Hybrid environments and IoT pose biggest threats to infosec – F5

F5 Forum 2Service providers and enterprises face an insecure networking environment in coming years as more applications, data and services are sent to the cloud, according to networking vendor F5, writes Telecoms.com.

Speaking at the F5 Forum in London, VP of UK and Ireland Keith Bird stressed security is now front and centre not only to the CTO and CEO, but to consumers as intrusion or security breaches regularly make headlines. Bird pointed to the hybrid on-premise/cloud-based environment, in which an increasing number of enterprise and service providers operate, as a huge challenge looming for the information security industry.

“Not so long ago, we looked at just single points of entry. In today’s hybrid world, we’ve got apps in the data centre or in the cloud as SaaS and this is only increasing,” he said. “What we know for sure is that there is no longer a perimeter to the network – that’s totally disappeared.”

“81% of people we recently surveyed said they plan on operating in a hybrid environment, while 20% said they’re now moving over half of their corporate applications to the cloud. Even some of the largest companies in the world are taking up to 90% of their applications to the cloud.”

Given the volume and nature of data being hosted in the cloud, firms are far more accountable and held to tighter information security standards today than they have ever been. The average financial impact of an information security breach is now in the region of $7.2 million, according to F5 research.

“The average cost of a security breach consists of $110,000 lost revenue per hour of downtime – but the effect on a company’s website or application is costing potential business,” said Bird. “The average customer will abandon an attempted session after roughly four seconds of inactivity, so there’s new business being lost as well.”

F5 said of the threats it is seeing at the moment, according to customer surveys, the evolving nature and sophistication of attacks ranks highest, with the internal threat of employee ignorance a close second.

“So what are the top security challenges our customers are seeing?” said Bird. “58% are seeing increasingly sophisticated attacks on their networks, from zero-day to zero-second. 52% were concerned that their own employees don’t realise the impact of not following security policies. Obviously plenty of people said they don’t have enough budget, but that’s not quite the biggest problem facing security departments today.”

F5’s Technical Director Gary Newe, who’s responsible for field systems engineering, said the looming prospect of IoT “scares the bejesus” out of him.

“We’ve all heard about the IoT,” he said before pointing to the connected fridge as a farcically insecure IoT device. “There are 3 billion devices which run Java, which makes it 3 million hackable devices, and that scares the bejesus out of me. This isn’t just a potential impact to the enterprise, but it could have a massive impact on consumers and families. Fitness trackers, for example, just encourage people to give a tonne of data over to companies we don’t know about, and we don’t know how good their security is.”

The scariest bit, Newe emphasised, is the growing knowledge and intelligence of more technically adept youngsters today, and how the rate of technological change will only exacerbate the requirement for a fresh approach to network security.

“Change is coming at a pace, the likes of which we’ve never seen nor ever anticipated,” he said. “We’re building big walls around our networks, but hackers are just walking through the legitimate front doors we’re putting in instead.

“The scariest thing is that the OECD [Organisation for Economic Cooperation and Development] has said the average IQ today is 10 points higher than it was 20 years ago. So teenagers today are smarter than we ever were, they’ve got more compute power than we ever had, and they’re bored. That, to me, is terrifying.”

Four Simple Benefits of Virtualizing Your APIs By @SmartBearAmber | @CloudExpo #API #Cloud

With new virtualization tools popping up seemingly everywhere, you might wonder why so many testers, developers, QA Engineers, and Operations professionals are virtualizing their web services.
Why should you virtualize your APIs?
SmartBear Software recently conducted a survey of more than 2,300 software professionals, working in a variety of different roles in more than 50 industries, and found that ease of use, responsiveness/performance, and service reliability/uptime are the three most important characteristics organizations want in an API.

read more

OpenStack cloud adoption continues to rise but challenges remain

(c)iStock.com/cherezoff

The adoption of OpenStack is going up and increasingly seen as a cost effective alternative to public clouds, according to a new survey released by cloud software provider Talligent.

