(c)iStock.com/DWalker44

More than 4% of enterprises have put their data at risk by sanctioning cloud apps laced with malware, according to research released by cloud security provider Netskope.

The study, which uses anonymised data from millions of users in the global Neskope Active Platform, found 88% of apps used were not enterprise-ready, while almost half (43%) of apps analysed keep data for more than a week after the service has ended, going against the upcoming EU General Data Protection Regulation (GDPR).

This represents another warning sign for businesses to become compliant before the regulations take hold, within two years of the GDPR becoming law in spring of this year. Previous research from Netskope, as this publication has examined, found almost 80% of IT pros were not confident of making the 2018 deadline. Eduard Meelhuysen, VP EMEA at Netskope, wrote at the time: “The GDPR will have significant and wide-ranging consequences for both cloud-consuming organisations and cloud vendors, and security teams will need to make the most of the two-year grace period before penalties for non-compliance come into force.”

Of the 88% of apps analysed which aren’t enterprise secure, the key failing were auditing and certification, service level agreements, vulnerability remediation, and legal, privacy and financial viability. Perhaps not surprisingly, technology and IT services represent the highest number of cloud apps per enterprise on average (794), ahead of healthcare and life sciences (773) and retail, restaurants and hospitality (734).

Netskope warns that employees can be unwittingly spreading malware throughout their company through using unsanctioned cloud storage apps from multiple devices. “More than ever, it’s imperative that organisations have complete visibility into and real-time actionable control over their cloud app usage to better monitor and understand trends and vulnerabilities,” said Sanjay Beri, co-founder and CEO of Netskope.

Elsewhere, Microsoft has eclipsed Google in cloud app usage for the first time in Netskope’s reports, with Outlook and Office 364 OneDrive overtaking Gmail and Google Drive respectively.

Read more: How to ensure enterprise app cloud usage complies with the GDPR

With the proliferation of both SQL and NoSQL databases, organizations can now target specific fit-for-purpose database tools for their different application needs regarding scalability, ease of use, ACID support, etc. Platform as a Service offerings make this even easier now, enabling developers to roll out their own database infrastructure in minutes with minimal management overhead. However, this same amount of flexibility also comes with the challenges of picking the right tool, on the right provider and with the proper expectations.
In his session at 18th Cloud Expo, Warner Chaves, Principal Consultant at Pythian, will compare the NoSQL and SQL offerings from AWS, Microsoft Azure and Google Cloud, their similarities, differences and use cases for each one based on our own client projects.

read more

More and more companies are looking to microservices as an architectural pattern for breaking apart applications into more manageable pieces so that agile teams can deliver new features quicker and more effectively.
What this pattern has done more than anything to date is spark organizational transformations, setting the foundation for future application development. In practice, however, there are a number of considerations to make that go beyond simply “build, ship, and run,” which changes how developers and operators work together to streamline cohesive systems.

read more

SYS-CON Events announced today that Tintri Inc., a leading producer of VM-aware storage (VAS) for virtualization and cloud environments, will exhibit at the 18th International CloudExpo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, New York, and the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.

read more

In his session at @ThingsExpo, Noah Harlan, Founder of Two Bulls and President of AllSeen Alliance, will discuss the coming move from Cloud to Edge and what this means for business.
Noah Harlan is President of AllSeen Alliance and a Founder of Two Bulls, a leading mobile software development company with offices in New York, Berlin, and Melbourne. He is also Managing Director of Digital Strategy for Sullivan NYC, a brand engagement firm based in New York. He has served as an advisor for the White House Office of Science & Technology Policy on gaming and the outdoors, has appeared as a commentator on Bloomberg TV discussing mobile technology, and has an Emmy Award for Advanced Media Interactivity.

read more

(c)iStock.com/nzphotonz

By Jason Deck, VP strategic development, Logicworks

It is 4pm on a Friday before a holiday, right before your team leaves for a long weekend. An engineer on your team suddenly cannot connect to certain instances in your AWS environment. The error is affecting the largest projects and biggest customers — across hundreds of instances — including DR.

