Monthly Archives: April 2016

DropBox, News & Analysis, Public Cloud

Dropbox launches Project Infinite to bolster mobility capabilities

Project InfiniteSpeaking at Dropbox Open London, Dropbox has announced the launch of Project Infinite, a new offering which the company claims meets expectations on how people find, access, and collaborates with large amounts of data.

Building on the ideas and new trends of mobility, collaboration and accessibility, Dropbox believe traditional tools, such as shared network drives and browser-based solutions, don’t meet the standards. The company claims Project Infinite will enable customers to work directly from the cloud, removing any concerns about the power and storage capabilities of their device.

“With Project Infinite, we’re addressing a major issue our users have asked us to solve,” said Genevieve Sheehan, Product Manager at Dropbox. “The amount of information being created and shared has exploded, but most people still work on devices with limited storage capacity. While teams can store terabyte upon terabyte in the cloud, most individuals’ laptops can only store a small fraction of that. Getting secure access to all the team’s data usually means jumping over to a web browser, a clunky user experience at best

“Project Infinite will enable users to seamlessly and securely access all their Dropbox files from the desktop, regardless of how much space they have available on their hard drives. Everything in the company’s Dropbox that you’re given access to, whether it’s stored locally or in the cloud, will show up in Dropbox on your desktop. If it’s synced locally, you’ll see the familiar green checkmark, while everything else will have a new cloud icon.”

The company also announced it has been growing in Europe, which is also supported by the appointment of a new European Vice President, Philip Lacor, who joins from Vodafone in Germany. The company now claims to have more than 500 million registered users, as well being used in 52% of companies in the Fortune 500, 33% of companies in the FTSE 100, and 29% of companies in the Global 2000.

Uncategorized

Which Enterprise HDD to Use for a Content Server Platform | @CloudExpo #Cloud #Storage

This post is the first in a multi-part series based on a white paper hands-on lab report I did compliments of Servers Direct and Seagate that you can read in PDF form here. The focus is looking at the Servers Direct (www.serversdirect.com) converged Content Solution platforms with Seagate Enterprise Hard Disk Drive (HDD’s). I was given the opportunity to do some hands-on testing running different application workloads with a 2U content solution platform along with various Seagate Enterprise 2.5″ HDD’s handle different application workloads. This includes Seagate’s Enterprise Performance HDD’s with the enhanced caching feature.

read more

Uncategorized

Businesses suffering from lack of knowledge over GDPR, report finds

(c)iStock.com/BrianAJackson

The updated EU General Data Protection Regulation (GDPR) legislation is coming in the next two years – but businesses are at risk of fines because of gaps in knowledge, according to new research from Trend Micro.

More than a quarter (26%) of companies don’t know how much time they have to become compliant, according to the report which surveyed 100 senior IT decision makers in the UK. Almost one in five (18%) are not currently aware that they face fines, while a third (32%) understand there are fines, but know no more than that. One in five UK IT decision makers are still unaware of the GDPR plans. 31% think their organisation has within six to 12 months to become compliant, while 11% believe they have two to three years.

Trend Micro admits the results portray a sense of confusion around the data protection regulations. The EU’s stance, as stated in a press release earlier this month, confirms that “member states will have two years to transpose the provisions of the directive into national law”. For the UK and Ireland, the directive’s provisions will apply only “to a limited extent”, while Denmark will decide within six months of adoption whether the directive will be implemented into its national law.

“As it often happens with regulation, it’s going to take a whipping boy to understand the gravity of the situation for most organisations,” said Rik Ferguson, Trend Micro global VP of security research. “One high-profile case of a company handing money over for non-compliance under GDPR will be the required wake-up call the rest of the industry needs to get their act together.”

Neil Thacker, information security and strategy officer EMEA at Forcepoint, wrote for this publication in February regarding best practice for implementing the new directives, including the right to be forgotten, and users’ rights to transfer their data to another service provider and learn when they have been hacked. Businesses should first identify where personal identifiable information (PII) resides, then move forward to detecting breaches.

Businesses can face fines of up to 4% of their annual turnover for non-compliance with the GDPR. 

Black Duck Software, Features

Securing Visibility into Open Source Code

Yellow road sign with a blue sky and white clouds: open sourceThe Internet runs on open source code. Linux, Apache Tomcat, OpenSSL, MySQL, Drupal and WordPress are built on open source. Everyone, every day, uses applications that are either open source or include open source code; commercial applications typically have only 65 per cent custom code. Development teams can easily use 100 or more open source libraries, frameworks tools and code snippets, when building an application.

