CloudEXPO | DevOpsSUMMIT | DXWorldEXPO Silicon Valley 2019 will cover all of these tools, with the most comprehensive program and with 222 rockstar speakers throughout our industry presenting 22 Keynotes and General Sessions, 250 Breakout Sessions along 10 Tracks, as well as our signature Power Panels. Our Expo Floor will bring together the leading global 200 companies throughout the world of Cloud Computing, DevOps, IoT, Smart Cities, FinTech, Digital Transformation, and all they entail.

As your enterprise creates a vision and strategy that enables you to create your own unique, long-term success, learning about all the technologies involved is essential. Companies today not only form multi-cloud and hybrid cloud architectures, but create them with built-in cognitive capabilities.

read more

Most modern computer languages embed a lot of metadata in their application. We show how this goldmine of data from a runtime environment like production or staging can be used to increase profits. Adi conceptualized the Crosscode platform after spending over 25 years working for large enterprise companies like HP, Cisco, IBM, UHG and personally experiencing the challenges that prevent companies from quickly making changes to their technology, due to the complexity of their enterprise. An accomplished expert in Enterprise Architecture, Adi has also served as CxO advisor to numerous Fortune executives.

read more

France is looking to follow in Sweden’s footsteps – by cutting tax rates for data centres’ electricity usage.

As first reported by Datacenter Dynamics, French prime minster Edouard Philippe, speaking at the headquarters of Dassault Systemes, revealed plans to cut TICFE (taxe intérieure sur la consommation finale d'électricité) from €22.5/MWh to €12/MWh.

Philippe told delegates – loosely translated – that the move would make France a more attractive investment proposition taking into account both Brexit and the Cloud Act. The sector is committed to lowering its energy consumption by 15% by 2022, Philippe added.

In 2015, plans were first mooted for Sweden to reduce electricity taxation for its data centres, putting it in line with other industries such as manufacturing. A study from the Swedish government argued for a 97% tax reduction, which was granted a year later after the Swedish parliament pushed through new legislation.

Behind the Internet lies factories, or data centres, that represent very high levels of investment – anything that allows France to become a more attractive market is fantastic news

This appears to be similar for France – but Philippe also noted a disparity between the country and its European brethren in terms of productivity. The prime minister told delegates that between 2012 and 2015, France was the only country in Europe whose ‘robots to employees’ ratio had gone down. Rather than seeing this as a positive for jobs, it was viewed as a wake up call to get France’s digital house in order.

The move was praised by those in the industry. OVH, which is headquartered in France – and frequently scores top marks in Cloud Spectator’s industry reports analysing vendors on the combination of price and performance – said the development was ‘fantastic’.

An OVH spokesperson told CloudTech: “This announcement from the French government shows their understanding of how industrial development is also at stake in digital business. Behind the Internet lies factories, or data centres, that represent very high levels of investment. Anything that allows France to become a more attractive market is fantastic news, as France too has its role to play in the digital transformation.”

Earlier this month, consultancy DataCentrePricing.com noted ‘huge’ variations in European data centre prices. According to their analysis, rack space in Poland is less than a third (€320) of the price per month compared with Switzerland, Ireland and the UK (€1,000).

France remains the third largest data centre country market in Europe, behind the UK and Germany. Philippe noted in his speech there were 192 data centres in the territory.

Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

Cloud cost optimisation and management continues to be a hot area – and Flexera’s acquisition of RightScale, announced last week, plays into that theme even further.

RightScale may be well known for its authoritative yearly State of the Cloud reports, but its bread and butter is focused around reducing the cost headaches and complexity of cloud deployments. This can be through dashboards which collate performance and can identify wasted cloud spend, or being able to access multiple clouds from a single portal.

Flexera’s focus is not dissimilar; the Illinois-headquartered firm offers products around IT and software asset management (SAM). Together, the two companies will aim to provide an end-to-end set of tools to manage the entire IT stack, from hardware, to software, to SaaS.

“In today’s IT environment, a strong technology asset management strategy is not a nice-to-have – it’s required,” wrote Michael Crandell, CEO of RightScale in a blog post. “Enterprises spend approximately 60% of their IT budgets on software, hardware, SaaS, and cloud technology. With the RightScale solutions under the Flexera product umbrella, you’ll have the most comprehensive set of tools to help you manage your IT spend.”

That is the rationale therefore – but what is backing this up? As regular readers of this publication will testify, multi-cloud is becoming an essential part of organisations’ IT operations in 2018. Indeed, according to this year’s State of the Cloud, more than four in five enterprises have a multi-cloud strategy in place. Not only does it mitigate against the dreaded vendor lock-in, but companies are seeing the benefits of different clouds for different workloads; take Netflix for instance, and the furore around the company – a long-time AWS house – saying it used Google for certain disaster recovery workloads.

This approach has in some cases metamorphosed into something even more specific. Take the partnership announced last week by Microsoft and Volkswagen to put together what the companies are calling an ‘automotive cloud.’ From 2020, the duo claim, more than five million new Volkswagen brand vehicles per year will be fully connected, aiming for ‘a future fleet of cars which will behave as mobile ‘Internet of Things’ hubs linked by Microsoft Azure.’

