(c)iStock.com/Maciej Noskowski 

A recent survey of 500 businesses revealed that nearly half were brought to a standstill by a ransomware attack within the last 12 months. Ransomware is computer malware that installs covertly on a victim’s computer, executes a cryptovirology attack that adversely affects it, and demands a ransom payment to decrypt it or to not publish it.

Recently, there has been more and more documented evidence that ransomware is on the rise – particularly in the UK which is being used as a sort of testing ground to the point whereby ransomware has become the number one threat facing UK organisations in 2016. Companies that depend on instant access to critical data and would suffer severe business impact if they lost IT systems during the time it would take to respond to an attack should be most worried.  With adoption of cloud computing for more mission-critical use cases growing, IT leaders are naturally concerned about protecting against ransomware in the cloud as well as on-premise.

Not only are ransomware attacks becoming more frequent, the methods are becoming more sophisticated and harder to identify. With email still being the number one attack vector and a reported 85% of organisations admitting to suffering from three or more attacks in a year, it is imperative that organisations have in place a robust disaster recovery and back-up plan, as well as deep security and multi-layered protection to protect cloud workloads.

To this point, here are four ways to protect your organisation against ransomware:

Cloud backup and disaster recovery

The best defence against ransomware is to outwit attackers by not being vulnerable to their threats in the first place. This means backing up important data daily and having a disaster recovery failover plan in place, so that even if your IT systems get locked, you won’t be forced to pay to see your data again.

While backups are useful, they won’t necessarily make a ransomware attack painless. If affected by ransomware, customers can restore data from a previous unaffected machine version backed up by their cloud service provider from a point in time before they were affected. However, while data is available, business as usual may not be restored until production systems are clear of any ransomware effects.

This is where cloud-based disaster recovery comes in. It enables organisations to failover production to a cloud service provider in the event of a ransomware attack and restore production systems within minutes or even seconds. The most common method of providing fail-safe replication of data between two systems is journaling whereby the system software keeps a running list of storage “writes” in a special log file called a journal. This method enables granular restoration of virtual machines from specific points in time to enable you to failover to a point in time before the ransomware attack. 

Advanced cloud security

In order to protect your organisation against this rising threat, it is imperative for business leaders to ensure that on-premise levels of security are available in the cloud. Threat protection features that are vital for organisations to consider include anti-malware with web reputation, host-based firewall, intrusion detection and prevention, integrity monitoring and log inspection.

In addition to this, virtual patching and stateful firewall capabilities are necessary to ensure virtual machines are protected at a network level, and log inspection plus file integrity monitoring in turn boosts compliance efforts. These advanced security features should be combined with alerting, reporting and remediation to prevent ransomware attacks from wreaking havoc.

Just say no

The primary method of infecting victims with ransomware is via email, with 93% of all phishing emails now containing encryption ransomware. Cybercriminals will spam victims with emails that carry a malicious attachment or instruct you to click on a URL where malware surreptitiously crawls into your machine. Ransomware hackers have also adopted another highly successful method that organisations must be aware of, malvertising, which involves compromising an advertiser’s network by embedding malware in ads that get delivered through web sites you know and trust.

Employees must be trained and educated on how to spot such attacks and every organisation must put in procedures to continuously spread knowledge about how to avoid becoming a victim.

Multi-layered protection

Some cloud providers offer multiple layers of protection against ransomware and other nefarious attacks. In addition to the advanced security features outlined above, other measures such as two-factor authentication and role-based access control ensure the highest levels of access security via the cloud.

Furthermore, encryption technology is highly useful to ensure data protection alongside vulnerability scanning, which performs periodic penetration testing to ensure that web servers and networks are not vulnerable to attack. Another factor to consider is multi-level network security enforcing network segmentation in order to improve security.

Editor’s note: On December 13 iland and partner Trend Micro are delivering a webinar on the rise of ransomware and how companies can protect themselves against ransomware attacks in the cloud. You can find out more here.

Logs are continuous digital records of events generated by all components of your software stack – and they’re everywhere – your networks, servers, applications, containers and cloud infrastructure just to name a few. The data logs provide are like an X-ray for your IT infrastructure. Without logs, this lack of visibility creates operational challenges for managing modern applications that drive today’s digital businesses.

read more

As cloud computing simultaneously transforms multiple industries many have wondered about how this trend will affect manufacturing. Often characterized as “staid”, this vertical is not often cited when leading edge technological change is the topic. This view, however, fails to address the revolutionary nexus of cloud computing and the manufacturing industry. Referred to as Digital Thread and Digital Twin; these cloud driven concepts are now driving this vertical’s future.

read more

“We are the public cloud providers. We are currently providing 50% of the resources they need for doing e-commerce business in China and we are hosting about 60% of mobile gaming in China,” explained Yi Zheng, CPO and VP of Engineering at CDS Global Cloud, in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.

read more

Cloud is big business. Amazon Web Services (AWS) is approaching $10 billion annual revenue. Microsoft Azure is approaching $3bn annual revenue. Then there’s Oracle Cloud, positioning themselves as the enterprise cloud for customers.

When a virtualisation giant like VMware and a cloud giant like AWS partner at an engineering level to deliver VMware on AWS bare metal so that customers can have a seamless hybrid cloud experience, you know the hybrid cloud model is for real.

If you are a VP/director of infrastructure, or an enterprise architect/DevOps manager within an organisation, there is a 90% probability that your CIO has demanded you to design and execute a hybrid cloud model. It’s not just because everyone else is using or planning to use public cloud – there are real genuine reasons behind that demand.

