In today’s globally connected world, data security breaches are bound to occur. This, in turn, increases the importance of digital forensic readiness, or the ability to access and trust computer log data in the identification of a breach and the determination of what datasets may have been compromised. As organizations rapidly move into the cloud, the complexities of this multi-jurisdictional and multi-tenancy environment has made the importance of cloud forensics even more pronounced. This reality has also drastically heightened the legal risk associated with information technology operations. Cloud and digital forensics readiness are therefore critical to business disaster recovery, continuity of business services and cloud ecosystem management.

read more

When a person has clogged arteries it restricts and reduces the flow of oxygen rich blood through their body. Clogged arteries also greatly increase the risk of strokes, heart attacks and even death. In the digital age the equivalent of oxygen rich blood for organizations is the data running through an information logistics system.
Healthy and digitally mature organizations have in place an optimized information logistics system (OILS), that enables data to flow unencumbered and efficiently throughout an organization in digital-time. Data must flow in digital-time, a speed which is fast enough to satisfy even impatient digital consumers.

read more

When Larry Ellison moved from the CEO to the CTO chair at Oracle in 2014, he joked with analysts that “you’re going to have to wait a little while longer” before he disappears from the quarterly conference calls.

Fast forward two and a half years to the most recent Q317, and Ellison has explained how ‘generation two’ of Oracle’s infrastructure as a service (IaaS) offering has the beating of Amazon Web Services (AWS) and the rest.

Oracle posted total revenues of $9.2 billion for its most recent quarter, with total cloud revenues including infrastructure as a service at $1.2bn and total cloud and on-prem software at $7.4bn.

“Let’s say, generation two of Oracle’s infrastructure as [a] service cloud now has the ability to run customers’ largest databases, something that is impossible to do using Amazon Web Services,” said Ellison, as transcribed by Seeking Alpha. “Many Oracle workloads now run 10 times faster in the Oracle cloud versus the Amazon cloud. It also costs less to run Oracle workloads in the Oracle cloud than the Amazon cloud.”

Meanwhile, co-CEO Mark Hurd’s quotes in the press materials had another target in mind. “Over the last year, we sold more new SaaS and PaaS than Salesforce.com, and we’re growing more than three times faster,” he said in a statement. “If these trends continue, where we are selling more SaaS and PaaS in absolute dollars and growing dramatically faster, it’s just a matter of when we catch and pass Salesforce.com in total cloud revenue.”

Bearing in mind that Oracle’s first billion-dollar-busting cloud revenue quarter was, well, last quarter, and Salesforce’s first billion-dollar quarter was in 2013, it’s an ambitious goal.

This level of rhetoric is not quite at the level of September last year, when Ellison proclaimed Amazon’s lead was ‘over’ when announcing its next generation data centres, which offered twice as many cores, twice as much memory, four times as much storage, and 10 times the IO capacity of AWS’ offerings.

“Fast growth in the infrastructure as a service business is new for us,” said Ellison. “We’ve done well on SaaS and in PaaS over the past few years, but this is the first time we’ve ever had a technology lead in infrastructure as a service.”

According to the most recent figures from Synergy Research, IaaS and PaaS are the highest growing markets as operator and vendor revenues across the main cloud services and infrastructure market segments hit $148 billion in 2016.

For enterprise software as a service, Microsoft leads Salesforce with Oracle and Google having the highest growth rates. For cloud infrastructure, Synergy puts AWS in one bucket – its lead continuing to be so vast – with Microsoft, Google and IBM in the second bucket and the next 10 companies, including Oracle, in bucket three, albeit with a note saying the Redwood firm continues to grow at an ‘impressive’ rate.

“In summary, all of Oracle’s cloud businesses are growing rapidly and IaaS will be leading the way in the future,” Ellison added.