Cloud solutions which are specific to certain industries are becoming more commonplace, such as the SAP Digital Manufacturing Cloud, announced back in April. The product is tailored for manufacturers of all sizes, with features such as integration between business process systems and the shop floor, and connecting manufacturers to suppliers. At the time, the company said the move would help customers “take advantage of the Industrial Internet of Things by connecting equipment, people and operations across the extended digital supply chain and tightly integrating manufacturing with business operations.”

This may be the streamlined future for organisations – but for the time being the vast majority of companies out there will have a mix of cloud-based and legacy systems, in need of de-cluttering their infrastructure. “As the migration to cloud continues, our clients are telling us that cloud costs are escalating at a rate much faster than they envisioned or planned for, and that multi-cloud management complexities are becoming the norm – not the exception,” said Michael Adams, KPMG managing director.

“They want to be able to control and reduce spend across all of their cloud environments with one solution.”

You can find out more about the Flexera/RightScale acquisition here.

Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

The use of the cloud is now mainstream and, despite some concerns, it is generally accepted that the public cloud is not inherently insecure. In fact, in many cases it is more secure than most data centres.

This can be explained when we consider how many opportunities there are for a piece of sensitive information that has been emailed, saved on a USB drive, or otherwise shared with colleagues to fall into the wrong hands.  Compare that to the same information being created, edited and saved in the cloud.  Major providers such as Amazon Web Services (AWS) and Google certainly put their best foot forward to provide layered security models for encapsulated cloud environments, with the intended outcome that customers can then benefit from these economies of scale at minimal expense.

Keys to the door

But of course, cloud security is not the only form of security required for systems and applications running in the cloud.  Relying on cloud providers for firewall, VPN, and WAF security is common and those components are often integrated aspects of a cloud provider security model.  However, the exposure of data and information to applications in the cloud is done via APIs (application programming interfaces). API security is an entirely different game.  This involves identity, security, and policies that should be within the control of your own organisation, not outsourced to the cloud.   This is also a necessary aspect of governance where your APIs represent the keys to the door and giving those keys to the cloud provider tips the balance of control too far.

APIs are the focal point of cloud innovation and enable the connections and data sharing that has allowed the cloud computing landscape to be adopted across virtually every technology and market segment.   But just as you would be cautious about handing over the keys to your house to another person, you should be equally cautious about handing over the API security capabilities to your cloud provider.

APIs have a pivotal role in widespread adoption of smartphones and tablets (and any other smart and connected devices like fitness trackers and smartwatches), the Internet of Things, and even social media. All of these have relied on APIs to function or grow. The threats posed by an exposed API are significant and ever-growing.  Yet, they remain the most overlooked threat to information security today. This is because API vulnerabilities are not easy to spot and require specialised technology for detection and prevention.

In recognition of this, in 2017, the non-profit, non-affiliated, online web application security community Open Web Application Security Project (OWASP) recognised API Security as a primary security concern by adding API to 9 of the top 10 vulnerabilities noted in the latest publishing of the OWASP Top 10 report.

API gateway vs API security gateway

Most cloud services use their own rendition of API gateways to serve as the single-entry point into the application or service and to provide access control. Because APIs are exposed via API gateways, the gateway product itself has become the target of attack and compromise. Any hacker who can compromise the API gateway will have the ability to turn any “no” into a “yes”. The primary issue is that API gateway technologies were designed for integration, not for security. API security best practices instead use cyber-secure technology for API enablement, which performs the roles of an API gateway, but includes the IAM and cyber security technologies together within the gateway itself.  This product technology is known as an “API security gateway”.

An API gateway will never provide the same layer of protection as an API security gateway. When an untrusted connection comes to your API and asks for your data, how can you be sure that that API has access to only the particular data that they need, or that they are allowed to have?  Are there embedded threats inside the API request? Is this trusted user accessing the API sending and retrieving the information expected? Access control alone is not API security and because API gateways are not based on cybersecurity technology, but rather based on integration platforms that run as software applications on insecure operating systems, they are designed simply to share information, not keep information safe.

Don’t outsource your cloud API security – control it

The only way to truly protect the data held in a public cloud is to embed secure API gateways within the cloud itself by deploying API security gateways.

If the gateway is not inherently secure by design at the point of its creation, then you will always be playing catch up as new exploits are inevitably discovered. The Panera Bread data breach when an unauthenticated API-endpoint exposed 37 million customer records and Shellshock (aka Bashdoor) family of security bugs which hit Yahoo! are proof of what can go wrong when using API technologies with insecure product architectures.

Many product vendors talk about their products having security features, but bolting on security features on products that are already inherently insecure at their core will not stop attackers from compromising the product by attacking the basic foundations of their insecurity.

More importantly, relying on cloud providers for API security will result in outsourcing your data security model and control of it.  This means that breaches and access to sensitive governance data by third parties are outside of your control. Instead, take control of your cloud API security policies and control your own keys and governance rules. Then you can fully realize the many benefits of cloud adoption with the assurance that the next API breach news story won’t be your company name in the headline.