The widespread use of open source code to reduce development times and costs makes application security more challenging. That’s because the bulk of the code contained in any given application is often not written by the team that developed or maintain it. For example, the 10 million lines of code incorporated in the GM Volt’s control systems include open source components. Car manufacturers like GM are increasingly taking an open source approach because it gives them broader control of their software platforms and the ability to tailor features to suit their customers.

Whether for the Internet, the automotive industry, or for any software package, the need for secure open source code has never been greater, but CISOs and the teams they manage are losing visibility into the use of open source during the software development process.

Using open source code is not a problem in itself, but not knowing what open source is being used is dangerous, particularly when many components and libraries contain security flaws. The majority of companies exercise little control over the external code used within their software projects. Even those that do have some form of secure software development lifecycle tend to only apply it to the code they write themselves – 67 per cent of companies do not monitor their open source code for security vulnerabilities.

The Path to Better Code

Development frameworks and newer programming languages make it much easier for developers to avoid introducing common security vulnerabilities such as cross-site scripting and SLQ injection. But developers still need to understand the different types of data an application handles and how to properly protect that data. For example, session IDs are just as sensitive as passwords, but are often not given the same level of attention. Access control is notoriously tricky to implement well, and most developers would benefit from additional training to avoid common mistakes.

Mike

Mike Pittenger, VP of Product Strategy at Black Duck Software

Developers need to fully understand how the latest libraries and components work before using them, so that these elements are integrated and used correctly within their projects. One reason people feel safe using the OpenSSL library and take the quality of its code for granted is its FIPS 140-2 certificate. But in the case of the Heartbleed vulnerability, the Heartbleed protocol is outside the scope of FIPS. Development teams may have read the documentation covering secure use of OpenSSL call functions and routines, but how many realised that the entire codebase was not certified?

Automated testing tools will certainly improve the overall quality of in-house developed code. But CISOs must also ensure the quality of an application’s code sourced from elsewhere, including proper control over the use of open source code.

Maintaining an inventory of third-party code through a spreadsheet simply doesn’t work, particularly with a large, distributed team. For example, the spreadsheet method can’t detect whether a developer has pulled in an old version of an approved component, or added new, unapproved ones. It doesn’t ensure that the relevant security mailing lists are monitored or that someone is checking for new releases, updates, and fixes. Worst of all, it makes it impossible for anyone to get a full sense of an application’s true level of exposure.

Know Your Code

Developing secure software means knowing where the code within an application comes from, that it has been approved, and that the latest updates and fixes have been applied, not just before the application is released, but throughout its supported life.

While using open source code makes business sense for efficiency and cost reasons, open source can undermine security efforts if it isn’t well managed. Given the complexity of today’s applications, the management of the software development lifecycle needs to be automated wherever possible to allow developers to remain agile enough to keep pace, while reducing the introduction and occurrence of security vulnerabilities.

For agile development teams to mitigate security risks from open source software, they must have visibility into the open source components they use, select components without known vulnerabilities, and continually monitor those components throughout the application lifecycle.

Written by Mike Pittenger, VP of Product Strategy at Black Duck Software.

cloud policy, data protection, Free Trade, News & Analysis, Policy and Regulation, Privacy

BSA releases rankings of global cloud policies – UK drops and US rises on leader board

A racehorse and jockey in a horse raceThe BSA | The Software Alliance has released its global ranking of cloud computing policies, assessing the cloud readiness and policies of the world’s 24 leading ICT economies, with the UK dropping down the leader board.

The UK dropped two places in the rankings to ninth, whereas Japan maintained its position at the top of the leader board, and the US improving its position coming in second place. The 24 countries ranked in the research account for roughly 80% of global ICT revenues. Each country is ranked depending on its strengths and weaknesses in seven policy areas; data privacy, security, cybercrime, intellectual property right, support for standards, promotion of free-trade and IT readiness & broadband deployment.

“It’s worrying to see the UK starting to fall behind other faster-moving nations in creating policies which enable cloud innovation,” said Victoria Espinel, CEO of the BSA. “It’s critical for global leading nations like the UK to be on the front-foot in creating robust policy frameworks fit for the digital age to prevent protectionism, so governments, businesses and consumers can benefit from the various benefits cloud computing offers. The report is a wakeup call for all governments to work together to ensure the benefits of the cloud around the globe.”

The UK scored particularly well when it came to intellectual property rights, security and IT readiness, where it ranked fourth, second and first respectively, but badly in the cybercrime valuation, coming in at number 21 out of 24. Within the other areas it hit the middle of the road, and while overall performance was not negative, the UK fell behind due to the speed and efficiency in which other nations are developing their policies.