(c)iStock.com/ArtJazz

Ever since the new European regulation on the protection of personal data (GDPR) was voted in, businesses have started their countdown to the transition that will take place in May 2018. They now have less than 18 months to comply with the new European regulation and the consequences of its requirements in terms of data protection: strengthened cybersecurity, liability of data collection entities and new mandatory procedures.

What sets the GDPR apart from earlier legislation relating to the protection of private data is the paperless, digital and transitional aspects of the data from a legal viewpoint. This gives rise to a host of critical issues in cybersecurity and also marks the first time that data is being considered in a borderless context.

Even as the ink was drying on the new regulations, millions more businesses were migrating into the cloud, which will account for why Gartner projected public cloud services growing 17.2 per cent in 2016. And it is this vast expansion that means the issue of protecting European data now has a whole new dimension.

Ensuring compliance

For businesses who are operating in the cloud, there are several aspects of GDPR that have to be taken into special consideration to ensure compliance. The first is that by its nature, data held in the cloud is entrusted to a third party (sub-contractor) and is de facto hosted elsewhere, and leaves the business’s actual physical premises. Businesses, therefore, must be sure that the cloud hosting provider can deliver the right level of security, produce logs in the event of an incident and produce them as and when they are required. This provides a guarantee to the business in its capacity as a client and forces cloud hosting providers to equip themselves with mechanisms to record logs and report alerts as well as the entire cybersecurity arsenal that should be included anyway in any credible cloud solution.

The second aspect relates to delocalisation and the threat of espionage. Since the data is digitised, migrating it to the cloud can result in it crossing certain borders. This is, in fact, a major risk that needs to be closely monitored and for which solutions do exist. Even in the scope of the GDPR and the tense international context currently, some businesses may have data hosted outside Europe, sometimes tied to their economic models, or due to their corporate structures or because a value-added application does not offer hosting within the EU.

The regulatory nature of the GDPR will push migrating businesses and cloud providers to adopt the following approaches: European businesses should choose data hosting in a European country (not the UK, which will be leaving the EU) in order to ensure that the cloud provider will be duty-bound to comply with the restrictions imposed by the GDPR in processing data.

Brexit does not mean exit from GDPR

UK businesses should not think that because the UK is leaving the EU, they will not need to comply with GDPR. Firstly, the GDPR is scheduled to go into effect in May 2018, which will fall before the UK’s exit from the EU, and penalties for non-compliance will apply during that period. Secondly, it is quite likely that the UK will adopt the GDPR in order to protect its citizens’ personal data and to be competitive whilst trading in Europe. The other consideration is for European companies working in the UK, or UK companies working in Europe who would also be bound by GDPR.

What to expect if you are migrating to the cloud or a cloud provider

The regulatory nature of the GDPR will push migrating businesses and cloud providers to adopt the following approaches —

Cloud providers will have an obligation to provide:

• Guaranteed ease of changing host providers

• Reporting of incidents within 72 hours and presentation of logs within 72 hours

• Written procedures that can be produced upon request

• Absolute guarantee that data will not be processed by the hosting company without prior authorisation of both the client and the collecting entity.

• Ensuring that data processing goes through documented procedures. This applies whether the business conducts such procedures itself or they are done on behalf of the business. These procedures will be required to be evaluated during audits

By the same token, businesses will also have a duty to their data subjects as follows —

• Appointing a data controller (liaising with the potential cloud provider and authorities in the event of an audit)

• Clear explicit consent required from the person concerned to process his or her personal data. Once again, the business must clearly express how it intends to use the data it collects or with which it has been entrusted.

• The right to be forgotten on request. This newly established right forces businesses to provide “the clear and straightforward possibility” of erasing an individual’s or another business’s data simply upon request: this means that databases of client and prospective clients can only exist with the consent of the company’s contacts and that the company must provide a simple way for its contacts to erase their data if they so desire.

• The right to move data from one service provider to another. The business will take responsibility for this procedure which must be easy, quick and upon the contact’s request.

