Is Microsoft Cloud Secure?

Is the Microsoft Cloud secure? We’ll you’ll be surprised to know some interesting facts and what goes on behind the scenes.

For starters, Microsoft cloud is constantly under attack, which is not a surprise, given that Azure is one of the most cloud computing platforms today. With its thousands of clients and users, hackers are always tempted to break its security, so they can steal whatever information they want.

But, it’s not been that easy for these hackers. A recent report released by Microsoft shows that this company thwarts roughly about 1.5 million hacks every day. That’s overwhelming to say the least.

Microsoft has employees more than 3,500 security employees and an advanced AI grpah thathelps to keep these attacks at bay. It’s a perfect combination of men and machine that keep every piece of data safe and secure.

When it comes to machines, Microsoft feeds hundreds of gigabytes of telemetry data into it’s intelligent AI-based system called the Intelligent Security Graph. Using some advanced machine learning algorithms, the system is able to predict with reasonable accuracy the source and time of attack. In addition, Microsoft claims that it scans more than 400 billion emails that go through Office 365 and Outlook every month to identify malware and other kinds of phishing scams.

All these measures cost money and this is why Microsoft spends more than $1 billion each year to beef up its security. Besides this money, the company also spends on research and development to further enhance its security and to stay updated – all in an effort to prevent hackers from breaking its security.

Though this may sound great, the fact is Microsoft is not the only provider that faces such a barrage of attacks from hackers. All cloud based companies keeping facing such attacks and some of them fall prey to these hackers. A case in point is OneLogin, a popular password management site, that was hacked, and it uses AWS as its cloud service provider.

In this sense, hacking is a part of everyday operations for these cloud companies and they’re doing everything they can to stay away from them. But sometimes, mishaps happen and data is lost. While this is not an argument to support the cloud providers, it’s time we understand the efforts that go behind maintaining the security of a cloud platform.

This scenario also explains why venture capitalist firms keep investing in cloud security firms. One such company that has benefited from such funding is Netskope that received more than a $100 million in a series E funding led by some of the top investors in this industry. This is, in fact, a trend that we’ve been seeing for some time now.

More people are investing in these cloud access security brokers simply because they believe these companies can find a more lasting and practical solution to the security problem, as hackers are only expected to get more aggressive in the future because of the huge money they can get from the dark web for stolen data.

The post Is Microsoft Cloud Secure? appeared first on Cloud News Daily.

Why companies are shifting to ‘IT as a service’ – and what you need to do about it

‘IT as a service’ (ITaaS) is on the rise as companies realise the benefits of contracting an IT service provider for all their business technology needs. While ITaaS is not a new concept, it has become a go-to operational model for medium-to-large sized companies that need 24/7 monitoring, managing, and sustaining of company technology.

Moving to ITaaS is an operational shift, where IT is run as a business and therefore can be optimised according to business needs. Companies that run hybrid IT environments, such as private cloud, public cloud, and in-house applications, can contract services for all or just part of their technological system. Here are some leading benefits of IT as a service and why more companies are shifting to this model.

Full-time security

Hiring a full-time staff to monitor servers 24/7/365 is expensive and can eat up a lot of the IT budget. Instead, by contracting an ITaaS provider, companies can save valuable time and resources. This provider will be on-call for any disruptions of services, applications, or any website or hardware. The ITaaS provider will fix the issue and alert the company if necessary.

Since IT security is a top concern for businesses, having an ITaaS provider can take away an element of fear, as they are skilled in handling breaches such as distributed denial of service (DDoS) attacks or malware issues. And especially for companies with strict compliance regulations, and ITaaS provider can ensure all requirements are met.

Efficient support for employees

Most companies have employees distributed around the country or around the world, which often means limited deskside support resources. An ITaaS provider, however, can deploy a self-service support portal, which allows employees to open support tickets, search a robust FAQ, check the status of issues, request new devices, or find any information related to the IT aspect of their position.

This type of support system is seamless for employees who want fast answers and quick relief from IT issues. It can be integrated with help desk software applications, making internal IT support easy.

Monitoring and management

All companies must monitor and update hardware for items such as antivirus software, operating system updates, etc. This process takes time and resources that could be used elsewhere. By shifting this responsibility to an ITaaS provider, companies are relieved of managing each employee’s laptop, desktop, and mobile device. The ITaaS provider ensures all devices are regularly updated with the latest operating systems and applications.