In the cybercrime section, where the UK was particularly poor, the report highlighted while the UK was in general compatible with the Budapest Convention on Cybercrime, it has not yet implemented laws relating to misuse of devices, as required by Article 6 of the Convention. The report also stated outdated data registration laws are acting as a barrier to some cloud services, as businesses are required to register their data sets with the regulator, which seems to be an unnecessary burden.

Leaderboard

2016 BSA Global Cloud Computing Scorecard – click to enlarge

The US performed favourably across the majority of the ranking categories, particularly on support for industry standards (first), promotion of free trade (first) and IT readiness (third). The US has been recognized by the report as a particular advocate of free trade and harmonization, as well as standardization, as it “continued to remove barriers to international information technology (IT) interoperability”.

Data privacy was the area in which it performed the worst, where it stated there are no single privacy law in the US, as well as numerous policies which have the potential to create a complicated and confusing landscape. Current key sectoral privacy laws include the Federal Trade Commission Act, the Electronic Communications Privacy Act, the Health Insurance Portability and Accountability Act, the Fair Credit Reporting Act and the Telephone Consumer Protection Act.

The report also drew attention to the compatibility between the US with the privacy principles in the EU Data Protection Directive, of which there is little. According to the report “US organizations also have a range of voluntary options to ensure their data protection practices are compatible with the principles in the EU Directive”, though these are not backed up by government policy or legislation. This has been a point of discussion throughout the industry, following Safe Harbour being shot down, and its successor receiving criticism from certain corners of the EU.

Russsia privacy law

Russian Privacy Law – click to enlarge

While the report does outline progress in the development of IT and cloud policies throughout the world, it does also bring attention to several nations who have been demonstrating negative trends. Countries such as China and Russia have implemented policy which could be seen to inhibit the growth of cloud computing within their countries, by limiting the ability of cloud computing service providers to adequately move data across borders.

“The Scorecard shows that countries are eager to welcome cloud computing and its myriad economic benefits, and many of them are creating a favourable regulatory and legal environment,” said Espinel. “Unfortunately, the Scorecard also shows some countries are heading down a path of treating cloud computing as the next frontier of protectionism. The report is a wakeup call for all governments to work together to ensure the benefits of the cloud around the globe.”

Russia for example has implemented a legal requirement that data operators store the personal data of Russian citizens on servers based in Russia, as well as personal data information system (irrelevant of the simplicity of the database) must be certified by the Federal Service for Technical and Export Control (FSTEC). In turn this data can only be used on software and hardware which has also been approved by the FSTEC.

The BSA believes will have a negative impact on the company’s digital economy, stating “The local requirements are not compliant with generally accepted international standards, and Russia does not participate in the Common Criteria Recognition Agreement (CCRA).”

Adobe, Box, Enterprise IT, News & Analysis

Box and Adobe announce new partnership to simplify PDF’s in the cloud

Adobe and BoxBox and Adobe has announced a new partnership to simplify working with digital documents in the cloud.

The partnership will see the team launch a number of new offerings including Adobe Sign in Box, as well as Access and Edit PDFs from Box. The team claim more than two billion PDFs are currently in Box today and the new partnership will increase efficiency over various departments within the business ecosystem.

“Today’s news is just our latest step toward helping businesses work fully in the cloud by delivering seamless, easy to use connections with all of the services people use to get work done,” said Chris Yeh, SVP of Product and Platform at Box. “In the last year alone, we’ve announced deep integrations with Microsoft, Okta and Salesforce and many others, allowing more businesses across the globe to centralize their most valuable content on our platform. Stay tuned as we continue to advance our mission to transform the way people and organizations work. This is just the beginning.”

The first new feature will enable customers to review documents in Box and route them for electronic signatures in Adobe Sign, allowing customers to manage revisions, secure signatures, track approvals and distribute the final version of any form or contract, entirely within the cloud. Users will also be able to edit PDF’s within Box’s platform, with annotations and edits saved back to Box in real-time, ensuring the latest version of the document is always accessible and avoiding version control issues. On its blog, Adobe also claim the new offering will mean customers will never have to download another file to their computers, as well as the ability to edit PDF’s on any devise, anywhere.

“Organizations worldwide rely on Adobe Document Cloud and Adobe Sign to bring speed and efficiency to processes involving digital documents,” said Bryan Lamkin, GM for Digital Media at Adobe. “Our mission is to simplify and modernize those processes for businesses and people wherever and however they work. Our collaboration with Box will help advance this cause, whether it’s reviewing a new employee benefits handbook with HR stakeholders, sharing the latest creative mockup with your global ad agency, or sending a sales contract for signature by the CEO.”

