‘Improving DevOps’ By @OmniTI | @DevOpsSummit [#DevOps]

Some developers believe that monitoring is a function of the operations team. Some operations teams firmly believe that monitoring the systems they maintain is sufficient to run the business successfully. Most of them are wrong. The complexity of today’s applications have gone far and beyond the capabilities of «traditional» system-level monitoring tools and approaches and requires much broader knowledge of business and applications as a whole. The goal of DevOps is to connect all aspects of application development and operations, and monitoring provides visibility and troubleshooting tools to accomplish that goal.

read more

DevOps Is Key Contributor to the Bottom Line | @DevOpsSummit [#DevOps]

According to the study, respondents have experienced anywhere from a 14 to 21 percent improvement in business in the form of increased numbers of customers, faster time-to-market and improved quality and performance of applications. US respondents have seen more improvements than the global average, for instance about 27 percent increased collaboration between departments, a 26 percent reduction in time spent fixing and maintaining applications and a 24-25 percent increase in the number of customers as well as software and services that would otherwise not be possible.

read more

New App Management Platform By @Qubell | @DevOpsSummit [#DevOps]

Qubell announced on Monday the availability of the first autonomic application management platform for cloud applications. Qubell enables applications to become adaptive, self-managed services that configure, heal, optimize and protect themselves in response to changes within dynamic cloud environments. With Qubell, managing applications as an autonomic system dramatically accelerates application release cycles, improves quality, eliminates manual operations and reduces outages and operating costs. The platform is designed for a broad range of web, commerce and big data applications with an emphasis on retail, financial services and high-tech industries.

read more

Box partners with Microsoft to enable collaboration through Office

(c)iStock.com/ngkaki

Cloud storage provider Box has joined the Microsoft Cloud Storage Program, integrating with Microsoft Office to enable businesses to seamlessly access content across devices and platforms.

The new collaboration includes enabling users to open, edit and save documents back to Box directly from Office for iOS, and is available today for free, with integration with Office Online arriving later this year.

“We’re excited to deepen our commitment to openness in the enterprise through Microsoft’s new program,” said Box CEO Aaron Levie in a statement. “We’re committed to delivering innovation that puts the customer first and allows enterprises to choose the tools they want to be successful.”

Levie wrote in a blog post the importance of openness, citing Box’s public APIs as a primary driver behind increasing enterprise productivity through being able to share documents any time, anywhere.

“The future of enterprise software is about choosing best of breed technologies to solve critical business problems,” he wrote. “Often these solutions will not come from the same vendors. To make this successful, these technologies must work together seamlessly.

“This next enterprise era will be defined by simple to use, modular services,” he added. “IT organisations will get better innovation for their dollar, users will achieve more productivity, and vendors will build stronger ties to one another.

“Today’s move is an important accelerant to this trend.”

Box isn’t the only company to partner with Microsoft in its Cloud Storage Program; Citrix and Salesforce are also inaugural members. Yet a more interesting comparison would be Microsoft’s partnership with Dropbox announced in November 2014. At the time, analysts argued the partnership was rooted in Dropbox’s greater need for an enterprise presence, and Microsoft’s need to ‘play nicely’ with other vendors.

This deal again focuses on Box’s core mission as an enterprise technology – a point Levie was keen to stress when the storage provider eventually went public in January.

You can find out more about the news here.

.@BMCSoftware and @Compuware Partner | @CloudExpo [#Cloud]

Compuware and BMC Software are partnering to improve the economics of IBM(R) z Systems ownership. By doing so, the two companies are empowering customers to reduce mainframe opex – even as they leverage their high-value mainframe applications, data and processing capacity to meet the challenges of the digital economy.
«The partnership between BMC and Compuware launches an integrated opportunity for mainframe customers to manage workload inefficiencies in a manner that has not been achievable to-date,» said Frank DeSalvo, former research director at Gartner. «This innovation helps organizations leverage their IT budgets by enabling them to continuously optimize their mainframe workloads, resulting in cost effective decisions for both current and future spending.»

read more

Internet of Things Hackathon Proposals | @ThingsExpo [#IoT]

