All posts by James

CenturyLink: Why complexity, not the cloud vendor, locks you in

(c)iStock.com/RinoCDZ

It continues to be an extremely busy time for CenturyLink Cloud. Amidst a plethora of news and acquisitions, one stood out: the buyout of disaster recovery as a service software provider DataGardens.

As this publication has previously examined, cloud disaster recovery is certainly one of the more popular buzzwords in the IT industry right now, yet a lack of clarity still pervades. There are degrees of severity, from a short outage to a full blown DDoS attack, and there are different strategies vendors take; Verizon’s decision to implement a planned outage in January was roundly panned by the industry.

David Shacochis is VP cloud platform at CenturyLink. Speaking to CloudTech at Cloud Expo Europe, Shacochis describes disaster recovery as a service (DRaaS) as “a good headline”, but argues it misses the point.

“It’s certainly an important conversation starter, but really what it’s all about is workload portability,” he explains. “If you have workload portability and flexibility, and the ability to move workloads around and keep them – if you have that flexibility then that’s a risk mitigation, and that risk mitigation is ultimately what disaster recovery and continuity of operations is all about.

Shacochis continues: “Disaster recovery, more and more in the cloud age, is about architecture and design, to mitigate against the need for disaster recovery. DR as a service is a great way to start a conversation, [but] I think we’re increasingly getting to the point where disaster recovery declarations are not really what the industry needs to hear.”

The proof is in the pudding, Shacochis argues, in the new wave of application development and architectures; the applications redesigned to be resilient in the age of cloud are what people need to hear about instead of hard luck stories.

“A lot of the state management, session management and consistency architectures that modern application architects are designing for are starting to remediate the need for a lot of that,” he says. “Every graduating class of computer scientists starts to buy in more and more to that architecture, that certain way of designing and way of thinking.”

As Marc Andreessen once wrote, software is eating the world. Nowhere is that more appropriate than in cloud disaster recovery. Whereas once the DR strategy was storing a pile of kit in a data centre somewhere, software is disrupting it completely. “It’s very easy to take a copy of a cloud application and copy it to another cloud provider and keep it there as your hot standby,” Shacochis notes.

Naturally, prevention is better than cure; it’s important to have disaster recovery implementation in place, but it’s better if you don’t have to resort to it. Hence the importance of the cloud exit strategy.

For CenturyLink, whose acquisition of DataGardens was a mix of hiring the talent involved as well as the product, building services that are easy to migrate in and out of is “fundamental” to what they design. The oft-reported concern, of cloud vendor lock-in, is a misnomer according to Shacochis. It’s not vendors that provide the lock-in – it’s complexity.

“You can not be in a cloud,” he says. “I’ve seen colocation cages and environments that just make your heart cry. It’s just a tangled mess. They would simply have to rebuild it somewhere else in order to ever let go of that environment.

“We particularly think that cloud computing is fundamentally a lock-in free environment if done right,” he continues. “I think there are some cloud environments and some cloud platforms that are getting so clever and innovative, like what Amazon’s doing with Lambda or some of their proprietary modular services.”

The key, as Shacochis states, is workload portability. Expect more to come from DataGardens once their team is settled in, but disaster recovery and vendor lock-in concerns are certainly changing – and CenturyLink hopes to be on the right path with its visions.

Dropbox Android SDK vulnerability revealed, cloud storage provider praised for response

(c)iStock.com/funky-data

A major vulnerability in the Dropbox SDK for Android has been revealed by IBM Security, whereby attackers can connect applications on mobile devices to a Dropbox account controlled by the attacker.

The vuln has since been fixed, with IBM praising Dropbox for its response to the issue; the company acknowledged receipt of the disclosure within six minutes, confirmed the vulnerability within the day, and issued a patch within four days.

It’s slightly better than the flaw in Moonpig’s API, which was not looked at for 17 months before security researcher Paul Price, exasperated, went public, and was one of the quickest response times IBM Security had ever seen, which “undoubtedly shows the company’s commitment to security,” according to an IBM post.

The context here is not just with Dropbox customers, but in terms of other apps. According to AppBrain, 0.31% of all applications use the Dropbox SDK, with the number rising to 1.4% of the top 500 apps. Microsoft Office Mobile, for example, utilises the Dropbox SDK, and with over 10 million downloads, it potentially puts a lot of people at risk.

Out of the 41 apps examined which used the Dropbox SDK as part of IBM’s initial research, 76% were vulnerable to the attack. Dropbox leverages the OAuth protocol, which doesn’t disclose user credentials, and its SDK generates a cryptographic nonce which is saved locally, and can’t be guessed by attackers. However, the CVE-2014-8889 vulnerability lets attackers insert an arbitrary access token into the Dropbox SDK, bypassing the nonce protection altogether.

