DevOps Inspires a New Era of SQA | @DevOpsSummit [#DevOps]

High-performing enterprise Software Quality Assurance (SQA) teams validate systems that are ready for use – getting most actively involved as components integrate and form complete systems. These teams catch and report on defects, making sure the customer gets the best software possible. SQA teams have leveraged automation and virtualization to execute more thorough testing in less time – bringing Dev and Ops together, ensuring production readiness. Does the emergence of DevOps mean the end of Enterprise SQA? Does the SQA function become redundant?
In her session at DevOps Summit, Anne Hungate, Senior Director of Software Quality at DIRECTV, advocated for the evolution of Software Quality Engineering. She discussed how the role and impact of an SQA organization changes with DevOps and offer practical steps to move from assurance late in the lifecycle, to prevention, analytics, and customer insight. Anne also discussed how SQA teams are becoming more skilled in engineering methods and making the DevOps journey successful.

read more

New Year’s Resolutions for Internet Retail By @Papa_Fire @CloudExpo [#Cloud]

As the holiday rush is winding down, I sit here reflecting on all the companies that lost business/revenue during the busiest time of the year. Loss of business not because of technology failure, although this is always a manifestation of a problem, but because of process failure in order to remedy the failures of technology. I’ve offered some tips on preparing for the holiday traffic from the system architecture perspective, but perhaps I should have concentrated on preparing for the rush from the organizational perspective.

read more

Endless Possibilities with Internet of Things By @Plantronics | @ThingsExpo [#IoT]

Sensor-enabled things are becoming more commonplace, precursors to a larger and more complex framework that most consider the ultimate promise of the IoT: things connecting, interacting, sharing, storing, and over time perhaps learning and predicting based on habits, behaviors, location, preferences, purchases and more.
In his session at @ThingsExpo, Tom Wesselman, Director of Communications Ecosystem Architecture at Plantronics, will examine the still nascent IoT as it is coalescing, including what it is today, what it might ultimately be, the role of wearable tech, and technology gaps still in play, as the industry strives to create a cohesive, secure, scalable, and beneficial network of ‘things.’

read more

IoT and ‘Sensor Analytics Ecosystem’ By @JAdP | @ThingsExpo [#IoT]

Cultural, regulatory, environmental, political and economic (CREPE) conditions over the past decade are creating cross-industry solution spaces that require processes and technologies from both the Internet of Things (IoT), and Data Management and Analytics (DMA). These solution spaces are evolving into Sensor Analytics Ecosystems (SAE) that represent significant new opportunities for organizations of all types. Public Utilities throughout the world, providing electricity, natural gas and water, are pursuing SmartGrid initiatives that represent one of the more mature examples of SAE. We have spoken with, or attended presentations from, utilities in the United States, South America, Asia and Europe.

read more

Internet of Things and Smart Cities By @Connecthings | @ThingsExpo [#IoT]

Since 2008 and for the first time in history, more than half of humans live in urban areas, urging cities to become “smart.” Today, cities can leverage the wide availability of smartphones combined with new technologies such as Beacons or NFC to connect their urban furniture and environment to create citizen-first services that improve transportation, way-finding and information delivery.
In her session at @ThingsExpo, Laetitia Gazel-Anthoine, CEO of Connecthings, will focus on successful use cases.

read more

The Ethics of Cloud Computing – Part 3 | @CloudExpo [#Cloud]

As I mentioned above, I find that understanding the “why” of moral and ethical behavior is just as important as knowing “what” moral behavior is expected. For this reason, I will briefly outline the origins of the ethical principles I have outlined above.
Broadly speaking, ethical and moral philosophy is dominated by two schools of thought. On the one hand sit deontologists. Deontology is the idea that there are certain moral rules to be followed simply because of the nature of sentient life. For example, a strict deontologist, like the great philosopher Immanuel Kant and even great thinkers in the East, argue that being honest at all times is a moral principle to be observed under any and all circumstances. The basic reasoning here is that human beings have value in and of themselves; completely separate from whom they are, what they may do or how they act. This is a recognition of the universal value of sentient life, especially human life, and certain moral rules are established which insist that sentient life is never to be used as a means to an end because, life is an end it itself. As I say, this type of thinking is common in both Western and Eastern moral philosophy. Even ancient Greek “Virtue Ethics” are based on a deontological thinking.

read more

Security Key and Chrome: The Next Generation of Security? [#Cloud]

With so much concern revolving around security, the release and spread of FIDO’s Security Key is a welcome development. It by no means solves all security problems, but it’s a cheap, convenient, and effective way to enhance security and keep cyber attackers at bay. Security Key can be seen as taking easy security solutions to the next level, one that will likely become a common sight as more organizations focus on improving cyber security.