The 3rd International @ThingsExpo, co-located with the 16th International Cloud Expo – to be held June 9-11, 2015, at the Javits Center in New York City, NY – is now accepting Hackathon proposals. Hackathon sponsorship benefits include general brand exposure and increasing engagement with the developer ecosystem.
At Cloud Expo 2014 Silicon Valley, IBM held the Bluemix Developer Playground on November 5 and ElasticBox held the DevOps Hackathon on November 6. Both events took place on the expo floor.
The Bluemix Developer Playground, for developers of all levels, highlighted the ease of use of Bluemix, its services and functionality and provided short-term introductory projects that developers could complete between sessions.

read more

Microsoft becomes first vendor to adopt latest international cloud privacy standard

(c)iStock.com/JasonDoiy

Microsoft has announced it is the first major cloud provider to adopt the ISO/IEC 27018 standard, claimed as the world’s first international standard for cloud privacy.

The standard, which was published by the International Organisation for Standardisation (ISO) last year, sets out to establish “commonly accepted control objectives, controls and guidelines for implementing measures to protect personally identifiable information in accordance with the privacy principles in [previous framework] ISO/IEC 29100 for the public cloud computing environment.”

In practical terms, this means vendors only process personally identifiable information as directed by the customer, transparency about policy regarding transfer and deletion of information stored in data centres, and defined restrictions on how personally identifiable information is handled.

Microsoft added that its Azure, Office 365 and Dynamics CRM Online products were in line with the standard.

This standard covers privacy, so differs from the Federal Risk and Authorisation Management Program, commonly known as FedRAMP. Microsoft’s cloud infrastructure passed that test back in October 2013. Since then however there have been plenty of developments in terms of data privacy; not least a US judge ordering Microsoft to give over data from a Dublin data centre in April 2014.

It’s worth noting here that the ISO/IEC 27018 doesn’t appear to be a failsafe for these issues. Microsoft added the new standard forces them to inform users about government access to data, unless the disclosure is prohibited by law.

Despite this, Redmond is satisfied its adoption of the new standard will lead to greater confidence in its privacy policy from customers.

“Customers will only use services that they trust,” Microsoft EVP legal and corporate affairs Brad Smith wrote in a blog post. “The validation that we’ve adopted this standard is further evidence of our commitment to protect the privacy of our customers online.”

You can find out more the standard here.

SOA Architecture: Enabler of the Digital World By @TheEbizWizard | @CloudExpo [#Cloud]

Service-Oriented Architecture (SOA) is an approach for abstracting enterprise software capabilities as reusable services in order to support more flexible business processes and ideally, more agile organizations. SOA was one of the hottest topics in information technology (IT) back offices and enterprise vendor marketing departments for a number of years back in the 2000s.

However, in retrospect the original promise of SOA was largely unrealized at that time. Vendors used the approach to sell middleware, which led to expensive and difficult implementations. The architectural focus on improving IT and organizational governance in order to achieve greater levels of business agility was largely subsumed into the technical minutiae of enterprise integration.

read more

Healthcare data security: Is cloud encryption alone enough?

By Kenneth N. Rashbaum, Esq. and Liberty McAteer, Esqs.

This blog post is for informational and educational purposes only. Any legal information provided in this post should not be relied upon as legal advice. It is not intended to create, and does not create, an attorney-client relationship and readers should not act upon the information presented without first seeking legal counsel.

What if the data of 80 million Anthem subscribers were encrypted at rest? And access required two-factor authentication? Would the security breach still have occurred? These lines in the new cyber-security “anthem” are being sung with gusto by those following the bouncing cursor of a breach that may be larger than all healthcare security breaches of the last ten years combined. The questions need to be asked but, like many other things in information security, the answers are not always obvious, though sometimes they do follow simple basic information management common sense.

True, investigating a breach, especially one of this size, attracts attention that makes the Super Bowl and Academy Awards look like Saturday morning cartoons. The analysis is always retrospective, Monday-morning quarterbacking, and it’s hard not to come up with some weakness that if addressed, maybe, possibly, perhaps could have prevented the breach.  Here most commentators, especially those in the mainstream press, have focused on data encryption at rest as the panacea that would have preserved the sensitive information of the millions of Anthem subscribers.  Encrypted cloud storage is part of the answer, but not the whole answer because attackers who can circumvent authentication protocols can get around encryption (and, as Edward Snowden stated, encryption often comes with back doors).

