All posts by James

Google Drive, Facebook and Twitter most popular business cloud apps – but are they safe?

(c)iStock.com/shutter_m

More than 15% of European organisations now use more than 1000 cloud apps with Google Drive, Facebook and Twitter the most popular, according to a report from Netskope.

The findings, which appear in the April 2015 Netskope Cloud Report, saw iCloud and Salesforce make the top five. Five cloud storage apps (Google Drive, iCloud, OneDrive for Business, OneDrive and Dropbox) made the top 12, alongside four social apps (Facebook, Twitter, Google+, LinkedIn).

Of the organisations analysed in the Netskope Cloud, over a quarter use more than 1000 apps, with the average number of cloud apps – both sanctioned and unsanctioned – standing at 730, representing a 16% increase from the previous quarter. European organisations have on average 511 cloud apps.

Yet not all of these apps are enterprise-grade secure – far from it. According to Netskope’s figures, nine out of every 10 apps in use today score “medium” or below for enterprise-level security. Furthermore, 13.6% of app users have had their login details compromised, and more than one in five (21.6%) logins to Salesforce has been through users who have had their accounts compromised.

Regular readers of this publication and sister title Enterprise AppsTech will be aware of issues surrounding data breaches and compromised accounts. Often, it’s the employees themselves who pose a risk; a recent report from Aruba Networks argued the ‘generation mobile’ workforce was simply indifferent to security policy, while other research has shown employees are more than happy to give up their passwords if the price is right.

Netskope makes the point that many employees re-use passwords, or variations of them, across multiple accounts. “It is important to understand which of those are accessing, and how they’re using, your most business-critical cloud apps,” the report notes.

Yet it again brings up the age-old argument of ‘shadow IT’, or unsanctioned use of cloud apps. Whereas once blacklisting and whitelisting apps was commonplace in an attempt to curb unauthorised activity, many in the industry are now coming around to thinking ‘shadow IT’, if managed correctly, can be a benefit for the business.

“Like it or not, this is the new reality for IT,” said Sanjay Beri, Netskope CEO. “It’s thus critical that organisations maintain a deep level of visibility into their cloud app infrastructure so they can spot a suspicious pattern before it becomes an issue.”

Take a look at the most popular 20 cloud apps according to Netskope. Are these in use at your organisation?

Docker raises $95m in series D funding: Analyst describes “huge gamble” ahead

(c)iStock.com/cnrn

Open container platform Docker has announced $95m (£64.3m) in series D funding, in a move to “address the needs of the millions of ecosystem users and thousands of enterprises that have standardised on Docker’s technology.”

The funding round was led by Insight Venture Partners, with eight other firms putting their change in the bowl, including new investors Coatue, Goldman Sachs and Northern Trust. Docker’s last funding round, in September 2014, was $40m (£27.1m), led by Sequoia. Overall, the company has raised around $160m (£108.2m).

Jeff Horing, co-founder of Insight, said in a statement: “This financing is a strong vote of confidence in Docker management, and strengthens the company’s ability to fulfil the needs of the millions of developers who have made the commitment to utilising its breakthrough products and services in their daily work.” Solomon Hykes, Docker founder and CTO, said: “Our responsibility is to give people the tools they need to create applications that weren’t possible before. We will continue to honour that commitment to developers and enterprises.”

With all this VC cash knocking around, it’s easy to forget that two years ago, Docker was simply an offshoot of dotCloud, which was sold to CloudControl in August 2014 to focus squarely on the container business. As fashionable tech startups go it’s certainly up there right now; partnerships with Microsoft, Google, Amazon Web Services and Rackspace among others have helped, with Docker being described as “the next big thing in cloud computing.”

Yet questions are being raised over how Docker will best utilise this latest cash injection. Benjamin Golub, Docker chief executive, told the New York Times the company hadn’t yet spent all the money raised from its second round of financing.

It’s not uncommon for companies to exit, or go public, with little to show in the way of profitability. Fiona Cincotta, a senior market analyst at Finspreads, tells CloudTech: “[Docker’s] technology is already extremely popular with software engineers and its effects are profound. This, in addition to its huge ambition and desire to expand at such a rate that it pushes all other competition out of the way, is meaning that it is having a huge impact on the marketplace and attracting plenty of attention.”