The survey results of almost 650 virtualisation and cloud IT professionals, published in the inaugural State of OpenStack report, finds OpenStack deployments are likely to accelerate beyond the development environment once in place. Lab environments are expected to go from 43% to 89% among respondents in 12 months, with QA and test environments going from 47% to 91% in the same timeframe.

Alongside the comparisons with the cost of public cloud, claimed by 61% of respondents as a driver for OpenStack adoption, a desire to improve responsiveness for IT service delivery was also highly cited (59%), as well as the high cost of legacy IT and avoiding vendor lock in.

Yet there are issues which still need to be overcome. According to the report, users of OpenStack are more likely to say complexity is increasing, while evaluators of OpenStack are inclined to say the opposite. So who is right? Almost one in three (30%) respondents said they were using  OpenStack to support projects or workloads, compared with a similar number (32%) who were evaluating it but not using it. Among the biggest challenges cited by respondents were finding talent to manage and operate the system, deploying VLAN-based networking, and installation complexity.

Overall, however, the survey results reflect positively on OpenStack, according to Talligent CEO Sanjay Mishra – and not altogether unsurprisingly, the Austin-based firm offers OpenBook, a product which allows organisations to monetise off OpenStack. “These survey findings are another positive indication that OpenStack is continuing to grow as a preferred method of building private and hybrid clouds for businesses of all sizes,” said Mishra.

Writing for this publication back in July, CSC chief enterprise architect David Auslander argued OpenStack was ready for the mainstream, but the right approach was vital. “At its heart, OpenStack is a pluggable, modular architecture where new components can be spun up easily,” he wrote. “The best practice here is to roll out the core services and then only add the ancillary services that are necessary.”

Salesforce modernizes wealth management offering

Salesforce WearSalesforce has launched Financial Services Cloud, a new product suite that includes portfolio management, prospecting and data management tools.

As part of the new look product offering, Salesforce has built an ecosystem of more than 20 partners to implement the additional features into the suite. “Today’s investors don’t wait for quarterly meetings to discuss their finances with advisors; they expect to be able to engage them for advice when and how they want,” said Richard Lumb, Group Chief Executive, Financial Services at Accenture, a member of the product ecosystem.

While seen as a more traditional industry, wealth management businesses are apparently under increasing pressure to provide more detail to customers on a more consistent basis. Whereas a quarterly meeting might have been sufficient in the past, customer demands for information, speed and continuous delivery has forced the wealth management industry to evolve into the internet age and an open-all-hours model.

With clients demanding more face-time, and instantaneous insight into the performance of their investments, wealth managers are seeking digital solutions to increase productivity. Such product launches not only demonstrate the trend of modernizing more traditional industries, but also the need to provide the complete customer experience to remain competitive in the CRM space.

“Legacy advisor solutions were created decades ago to serve a product-centric world. Today, we live in a new world that is digital- and client-centric, which is turning the wealth management industry on its head,” said Simon Mulcahy, GM of Financial Services at Salesforce.

To develop the new features, Salesforce developed a number of new partnerships with niche technology providers. For example, DocuSign and eSignLive plan to add integrations that could allow advisors to send, sign and manage financial documents, and WealthEngine provide tools to facilitate wealth scoring and analytics.

“The wealth management industry is undergoing rapid change, and the ability to deliver on customer expectations for a more responsive and highly personalized digital-led experience will become an increasingly important competitive differentiator,” said Kieran Hines, Practice Leader for Financial Services Technology at Ovum. “Investing to enhance the customer experience is a top three IT priority for a significant number of private banks in 2016, with institutions in Western Europe and North America particularly focused on this area.”

A warning shot: Why cloud security remains more important than ever

(c)iStock.com/LeoWolfert

With all the recent well-publicised hacking and malware attacks, not to mention numerous meteorological events that have affected companies around the globe over the last year, IT leaders are very aware of the need for robust cloud security and compliance.

