Mobile device usage has increased exponentially during the past several years, as consumers rely on handhelds for everything from news and weather to banking and purchases. What can we expect in the next few years? The way in which we interact with our devices will fundamentally change, as businesses leverage Artificial Intelligence. We already see this taking shape as businesses leverage AI for cost savings and customer responsiveness. This trend will continue, as AI is used for more sophisticated patterns, and chatbots replace the traditional mobile apps.
In his session at 21st Cloud Expo, Michael Meiner, an Engineering Director at Oracle, will look at this evolution of mobile computing, along with the underlying enterprise technologies that enable this shift. Demos using Amazon Alexa and Oracle Mobile Suite will be shown.

read more

Why Federal cloud? What is in Federal Clouds and integrations? This session will identify the process and the FedRAMP initiative. But is it sufficient? What is the remedy for keeping abreast of cutting-edge technology?
In his session at 21st Cloud Expo, Rasananda Behera will examine the proposed solutions:
Private or public or hybrid cloud
Responsible governing bodies
How can we accomplish?

read more

Cloud-based disaster recovery is critical to any production environment and is a high priority for many enterprise organizations today. Nearly 40% of organizations have had to execute their BCDR plan due to a service disruption in the past two years. Zerto on IBM Cloud offer VMware and Microsoft customers simple, automated recovery of on-premise VMware and Microsoft workloads to IBM Cloud data centers.

read more

For those at software as a service companies, it’s easy to forget that cloud services still aren’t standard at most companies. 

According to a BetterCloud report, just 43 percent of organisations today operate primarily on cloud services. By 2020, however, BetterCloud expects that figure to hit 73 percent, and by 2022, it predicts that 86 percent of firms will default to cloud services.

Increased cloud usage obviously benefits cloud service providers. But as SaaS services increase in popularity, so do opportunities for hackers to compromise them. Data breaches in the U.S. cost companies about $225 per compromised record, with healthcare data breaches costing a whopping $380 per record. 

Hackers know that crime pays when it comes to cloud data breaches. Unfortunately, they also know that plenty of SaaS providers and their clients are wholly unprepared to prevent attacks.

SaaS firms’ security obligations

Because they offer a software service, SaaS companies own more security responsibilities than traditional software businesses or even their platform-as-a-service and infrastructure-as-a-service peers.

Unlike PaaS or IaaS providers, SaaS companies must manage access to all levels of their applications. When SaaS providers fail to meet that responsibility, client data can be compromised. 

The worst part of such breaches is that they’re typically preventable. A simple configuration error, for example, led to an Amazon Web Services breach this past June. The data of nearly 200 million U.S. voters was exposed, including names, birth dates, home addresses, phone numbers, and voter registration details. 

Data breaches do not happen in a vacuum. Each brings greater distrust to an industry in which trust is already hard to come by. Today, just 13 percent of IT decision makers say they trust public cloud services. 

For SaaS providers, keeping customers’ data secure isn’t just smart business; it’s key to the entire industry’s success. To prevent breaches and earn customers’ trust, SaaS providers need a crack data security team.

Hiring for SaaS security

Every SaaS provider, from Microsoft to niche app shops, must build a security team that either reports to the chief information security officer or emulates that structure by disseminating responsibilities.

Regardless, the following four roles are absolutely necessary for SaaS companies to come alongside customers in managing security:

SecDevOps professional

At companies using traditional on-site infrastructures, applications are protected by “moats,” including the network layer and various security applications. In the past, this was enough. But in today’s multitenant SaaS world, crowds of hackers and bots prod for weaknesses in SaaS providers’ — and, by extension, their customers’ — castle walls.

To stay a step ahead, SaaS companies typically turn to a DevOps approach, with developers writing code and reviewing and integrating it into the code base. But these teams are typically missing a critical member: a DevOps hire focused on security.

SecDevOps professionals go by many titles, perhaps most commonly information security engineer. In a nutshell, this person’s role is to unravel insecure, lazy development habits.

Just like a quality assurance tester for a new product feature, SecDevOps personnel evaluate coding practices to recognise and shore up vulnerabilities. Their tools include risk modeling, threat assessments, and penetration testing throughout the development and deployment process.