The vulnerability has since been fixed in the Dropbox SDK for Android v1.62. IBM warns developers who use the Android Dropbox SDK to upgrade their version, as well as advising users to ‘remain diligent’ and apply mobile app updates to patch any vulnerabilities.

You can find out more in a blog post here.

Organisations are aggressively adopting cloud – but can’t find the right security roadmap

(c)iStock.con/yvon52

90% of users polled in the LinkedIn Information Security group claim they are either very or moderately concerned about public cloud security.

The survey, sponsored by CloudPassage, aimed to give a comprehensive examination of current security mindsets from a more than 250,000 respondent base with a broad section of company sizes, experience and cloud mindset.

Here are the key stats:

  • 71% of respondents are either in planning stages, actively implementing or in production with cloud environments. Hybrid cloud deployments are most common with 7 out of 10 respondents using both private and public clouds in their organisation – 71% hybrid, 17% private cloud, 12% public cloud
  • Cloud adoption barriers are general security concerns (45%), data loss and leakage risks (41%), loss of control (31%), legal and regulatory compliance (29%), and integration with existing IT environment (29%)
  • The biggest security threats in public clouds are unauthorised access (63%), hijacking of accounts (61%) and malicious insiders (43%), while the key factors for cloud security were consistent security with other IT infrastructure (60%), continuous protection (58%), and affordability (26%). 7% of respondents said there were no new security resources required

The most popular cloud workloads according to the respondents were storage (45%), computing (42%), business apps (40%), virtualisation (33%) and networking (33%). Email (45%) is the most frequently stored corporate information in the cloud, followed by sales and marketing data (42%), intellectual property (38%) and customer data (31%).

When asked how they were going to plan their security needs when moving to the cloud, partnering with an MSP who will provide the resources (34%) was the most popular. Using security software from independent software vendors, and adding security staff dedicated to cloud was also popular.

The overall effect is an interesting one, particularly given the security outlook of the respondents, and the security worries they face. “This cloud survey represents a first glimpse into exactly what types of concerns are keeping security professionals up at night,” said Holger Schulze, the founder of the Information Security LinkedIn group in a statement.

“It’s clear from the survey results that a vast majority of organisations are investing aggressively in cloud computing technologies, while at the same time, have not figured out the complete security model to give them continuous, consistent protection in these environments.”

How Red Bull North America gained its wings and flew to a different cloud storage provider

(c)iStock.com/franckreporter

Red Bull North America has chosen Egnyte as its enterprise cloud sync and share provider having replaced Box in a “huge” client win for the Mountain View firm.

One of the key draws for Red Bull was the use of Egnyte’s API to connect to the sales team’s iPads, enabling the team to work in the field as well as leveraging Egnyte’s back end storage.

The announcement represents a validation of Egnyte’s strategy going forward, with the company focused squarely on the enterprise – not indifferent to Box, it has to be said – and company expansion, opening up its European offices last year.

Ian McEwan is Egnyte head of EMEA. He notes the importance of securing Red Bull, particularly given previous relationships with other vendors.

“You’re always on the back foot,” he tells CloudTech. “From our relationships with Red Bull it was taking a slightly different tact. We started talking with them, we started to see some key use cases that we could convince them to switch from Box, from that perspective we then went into a pilot, and from thereon in it was a no-brainer for them to change over.”

The process picked up on a key concept for Egnyte; while cloud collaboration is extremely important to organisations, if users are offline, or want to access files and folders from a desktop that needs to synchronise to main storage behind the firewall without the need for a VPN, it becomes more difficult.

“I think what Red Bull, like a lot of other customers, are looking for is a better way to collaborate and a way for technologies to co-exist,” McEwan explains. “The strategy is not to just go to the cloud, it’s a matter of having the flexibility to put the data on any storage, render it through any device, anywhere, whether you’re on or offline.

“So when we start engaging with customers, particularly established [ones] who have already got existing relationships with vendors, it’s about focusing on two things; trust and understanding that we believe we can better meet their business needs, and how we are going to help them be more efficient.”

Egnyte wouldn’t divulge the exact number of employees using the system, however McEwan did note Red Bull – with an overall employee base of more than 8000 – signed up for the capabilities across the whole organisation.

It remains however an important win, with McEwan noting the transition from Box to Egnyte had gone “extremely well.”

“When you look at Red Bull versus a small organisation with two or three employees, every single customer that comes to us is very unique, and we want to keep them as long as you can,” he says. “When you look at global enterprise customers it’s about being able to work with them. When we go into customer engagements it’s about a partnership and not necessarily about a sales organisation just selling to a customer and moving on.”

