environment.
Patch management
Staying relevant with patches is extremely important for service providers, and they typically update their templates used to create new machines to stay up to speed.
Once a virtual machine is launched, however, the responsibility to patch the system falls to the customer. This creates a gap in expertise, where customers fail to take the cloud environment into consideration for their patch management tools, creating a window of opportunity for attackers.
To mitigate against this potential risk, customers should look for a cloud service provider that offers an easy, integrated option that provides patch and vulnerability management for the customer environment. This would include regular (monthly) OS and application patching, along with vulnerability scans run at a frequency as required by the customer, and a dashboard where the customer can view up-to-date statistics on security vulnerabilities while trending the environment over time.
Dropbox becomes available for Windows Phone and tablets, builds on Microsoft partnership
(c)iStock.com/hocus-focus
Dropbox has announced availability on Windows Phone devices and Microsoft tablets, available on Windows RT, 8.1, and Windows Phone 8.0.
Windows now completes the set of mobile options for Dropbox, with the cloud storage product already available on Android phones, Kindle Fire, iPhones, iPads and BlackBerry phones.
The news comes as both companies look to solidify their partnership established in November last year. At the time this publication questioned the decision given Microsoft’s strong play on its own cloud storage product, OneDrive, now available unlimited to Office 365 subscribers.
Yet it makes more sense underneath the surface; Dropbox will look to gain a foothold in the enterprise market, while Microsoft looks for assurances it can ‘play nicely’ with other vendors. The announcement could also be seen as a timely one given Box’s imminent IPO.
Picture credit: Dropbox
This isn’t the only recent announcement Dropbox has made. Earlier this week the San Francisco based firm announced the acquisition of CloudOn, a mobile cloud collaboration tool.
“We’re taking the next step toward our vision of reimagining docs – by joining the Dropbox team,” CloudOn wrote in a blog post. “Our companies share similar values, are committed to helping people work better, and together we can make an even greater impact.”
At the time of the CloudOn acquisition, pundits questioned the Microsoft and Dropbox partnership. Forbes columnist Ben Kepes wrote: “[Office and Dropbox] is one partnership that never quite gelled in my mind – Microsoft has, after all, its own file sharing solution. With this acquisition, one wonders whether Redmond will consider its cosy relationship with Dropbox.”
Today’s announcement seems to change that. You can read the Dropbox blog post here.