We’ve all heard about the benefits of cloud infrastructure: improved productivity, cost savings, efficiency, agility and a host of other buzzwords that paint cloud as the be all, end all for IT.

Most organisations today either already run workloads in the cloud or plan to experiment with cloud in the very near future. And it’s up to businesses to decide whether they choose cloud infrastructure provided by public cloud providers like AWS, Microsoft Azure and Google Cloud Platform, or cloud infrastructure maintained by their organisation’s IT team.

In compliance heavy businesses, such as financial institutions, a new trend has emerged: organisations are running an isolated virtual private environment on public cloud infrastructure.

Securing the app

No matter where an application is hosted, securing the application delivery remains the primary concern. And it’s security that is causing a great deal of confusion in the industry. It raises the question: who owns application security in the cloud? Is it the cloud service provider or application teams?

Some believe that applications are secure simply because they’re deployed in the cloud, which would make application security the sole responsibility of the cloud infrastructure provider.

Others feel that security is the responsibility of the application owners – and as such, applications should not be deployed in the cloud due to security risks or unless security is properly baked in.

Blurred lines

It is well documented by public cloud providers like AWS and Azure that application security is a shared responsibility between the cloud infrastructure providers and the application owners. However, the lines are blurred and the division of ownership is not clearly defined.

Applications deployed in cloud infrastructure are accessed via the network. In this case, viewing the security responsibility from the network infrastructure point of view makes more sense.

This chart (below) shows the division of ownership between cloud providers and app owners.

In this example, the cloud providers control and manage the physical infrastructure resources, hence it’s their job to make sure the application that runs on that infrastructure is secure.

However, with virtual and software-defined networks (SDNs), application owners define the virtual networks as per application architecture, referred to infrastructure as code. Thus virtual network security resides with the application owners. Traditionally, application owners have an established set of best practices, and setting up network security is a no-brainer. Because the network is part of the infrastructure, cloud providers will provide tools for virtual network security and also for the implementation.

Cloud providers, however, have no visibility into what happens at the application layer and have no way to help the application owners in this area. The application security layer is the responsibility of application owners.

Before we can evaluate a solution for application security, we need to understand the following challenges:

• Security monitoring – there are numerous questions about the solution’s capability, but monitoring the security should not be one of them. Security monitoring is imperative; it’s a must-have
• Application vulnerabilities – these are susceptible to attackers looking to exploit and attack an application, either to gain complete control over it, deform it or steal data. OWASP analyses such vulnerabilities and exploits, and regularly publishes a list of its top 10 identified vulnerabilities
• Malware and ransomware – another well-known security problem that impacts a lot of users and should be addressed prior to deploying an application in the cloud
• Bots – approximately 30 percent of traffic comes from non-useful bots (i.e. bad bots). While some people don’t consider them a security issue, yet, bad bots can waste 30 percent in server resources, resulting in  a huge loss of productivity
• Application layer DDoS attacks (volumetric or protocol exploits) – are also a concern as DDoS attacks evolve in size, scope and sophistication. DDoS protection is a serious consideration for both application owners and cloud infrastructure providers

Solving these challenges

Fortunately, there are solutions available to overcome the security challenges associated with cloud applications.

Web Application Firewalls (WAFs), for example, can handle the common vulnerabilities listed by OWASP. And IP reputation and other signature databases have been created to combat malware and bad BOTs.

Many Application Delivery Controllers (ADCs) bundle application security solutions with load balancing and other key application services. Having a complete set of application delivery tools along with security and visibility in a DDoS resilient architecture can create a complicated deployment architecture. Consider a solution that unifies all aspects of the application traffic management, application security with traffic and security analytics into a single system and layers central management and control on top of it. This type of solution will alleviate most of your cloud application security concerns.

Read more: Report argues ‘concerning’ lack of understanding over IaaS shared responsibility models

SYS-CON Events announced today that Cloudistics, an on-premises cloud computing company, has been named “Bronze Sponsor” of SYS-CON’s 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Launched in 2016, Cloudistics helps anyone bring the power of the cloud to the data center in an easy-to-use, on- premises cloud platform that automatically provides high performance resources for all types of applications: Docker, Splunk, Hadoop, Citrix® VDI, and many other high performance workloads. With no onsite controllers to install or maintain, it’s easy to scale across a large site or multiple locations – all from a single, centralized dashboard.

read more

For a phrase that’s being thrown around a lot recently, what does “Digital Transformation” really mean? When someone says that they want to digitally transform their business, what does one really mean, why do they want to do it, and should they approach this “digital transformation” process? First off, let’s start with a definition. If we don’t know what we are trying to achieve, then how do we know how to get there? Or to quote the famous Greek philosopher Yogi Berra: “If you don’t know where you are going, you’ll end up someplace else.”

read more

Venture capital money for cloud technology continues to stream through, with more than $50 million announced over the past week for two companies in the identity and hybrid cloud space respectively.