To find the right fit, give candidates a take-home test that includes the identification and explanation of insecure code. Developing this test might take time, but having candidates solve an actual code challenge for the company could counterbalance that time expenditure. To quickly spot talent, look for individuals who are familiar with Microsoft’s Security Development Lifecycle methodology or the Open Web Application Security Project’s top 10 data security vulnerabilities.

Identity manager

SaaS organisations need stronger security than organisations offering on-premise or non-SaaS deployment models. To that end, they must hawkishly manage how, when, and by whom their applications are accessed.

Don’t assume that an application is secure simply because it’s hosted by AWS. A Corvette might park in a garage full of expensive tools, but without a trained mechanic maintaining it, the car won’t last long in any environment. 

In the SaaS world, that mechanic is an identity manager, and his or her job is to manage access credentials and architect a role-based security program. It’s easy to hand permissions to any team member who asks for them, but without an identity management expert’s oversight, those permissions can quickly become security liabilities. And the longer an organisation goes without proper role management, the more difficult implementing those rules becomes.

Governance and risk manager

The job of this role is twofold: to establish a process for communicating the company’s security requirements to relevant parties, including clients, employees, and regulators, and to enforce and evolve those mechanisms, revising them as business or regulatory needs change. 

Without a documented governance process in place, SaaS companies are slow to respond to new threats and ineffective at enforcing existing policies. Conversely, a cumbersome, outdated governance policy may cut into business productivity or lead employees to ignore important security steps. 

The governance and risk manager, then, works to achieve the right balance of security and agility. By understanding the risk exposure of the company’s stakeholders and the types of data in need of protection, he can prioritise security programs without slowing the business down. 

There’s no single background that makes a great governance and risk manager. Start searching for experienced individuals on industry forums such as ISACA; ISC2; and other governance, risk, and compliance communities.

Security operations manager

Like SecDevOps hires, security operations personnel can go by many titles. Regardless, their role is to detect and prevent threats and, if a breach does occur, manage the response. 

In practice, that requires the security operations team to develop a five-part plan to identify, protect, detect, respond to, and recover from cybersecurity threats. A SaaS provider without any of those capabilities exposes not only its business, but also the businesses of its customers to costly breaches. 

Information security professionals of all stripes, including security operations personnel, are in short supply. When choosing between candidates, look for certified information systems security professionals, but don’t discount others with experience in the trenches and the hunger to learn. 

As SaaS becomes the standard operating model for companies large and small, data threats will only deepen. Don’t wait for a breach to start searching for talent; invest in a security team now, and strengthen your SaaS operation for years to come.

Most of the time there is a lot of work involved to move to the cloud, and most of that isn’t really related to AWS or Azure or Google Cloud. Before we talk about public cloud vendors and DevOps tools, there are usually several technical and non-technical challenges that are connected to it and that every company needs to solve to move to the cloud.
In his session at 21st Cloud Expo, Stefano Bellasio, CEO and founder of Cloud Academy Inc., will discuss what the tools, disciplines, and cultural aspects are that enterprise companies are considering to get to the cloud and eventually transform the way they build software and services.

read more

“CIOs are starting to wake up to the fact that there’s going to be multiple clouds to address multiple workloads and applications,” says Thor Culverhouse, CEO of Seattle-based Skytap, “which tells me the war around the cloud hasn’t even started.”

It makes for an interesting viewpoint, considering the assertion that the market is all but sewn up. Indeed, Gartner, in its most recent Magic Quadrant for cloud infrastructure as a service (IaaS), has placed Amazon Web Services (AWS) and Microsoft on their own as leaders for the second year running.

But Skytap, who made its debut appearance in the niche players section this year, says its area of the market is not covered by AWS and Microsoft – and could even be larger than where the two behemoths are looking.

Founded in 2006, the company, in its own words, offers an alternative to the mindset of ‘forcing customers to rewrite their traditional applications’ for migrating to the public cloud. With Jeff Bezos – yes, you read that right – as its first investor, the original business plan, of renting applications online, was influenced around virtualisation more than cloud. By the time Culverhouse had joined as chief exec in 2013, however, the focus had changed to workloads and applications which couldn’t easily be lifted and shifted into the cloud.