That said it is infact now easier for companies to engage in poor security practices because users do not have the same control over their cloud infrastructure that they have over their own on-premise infrastructure. Often, organisations using public cloud assume that their cloud provider is taking care of security and they may even have assurances of that from the provider. Yet usually, the customer has no visibility of the public cloud infrastructure they are using and little transparency with regard to security settings. For that reason, they are placing a lot of trust in the promise that the public cloud provider is addressing security when that may not actually be the case.

Ultimately, companies are becoming more complacent towards risk, simply because they don’t have visibility into the security of the cloud infrastructure they are using and don’t have a way to monitor that security. But as is often the case, ignorance is not bliss. The reality is that managing and monitoring cloud security is an ongoing task and customers need to work with a provider that is able and willing to proactively provide them with security information, alerts and notifications.

This is becoming even more important as companies use the public cloud for more mission-critical production applications. They need to ensure that they are deploying the same security features that are usually deployed for on-premise applications in the cloud.

One of the big consequences of public cloud security failure is downtime, and again there have been plenty of well-publicised examples of this from large public cloud providers over the last year.  Downtime in the cloud can have a serious impact on a customer’s business as it often means applications and services are not available. Another consequence is that security shortcomings make it difficult for customers to meet industry compliance regulations – particularly for customers in the finance, healthcare and retail industries. And then there is, of course, the potential loss of data – particularly sensitive customer data – that can lead to serious financial and reputation costs for companies.

Enterprise customers need to engage with a cloud provider that is prepared to partner with them around cloud security and compliance. They should demand visibility into native security and compliance functionality as well as support. Equally important, teams need to get precise clarity on who is responsible for each security measure – the vendor or the customer.

Increasingly, IT organisations are looking to cloud providers to deliver security assurance across multiple layers of the application. This is especially true as more teams are structured with IT generalists, rather than traditional security, networking, server and storage specialists. As pressures on IT teams increase, cloud providers must do more to arm customers with intuitive, advanced security functionality that includes alerts to potential threats as well as recommendations for addressing the issues.

Anticipating this demand, we at iland have partnered with industry leaders such as Trend Micro, Hytrust, Tenable and Nimble Storage to build advanced security into our cloud infrastructure and disaster recovery services, including features like VM encryption, vulnerability scanning, anti-virus and malware and intrusion detection. Further, we invested in providing customers with a single management console that can be used to access detailed security reporting in addition to every other component of their global cloud resources, such as performance, billing, capacity, backup and disaster recovery.  

In summary, cloud is becoming a far less risky proposition for customers, if – and that is a big if – they partner with the right provider. In fact, many of our customers have realised that we have invested in more advanced security technologies than they could in their own on-premise data centres. However, the cloud providers’ stance on cloud security needs to go beyond security technology to also provide security reporting and recommendations to customers. Through our cloud console, customers are able to generate a report which, at any time, shows them how their cloud resources and applications are performing against all of these security parameters – it’s that type of information and security partnership that is needed to ensure ongoing cloud security for customers.

Juniper Networks and Lenovo form global datacentre partnership

datacentre1Lenovo and Juniper Networks have announced a global strategic partnership to drive development of next-generation datacentre infrastructure solutions.

The partnership will focus on next-generation converged, hyper-converged, and hyper-scale data centre infrastructure solutions for enterprise and web-scale customers. The aim of the union will be to deliver flexible and cheaper solutions for customers, with a strong focus on simplifying user experience.

“Partnering with Lenovo expands Juniper’s strategy to deliver a full-stack solution for a wide-range of data centres, from the mid-range enterprise to private cloud and to hyper-scale customers,” said Juniper Networks CEO Rami Rahim. “We are excited about collaborating with Lenovo to leverage the full power of our IP-networking portfolio based on JunosOS and Contrail, in delivering the next generation of converged, hyper-converged, and hyper-scale solution to customers in China and globally”

As part of the partnership, customers will be able to purchase Juniper networking products directly through Lenovo, as well as receiving a consolidated support function for both companies. With the move to disaggregation of hardware and software in the datacentre, the two companies intend to bring open, flexible solutions to market, leveraging the ONIE (Open Network Install Environment) model.