What happens now?

The answer to this question depends on your support model. In most companies, an incident like this means that no one is going home for the holiday weekend; they will spend 15+ hours diagnosing the problem, then 200+ hours fixing it manually, instance by instance. If they do not get it fixed in time, they will lose data and have to tell their customers — a potentially damaging situation.  

This is a true story, but what actually happened was very different. The company instead called their managed service provider (MSP) – us – who diagnosed the problem and fixed it over the holiday weekend.

Every system has weak points. Every system can fail. It is how you deal with catastrophe — and who you trust to help you during failure — that makes the difference. Every enterprise team needs an insurance policy against mistakes, large and small.

It turns out that one of the company’s internal engineers had caused the problem, inadvertently changing permissions for their entire environment. Logicworks was able to diagnose the problem in less than an hour, determine blast radius, get our smartest engineers in a room to develop a complex remediation strategy, and implement that fix before business resumed after the holiday. This involved writing custom scripts (in Python, BASH, and Puppet) to investigate the scope of the failure and another more complex script to partially automate the fix, so that each instance could be repaired in 3-5 minutes, rather than 2-3 hours. Ultimately it took 170+ hours of engineering effort, but the company readily admitted that it would have taken them two weeks to fix on their own.

Managed infrastructure service providers were born in an age when implementing a fix meant going to a data centre, swapping out hardware, and doing manual configurations. The value of an MSP to enterprises was not having to manage hardware and systems staff.

In the cloud, MSPs must do more. They must be programmers; instead of replacing hardware, they need to write custom scripts to repair virtual cloud instances. MSPs need to think and act like a software company: infrastructure problems are bugs, the solution is code, and speed is paramount.

Not all MSPs operate this way. Many MSPs would have looked at this company’s issue and applied the traditional incident response model: just reboot everything manually, one at a time. (Many also would have said “you caused the problem, you fix it.”) This is the traditional MSP line of thinking, and it would have meant that the company would have lost three to five days of data and customer trust.

MSPs need to think and act like a software company: infrastructure problems are bugs, the solution is code, and speed is paramount.

Running on cloud infrastructure comes with unique risks. It is often easier for your engineers to make a career-limiting mistake when a single wrong click of a button in an automated script can change permissions across an entire system. These new challenges require new answers and a new line of defence.

Importantly, this means that MSPs no longer replace internal IT teams; they provide additional expertise that the enterprise currently lacks (or is in the process of building) in fields like cloud security and automation. They provide an additional layer of defense. In the example above, the internal and MSP team collaborated to fix the problem, since there is shared control of the infrastructure.

In the cloud, the conversation no longer has to be insourcing vs. outsourcing. In fact, you will get the most out of an MSP if are also setting up internal DevOps teams or implementing software development best practices. As an MSP, companies with an existing or growing DevOps team are the most exciting to work beside. As an example, an MSP cannot automate your entire deployment pipeline alone; most only operate below the application level and can only automate instance spin-up and testing. But if the two teams are working together, they can balance application-specific needs with advanced scaling and network options and create a very mature pipeline very quickly.

An MSP can accelerate your DevOps team building strategies, not substitute them.

In other words, an MSP can accelerate your DevOps team building strategies, not substitute them. This is an incredibly powerful model that we have watched transform and mature entire cloud projects in a matter of months. Plus, they can subtract all the crucial compliance work your DevOps team dreads, like setting up backups and logging — and even improve the quality of that compliance work by creating automated tests to ensure logs and backups are always kept.

It is true that internal IT teams sacrifice some control by using an MSP. The key is that you are sacrificing control to a group of people who are held responsible for making your environment secure, available, etc. You control how and when the MSP touches your environment.

Cloud projects are complex, and cloud problems can be equally so. Just make sure that when they happen, you have the right team on the bench.

The post Incident Response on AWS Cloud: The Case for Outsourcing appeared first on Gathering Clouds.