“Investors, and myself, felt like the real pot of gold was really around more traditional legacy workloads in the enterprise that were never really designed to live in what I would call cloud-native platforms, like AWS, Azure, and Google Compute Engine,” Culverhouse tells CloudTech. “If you think about the market itself, they tend to focus really on network application development, so the majority of their wins – almost all of their revenue – is really people building brand new applications that are going to take advantage of their services.”

The market appears to be getting used to this idea. Last month, as this publication reported, Skytap secured $45 million in a funding round led by Goldman Sachs, in a round which Culverhouse says will ‘likely’ be the company’s last before potentially going public. More than sorting out a few unwieldy apps, mind you; the Skytap CEO adds the entire software development lifecycle is sped up for businesses on board.

“The vast majority of enterprises run their core applications either on x86, AIX, so many on mainframe… and so the breadth of those applications can be lifted and shifted into Skytap relatively easily,” says Culverhouse. “Now they can start to do things like agile, and DevOps, and CI/CD, which is basically changing the way they develop software.

“You’re effectively improving the infrastructure and you can also improve the process by which you develop software,” he adds.

As a result, despite the company’s position in the cloud IaaS Magic Quadrant, Skytap does not see itself as a competitor of the AWS and Azures. “What we end up competing with is the on-premise world,” says EMEA general manager Chris Griggs. Culverhouse says the company’s offering is “somewhere between a PaaS and an IaaS”, and that its IP sits on top of the raw infrastructure – the company has an OEM reseller partnership with IBM also utilising its bare metal.

“We like it when we walk into an account and they’ve already started using Amazon and Azure, because it tells us they’ve done the evaluation, they know where the applicability of those services are, and therefore, where the applicability of our services are,” he says. “The more educated the market is, the more educated the CIO is, the better it is for all of us.”

That said, Culverhouse adds there was ‘no question it was an important day’ for Skytap being named in the Quadrant – but there is still a long way to go. “This is an ongoing process as they get to know us better,” he says of Gartner. “I think their criteria is more raw infrastructure as a service oriented, and we’re effectively a service that sits on top of [that] infrastructure.”

The Skytap CEO also takes umbrage with the term ‘niche’ – and it is here that the biggest opportunity reveals itself. “If you think about niche, it sort of suggests that it’s small in nature,” says Chulverhouse, “but Gartner will also tell you in a variety of other reports by 2020 76% of the multi-trillion dollar IT spend is still going to be on-prem, both applications and infrastructure.

“That is not a niche; that’s absolutely huge,” he adds.

Read more: Skytap secures $45m in funding round led by Goldman Sachs

It is something the industry already suspects, but new figures confirm it: the traditional data centre infrastructure market has nosedived over the past two years as private and public cloud roars on.

The numbers (below) come from analysis by Synergy Research, whose latest data shows spending on traditional, non-cloud data centre hardware and software had dropped 18% between the second quarters of 2015 and 2017.

The public cloud market grew 35% during the same period, while the private cloud – or cloud-enabled – grew 16%. The overall market grew by just 5%, to a total now of more than $30 billion.

Leaders in public cloud data centre infrastructure, aside from original design manufacturers (ODMs), are Cisco, Dell EMC and HPE with Cisco on top, while the same three companies lead the private cloud market alongside Microsoft, with Dell EMC out in front.

Each vendor – HPE in servers, Dell EMC for storage, Cisco in networking and Microsoft in server OS – has specific expertise and leadership with different product segments of the market.

“With cloud service revenues continuing to grow by over 40% per year, enterprise SaaS revenue growing by over 30%, and search/social networking revenues growing by over 20%, it is little wonder that this is all pulling through continued strong growth in spending on public cloud infrastructure,” said John Dinsdale, research director and a chief analyst at Synergy.

“While some of this is essentially spend resulting from new services and applications, a lot of the increase also comes at the expense of enterprises investing in their own data centres.

“One outcome is that public cloud build is enabling strong growth in ODMs and white box solutions, so the data centre infrastructure market is becoming ever more competitive,” Dinsdale added.