Furthermore, the ITaaS provider can remotely access each device for configurations, patching, and ongoing maintenance. If for some reason an on-site fix is necessary, the system can alert a designated technician to fix the problem. ITaaS providers also monitor and maintain virtual servers, remotely fixing any issues, to ensure regular and consistent performance.

Enhanced reporting

Many companies are bound to a service level agreement (SLA), which makes performance monitoring an important part of IT services. The ITaaS provider can monitor performance and alert technicians to when action is necessary for any hardware or device. ITaaS providers can report against enhanced SLA metrics beyond standard OEM warranty terms. For small-and-medium sized businesses, attaining these services through the OEM can be costly, which is why an independent service organization is an affordable alternative.

Turbonomic touts support for AWS and Azure public cloud with new release

Turbonomic, a Boston-based cloud and virtualisation software provider, has announced new support for Amazon Web Services (AWS) and Microsoft Azure public cloud environments with general availability of its 5.9 iteration.

The company says the move will ‘enable customers to confidently accelerate their journey to hybrid cloud’, with support offerings include visibility of all workloads regardless of where they reside, and lowering of public cloud bills by 30% on average.

Other features include being able to migrate to AWS and Azure public clouds through migration planning, workload placement and workload scaling, controlling public cloud workloads, and enforcing compliance across hybrid environments.

Turbonomic cited a Gartner forecast which argues that by 2020 a quarter of large enterprises will run ‘dynamic optimisation’ solutions to manage the public cloud, compared to less than 1% in 2016.

Gartner defines dynamic optimisation as “a technology capability that uses telemetry, algorithms, service and resource analytics, and policies to drive automated actions that reduce waste, cost and risk exposure, while simultaneously improving service levels.” Naturally, Turbonomic – back in its previous life as VMTurbo – was named as a representative vendor in the analysis, in April last year.

“Transitioning to hybrid cloud presents a new challenge: deciding which workload should run where and when, and confidently managing the transition. It’s a cloud-scale challenge that can only be solved with self-managing software,” said Shmuel Kliger, Turbonomic founder and president in a statement.

“With today’s announcement, Turbonomic is uniquely positioned to help customers monitor and automate their workloads anywhere – on premises and/or in public cloud – in real-time, to unleash the full potential of the public cloud’s elasticity and scale.”

In August, Turbonomic – alongside Verizon – issued research which argued business continuity was the most important business driver of multi-cloud adoption, yet citing cost as the primary differentiator. The company told CloudTech at the time that focusing primarily on cost was “not a recipe for assuring customers are delighted with your service.”

You can find out more here.

What’s New with VMware vRealize

What’s new with vRealize?

Today VMware announced updates to 4 major products with vRealize branding (3 within the suite and 1 not). Even though the version increments are small, the features they bring are not! vRealize Operations, Log Insight, Network Insight, and Business for Cloud have all received updates. So let’s get started, shall we?

vRealize Operations 6.6

Right out of the gate, you will notice something very different in this build of vRealize Operations (lovingly known as vROps). That’s right, they’ve embraced HTML5! If you’ve been using the HTML5 client for vSphere, you’ll see this looks very familiar (it’s the same underlying engine in both). It is great to see VMware continuing to phase out flash and embrace something everyone can use. Also in this build is a revised “Getting Started” page. More and more people are just starting out with adding vROps into their environment, and making the product easier to newcomers is always welcome, just make sure there is an easy way to dismiss all the getting started notifications for the power users. These new dashboards are based on types of rolls (Operations, Troubleshooting, Compliance, etc…). Combine these with greater out of the box integrations with things like vSAN, Log Insight, Automation, and you’ve got a pretty powerful tool to get started with.

vRealize VMware

 

 

 

 

 

 

 

 

 

 

 

One of the other big new features arriving in this update revolves around DRS. Imagine, if you would, that you could enhance DRS with the power of vROps. While by itself DRS is fantastic for load balancing in a cluster, now you can load balance across the entire data center. This new combination will allow you to automatically move workloads to different clusters and different datastores. Now, take it one step further. While DRS by itself is a reaction based process (it only kicks in once there is resource contention) when you can utilize the analytic engine of vROps you can get ahead of the curve. Spotting patterns in workloads will allow DRS to move things ahead of time to ensure that your VMs have the resources available before the increase in load. They call this Predictive DRS (pDRS). I’ll be looking into this further in a later post, but this has the potential to be a real game changer for VMware.