One reason why encryption alone isn’t a complete defense against a data security breach is that, as Professor Steven M. Bellovin of Columbia University wrote in an Ars Technica article:

In a case like the Anthem breach, the really sensitive databases are always in use. This means that they’re effectively decrypted: the database management systems (DBMS) are operating on cleartext, which means that the decryption key is present in RAM somewhere. It may be in the OS, it may be in the DBMS, or it may even be in the application itself (though that’s less likely if a large relational database is in use, which it probably is). (Emphasis added.)

This means that someone with access to a computer can access the database decryption key, or potentially even unencrypted database contents, from the RAM, or ‘working memory,’ of the computer. As a result, the robustness of the database encryption scheme becomes nearly irrelevant and would likely not have posed a substantial barrier to someone with the know-how to circumvent authentication protocols in the first place.

So, the first question that must be asked is how robust were the authentication protocols at Anthem? A combination of strong, perhaps multifactor authentication protocols and database management systems controls, plus encryption at rest could have reduced the chances of a successful breach. It’s important, from a liability perspective, to note that neither HIPAA compliance nor other federal information security requirements require perfection.  These regulations are not rules of strict liability. The metric is “reasonable steps,” though, of course, that is often in the eyes of the beholder with the benefit of hindsight.

And there are “reasonable steps” that can be taken to deter all but the most sophisticated hackers.  One may be to store sensitive information with a cloud hosting provider who encrypts at rest and requires multifactor authentication. However, many healthcare plans and providers are skeptical due, among other things, to a perceived loss of control over the data in the healthcare cloud and, thereby, the ability to oversee data security. This is one reason, as Professor Bellovin notes, that it is appropriate for cloud hosting services to use robust database encryption, as you no longer control authentication protocols to your computer systems because “you don’t control the machine room and you don’t control the hypervisor (a program that allows multiple operating systems to share a single system or hardware processor).” On the other hand, cloud hosting provider systems administrators are often more experienced at securing their systems than most healthcare plan and provider IT personnel or, when they are large enough to have them, information security departments (HIPAA compliant hosting requires the appointment of Security Officers, but they often are not sufficiently experienced to harden the OS and DMBS, let alone encrypt at rest).

The New York Times reported on February 6, 2015 that healthcare information is increasingly at risk of a data security breach because medical records, with their rich set of personal identifiers including Social Security Numbers and medical record numbers that can be used to obtain pharmaceuticals and even medical care for undocumented aliens, are of greater value on the black market that credit card numbers alone, as those accounts can be cancelled. The Times also noted that “health organizations are likely to be vulnerable targets because they are slower to adopt measures like keeping personal information in separate databases that can be closed off in the event of an attack” (subscription required).

As the attackers get more and more brazen and sophisticated, especially in light of the recent series of successful attacks, healthcare organizations will look for means to better secure information, and those means will comprise more than just encryption. They will include hardened authentication and DMBS protocols as well and, if the organization cannot manage these controls themselves, hosting of data in a healthcare cloud with reputable managed cloud hosting providers.

The post Healthcare Data Security: Is Cloud Encryption Alone Enough? appeared first on Cloud Computing News.

Tech News Recap for the Week of 2/9/2015

Were you busy last week? Here’s a quick tech news recap of articles you may have missed from the week of 2/9/2015!

tech news recapThere was some good information around announcements made by VMware at its Partner Exchange event around vSphere 6, vSAN 6, and the partnership between VMware and Google. Tony Scott was named Federal CIO. President Obama, Apple CEO Tim Cook and others debated the topic of sharing cyber security data. Apple is working on an electric car design and Google is shutting down its expert video chat service, Google Hangouts.

Tech News Recap

Register for this Thursday’s webinar “How to Approach a Windows Server 2003 Migration: Key Steps for a Better Transition” to make sure you’re prepared for the upcoming July 14th end of life date.

 

By Ben Stephenson, Emerging Media Specialist