“Lenovo is on a mission to become the market leader in datacentre solutions. We will continue to invest in the development and delivery of disruptive IT solutions to shape next-generation data centres,” said Gerry Smith, Executive VP and COO at Lenovo’s PC and Enterprise Business Group “Our partnership with Juniper Networks provides Lenovo access to an industry leading portfolio of products that include Software Defined Networking solutions – essential for state-of-the-art data centre offerings”

With a focus on the Chinese market, currently plans centre on a joint go-to-market strategy, as well as a tailor-made resell model to address unique localization requirements in China.

Why Your Code Isn’t as Secure as You Think (And What You Can Do About It) | @CloudExpo #Cloud

How well do you know your code?

It sounds like a strange question, but please indulge me.

Maybe you’re a manager or business analyst. If this is the case, you ‘know’ the code through a translation layer in which the developers in your organization explain what it does. Sometimes you can see what it does by interacting with it as a user or by reading incident reports.
But to really know and understand what it would do – to have a grasp on how it will behave in an arbitrary situation – you need one or more developers to give you an explanation.

read more

IT security still a barrier to public cloud and employee mobility – Dell survey

Dell office logoDell has released the findings from its Data Security Survey which revealed IT decision makers are still not confident enough to encourage mobility or use of public cloud platforms.

Although the pattern over the last few years has been to broaden employee boundaries, increasing flexibility within the working environment, the survey demonstrated that a substantial number of businesses are resisting mobility due to security concerns.

The majority of businesses would claim cyber and cloud security sits at the top of the priority list, and whilst this might be the case, Dell’s survey has highlighted a number of deficiencies across the board.

Over the last 12 months the tech world has been lit up by numerous data breaches, hacks and leaks on both sides of the Atlantic. From TalkTalk to Ashley Madison to Kaspersky Labs, security has once more been highlighted as a major deficiency in the IT world.

Following a number of PR disasters for large scale enterprise throughout the world, 75% of decision makers agree that C-Suite recognises the importance of data security, though only 25% believe that the C-Suite is adequately educated about the issues to make informed decisions. The survey also highlighted that only 25% feel that their leadership has the ability to set suitable budget to tackle the challenges of data security over the next five years.

65% of mid-market companies are freezing plans to increase mobility within their workforce, with 67% resisting BYOD programmes, due to security concerns. The benefits of a mobility strategy, both from an employee satisfaction and productivity perspective, are well documented, though these statistics demonstrate security fears drastically outweigh the benefits. In fact, 82% of decision makers have made attempts to reduce mobility for employees, by decreasing data access points.

On the contrary, only 40% of respondents highlighted that they were actively interested in pursuing opportunities to increase employee mobility.

In terms of public cloud platforms, there does not appear to be a high level of confidence in offerings such as Google Drive. Almost 80% of decision makers said that they would not be confident in uploading critical data to the cloud, 58% highlighted that they believed the threat to be greater than 12 months ago, and 38% restricted access to public cloud sites within their organization.

Another area addressed by the survey is that of Shadow IT. Almost every business will have a strict IT policy in place, though there will still be a proportion of the workforce deems this to prohibit their working day. Despite the concerns of public cloud platforms, 83% of respondents acknowledge that their employees are using such platforms to store or share valuable data.

As these statistics demonstrate, most organizations have not identified the crossroads between security, assumed business risk and productivity, to most effectively enable the workforce.

“Security programs must enable employees to be both secure and productive, and this means enabling technology that helps them do their jobs,” said Brett Hansen, Executive Director, Data Security Solutions for Dell. “Companies can try to limit or prohibit public cloud use, but it’s more effective to use intelligent data encryption to protect corporate data wherever it may go, and reduce the risk of employees working around restrictive policies in order to be productive.”