• Complete and unambiguous information from the collector regarding the processes applied to collected personal data. The protection of personal data is a fundamental right incorporated in Article 8 of the EU Charter of Fundamental Rights and is closely linked to “respect for private and family life”.

• The right to notification within 72 hours if data is compromised and/or a security incident has occurred. This is one of the new and critical points of the GDPR that businesses will have to bear in mind when choosing a cloud service situated outside the borders of the EU or if they decide not to host data in the cloud. For others, the European hosting entity will handle the ins and outs of this restriction, but it will have to be negotiated when signing the contract since in the eyes of the European regulation, the data collector is the party responsible for compliance.

• The guarantee that privacy policies are explained in clear and unambiguous language. Moving out of the GDPR-compliant countries would be like choosing to absorb a whole new set of risks – since the hosting entity outside the EU will not be bearing them, they will be passed on to the European company collecting such data.

Getting prepared

There is a great deal of help for companies in the cloud who want to get best advice in preparation for GDPR. Specialist law firms can provide guidance and there are even dedicated legal tools online. Consultants can offer analysis following an audit, which helps companies to better manage the digital transition while taking into account the constraints of the GDPR. Ensure the cloud host can provide provable compliance with GDPR.

In addition, it is vital to be equipped with the best cybersecurity solutions. Being cautious and opting for solutions that have been certified by the recognised country authority, will ensure the effectiveness of the protection. It is also important to remember that the onus will be on the organisation that collects and hosts the data to ensure it provides an adequate level of security in order to maintain the integrity of its data.

Wooed by the promise of faster innovation, lower TCO, and greater agility, businesses of every shape and size have embraced the cloud at every layer of the IT stack – from apps to file sharing to infrastructure. The typical organization currently uses more than a dozen sanctioned cloud apps and will shift more than half of all workloads to the cloud by 2018. Such cloud investments have delivered measurable benefits. But they’ve also resulted in some unintended side-effects: complexity and risk. End users now struggle to navigate multiple environments with varying degrees of performance. Companies are unclear on the security of their data and network access. And IT squads are overwhelmed trying to monitor and manage it all.

read more

VeriStor Systems has announced that CRN has named VeriStor to its 2017 Managed Service Provider (MSP) 500 list in the Elite 150 category. This annual list recognizes North American solution providers with cutting-edge approaches to delivering managed services. Their offerings help companies navigate the complex and ever-changing landscape of IT, improve operational efficiencies, and maximize their return on IT investments.
In today’s fast-paced business environments, MSPs play an important role in helping companies leverage new technologies without straining their budgets or losing focus on their core business. CRN’s MSP 500 list shines a light on the most forward-thinking and innovative of these key organizations.

read more

This past week HPE continued buying into server storage I/O data infrastructure technologies announcing an all cash (e.g. no stock) acquisition of Nimble Storage (NMBL). The cash acquisition for a little over $1B USD amounts to $12.50 USD per Nimble share, double what it had traded at. As a refresh, or overview, Nimble is an all flash shared storage system leverage NAND flash solid storage device (SSD) performance. Note that Nimble also partners with Cisco and Lenovo platforms that compete with HPE servers for converged systems.

Earlier this year (keep in mind its only mid-March) HPE also announced acquisition of server storage Hyper-Converged Infrastructure (HCI) vendor Simplivity (about $650M USD cash). In another investment this year HPE joined other investors as part of scale out and software defined storage startups Hedvig latest funding round (more on that later). These acquisitions are in addition to smaller ones such as last years buying of SGI, not to mention various divestures.

read more

DevOps is often described as a combination of technology and culture. Without both, DevOps isn’t complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm. In his Day 3 Keynote at 20th Cloud Expo, Chris Brown, a Solutions Marketing Manager at Nutanix, will explore the ways that Nutanix technologies empower teams to react faster than ever before and connect teams in ways that were either too complex or simply impossible with traditional infrastructures.

read more