She adds: “The extra funding will be directed towards building Docker’s products out [and] making the technology work more efficiently. However it is a huge gamble, and we have seen on many occasions that massive amounts of funding don’t necessarily translate to a successful technology business.”

As businesses are beginning to discover, cloud computing is simply a consumption model for them to buy and build their applications and improve business efficiency. Matthew Finnie, CTO of Interoute, told this publication in March how Docker, in combination with scalable network MPLS, is a viable model as Docker “does a brilliant job of abstracting the way to understand the VM, so you don’t really care what’s happening below.”

Cincotta adds: “The bet here is clearly that the market will continue to grow.”

Cloud ‘reality check’ in store for IT leaders, report affirms

(c)iStock.com/benoitb

As we’re now full swing into 2015, there is certainly a greater understanding over the potential – and the limitations – of cloud computing. Research from NTT Communications has explored the varying issues and argued there needs to be a smoother migration path from the corporate data centre to the cloud.

Similarly, even though cloud will claim a growing share of IT budgets in coming years, many IT decision makers don’t believe it is living up to its potential.

The complexity of companies’ IT is growing and becoming difficult to manage. UK IT decision makers claim they have to support 250 applications on average, compared to 100 in the US, 58 in Benelux and 57 in Germany. Globally, IT is having to deal with more than four clouds on average.

There was also an interesting examination of which apps are most suited to the cloud or the corporate data centre. Office productivity and document management (20% cloud, 9% data centre) had the clearest cloud swing, while many others were negligible – ERP and CRM had 13% for cloud, with 11% and 9% for data centre respectively.

The report came up with several interesting takeaways shedding light on how cloud deployments are developing in 2015:

  • There are no definitive answers for which app goes where. Some 10% of apps will never migrate to the cloud, while variables such as the nature of the application, its maturity, and the industry sector in question are often in play
  • IT decision makers are still unconvinced by platform as a service (PaaS), while infrastructure as a service (IaaS) is the platform of choice for almost half of respondents. “While the industry has always supported the PaaS concept, our results only cement the assessment that it has failed to truly take off yet,” the report notes
  • Bimodal IT – a system of IT advocated by Gartner in 2014 whereby two models of IT, one traditional and one agile, work together – is increasingly difficult according to respondents. More time is spent maintaining the current performance of applications as opposed to building functionality for the future

“Our study shows the reality of cloud in 2015 is potentially as complex as the world it was supposed to replace,” said Len Padilla, NTT VP product strategy. “ICT decision makers harbour significant frustrations over cloud, and there are no clear answers over which kinds of applications belong where.”

You can find out more about the study here.

Hybrid cloud adoption set to triple in three years according to new research figures

(c)iStock.com/janniwet

Hybrid cloud adoption is set to triple in the next three years with economics as the primary driver, according to new research from Peer 1 Hosting.

The study, which polled over 900 IT decision makers in the UK and North America, found cutting IT costs (49%) was the biggest IT priority within their organisations. Improving processes and operational efficiencies (45%) was also a popular response.

Currently, more than half (52%) of those polled said their primary IT approach was to use private cloud, followed by 31% for on-premise, 10% for hybrid cloud, and 7% for public cloud. Respondents expect this to significantly change by 2018, with private cloud deployments at 41%, hybrid at 28%, on-prem at 17% and public at 14%.

When asked what the key challenges were in achieving IT priorities in the coming year, security (53%) was the most cited choice, followed by data protection concerns (46%), budget constraints (39%) and lack of efficiency (25%).

The results chime in alongside current sentiment about hybrid cloud deployments and architectures. It makes sense to large organisations with complex, legacy architectures, who can dip their toes into a public cloud environment. As Sean McAvan, managing director of NaviSite Europe, penned for this publication earlier in April, the idea that certain data and workloads are better suited to a private cloud infrastructure, or a physical hosted platform, makes the decision to go hybrid a popular one.

Yet security is key – VMware, who made its relatively late push into hybrid cloud in February, has a disaster recovery set for those who are still concerned about where their data resides.

Toby Owen, vice president of product at Peer 1, noted this importance. “Hybrid cloud adoption appears to be held back by concerns largely related to security and data protection,” he said in a statement. “Clearly, these are areas where businesses cannot compromise.

“As the industry responds to this, with truly scalable, flexible and controllable hybrid cloud solutions, I believe that IT decision makers will be quicker to adopt hybrid cloud than this research suggests,” he added.