Auth0, an identity as a service platform provider based in Bellevue, Washington, confirmed it has raised $30 million (£23.1m), while ‘open source as a service’ firm Platform9, based out of Sunnyvale, California, announced $22 million (£17m). Both rounds were series C.

For Auth0, the funding comes amidst a year of record growth, with revenue increasing almost three times year over year and new customers including Atlassian, News Corp, and Houghton Mifflin Harcourt. Platform9, meanwhile, called the year’s performance ‘tremendous’ and pointed to a customer base growth of 360% and revenue growth of 300%.

Meritech Capital Partners led the Auth0 round, with existing investors Bessemer Venture Partners, Trinity Ventures and K9 Ventures, and new investors NTT Docomo Ventures and Telstra Ventures participating. For Platform9, the round was led by Canvas Ventures with Hewlett Packard Enterprise, Redpoint Ventures, and Menlo Ventures, participating.

“In our dozens of calls with customers, it was clear that Auto0’s value proposition is resonating in the market,” said George Bischof, managing director at Meritech Capital Partners. “Developers can leverage Auth0’s extensible and easy to integrate identity platform and free up their cycles to work on the core application. Auth0 subscriber adoption is exponentially expanding and we are excited to support their rapid growth.”

Sirish Raghuram, co-founder and CEO of Platform9, wrote in a letter about the increasing importance of open source technologies for enterprise. “Enterprises will come to bet on solutions that are rooted in open source, instead of proprietary solutions that require the vendor to lock in the customer to remain a viable business over time,” he wrote.

“This will happen across a range of computing services, but is especially pertinent in the infrastructure space. Just ask any large VMware or AWS customer and chances are, they’ll tell you they are exploring open source alternatives.”

Elsewhere, Minjar, an AWS managed service partner, announced an undisclosed amount in a pre-series A funding round led by Blume Ventures. The company tweeted out news of Blume’s investment at the recent India Cloud Summit event. 

Emerging technologies, such as IoT, robotics, and augmented reality or virtual reality (AR/VR), will drive the next wave of growth in the information and communications technology (ICT) industry, increasing the overall opportunity to $5.5 trillion by 2020, according to the latest market study by International Data Corporation (IDC).

The IDC forecast illustrates that the ICT sector is dependent upon new technology innovation for growth, as traditional business technology revenue streams begin to decline in the face of cannibalization, substitution, and the shift to cloud-based computing solutions.

Global ICT market development

New technologies, which IDC calls “Innovation Accelerators,” will provide almost $7.4 trillion in aggregate industry revenue from 2015-2020 — adding $1.8 trillion to the overall size of the industry in terms of annual sales by the end of the forecast period.

A large proportion of this growth will come from the fast-growing IoT market, which is forecast to reach almost $1.3 trillion in annual revenue by 2020, of which more than $1 trillion represents new opportunity outside of traditional technology market categories.

According to the IDC assessment, robotics, augmented reality or virtual reality, security, cognitive systems or artificial intelligence, and 3D printing will contribute the rest of this fast-growing portion of the ICT market.

“The traditional ICT market of data center infrastructure, client devices, software, services, and telecommunications is now growing at a rate not much faster than real GDP and increasingly resembles a mature sector of the overall economy,” said Stephen Minton, vice president at IDC.

That being said, between 2015 and 2020, overall ICT Spending – excluding the Innovation Accelerators – will see a compound annual growth rate (CAGR) of just 1 percent in constant currency terms. Including the Innovation Accelerators, ICT spending will increase by 5 percent over the same period. In total, the Innovation Accelerators will post a CAGR of 18 percent.

Asia-Pacific (excluding Japan) represents the largest market for Innovation Accelerators, forecast to reach more than $600 billion by 2020, followed closely by the United States. The fastest growth over the same period will be in Latin America, Central & Eastern Europe, and the Middle East and Africa.

“Device sales are now dominated by mobile devices and cloud service providers represent a growing proportion of all infrastructure hardware and software sales, while big data and analytics are at the heart of the fastest-growing opportunities. Meanwhile, growth in the telecom market is already entirely dependent on mobile,”  added Minton.

Global outlook for public cloud services

With public cloud services still growing at a double-digit rate, cloud computing will continue to cannibalise traditional spending on infrastructure, software, and IT services. Big data and analytics is also still expanding at a double-digit rate of growth and is forecast to see a 12 percent CAGR between 2015 and 2020.