While the survey demonstrates growth within the cyber and cloud security world, it also highlights a number of restrictions. On the positive side, security is now a priority throughout the business, as opposed to simply in the IT team. It also emphasises a slight overreaction from decision makers who have taken the move of reducing mobility and access to public cloud offerings; two areas which could increase an organization’s competitiveness in an already challenging market.

Cisco and Verizon team up to launch Cisco Spark

Cisco corporateCisco is expanding its partnership with Verizon Enterprise Solutions to offer its new cloud-based collaboration service, Cisco Spark, to Verizon’s customer base.

The announcement builds on continued efforts from Verizon to bolster its range next-generation collaboration solutions, which already includes offers such as Cisco WebEx Cloud Connected Audio, Collaboration Meeting Room and Verizon’s UCCaaS Mobile First service.

The new joint offer will deliver Spark Message and Spark Meet features integrated with Verizon’s business collaboration services. The ultimate goal of the partnership will be to develop a service delivered in such a manner that customers are unable to differentiate between the Cisco and Verizon components. While currently available in the US, the service will be available to enterprise and government customers worldwide towards the end of the year.

Cisco has also announced the allocation of $150 million to the Cisco Spark for Developers Fund to generate new ideas for the ecosystem. The fund will cover direct investments, joint development, additional enhancements and developer support.

Verizon has been making considerable efforts over the last 12 months to increase its cloud-based communications offerings, to meet the demands of an increasingly mobile and collaborative workforce. With enterprise increasingly searching for opportunities to create a more productive working environment, software- and cloud-based offerings which enable employees to work in the office, from home or on the road, are quickly becoming the norm.

“Verizon is a leader in delivering global, mobile-enabled unified communications solutions to our business and government clients,” said Bob Minai, Executive Director, Advanced Communications at Verizon. “By integrating Cisco Spark meeting and messaging capabilities into Verizon’s collaboration portfolio and global network, Verizon and Cisco will continue to help enterprise clients with digital transformation initiatives that drive better customer experiences and meaningful, measurable business outcomes.”

The partnership continues Verizon’s trend of collaborative business, following up on last month’s announcement that it would be teaming up HyperOffice. As part of the agreement, HyperOffice would distribute its Share.to communications suite from Verizon Cloud infrastructure. Primarily, the tool will enable employees to work alongside freelancers, customers and other stakeholders all using different collaboration tools that need to work together.

IBM opens first South African cloud data centre for managing SAP workloads

(c)iStock.com/RapidEye

IBM’s quest for cloudy world domination continues apace with the opening of its first cloud data centre in South Africa.

The new data centre is geared towards running SAP applications and workloads in the cloud, and involves IT provider Gijima and operator Vodacom as partners. From Gijima’s perspective, the move with IBM and Vodacom represents an extension of its hybrid cloud strategy, while for Vodacom, the deal will aim to put them at the forefront of IT solutions across the continent.

“Our new cloud data centre gives customers a local onramp to IBM cloud services, including moving mission critical SAP workloads to the cloud with ease. It also gives customers the added flexibility of keeping data within country, which is a key differentiator for IBM,” said Hamilton Ratshefola, IBM South Africa country general manager. “We’re working to drive cloud adoption that best leverages a customer’s existing IT investments.”

“CIOs are looking to gain efficiencies and cut cost by moving more of their IT infrastructure, application and processes into the cloud,” said Vuyani Jarana, chief officer of Vodacom Business. “Vodacom’s extensive fixed and mobile network infrastructure, Pan-African and global footprint and its investment in data centre infrastructure provides the ideal platform and environment to deliver cloud services to large and multinational enterprises.”

Africa has thus far been something of a barren territory for the major public cloud infrastructure providers; neither Amazon Web Services, Microsoft, nor Google have data centres on the continent as yet. IBM’s move to various new territories from London in July 2014, Canada in August of that year, to Italy in June 2015, shows a cloud operation which shows no sign of slowing down, even with the spectre of job cuts again hanging over the Armonk giant.

IBM’s push to Africa includes global delivery centres in Morocco, South Africa and Egypt, as well as competency centres, research labs, and technology development centres.