No matter how well-built your applications are, countless issues can cause performance problems, putting the platforms they are running on under scrutiny. If you’ve moved to Node.js to power your applications, you may be at risk of these issues calling your choice into question. How do you identify vulnerabilities and mitigate risk to take the focus off troubleshooting the technology and back where it belongs, on innovation?
There is no doubt that Node.js is one of today’s leading platforms of choice for microservices and gluing tiers, connecting the heavy lifting business logic with modern offerings like single page applications. Intuit and PayPal showed how the Node initiative of a small team of “company outlaws” can grow into a whole organization and transform how things are done.

read more

(c)iStock.com/Gajus

Microsoft has announced it has obtained ISO 27017 compliance, a new cloud-based security certification published at the end of last year.

The certification from the ISO, the global organisation which has published more than 21,000 international standards across a variety of industries, is newer and subsequently less known than the ISO 27018 standard, which sets out guidelines to protect personally identifiable information (PII).

Microsoft claimed to be the first adopter of ISO 27018, in February last year, and now, the ISO 27017, which gives additional controls that specifically relate to cloud services, is in Microsoft’s hands, according to an Azure company blog post.

“We are happy to announce Microsoft Azure obtained the ISO/IEC 27017:2015 certification, an international standard that aligns with and complements the ISO/IEC 27002:2013 with an emphasis on cloud-specific threats and risks,” wrote Alice Rison, Microsoft Azure senior director.

The certification is still nascent among cloud providers, yet Amazon Web Services (AWS) secured 27017 compliance as far back as November last year, claiming to be the first to get the green light. “Certifying that we follow yet another best practice won’t come as a surprise; we’ve already proven that information security is job #1 here at AWS,” Jeff Barr, AWS chief evangelist, trumpeted in a blog post at the time.

The need for compliance – and ensuring data stays where it should – by certification with a globally recognised authority needs to be key for both customers and cloud providers. Writing for this publication last month on ISO 27001, a standard launched in 2013 around information security management, Frank Krieger, director of compliance at iland, explained the important questions for organisations to ask; not least that certificates should not be taken at face value.

“Organisations should care a great deal about ISO compliance in the cloud and ensure their partners and providers care as well,” he wrote. “ISO compliance in the cloud doesn’t have to be a nightmare, but you do need to approach the process with the level of rigour that the standard demands.”

You can find out more about the ISO 27017 standard here.

Read more: ISO compliance in the cloud: Why should you care, and what do you need to know?

(c)iStock.com/espiegle

Equinix has announced the purchase of Digital Reality’s Paris operations, including its real estate and data centre facility, for approximately $211 million (£158m).

The two companies, who continue to fight for supremacy in the colocation rankings – findings from Synergy Research in May showed Equinix as number one in colocation, with Digital Realty second and NTT third – came to a deal which included 1,000 cabinets of sold capacity in Equinix’s PA2 and PA3 data centres, as well as a further 1,000 for customer growth. Equinix has seven data centre locations in Paris alone, three of which came with the company’s acquisition of Telecity in January this year.

Equinix argues its seven Paris locations are business hubs for more than 575 companies, while its interconnection platform gives access to more than 160 network service providers and 100 cloud service providers, including Google Cloud Platform and IBM SoftLayer.

“As one of the largest economies in Europe, France continues to be a strong destination for local French businesses, as well as multinationals,” said Steve Smith, Equinix president and CEO in a statement. “We believe that by fully owning the site of our PA2 and PA3 facilities and the surrounding land, we will be able to ensure additional capacity and the ability to interconnect more networks, clouds, people and data, as customers require in the future.”

Another research study, this time from 451 Research in April, argued 2015 was a landmark year for deals in the data centre, arguing that while Digital Realty owned the most real estate, Equinix secured the most annual revenues. “Colocation is quickly becoming the nexus of both cloud and enterprise IT,” said Katie Broderick, 451 research director at the time. “The colocation market is serving as ‘data centre arms dealer’ to both enterprises and the cloud.”