Public cloud services and big data and analytics will each provide more than $200 billion in annual revenue by 2020. Meanwhile, the explosion in smartphone sales over the past few years and the ongoing growth of mobile data services means that overall mobility offerings are already valued at more than $1.5 trillion in annual sales.

Read more: Global cloud IT infrastructure revenues hit $8 billion in Q117, says IDC

In 2013, building and construction firm Travis Perkins developed a five-year roadmap for its IT. Technology would be seen as a ‘key enabler of strategic change’ rather than a support function, with investments amounting to more than double the IT budget, enhancing infrastructure and getting to grips with open source and cloud architecture in the process.

Four years into the plan, things seem to be going swimmingly. The IT budget has been duly doubled, and the company’s self-service portal supports 30,000 staff.

The key to Travis Perkins’ success has been changing the IT service management (ITSM) environment from a firefighting ‘fix fast’ approach to focus on cloud-based technology and a ‘fail less’ outlook. This has come through the use of ServiceNow from UK-based IT solutions provider Fruition Partners.

“The previous approach was mostly a result of having a spread of legacy solutions in place and no unified way to manage them,” Wendy Collison, Travis Perkins project manager for service development, told CloudTech. “Now, we are creating greater integration and efficiency across the business by harnessing multi-channel transactional support, re-engineering and upgrading legacy systems to provide enhanced infrastructure to provide fix solutions quicker.”

In July 2014, the service delivery team launched SolveIT, the first iteration of a self-service website. To begin with, the portal was focused on IT support, which helped users log IT incidents and track progress, as well as provide information so users could fix issues themselves.

Today, it is now accessible to all 30,000 employees across the Travis Perkins group, with 10% of all incidents and service requests going through the portal. This is described by the company as a ‘good achievement’, taking into account the fact the many workers in stores and warehouses who are less likely to use the portal through their job role. The company also reports a more than 20% reduction in incidents, and quicker root cause analysis.

“It took a while to gain momentum as for some colleagues in branch and store locations they didn’t notice any significant changes to working methods,” added Collison. “But through further updates and enhancements with ServiceNow, colleagues are seeing a real difference to the updates and information they receive, they are better informed and service teams have more time to concentrate on delivering better services and anticipating problems before they happen.”

Ultimately, the goal is to ‘move fully to a services-based organisation based around a service catalogue, detailing all the business services the organisation provides along with associated costs and commitments’. One such development in the pipeline is putting together an online branded clothing store for Travis Perkins staff, with employees being able to select uniform, schedule delivery, and organise returns via an automated system.

“The first step was to create a successful product catalogue enabling colleagues to purchase devices from our self-service portal, such as phones, laptops [and] printers,” said Collison. “Moving forward, we aim to create a full service catalogue where businesses will be able to purchase readily available solutions such as websites, business analytics and customer relationship solutions.”

This shows there are still a couple of steps to go for Travis Perkins – but the journey already undertaken gives a glimpse of how a long-term cloud plan, properly executed, can reap rewards.

Main picture credit: Travis Perkins

Only one in five organisations are getting the most out of their cloud investments with 96% saying it could do with a ‘makeover’, according to new survey results from Fugue.

The research, which garnered the responses of more than 300 IT operations professionals, found the majority of those polled said compliance and security concerns, unexpected downtime, and a plethora of cloud management tools available today, means their investments are not hitting the right mark.

When asked why the cloud landscape needed a makeover, 33% said their experience needed to be simplified and easier to use, compared with 29% who cited security, with more ease controlling costs (13%) and easier to control generally (10%) also cited.

More than a third (36%) of respondents said the C-suite fails to understand its complexity, while a quarter (26%) said IT leadership struggles with it and one in five (20%) said the same for developers. This complexity is borne out in the number of disparate tools used by organisations; just under a third (31%) say they are using between six and 10 tools, compared with 38% using three to five, 16% for 11-15, and 7% who are using more than 15.

Naturally, these results bode well for Fugue, a company based in Maryland, as well as Washington DC and Silicon Valley, whose modus operandi is around cloud automation and simplifying lifecycle management of the Amazon Web Services (AWS) infrastructure service stack.

“The promises of the cloud are tremendous, but they are hard-won,” said Josh Stella, CEO and co-founder of Fugue in a statement. “You hear you’ll get rid of data centres, save money and move faster; cloud’s essentially an infinite resource. But what happens is that IT departments lose control of it – they can’t keep track of everything that’s running, and there are security and compliance complications.

“If you’re Netflix, you have enough money to throw at the problem, but most companies trying to manage the cloud end up in a DIY headache of patch-ups and tools that were born in the data centre and adapted for use in the cloud,” Stella added.