read more

Our Top 10 Blog Posts of 2014

With the year officially coming to an end, I decided to pick our top 10 blog posts of 2014 (in no particular order)…

 

  1. The Big Shift: From Cloud Skeptics & Magic Pulls to ITaaS Nirvana – In this post GreenPages’ CEO Ron Dupler covers the shift in industry that has disrupted old paradigms and driven uses to embrace hybrid cloud architectures.
  2. How Software Defined Networking is Enabling the Hybrid Cloud – Networking expert Nick Phelps discusses how software defined networking is enabling the hybrid cloud & creating the networks of tomorrow.
  3. Have You Met My Friend, Cloud Sprawl? – John Dixon explains cloud sprawl and provides advice for IT departments on how to deal with it.
  4. A Guide to Successful Big Data Adoption – In this video, storage expert Randy Weis talks about the impact big data is having on organizations and provides an outline for the correct approach companies should be taking in regards to big data analytics.
  5. Key Announcements from Citrix Synergy 2014 Part 1 and Part 2 – In this 2 part blog series, Randy Becker summarizes the key announcements from the Citrix Synergy event in Anaheim and the impact these changes will have on the industry.
  6. Don’t Be a Michael Scott – Embrace Change in IT – Limitless paper in a paperless world
  7. Managing Resources in the Cloud: How to Control Shadow IT & Enable Business Agility – In this video, our CTO Chris Ward discusses the importance of gaining visibility into Shadow IT and how IT Departments need to offer the same agility to its users that public cloud offerings like Amazon provide.
  8. CIO/CTO Interview Series: Stuart Appley, Rick Blaisdell, Gunnar Berger – This year, we started a CIO/CTO interview series on the blog to get the opinions and insights of some of the top thought leaders out there. Above are the first three of the series.
  9. VDI: You Don’t Need to Take an All-or-Nothing Approach – In this video, Francis Czekalski discusses the benefits of not taking an all-or-nothing approach with VDI.
  10. Network Virtualization: A Key Enabler of the SDDC – This is actually a guest video with VMware’s SVP of Networking and Security Business Unit.

 

Were there any posts you think should have been included on the list that weren’t?

 

By Ben Stephenson, Emerging Media Specialist

 

User credentials remain the Achilles heel of cloud apps: How you can prevent an attack

(c)iStock.com/bestdesigns

High-profile security breaches have dominated the headlines in 2014. Two notable examples over the last few months, the Apple iCloud and Dropbox breaches, have revealed a juicy target for attackers: user credentials.

Rather than try to hack into the application itself like iCloud, Dropbox, Salesforce, or Amazon Web Services (AWS), an easier and much more feasible approach to gaining access to sensitive data, celebrity photos, or whatever else an attacker is after, is through stolen user credentials.

Both Apple and Dropbox were quick to point out that their own applications weren’t breached, but that the hackers had stolen user credentials from other cloud services and then used them to access Apple and Dropbox accounts. These incidents highlight the perils of cloud applications. By moving business-critical applications (like storage, CRM, HR, finance) to the cloud, IT administrators have ceded security controls to cloud service providers, throwing into question the security of data stored in the cloud.

That’s why it’s so important to implement additional security controls on top of those provided by the cloud service. The AWSs and Dropboxes of the world provide varying levels of infrastructure security, but it’s ultimately up to the cloud service customer to close the loop. According to Forrester Research, it’s a shared responsibility between the cloud service provider and its customers to ensure complete security over the app and customer data.

It’s imperative to have visibility into cloud app usage across all devices – managed and unmanaged

Fortunately, there are some steps organisations can take to mitigate the risk of cloud service credential theft.

Know what’s going on – and don’t forget about mobile

First off, it’s important to know what apps are being accessed by employees and whether they’re authorised by IT or not. Cloud apps are no longer just being accessed through desktop browsers. The ubiquitous use of mobile devices and explosive growth of native mobile apps have exposed a new security hole for many IT organisations.  

To date, most organisations have focused on securing managed devices (i.e. corporate-owned), but there’s no escaping the BYOD movement. More and more employees are blurring the line between work and personal devices. It’s common to see employees using their personal smartphones for work-related activity.

As a result, it’s imperative to have visibility into cloud app usage across all devices – managed and unmanaged. For example, knowing from which locations (home, office, Portugal etc) and through what devices (iPad, laptop, Android phone) users are typically accessing the cloud services is fundamental to a sound security strategy.

A new category of tools that analyst firm Gartner calls Cloud Access Security Brokers (CASB) can build “behavioural profiles” based on user and device fingerprints, which make it easier to identify suspicious behaviour in real-time and enforce appropriate policies to remediate risks before damage can occur.