I’m often guilty of sticking my head in the sand, ignoring very small details that could turn into big problems later on. Like when Netflix told me my credit card was about to expire, but it seemed like such a boring task, so I ignored them…till the day Netflix stopped working. I grumbled at the TV for awhile, then wasted another half hour remembering my login details and finding the credit card update page.
Clearly, I should have followed the easy link in the first place. It was my oversight that led me to waste time and my good mood updating my info. I consider missing my favorite television an actual problem in life, but realistically, it’s a minor problem that only affected me (and the people I live with. I was pretty grumpy).

read more

Experts are debating whether the Democratic National Committee’s (DNC) email system was hacked by the Russian military intelligence service (G.R.U.) or Guccifer 2.0, a lone wolf Romanian hacker. While this is a very important question, the answer will not change the results: over 20,000 DNC emails ended up on WikiLeaks. How did this happen? How likely is it to happen to you or your company? What can you do to protect your email system from a similar fate?

read more

Conjecture, an opinion or conclusion formed on the basis of incomplete information.
All digital transformation initiatives introduce new problems, software bugs, guaranteed network vulnerabilities, new competitors; new business challenges and new stresses. The elimination of all negative consequences and vulnerabilities are impossible, so our focus should be on limiting and containing it, not eliminating it.

read more

The South Florida Business Journal honored Chetu Inc. with an inclusion on South Florida’s Top 100 Private Companies List. Chetu ranked at number 80 amongst other private businesses who showed tremendous revenues for 2015, are native to South Florida and have verifiable revenue figures. Chetu showed $31.51 million in revenues for 2015. That figure is a 10% increase from the $29.05 million in revenue earned in 2014.

read more

Deploying applications in hybrid cloud environments is hard work. Your team spends most of the time maintaining your infrastructure, configuring dev/test and production environments, and deploying applications across environments – which can be both time consuming and error prone. But what if you could automate provisioning and deployment to deliver error free environments faster? What could you do with your free time?

read more

(c)iStock.com/tzahiV

While public cloud implementations are steadily increasing, private clouds in customers’ own data centres continue to be deployed because of the perceived higher levels of security and control they offer.

But the management of a private cloud can be complex and many organisations underestimate the scale of the challenge. Security and management in particular continues to be pain points. Many go in with the assumption that in a private cloud, IT departments have more control so the environment will either inherently be more secure, or will be easier to implement and maintain security controls.  Unfortunately, many organisations subsequently find the management challenge is greater than anticipated and adoption is difficult, which often has more to do with organisational and IT transformation issues rather than the technology itself. This puts a whole new dimension on the scale of the challenge, and raises the question of whether the internal IT team is up to it.

In order to secure your private cloud, you will need to manage your cloud footprint – including key performance metrics, network and virtual machine configuration, disaster recovery and backup, intrusion detection, access management, patching, antivirus – and many more security considerations.  

The sheer volume of security controls needed can be overwhelming and not many IT departments have the people power or expertise to be able to manage diverse security solutions from multiple vendors. But, the real kicker is often not just the security technology itself, it’s the internal processes required to implement private cloud security. 

The IT team needs to work with the security department and procurement to define responsibility for who looks after what when it comes to maintaining infrastructure. Internal departments also won’t necessarily prioritise your request and complex negotiations and acts of diplomacy often ensue. Evaluation processes alone can take six months or more and it’s a dance that needs to be done for not one security solution but for multiple solutions.

Add to this the fact that the threat landscape continues to grow and become ever more complex. Some cloud initiatives are increasingly stalling or getting cancelled altogether because the security risks are deemed to be too high. This results in an uncomfortable situation for IT leaders as lines of business in their organisations are still demanding the agility, scalability and cost savings that cloud computing can deliver. IT leaders know they can’t abandon cloud altogether, the benefits are too great – and yet they also know whose head will be on the line if an outage, data loss or hacking incident was traced to a cloud workload. It is not surprising that some IT leaders look back with nostalgia on the simple outsourcing models of the past.

A secure hosted private cloud from a provider like iland can provide an answer for companies with workloads that require isolated infrastructure. A hosted private cloud can deliver all the integrated security, management, support and availability levels you would get in a traditional data centre environment, but with all the convenience and benefits of cloud.

Instead of buying, installing, integrating and maintaining separate security solutions, secure hosted private cloud solutions like iland’s also offer a purpose built management console that integrates the management and reporting of security and compliance settings, smoothing the path to completing audits.  Embedded security features in a hosted cloud platform include role-based access control, two-factor authentication, VM encryption, vulnerability scanning, anti-virus/anti-malware, integrity monitoring, intrusion detection, detailed firewall and log events,. Additionally, all private cloud resources can be managed from a single place, with access to performance metrics, granular billing data, VM management capabilities and DR management. Hosted private cloud customers also benefit from flexible pricing models that deliver predictable and controllable operational expenses in reservation or burst options while avoiding the capital expenses of on-premise private clouds.

As the security challenge continues for cloud workloads, secure hosted private clouds offer stretched IT departments the best of both worlds. Removing the burden of hardware management, shifting capital expenses to operating costs and benefitting from the latest innovations, this model seamlessly augments on-premise data centres and delivers a robust, enterprise-class secure private cloud with all the features of a public cloud – but without the management overhead.