In my role, I’m involved early in the sales process. It gives me the opportunity to hear first hand from CIOs on what their pain points and needs are.

Here’s the spirit of some of these conversations to give you a sense of why they are demanding a hybrid cloud model.

Better insights and analytics

The CIO of a shoe manufacturer shared: “My number one goal is to get better insights into our sales data and provide those analytics faster to our sales and marketing teams. We need to identify sales patterns in various geographies, correlate them with many other variables and come up with insights that reveal where and how our marketing and sales can grow top line. But we can’t do the analytics fast enough because my infrastructure is the bottleneck. We have a massive database with approximately 30 TB of data in it.”

Perhaps we can pick a leaf out of agile methodology and adopt hybrid cloud in multiple sprints

“It takes two weeks to get access to copies of that VLDB before my analytics team can even run reports and analytics. I need to get the entire analytics done in two days. We will not be able to achieve it unless my analytics team can spin up large compute infrastructure on demand, whenever they want to. And they will also need multiple copies of that 30 TB VLDB on demand in a self-service manner.

“I don’t want to invest in infrastructure in my data centre. I want them to burst, once a month for two days, to Oracle Cloud or AWS, and get the job done in the cloud. This is why I want them to come up with hybrid cloud architecture and increase the speed at which analytics can be done. This is the only way we can beat our competition, and accelerate our top line growth and market share.”

Production data for compliance

The CIO of a government organisation detailed what his needs were: “I have a very simple need. I have sunk costs in two data centres so I will continue to use them at least for the next two years. Our compliance team needs a third copy of production data outside of these data centres.

“Currently my team is creating tapes with seven year data retention and has been spending north of $10,000 per month for tape related infrastructure, tape operations, and Iron Mountain costs. That’s not the only problem. I need to prove that I can do restores from these tapes once a month. It consumes significant resources – both human and infrastructure, and those restores from tapes are slow and painful.

“I asked my backup team to get rid of tapes. Everyone else seems to be leveraging scalable and cheap cloud object storage. I demanded my backup team to come up with an architecture that can leverage cloud object storage for the third copy, eliminate tapes completely, and achieve faster restore tests within the cloud every month. This is where my journey with hybrid cloud will begin within the next 3-6 months.”

Reduced time to market

The CIO of a transportation organisation talked me through his need: “I don’t want to run any packaged applications in my data centre,” he said. “If the vendor who created those packaged apps offers it as a SaaS, I want to use the SaaS offering. We have already migrated our on premise Microsoft Exchange & SharePoint to Office 365.

“We have a critical Oracle EBS application that we are in the process of migrating to Oracle Cloud. We have custom applications that we have developed and they will continue to stay in our data centre.

“But I am challenging my DevOps team to do all test and dev in the cloud. Why not burst into cloud for test and dev, parallelise testing in the cloud with multiple test environments, and decrease the application release cycles? Our ability to reduce time to market new features and capabilities for our customers will have a direct impact on top line and market share.”

Different clouds for different applications

The majority of organisations are very concerned about cloud security.

The CIO of a very large wealth management firm has crossed the chasm, however. Here is what he had to share: “My team has done their due diligence and has come to the conclusion that we have the right tools and processes to extend our security and governance model to AWS. In fact, our single sign-on for all applications, and identity governance is completely deployed in AWS using SailPoint open identity platform.

“My roadmap is to shift most of data management use cases to adopt hybrid cloud architecture,” he added. “As an example – today we backup and replicate to a second data centre where we have to maintain compute, network, storage, and firewalls. I don’t want any of that infrastructure. It just does not make any sense for us to have so much infrastructure sitting idle waiting for a DR or DR test at the DR site. I want all DR, DR testing, and dev test to happen using on-demand cloud. I am also not married to one cloud. I want my team to pick and choose different clouds for different applications or use cases.”

These are just some of the examples that highlight why there is a demand amongst many CIOs to create a hybrid cloud architecture and execute quickly.

By accelerating projects in the hybrid cloud, an organisation can experience uplift in top line revenue and market share growth. It gives you the ability to focus on applications instead of spending too much time and money on the underlying infrastructure’s capacity management.

There is no denying that a move to hybrid cloud is a major undertaking, but if approached correctly and gradually it can offer real value to organisations. Perhaps we can pick a leaf out of agile methodology and adopt hybrid cloud in multiple sprints.

We are always online. We access our data, our finances, work, and various services on the Internet. But we live in a congested world of information in which the roads were built two decades ago. The quest for better, faster Internet routing has been around for a decade, but nobody solved this problem.
We’ve seen band-aid approaches like CDNs that attack a niche’s slice of static content part of the Internet, but that’s it. It does not address the dynamic services-based Internet of today. It does not address real-time apps, video, conferencing and collaboration, which is the Internet. In his session at 19th Cloud Expo, Elad Rave, CEO and co-founder of Teridion, discussed why.

read more

Interoperability continues to be one of healthcare IT’s biggest trends in 2016 as the industry sees momentous forward movement.
In fact, interoperability is not a new trend. It has been an important mission (and a challenge) for healthcare administrators for decades, but the past couple of years have been game-changing.
First, the U.S. Department of Health and Human Services (HHS) wants interoperability to be a common feature in all EHRs by 2024 so that patient data can be shared across systems to provide better care at a lower cost. Since the 2009 passage of the Health Information Technology for Economic and Clinical Health Act (HITECH), a $30 billion initiative to accelerate EHR adoption, more than 433,000 professionals (95 percent of eligible hospitals and 60 percent of eligible professionals in Medicare and Medicaid programs) have received incentive payments.

read more