In the cloud era, you as an IT professional are being forced to adopt new roles and take on new responsibilities you may not feel equipped to handle. Businesses are becoming increasingly hybrid, leaving you to manage, secure, monitor, and remediate technology on-premises and in the cloud. Of course, this comes with risks because it means you must manage mission-critical layers of application services across networks, systems, and services you neither own nor control. In fact, in many cases, you may not even have visibility into all the environments you’re responsible to ensure the performance of. Indeed, the SolarWinds IT Trends Report 2017 found that 50 percent of IT professionals surveyed lack control and visibility into their cloud environments.

read more

Microsoft has announced the acquisition of Connecticut-based Cycle Computing to help provide easier access to high performance computing (HPC) in Azure.

Cycle has been in business since 2005 and provides orchestration software running both off the primary public cloud providers as well as in private cloud environments. Its core tenet is that ‘greater access to compute enables people to ask bigger questions, faster answers and a better world’, in the company’s own words.

According to the company, its products will manage one billion core hours this year, growing 2.7 times every 12 months, and help companies who spend up to $100 million annually on cloud infrastructure.

“We see amazing opportunities in joining forces with Microsoft,” Jason Stowe, Cycle Computing CEO wrote in a blog post. “Its global cloud footprint and unique hybrid offering is built with enterprises in mind, and its Big Compute/HPC team has already delivered pivotal technologies such as InfiniBand and next generation GPUs.

“The Cycle team can’t wait to combine CycleCloud’s technology for managing Linux and Windows compute and data workloads, with Microsoft Azure’s Big Compute infrastructure roadmap and global market reach,” Stowe added.

For Microsoft, the move fits in with its pushes towards artificial intelligence, the Internet of Things (IoT) and deep learning, of which it says it has seen ‘explosive’ growth on Azure.

“Cycle Computing will help customers accelerate their movement to the cloud, and make it easy to take advantage of the most performant and compliant infrastructure available in the public cloud today,” added Jason Zander, corporate vice president at Microsoft Azure in a blog post.

In 2016, artificial intelligence (AI) reached its climax. Research and advisory firm Tractica predicted that the annual worldwide AI revenue will grow from $643.7 million in 2016 to $38.8 billion by 2025. The revenue for enterprise AI applications will increase from $358 million in 2016 to $31.2 billion by 2025, representing a compound annual growth rate (CAGR) of 64.3%. Thus, IT and business decision makers must face up to the potentials of AI already today. For each kind of organization this leads to the question, which type of technologies or infrastructure they can leverage to operate an AI-ready enterprise stack.

read more

What sort of WebRTC based applications can we expect to see over the next year and beyond? One way to predict development trends is to see what sorts of applications startups are building. In his session at @ThingsExpo, Arin Sime, founder of WebRTC.ventures, discussed the current and likely future trends in WebRTC application development based on real requests for custom applications from real customers, as well as other public sources of information.

read more

Fast-paced changes in the business landscape demand enterprises to rethink their existing business models and add innovative capabilities keeping in mind the new imperatives. One among them is the focus on Digital transformation. In the retail industry, growth is measured in terms of increased sales and value addition to existing products while keeping customer expectations in mind. This is where a digital focus is important to remain competitive.

read more

As cloud computing has matured, the benefits it delivers to organisations of all sizes are undeniable. Companies are enjoying agility, scale and speed like never before.

And cloud adoption shows no signs of slowing. Gartner earlier this year forecasted that the worldwide public cloud services market would grow 18 percent in 2017, and Forrester said global cloud services revenues totalled £100 billion in 2016, up from £50 billion just two years ago — that’s annual growth of 30 percent.

With this huge growth in cloud adoption and the recent rash of cyberattacks targeting organisations across all industries, effective security in the cloud is paramount.

Exposed APIs

One way the cloud introduces new security risks to organisations is the underlying infrastructure that makes the cloud and cloud applications run, which consists of publicly exposed APIs.

Why is that an important distinction? Because, essentially, what makes APIs useful also makes them exploitable. APIs are built with fully exposed controls to support orchestration, management, automation and integration between solutions and applications.

This level of exposure makes them a rich target for exploitation, and can introduce another dimension of security challenges for businesses, as it expands the boundaries that were not part of traditional on-premise perimeters that enterprises are used to.

It’s often noted that attackers will take the path of least resistance, and employees – sometimes even those in IT organisations – will unwittingly help them, often by using lax identity practices.

Identity weakness is an open door

There will always be employees who fall prey to phishing attempts, surf exploited websites, use unsecured free Wi-Fi networks in public and download other sketchy material. All of this behaviour opens the door to potential attackers.

At the same time, common infrastructure weaknesses are seen by attackers as the exploit of choice to land a beachhead within an organisation, such as using a SQL query to find cached credentials or finding an unpatched, publicly exposed server to exploit.

And, of course, you have bad identity and password practices that are always enticing to threat actors – and there’s no shortage of employees who fall back to first initial-last name or password1234 as their password of choice.

Identity weakness can also open the door to full control of the API.