Security failing to keep pace with cloud technology adoption, report finds

(c)iStock.com/Melpopenem

Cloud service providers (CSPs) can no longer treat security as a luxurious add-on, and customers have to ensure their providers take care of the issue, a new report asserts.

The research, the latest cab off the rank from Ovum and FireHost entitled “The Role of Security in Cloud Adoption within the Enterprise”, offers sound advice to vendors and users alike. True, it’s stuff everyone will have heard before – but it’s worth repeating.

“On too many occasions, security has been positioned as an afterthought when new technology initiatives have been brought to market,” Ovum analyst Andrew Kellett writes. “Any service that includes access via public networks cannot ignore user and data protection requirements.”

It’s certainly a view FireHost agrees with. “For too long, businesses have made assumptions about the security of their cloud service providers,” said Eleri Gibbon, FireHost EMEA VP. “In the instance of a data breach, the client suffers the consequences. That doesn’t sit right with me – after all, if your house falls down unexpectedly, you’d expect people to ask questions about how it was built in the first place.”

It’s safe to say too that companies aren’t exactly over-confident in their providers’ ability to put out the fires. Ovum research shows 92% of enterprises globally have concerns with their CSP over shared cloud infrastructure security issues. It’s a similar number with a lack of control over where data is kept (92%) and a lack of visibility into security controls available (91%).

What may be driving this? If the CSP can’t deal with threats, don’t expect the customer to: a recent Informatica and Ponemon Institute study found 60% of global respondents were “not confident” they had the ability to proactively respond to cloud-based data threats.

However, not all is lost. Kellett argues security should be seen as a “positive driver” for organisations. “Despite well-known security and compliance concerns, there are positive to be gained from working with a cloud-based service provider that includes security and compliance facilities as baked-in components of its overall service delivery model,” he wrote.

“All cloud solutions should be expected to include elements of security as part of the overall offering, but not all cloud security has been created equally or built to achieve the same levels of protection,” he added.

Majority of firms say they aren’t confident in responding to cloud-based data threats

(c)iStock.com/Imilian

If data stored in the cloud is under threat, what would you do: fight the fire or hide under the bed and hope everything goes away? The majority of respondents in a recent survey admitted they would do the latter.

The research, commissioned by Informatica and conducted by the Ponemon Institute, found 60% of global respondents were “not confident” they had the ability to proactively respond to cloud-based data threats. 80% said not knowing if sensitive or confidential information could be exposed represents a significant security risk.

Some of the statistics were particularly eye-opening:

  • 65% of respondents said not knowing the location of sensitive or confidential data “kept them up at night”, and was more of a fear than hackers (25%) and employee mistakes (18%)
  • Only 19% of organisations polled have a common process for implementing new controls and preventative measures in the presence of a new threat
  • Just over one in five (21%) respondents said they would be able to detect a breach all the time

One aspect of the research the majority of respondents agree on is the use of automated solutions for discovering where sensitive data has proliferated – three quarters (73%) believe automated solutions would make their company’s data security activities more effective.

Recent surveys on the state of cloud security are still providing negative, nerve-jangling results. A CipherCloud assessment on cloud data protection found compliance and auditing privacy was the biggest security challenge associated with cloud computing. Compliance (64%) was the primary concern, followed by unprotected data for documents (32%).

Similarly, 90% of users polled in the LinkedIn Information Security group said they were either “very” or “moderately” concerned about public cloud security.

It’s worth noting as well that Informatica isn’t releasing the survey information out of the goodness of their heart either. The company is also launching Informatica Secure@Source, a solution which enables enterprises to take a data-centric approach to information security. You can find out more about that here, and more on the Ponemon Institute report here.

New report shows MongoDB to be leader of the NoSQL database pack

Picture credit: Garrett Heath/Flickr

A report from United Software Associates (USAIN) has found MongoDB to be top of the pile of NoSQL database providers in benchmark testing.

The research tested three leading products – Cassandra, CouchBase and MongoDB – through Yahoo!’s cloud standard benchmark, YCSB. USAIN wanted to assess the durability of each, going on the theory that most applications should prioritise durability over performance, not accepting data loss. The databases were put through the ringer on three types of performance metric; throughput optimised, durability optimised, and balanced.