Predictive DRS

 

 

 

 

 

 

 

 

 

 

 

And finally, one last thing, and I thought this was a bit interesting. There has also been development around hardening/compliance. There is a new dashboard that will tell you how hardened your components are (based on VMware’s hardening guide) and how compliant things are. This even goes so far as to checking your environment against HCL.

vRealize Operations 6.6

 

 

 

 

 

 

 

 

 

 

 

vRealize Log Insight 4.5

This update is a bit smaller than the vROps one and it revolves around vROps as well. In this update, they’ve added closer integration with vROps. In fact, now you can launch Log Insight directly from the vROps dashboard. You can auto initiate log management to get to the bottom of the alerts you are seeing in vROps. Now to achieve this, they had to make more enhancements to the single sign-on support, so it would seem this is working better.

vRealize Business for Cloud 7.3

Now I’ll admit, this is the product that I’m the least familiar with. For those of you not familiar with this tool, its great for larger environments that want to get a handle on hybrid cloud. You can break down your costs of your VMs and map them against various providers to get a cost analysis. In this update, Azure has been recognized as a major player in the cloud market and has been promoted to that status within the analytics engine. The AWS integration has also been improved with enhanced VM level statistics. There are also some new out of the box reporting capabilities. One of the best ones is a new Daily Pricing Report. Administrators can configure a daily email (or spreadsheet) that will itemize your data center costs so that you can keep better track of costs.

 

 

 

 

Sean’s Take

It’s great to see more enhancements to these products. It’s clear that vROps is getting a long-needed overhaul and being placed in the center of things, with its ability to reach into every product and maximize its benefit. If you haven’t had the chance, I urge you to give it a try and see what it can do for you. As VMware embraces Amazon and Azure, they want to make sure you also get the most out of it, which is why we see these additional enhancements in that space as well.

On a related subject, check out our recent webinar, “Harnessing Lightning: DevOps + ITOM for Secure & Compliant Hybrid Cloud Ops

By Sean Thulin, Advanced Virtualization Consultant

[panel] #DevOps & #DX | @DevOpsSummit @AndiMann #DigitalTransformation

New competitors, disruptive technologies, and growing expectations are pushing every business to both adopt and deliver new digital services. This ‘Digital Transformation’ demands rapid delivery and continuous iteration of new competitive services via multiple channels, which in turn demands new service delivery techniques – including DevOps. In this power panel at @DevOpsSummit 20th Cloud Expo, moderated by DevOps Conference Co-Chair Andi Mann, panelists will examine how DevOps helps to meet the demands of Digital Transformation – including accelerating application delivery, closing feedback loops, enabling multi-channel delivery, empowering collaborative decisions, improving user experience, and ultimately meeting (and exceeding) business goals.

read more

Puppet DevOps report shows wide gap between higher and lower performing firms

A new report from Puppet on the DevOps landscape has found a significant gap in productivity and results between the highest and lowest rating organisations.

The study, put together in conjunction with DevOps Research and Assessment (DORA) and which polled 3,200 respondents across multiple industries and with organisations of all sizes, found the highest performing organisations have automated 72% of all configuration management processes, spending 28% of their time in manual configuration processes. In contrast, lower performers can spend almost half (46%) of their time on manual configuration.

When it came to lead time for changes – in other words, moving from code commit to code successfully running in production, the highest performers have it down to less than one hour, with the rest managing between one week and one month on average. A big discrepancy there – and it shows again with deployment frequency as well as mean time to recover.

Medium performers, however, were distinguished between the lowest rubric in terms of change failure rate. For high and medium IT performers, the percentage of changes made which subsequently requires remediation is both between 0% and 15% on average, while for low IT performers the number rises to 31%-45%.

The research also examined how leadership affects performance, with high performing outfits sharing leaders with ‘vision’, ‘inspirational communication’, ‘intellectual stimulation’, ‘supportive leadership’, and ‘personal recognition’.