The collaboration is similar to a previous partnership announced by Adobe last October with Box’s competitor Dropbox. As part of this partnership, Dropbox and Adobe claim to have simplified the way that PDF files can be edited with Adobe apps and also as they sit in Dropbox.

Azure, Big Data, IoT, Microsoft, News & Analysis, Rolls-Royce

Microsoft and Rolls Royce collaborate to build next-gen intelligent engines

Rolls RoyceMicrosoft and Rolls Royce have announced a new collaboration to bring the next generation of intelligent engines to the aviation industry.

Rolls-Royce will integrate Microsoft Azure IoT Suite and Cortana Intelligence Suite into its service solutions to expand its digital capabilities, particularly around its Totalcare service offering, which aims to improve the lifespan of its assets for customers. The partnership builds on underlying trends within the industrial and manufacturing industry in moving from a reactive to proactive maintenance and repair model, using IoT to detect faults in real-time, but also identifying the tell-tale signs of such faults at industrial scale, prior to them becoming a problem.

“Our customers are looking for ways to leverage the digital landscape to increase efficiency and improve their operations,” said Tom Palmer, SVP of Services and Civil Aerospace at Rolls-Royce. “By working with Microsoft we can really transform our digital services, supporting customer’s right across engine-related aircraft operations to make a real difference to performance.”

At the Hannover Messe event in Germany, both Microsoft and Rolls Royce will demonstrate the new capabilities, including using the Azure IoT Suite to collect and aggregate data from disparate, geographically distributed sources and Cortana Intelligence Suite to analyse the data itself. Data sets will include engine health data, air traffic control information, route restrictions and fuel usage data, with the aim of increasing the assets fuel efficiency, as well as detecting anomalies and ongoing trends.

“Rolls-Royce has always been a pioneer in engine services, and this collaboration will create a new digital engine for Rolls-Royce to deliver an even better service to its customers across its world-class engine fleet through Microsoft Azure,” said Jason Zander, Corporate VP of Azure at Microsoft.

Microsoft also announced at the event it has been working with the OPC Foundation to ensure industry IoT scenarios is compliant within OPC Unified Architecture (UA) standard. The OPC UA provides a standardized communication, security, and metadata and semantics abstraction for the majority of industrial equipment, ensuring interoperability between devices, assets and the platform to interpret the collected data.

Microsoft’s support for the standard covers its entire IoT portfolio including local connectivity with Windows devices to cloud connectivity via the Microsoft Azure platform. The announcement also included extended support for OPC UA open source software stack, ensuring any Windows 10 devices running the Universal Windows Platform can connect and openly communicate with other IoT devices via OPC UA.

“As Industry 4.0 reaches a tipping point, we believe that openness and interoperability between hardware, software and services will help manufacturers transform how they operate and create solutions that benefit employees’ productivity,” said Sam George, Director of Azure Internet of Things at Microsoft. “Microsoft’s support of OPC UA in Azure IoT and Windows IoT will reduce barriers to industrial IoT adoption and help deliver immediate value.”

Parallels Desktop for Mac

Parallels Remote Application Server helps resellers to transform into MSP

As more and more businesses decide to operate with flat-rate IT budgets, traditional IT resellers are falling under increased pressure to find new revenue streams to keep up with the demands of the market. It is no surprise, then, that many software resellers are escaping the sinking ship and using this business climate to transition […]

The post Parallels Remote Application Server helps resellers to transform into MSP appeared first on Parallels Blog.

Uncategorized

Announcing @Peak_Ten to Exhibit at @CloudExpo New York | #Cloud

SYS-CON Events announced today that Peak 10, Inc., a national IT infrastructure and cloud services provider, will exhibit at SYS-CON’s 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY.
Peak 10 provides reliable, tailored data center and network services, cloud and managed services. Its solutions are designed to scale and adapt to customers’ changing business needs, enabling them to lower costs, improve performance and focus internal resources on core competencies.

read more

Uncategorized

Announcing @EnzuInc to Exhibit at @CloudExpo New York | #Cloud

SYS-CON Events announced today that Enzu, a leading provider of cloud hosting solutions, will exhibit at SYS-CON’s 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY.
Enzu’s mission is to be the leading provider of enterprise cloud solutions worldwide. Enzu enables online businesses to use its IT infrastructure to their competitive advantage. By offering a suite of proven hosting and management services, Enzu wants companies to focus on the core of their online business and let Enzu manage their IT hosting infrastructure.

read more