In workload A of 50% read and 50% update with throughput optimised, under the YCSB benchmark MongoDB hit 160,719 operations per second, ahead of Cassandra (134,839) and Couchbase (106,638). With workload B’s 95% read and 5% update, MongoDB again came out on top with 196,498, ahead of Couchbase (187,798) and Cassandra (144,455).

However with durability optimised, MongoDB soared ahead on workload A, with 31,864 ops a second compared with Cassandra (6,289) and Couchbase (1,236). It was a similar story on workload B, with MongoDB (114,455) ahead of Cassandra (54,864) and Couchbase (18,201).

For the balanced tests, there was no equivalent configuration for Couchbase so it had to sit the tests out. Again MongoDB performed more strongly than Cassandra on workload A (114,245 against 77,676) and workload B (183,152 against 71,643).

The overall conclusion from USAIN was that, not surprisingly, MongoDB provided greater performance in every test, in some instances by as much as 25 times. In Couchbase’s default setting of optimised for throughput, MongoDB again outperformed it. The reason USAIN gave for this disparity was the method the two databases employed: MongoDB handles write conflicts in the database, while Couchbase instructs app developers to detect and handle conflicts in their code, meaning additional trips to retry updates.

Of course, it’s horses for courses. Back in June 2014 Couchbase released its benchmark testing report, this time from Thumbtack Technology, which put its database at the top of the pile ahead of MongoDB and DataStax, arbiters of Cassandra. It’s worth noting as well that USAIN has its place on a MongoDB partner page here.

You can take a look at the full report here (email required).

Why organisations need to be extra vigilant over their cloud security and partner use

(c)iStock.com/pinstock

A report from Skyhigh Networks has examined the issues for enterprises who share cloud data with partners, with almost 30% of data shared with partners considered “high risk.”

The report, the latest Cloud Adoption and Risk Report, argues the case that security does not end at the corporate perimeter. The average number of cloud services in use by company has risen again, from 545 in Q313 to 923 in Q115. Broken down by cloud service category the average company uses 162 distinct collaboration services, 51 development services, 49 file sharing services, 42 content sharing services and 30 social media services, with the average employee using 28 cloud services.

Assessing the recent Target breach, which cost the company $148 million to fix, the attackers exploited an unsecured heating and cooling vendor to get around Target’s security defences. Skyhigh therefore fires a warning shot about how much data is uploaded to various partners of the company. According to the research a third (33.7%) of data is uploaded to media and entertainment, followed by manufacturing (20.9%), high tech (16.6%) and retail (11.3%).

Even though only 8% of partners are considered “high risk”, this transfer accounts for 29% of data overall. The riskiest partner industries were telecommunications, agriculture and mining, and construction and real estate. Skyhigh gives examples of high risk partners, including an advertising agency with 1565 compromised identities, and an airline with 209 machines infected with malware and 9716 compromised identities. The message is clear: if you connect with partners such as these, your data is seriously at risk.

But which vendors enable the most connections between partners? Given most partner activity is for collaboration, customer service and file sharing, the apps identified reflect this. Cisco WebEx was the most popular collaboration tool ahead of Slack and Office 365; Sharefile was the number one for file sharing ahead of Box and Wiredrive, and Zendesk was the most popular for customer service beating Salesforce and GrooveHQ.

Skyhigh again chose this moment to fire a warning shot across the bows. “As more attackers seek to exploit vulnerabilities in partners to infiltrate high value targets with sensitive data, super partners could potentially lead to large scale attacks that compromise hundreds of companies at the scale of the Target or Sony breaches,” the report explains.

The overall ethos of the report is to control operations as much as you can, and to ensure as little ‘shadow IT’ activity – unless it’s harnessed properly, as sister publication Enterprise AppsTech has previously explored.

“As cloud adoption in the enterprise steadily increases, the cloud is having a measurable impact on the way businesses operate,” the report notes. “IT departments are migrating to cloud services to take advantage of faster time to market, lower cost, and increased operational efficiencies.

“In parallel, employees are rapidly adopting cloud services that help them do their jobs better and with greater mobility. However, not all employee-led cloud adoption is sanctioned or even known to the IT department,” it adds.

You can take a look at the full report here.

Research argues hidden costs contribute to a ‘cloud hangover’ for businesses

(c)iStock.com/WebSubstance

It’s the morning after the night before. You’ve had a bit too much, your head’s pounding, and you’re frantically searching your brain for anything you might have said or did that you’ll be paying for later.

