Atmosera delivers modern cloud services that maximize the advantages of cloud-based infrastructures. Offering private, hybrid, and public cloud solutions, Atmosera works closely with customers to engineer, deploy, and operate cloud architectures with advanced services that deliver strategic business outcomes. Atmosera’s expertise simplifies the process of cloud transformation and our 20+ years of experience managing complex IT environments provides our customers with the confidence and trust that they are being taken care of.

read more

Cloud Pro

When a company wants to develop an application, it must worry about many aspects: selecting the infrastructure, building the technical stack, defining the storage strategy, configuring networks, setting up monitoring and logging, and on top of that, the company needs to worry about high availability, flexibility, scalability, data processing, machine learning, etc. Going to the cloud infrastructure can help you solving these problems to a level, but what if we have a better way to do things.

As a pioneer in serverless notion, Google Cloud offers a complete platform for each of those necessities letting users to just write code, send messages, assign jobs, build models, and gain insights without deploying a single machine. So cloud compute on its own is not enough, we need to think about all of the pieces we need to move architecture from the bottom, up towards the top of the stack. With the serverless tools, companies can focus on the most productive task: application development.

read more

Kubernetes as a Container Platform is becoming a de facto for every enterprise. In my interactions with enterprises adopting container platform, I come across common questions: – How does application security work on this platform? What all do I need to secure? – How do I implement security in pipelines? – What about vulnerabilities discovered at a later point in time? – What are newer technologies like Istio Service Mesh bring to table?In this session, I will be addressing these commonly asked questions that every enterprise trying to adopt an Enterprise Kubernetes Platform needs to know so that they can make informed decisions.

read more

Security Past the Perimeter: An Immune System for the Cloud

read more

Confluent, a provider of open source software based on Apache Kafka, has raised $125 million (£96m) in a series D funding round putting it at a valuation of $2.5 billion.

The funding round was led by Sequoia Capital – whose other recent runners have included Snowflake and Cohesity – with participation from Index Ventures and Benchmark.

The company sits in a very interesting position when it comes to cloud and open software. Apache Kafka, originally brought about by LinkedIn before being donated to the Apache Software Foundation, is based around stream processing and building real-time data pipelines – in essence streamlining business processes. Enterprises using Kafka to streamline their systems include eBay, The New York Times and Walmart.

Confluent was founded in 2014 to provide what the company calls ‘the most complete distribution of Kafka’ and, like many platform providers of this ilk, earn clients through management and facilitating ease of use. Indeed, the founders of Confluent – Kreps, Neha Narkhede and Jun Rao – were part of the LinkedIn team which originally developed Kafka.

Over the past couple of months, however, interest around the positioning of Kafka – and Confluent – has intensified. During the most recent re:Invent in November, Amazon Web Services (AWS) launched Amazon Managed Streaming for Kafka in public preview.

Confluent responded two weeks later by announcing license changes for components of its platform. Users could still download, modify and redistribute the code, but not – looking closely at the big cloud vendors – use it to build software as a service.

As Kreps put it at the time: “The major cloud providers all differ in how they approach open source. Some of these companies partner with the open source companies that offer hosted versions of their system as a service. Others take the open source code, bake it into the cloud offering and put all their own investments into differentiated proprietary offerings.

“The point is not to moralise about this behaviour; these companies are simply following their commercial interests and acting within the bounds of what the license of the software allows,” Kreps added. “But we think the right way to build fundamental infrastructure layers is with open code. As workloads move to the cloud we need a mechanism for preserving that freedom while also enabling a cycle of investment, and this is our motivation for the licensing change.”

Confluent is not the only company to have gone down this route. MongoDB altered its conditions last year, as did Redis Labs. Perhaps unsurprisingly, in the case of Redis Labs, pre-license change code was forked under a project titled GoodFORM – ‘free and open Redis modules.’

The way Confluent has gone about its license change will presumably prevent any dissention from the open source community on the level of Redis et al. Yet many outlets and analysts have remarked how 2019 will be a vital year for open source development as the continued rise of cloud takes hold. This publication speculated as such following the news of IBM acquiring Red Hat, with the hyperscalers ‘holding all the cards.’

Regardless, the funding is certainly an affirmation of what Confluent is doing. Kreps said the move built upon a ‘truly fantastic’ 2018, with subscription bookings growing 3.5x year on year, and outlined future possibilities.

“Across virtually every industry, businesses are realising that in the world we are entering, every company is a software company,” wrote Kreps. “In order to compete in this new world, modern businesses need to take their own software architecture seriously.

“We think the architecture for these modern companies centres around streams of events that they can combine seamlessly with their stored data to create intelligent, real-time applications that serve customers, analyse operations, and react continuously to the ever-evolving state of the business and world,” Kreps added.

Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

Dave Mitchell

SMEs than want the toughest file sharing security won’t find a better or more affordable alternative

Thanks to the cloud, organisations of all sizes can enjoy scalability, ease of use, and significant savings by outsourcing hardware and software ownership and maintenance in multi-tenant environments. Medium-sized companies no longer have to pay to build their own infrastructure, which makes the cloud especially appealing to this market.