No surprises on the surface there, but the report notes how leadership is not enough to differentiate at the highest level. Teams whose leaders were in the top 10% were not the highest performers as a group, instead displaying varying performance. “Leaders cannot achieve DevOps outcomes on their own,” the report notes. “DevOps success also depends on a suitable architecture, good technical practices, [and] use of lean management principles.”

“The results of the 2017 State of DevOps Report show that high-performing IT teams are deploying more frequently and recovering faster than ever before, yet the automation gap between high and low performing teams continues to grow,” said Nigel Kersten, Puppet chief technical strategist. “The report will help organisations understand how to identify their own inhibitors and embrace change on their DevOps journey.”

“This year’s results clearly demonstrate that DevOps teams are achieving tremendous success by moving towards a culture of shared accountability and trust,” said Cameron Deatsch, head of enterprise growth at Atlassian. “Shifting an organisation’s culture can be difficult and requires the right knowledge, guidance and tools that encourage collaboration and visibility across teams.

“Thousands of customers rely on Atlassian as the foundation of their DevOps practices, providing collaboration across teams, a dedicated marketplace of integrations with leading DevOps tools, and most importantly, accelerating the evolution of their team’s culture.”

Puppet has been busy of late. The company said in May that it had added more than 250 new enterprise customers over the past 12 months, as well as announcing new offices opened in Singapore and Seattle, as well as an updated facility in Sydney. A recent report from Enterprise Management Associates (EMA) found that more than 90% of organisations are using DevOps practices in some capacity, but support production applications only a third of the time.

You can read the full Puppet report here (free, email required).

[session] Business Transformation in Banking and Financial Organizations | @ThingsExpo #IoT #M2M #FinTech

In his session at @ThingsExpo, Arvind Radhakrishnen will discuss how IoT offers new business models in banking and financial services organizations with the capability to revolutionize products, payments, channels, business processes and asset management built on strong architectural foundation.
The following topics will be covered:
How IoT stands to impact various business parameters including customer experience, cost and risk management within BFS organizations.

read more

Netskope Raises Another $100 Million

Netskope, a cloud access security broker, has raised $100 million in new funding. The Series E funding was led by its previous investors such as Lightspeed Venture Partners and Accel Partners. Along with these two investment firms, Social Capital and Iconiq Capital also participated. In addition, two new investors who had not participated in any Netskope’s previous rounds of funding also contributed and they are Sapphire Ventures and Geodesic Capital.

According to a statement released by the company’s founder and CEO, Sanjay Beri, this additional round of funding would be used to building its customer base. In the previous round, Netskope released $938 million, thereby bringing the total money raised to $231.4 million

Netskope has been fairly successful in raising money for its activities, with the first round coming in 2013 and worth just a paltry $21 million. These funding rounds reflect the rapid strides Netskope has made over the last five years.

One of the biggest reasons could be the fact that cloud security is a booming industry. With growing use of devices, the many access points for an application is greatly increased. For example, let’s say you use an internal app to log in to your workplace and maybe even log time to it. You’re likely to see it from your desktop at work, your laptop at home and maybe even from your smartphone and tablet while on the move. This means, there are four access points to that app and a security vulnerability can come from any of it.

These multiple access points are one of the important reasons for the many hacking incidents we’ve seen over the last few years or so. Also, the emergence of different services such as SaaS, PaaS, IaaS and IDaaS are adding to security problems. To tackle the growing complexity of security head-on, Netskope has been working on a standalone security platform.

Existing systems and security practices don’t work well with cloud simply because it’s growing and becoming more integrated and complex by the day. This is why Netskope has come up with a unique principle that’s called “privacy by design.” This principle gives you the flexibility to track and identify specifically what you want such as a set of specific apps or documents instead of analyzing every bit of information that passes through your network, which is truly impossible. You can set keywords and create other security policies that will allow you to have a better control over your network and that’s exactly what Netskope aims to achieve with its platform. It has already secured this idea with more than a hundred patents.

That said, Netskope is not yet profitable and continues to depend on investors for its everyday operations. So, it’ll be interesting to see how much it’s able to translate its ideas into monetary value when it finally releases its platform to the world.

Until then, it’s a wait and watch game for investors and for the general public. There is also some skepticism in the industry circles about security products because none of them have really made the impact they claim to make. Let’s hope Netskope can change this barrier.

The post Netskope Raises Another $100 Million appeared first on Cloud News Daily.