We’ve all been there. Yet according to new research from Sungard Availability Services, it’s a similar effect at work when the IT department buys cloud solutions. 87% of the 150 UK-based senior IT decision makers polled say they have encountered some form of unplanned cloud spend.

All this improved productivity and efficiency is great, but there are plenty of hidden costs and issues lurking around the corner – and it’s not going to be solved by an aspirin and a glass of water before you go to bed. On average, each organisation polled was spending £200,000 a year to ensure their cloud services run effectively. Yet this isn’t the full story.

Anyone who has ever tried to piece together the remnants of the night before always has a first port of call; the receipts. All manner of weird and wonderful items can appear on these pieces of paper. Sungard’s research showed organisations spent an extra £270,000 on unforeseen costs over the last five years, including adding resources to manage deployment (44%), internal software maintenance (42%) and systems integration (40%). Suffice to say it was a bit more than a takeaway and a taxi.

This wasn’t the case elsewhere in Europe however. Only 54% of respondents in Ireland had encountered unplanned spend on cloud, with £150,000 spent on extra resources. IT decision makers in France had a whopping £430,000 of unexpected spend.

Almost half (45%) of UK-based respondents said cloud had increased the complexity of their IT infrastructure, while 70% admitted cloud had added a bunch of new challenges to the IT department. 28% of those polled said their IT costs had not gone down overall, as an expected return on investment in adopting cloud services.

Keith Tilley, executive vice president at Sungard, noted how, like the barfly who goes back for just one more, it’s more often than not the customer’s fault for getting into that state in the first place.

“By getting caught up in the hype, some organisations were quick to adopt the cloud without linking it back to their wider business goals and failed to see the additional considerations such as interoperability, availability and the operational expenditure linked to cloud,” he said.

“Whilst organisations can indeed see incredible benefits from cloud computing including agility, flexibility and cost savings, the cloud needs to be deployed on a case-by-case basis in line with business goals and the nature of the application or the workload,” Tilley added.

As this publication has examined before, cloud computing is not a magic cure all and due diligence has to be applied. Questions over data residency and data sovereignty have to be asked. The benefits are clear to see, and organisations continue to adopt aggressively, but this research shows how hidden costs remain an issue.

You can take a look at the effects of the ‘cloud hangover’ in the full report here.

Compliance remains the key cloud security challenge, according to CipherCloud report

(c)iStock.com/magann

Almost two thirds of organisations in a CipherCloud survey on cloud data protection say compliance and auditing privacy is the biggest security challenge associated with cloud computing.

CipherCloud, which has released its inaugural “Global Cloud Data Security Report”, found a number of interesting findings in the research, and the challenges associated with data security for Global 2000 companies.

Compliance and data protection concerns continue to remain the top barriers for cloud adoption. Compliance (64%) was seen as the biggest cloud security challenge, followed by unprotected data for documents (32%). Malware protection for documents (2%) and a lack of secure collaboration and file sharing methods (2%) were relatively inconsequential in comparison.

The number one concern identified was a regulation that a country imposes upon an industry or organisation, often referencing the collection of data on their citizens and utilising cloud apps to process and store the information.

Increasingly in Europe, as this publication has previously reported, cloud service providers are building data centres in countries closer to their customer base to get around issues of data sovereignty and latency – yet the concern still pervades. 58% of respondents cited this as a main issue, while 31% were concerned about internal security adherence and 11% cited a lack of data residency.

“Several organisations are proactively instituting self-imposed data security regulations for any cloud-based application,” the report notes. “These internal regulations are extensions of existing enterprise data security policies and best practices. The primary concern associated with self regulation is the lack of data classification standards.”

Compelling events that drove cloud adoption decisions included the opportunity to introduce new cloud tools and services (47%), replacing legacy applications (22%), and information collaboration (11%). Despite this Pravin Kothari, CipherCloud CEO, remains optimistic.

“Organisations are harnessing cloud computing to more effectively compete in the global economy with faster time to market and cost efficiencies,” he said in a statement. “At the same time, the headwinds of privacy legislation in North America, Europe, South America and Asia Pacific make the case for data-centric protections in the cloud.”

He added: “Our research indicates that compliance factors are galvanising organisations, particularly in healthcare and finance, to fortify their data defences in the cloud.”

Do you agree with this analysis?