However, the cloud still suffers from security issues. Migrating critical data and applications to the cloud is comparable to leaving your house key under the door mat. You have outsourced not only your infrastructure but the encryption keys to your sensitive data and files as well.

Strong cloud security requires an assessment of encryption key controls. Unless you exclusively control the encryption keys to your data, you could be at risk. Unfortunately, that is not the case with the cloud and it’s one of the reasons why we continue to get apologetic emails notifying us that our data has been compromised. Each cloud service and software-as-a-service provider represents a huge attack surface and is therefore a serious target. With everything moving into the cloud, how do you make key management work? This is a challenge that needs to be solved.

Should you put your keys in the cloud?

A multi-tenant cloud solution (applications, database, files, and everything else hosted in the cloud) is the simplest concept, since it’s easy to understand how on-premises infrastructure can be visualised as cloud instances. Organisations often assume this is what they need. However, moving key management systems (KMS) to the cloud using any of the three common cloud-based options poses significant risks.

In outsourced KMS, the cloud service provider owns the keys and they will tell you that all your data and files are secured and encrypted. That’s good – except if the provider or your account credentials to the provider get hacked (as it did in Uber's case with AWS). Your files may be encrypted, but if you’re storing your encryption keys with them, then the attacker can decrypt everything if their attack gains access to your keys as well.

Another option is cloud KMS, in which you own the keys, but they’re stored in cloud software. A software-based, multi-tenant cloud KMS is especially ill-suited for cryptographic key management. Since hardware resources are shared across multiple clients, there’s a higher level of insecurity to the protection of these keys – the Spectre and Meltdown vulnerabilities are testament to this.

The third approach is cloud HSM: you own the keys, but they’re stored in cloud hardware specifically designed for securing cryptographic keys. The “gold standard” for protecting keys are secure cryptoprocessors – hardware security modules (HSM) and trusted platform modules (TPM). Although certain risks are mitigated by using a cloud-based HSM or TPM, the fact remains that although the keys may be secure, access to them may be at risk: the applications that access these secure cryptoprocessors are still part of a multi-tenant infrastructure.  Between attacking a purpose-built hardware cryptoprocessor or an application running in a multi-tenant environment, the application is always the easier target from an attacker’s point of view.

Key laws

Cloud providers do offer advanced firewalls, intrusion detection and other protective measures, but security doesn’t end there. Securing the core elements of your business – sensitive data and files – against breaches requires encryption using the fundamental Laws of Cryptographic Key Management:

• Secure cryptoprocessors (HSM/TPM) must control and protect cryptographic keys
• Multiple key custodians within a single organisation must exclusively control cryptographic keys
• The parts of the application that use cryptoprocessors to work with sensitive data must not execute within public multi-tenant environments. Not only is sensitive data already unprotected in the multi-tenant environment, but so are the secrets that authenticate the application to the cryptoprocessor, potentially leading to the breach of encrypted data using the secure cryptoprocessor in the attack

The wrinkle in this situation is that there aren’t any public clouds that are able to meet these essential requirements. Organisations that leave security solely in the hands of cloud providers could be in for a rude awakening.

The keys to your kingdom

This doesn’t mean, though, that using the public cloud is out of the question. Instead,

store your sensitive data and files in the cloud while retaining exclusive control of their encryption keys under the protection of your own secure cryptoprocessor in a controlled environment outside the public cloud.

If your cloud service provider suffers a security breach and this architecture is in place, the attacker gets nothing of value. They only get access to encrypted information that is of no use to them without the keys. The benefits of the cloud are still realised while maintaining data protection. This allows companies to prove compliance to data security regulations while leveraging clouds, private or public, to the maximum extent possible.

The benefits of the cloud are real, but so are the security challenges. Even if data used by cloud applications are encrypted, the encryption keys are what’s important. Not only does the information need to be kept safe, but so do the keys. So then, mid-sized companies can’t assume cloud providers have iron-clad security. Instead, use the cryptographic key management laws to find solutions that secure critical data and protect your company’s reputation as well.

Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

Only the most exceptional IBMers are appointed with the rare distinction of IBM Fellow, the highest technical honor in the company. Shankar has also received the prestigious Outstanding Technical Achievement Award three times – an accomplishment befitting only the most innovative thinkers. Shankar Kalyana is among the most respected strategists in the global technology industry. As CTO, with over 32 years of IT experience, Mr. Kalyana has architected, designed, developed, and implemented custom and packaged software solutions across a vast spectrum of environments and platforms. His current area of expertise includes hybrid, multi-cloud as-a-service strategies that drive digital and cognitive enterprises to operational excellence. Throughout his career, Mr. Kalyana has established himself as a brilliant strategist, respected technical advisor, renowned speaker, admired author, and insightful leader who bridges the business-IT gap to implement transformative technologies. He holds a Master’s degree in Information Science from The Pennsylvania State University.

read more

Clare Hopping