Identity hygiene

There’s no 100 percent ironclad way to prevent intrusion through exploiting identity, but you can slow them down. How? Through good identity hygiene. Some ways to implement this in your organisation include:

Multi-factor authentication

Time was, a password was the only necessary way to authenticate to a network or applications. That worked well for a while. Not anymore. Additional layers of defence are imperative. Threat actors can easily crack passwords, so the use of additional types of authentication, such as biometrics and tokens ensure tighter security.

Passphrases over passwords

We’ve seen time and time again where weak passwords are cracked. A passphrase, however, makes it more difficult. Where a password is typically up to 10 letters, numbers and symbols, a passphrase, however, has a much longer character length to stymie possible attackers and commonly contains underscores to separate words in the phrase. Passphrases don’t have to be grammatically correct and they can also use numbers and symbols to make cracking them that much harder. Mamma Mia! Your passphrase can be your favourite Abba lyric, if that’s your thing.

Depreciate expired employee accounts

Leaving accounts open for former employees or for services no longer in use opens a hole that is easily exploited. A good rule of thumb is to shut down expired employee accounts immediately to dramatically reduce the chance of a disgruntled former employee access the network.

Monitor access logs

It sounds like a no-brainer, but knowing who accesses what and when can avoid catastrophe. Monitor access logs frequently for anomalies and to ensure end-users have the correct levels of access.

The industry is currently making improvements in identity by implementing multi-context analysis strategies that include time of access, country of origin, host computer in use and other behavioural analyses to add weight to identity. For example, in his keynote at the AFCEA Defence Cyber Operations Symposium (DCOS), Lt. Gen. Alan Lynn, director of the Defence Information Systems Agency (DISA) and commander of the Joint Force Headquarters–Department of Defence Information Network (JFHQ-DODIN), outlined how assured identity will be critical to cloud and network security and access.

Lynn said assured identity goes beyond traditional common access cards for authentication and access and leverages biometric authentication such as facial and voice recognition, fingerprint, eye scanning and gait; and behavioural authentication, including travel patterns, location by time, device handling, speech patterns and keystroke cadence.

“When you start getting all of that data…your identity score goes up and it will determine how much access you have to different portions of the network,” Lynn said. “So the future I see will be not only a network that’s mobile that you’re bringing devices into your building, but it will determine what’s your level of access based on the amount of identity that’s been provided to your device. That’s a future we’re currently working on.”

Analytics to detect anomalies

Analytics and the ability to detect security anomalies in the cloud are also imperative. Having a strong understanding of how applications are performing and their security posture can provide insight into levels of access and potentially flag a possible security issue before it wreaks havoc.

Integrated, rich, per-app analytics let you quickly understand your application’s performance and security posture so you can take immediate action if there is an anomaly.

Per-app analytics and security data coupled with strong identity hygiene will help ensure your cloud and cloud applications are both high-performing and secure.

More than four in five respondents to a survey from Commvault and CITO Research say they are at least ‘very concerned’ about missing out on new advancements in cloud technology.

The fear of missing out (FOMO) in this space is real. Of the 100 IT leaders polled, more than two thirds said they were worried about keeping up to date with the latest products and iterations across the primary cloud providers. The most popular methods of keeping up to date were through reading tech publications and networking, cited by three out of five respondents. Interestingly, only one in three said they read vendor websites themselves.

A quarter (24%) of those polled said they were a ‘cloud only’ organisation, while 32% said they are ‘cloud first’ with plans to become cloud only, and only 6% said they did not have a specific migration plan. When asked to sum up their cloud journeys in one word, only one respondent proffered the term ‘frustrating’; ‘innovative’ (51%) and ‘exciting’ (35%) were the most popular.

When it came to the biggest barriers in moving apps and data to the cloud, the sheer volume of data was the primary concern, cited by 68% of respondents. This was followed by developing staff skills and acquiring talent (65%) and managing policies across cloud and on-prem data (55%). As one participant in a CTO panel put it: “The number one barrier to moving to the cloud is staff. That is what I hear from everyone. It’s the culture of moving to the cloud.”

“Cloud is changing the essential elements of the way we do business, and changing it for the better,” the report notes. “As cloud advancements continue, keeping up with those developments is important. But it’s equally important to pay attention to fundamentals.”

You can read the full report here (no registration required).

Consumers increasingly expect their electronic “things” to be connected to smart phones, tablets and the Internet. When that thing happens to be a medical device, the risks and benefits of connectivity must be carefully weighed. Once the decision is made that connecting the device is beneficial, medical device manufacturers must design their products to maintain patient safety and prevent compromised personal health information in the face of cybersecurity threats.
In his session at @ThingsExpo, Clark Fortney, Software Engineer at Battelle, discussed how designing safe connected medical devices begins with systematically analyzing cyber threats against desired functionality and making smart hardware/software architectural choices accordingly. Memory protection strategies, functional isolation, runtime checks, programming oversight, and vulnerability assessment testing are some of the key methods to increase the cybersecurity of a medical device, or any connected device that performs important functions.

read more

We get it. If your company isn’t up on blockchain, your future is doomed. At least, that’s the general vibe industry leaders are putting out – scrambling to understand and utilize a framework that is more frequently associated with cryptocurrencies like bitcoin. In other words, block chain is, generally, poorly understood. So, should your company stand back and let it mature, or wade into the fray and hope for the best?

read more