Netskope raises $100m in series E round, aims to move security platform beyond the cloud

Cloud security provider Netskope has announced the close of a $100 million (£77.5m) series E funding round to press ahead with its go to market strategy as well as explore new ventures.

The round, which brings Netskope’s total funding to $231.4 million, was led by Lightspeed Venture Partners and included contributions from existing investors Social Capital and Iconiq Capital, as well as new participation from Sapphire Ventures and Geodesic Capital.

Among the upcoming projects for the company, best known for its cloud assess security broker (CASB) software, includes the first public mention of what is being described as ‘Netskope for Web’, an advancement of the security platform beyond the cloud aimed at being pushed out later this year.

“This announcement really is just a reinforcement of the notion of building the definitive leading cloud security platform,” Sanjay Beri, Netskope CEO, told CloudTech. “The fact [the round] is led by existing investors is a great thing. It was oversubscribed, and for us, we haven’t gone out fundraising per se ever – we’ve had the luxury of a lot of external folks wanting to invest in the company.”

Netskope’s modus operandi is around offering a different solution to securing assets and data in the cloud. Beri describes it as delivering ‘the absolute best architecture and product that would allow enterprises to tackle the problem the way it should be’. To paraphrase the adage about lipstick and porcine creatures, if you put lipstick on legacy security tools, it’s still not going to understand the language of the cloud, or APIs.

Whether it’s the SaaS of Salesforce, Box, Office 365 et al, to the primary IaaS and PaaS of AWS, Google and Microsoft, Netskope aims to have organisations covered through data loss and threat protection, encryption, and more. The company’s next plan is to advance it from the cloud to the whole web. “[It’s] the ability and savviness to understand the way that people work now and the way that applications are built now bringing it to the entire web, not just the cloud,” said Beri, “so one of the things this funding continues to fuel us to do is advance that platform to continue to realise the vision of the definitive cloud security platform.”

Netskope says that it had seen an uptick in 2016 of ‘leading enterprise customers in the retail, financial services, manufacturing, energy, and healthcare verticals’. With customers including Toyota, Genomic Health, and the City of San Diego on the books, Beri mused on where different industries are in their cloud journeys.

“I think you should cut at it two ways – geography and then vertical,” he said. “As the market has moved, what you see now is the largest healthcare, life science companies in the world all using cloud.

“Healthcare is definitely a strong vertical,” Beri added. “When you look beyond retail, most every single retail company in the world is leveraging cloud. They want to focus on their core business and they don’t want to build infrastructure. The cloud lets them enable that remote working, large distributed workforce, and yet they’re worried about protecting customer data, protecting financial data and so on.

“[It’s] the same thing with financial and insurance – you think they’d be the laggards but some of the largest financial institutions in the world are Netskope customers, and they’re leveraging cloud, not only because their end users want, but because it’s a corporate strategy now. It’s a competitive advantage, if you can leverage these properly.”

The geographical discussion naturally beget a look at GDPR, of which the one year countdown for compliance passed last month. Netskope has previously warned companies to get their act together – fines of €10 million or 2% of annual turnover – while Beri calls the process a ‘seesaw’.

“For anybody who wasn’t taking it seriously, it’s going to hurt your business if you don’t now, and I think what a lot of enterprises are realising is that with GDPR coming, they need the next level of visibility and ability to control where their data goes, who uses it, and how it’s exposed,” he said. “One of the keys we focus on at Netskope is how you enable companies to move forward, be productive, leverage the applications that they want, yet at the same time, how you put guard rails around their usage so you’re not going to be able to for example leak EU customer data, or put yourself at risk of violating GDPR.”

It’s a good analogy for their whole ethos. 

[session] Open Analytics | @CloudExpo @ProgressSW #AI #ML #DX #Analytics

Cloud applications are seeing a deluge of requests to support the exploding advanced analytics market. “Open analytics” is the emerging strategy to deliver that data through an open data access layer, in the cloud, to be directly consumed by external analytics tools and popular programming languages. An increasing number of data engineers and data scientists use a variety of platforms and advanced analytics languages such as SAS, R, Python and Java, as well as frameworks such as Hadoop and Spark. Cloud APIs are commonly designed to support application integration representing a disconnect with the analytics ecosystem. These combined trends create significant demand for a “bring-your-own-analytics” (BYOA) capability for cloud applications.

read more