Proactive yet flexible protection

Once a baseline of normal behaviour has been established for each user, CASB solutions can then define and enforce policies to provide proactive detection and protection against stolen credentials attacks. Here’s how it works: an attacker in New York steals the Gmail login credentials of a user in California. Assuming the victim’s login credentials are being used for most, if not all, of their cloud services, the attacker attempts to access a Dropbox account from his or her Android phone at 2am using the stolen credentials. 

Cloud Access Security Brokers (CASB) can build ‘behavioural profiles’ based on user and device fingerprints, which makes it easier to identify suspicious behaviour in real-time

Since the victim doesn’t normally access his or her Dropbox account from New York with an Android phone and certainly not at 2am, this attempt would be flagged as anomalous behaviour. At that point, several measures can be implemented separately or in conjunction. An alert can be sent to the security team, account access can be blocked and/or multi-factor authentication can be requested before allowing access to the account. This flexibility is required since the legitimate user could very well be on vacation in New York, accessing their account from a different device.  A draconian “block access” would be too strict of a measure in this case.

If necessary – request stronger authentication

In both the Apple and Dropbox breaches, both companies recommended the use of two-factor authentication to add another layer of security to prevent the inappropriate use of stolen credentials. Multi-factor authentication is a powerful way to protect against account takeovers. It forces would-be attackers to present at least two forms of authentication – one that involves something you own (e.g. a mobile device) and the other something you know (e.g. a one-time password).

In the New York-California attack example above, instead of blocking access immediately, an organization could invoke two-factor authentication. This would challenge the attacker to verify his identity via an out-of-band one-time password (which he wouldn’t be able to provide) and result in access being denied. If the request was being made by the legitimate user, they would be able to present both forms of authentication and still access their account.

Although stolen credentials pose a significant risk to cloud services security, with the right policies and technology in place, an organisation can protect data residing in cloud apps from unauthorised access and theft.

KPMG survey shows how cloud “continues to drive disruption in the business world”

(c)iStock.com/mihtiander

Almost half of respondents in KPMG’s 2014 cloud computing survey are using cloud to drive cost efficiencies, with a similar number utilising it to better enable their mobile workforce.

The study, of 500 global C-suite executives, saw a variety of ways in which businesses are using cloud to drive business transformation. Aside from cost savings (49%) and enabling a mobile workforce (42%), CXOs also see the benefit of cloud as improving alignment with customers and partners (37%), more effectively leveraging data to provide insight (35%), and aiding in new product development (32%).

The results show an interesting change when compared to KPMG’s last survey, The Cloud Takes Shape, in February 2013. Cost reduction was again the main driver for cloud transformation, yet speed to adoption, new market entry, business process transformation, and improved customer interaction were also cited.

Not surprisingly, security was seen as the key benchmark when seeking a cloud solution, cited by 82% of survey respondents. Price (78%) was only the third most important metric, behind data privacy (81%). The report argues the results are to be expected, describing data security as a “burning business issue across all areas of an organisation.”

Cloud isn’t just a cost saver, and any company changing their IT infrastructure for that reason alone is missing out

The report also examined the impact cloud has in terms of employee mobility and expectation. Cloud enables enterprise mobility and, through that, increases worker productivity (54%) and satisfaction (48%), as well as improve field service operations (45%) and gain a competitive advantage (44%).

The KPMG report concludes with five key takeaways for organisations looking to implement cloud solutions:

  • Make cloud transformation a continuous process: Cloud should be seen across the whole organisation, not just a tech or IT project.
  • Drive cloud transformation from the top: A lack of hierarchy could be costly to your implementation – instead, cloud projects should be managed centrally with a senior level team that guides strategic decisions.
  • Focus on strong leadership and engagement: Companies should look at changing their corporate culture to align with a cloud shift, focusing first on getting buy-in from senior business leaders.
  • Avoid silos: Similar to previous points, business and IT professionals should work side by side as cloud is brought into the enterprise, instead of creating potentially harmful shadow IT scenarios
  • Measure success: Organisations should come up with “realistic” outcomes for their cloud transformation which, crucially, tie back to key business objectives.

Yet the most important conclusion the report draws is in terms of business mindset to moving to the cloud: cloud isn’t just a cost saver, and any company which goes into changing their IT infrastructure for that reason alone is missing out.

“Making such changes to an organisation are costly and time consuming, but such a large increase in responses signals the tremendous impact, beyond cost reduction, that cloud can have on an organisation,” the report argues.

“These results suggest that for many organisations, cloud has truly become a transformative solution.”

You can read the full report here.