Moving the help desk to the cloud: Companies reticent to adopt SaaS models

(c)iStock.com/Andrew_Howe

More than two thirds of respondents in a survey from Software Advice currently use on-premise help desk systems despite the prevalence of cloud-based systems in the market.

68% of the more than 200 IT staff and management respondents have on-prem deployments compared to 18% utilising vendor-hosted cloud and 13% hosting on a leased server.

The most frequently used help desk software functionality, according to those polled, is ticket management (66%), followed by reporting and analytics (51%) and live chat integration (45%). The respondents also noted how software was having a positive impact on performance at the rest of the company; the vast majority of options had a more than 90% swing towards positive, with software problem resolution time (95%), first contact resolution (94%) and support staff productivity (93%) the most popular.

For 2015, more than two thirds (68%) said they expected a ‘moderate’ increase, with 16% predicting a significant increase and the remainder expecting a drop. The report argues this is the case for various reasons; not only do staff expect greater productivity, but customers also have higher expectations for the service they receive.

The report, which was funded and conducted by Software Advice independently, argues that while the CRM software market is dynamic, it creates a varied market, causing confusion for first time buyers. As a consequence, the company arrives at a list of best practice tips:

  • Define the scope of use: Working out whether it will be an internal employee-facing or external customer-facing service is important, as more specialised solutions could provide a better fit
  • Identify which business goals the software must address: Is the software going to address specific KPIs, or have a broader goal of improving the overall customer experience?
  • Determine integration requirements: Are you going to use CRM suites that offer help desk functionality baked in with other applications, or is it a variety of best-of-breed software tools?

The most intriguing point, however, concerns the consideration of both SaaS and on-premise. Even though the majority of survey respondents go with on-prem, cloud is becoming more of a factor – and this has to be considered, the researchers argue, although noting companies who continue with on-prem will have specific reasons for doing so, such as complex integrations with other software platforms.

You can find the full report here.

Financial firms accessing cloud more readily yet roadblocks still remain, say CSA

(c)iStock.com/eve_eve01genesis

61% of financial businesses are developing a cloud strategy within their organisation, according to a report from the Cloud Security Alliance (CSA).

The paper, in conjunction with CipherCloud and interviewing over 100 global participants across the financial sector, found that businesses are slowly but surely moving into the cloud, with a mix of leveraging private and public cloud the optimum strategy.

The findings came out of the Financial Services Working Group (FSWG), an organisation within the CSA which provides “knowledge and guidance on how secure cloud solutions can be delivered and managed by the financial industry.” Key trends included:

  • While 61% of respondents are developing cloud strategies in their organisations, a third (32%) already have a cloud policy established with 7% having a strict no cloud policy
  • For companies who have a strict private cloud only policy the main reasons for this were security concerns (86%), compliance concerns (86%), privacy (79%), data retention and destruction (79%), and data residency concerns (57%)
  • The most appealing features financial services providers require from cloud vendors are increased transparency (80%), better data encryption tools (57%) and real-time logs (51%).

The primary reason financial firms adopt cloud computing is flexible infrastructure capacity (68%), reduced time for provisioning (63%) and reduction in total cost of ownership (57%). Interestingly email, usually the most popular cloud app adopted across verticals, was only the third most popular in the CSA report with 43% of the vote, behind app development test environments (46%) and CRM software (46%).

When it came to not adopting cloud, every single respondent cited security as key, ahead of regulatory restrictions (71%) and concerns over public breach notifications (43%).

“The responses overall showed a very active market for cloud services in the financial sector,” said Dr. Chenxi Wang, vice president cloud security and strategy at CipherCloud. “Cloud has made solid inroads in this industry, with many firms looking to harnessing the power of cloud.”

Recent CSA research has found more worries with cloud adoption in regulated industries, with more than 90% of companies polled in a January study unaware of their employees’ shadow IT activity.

You can find the full financial services report here.

CIA claims its Amazon Web Services cloud is at ‘final operational capability’

(c)iStock.com/EdStock

It was one of the most fascinating battles of 2013: who would win the lucrative CIA cloud computing contract? Two horses were in the race, Amazon Web Services (AWS) and IBM; and it was the former who eventually came out on top despite appeals from the latter.

Now, according to CIA chief information officer Doug Wolfe, the AWS cloud has attained “final operational capability”.

As reported by Enterprise Tech, Wolfe told delegates at an industry event this week the CIA cloud would be “offset” on a private security network, and AWS had “made a big investment” in the project.

The AWS cloud will be unleashed across 17 US intelligence agencies according to the report, with Wolfe noting the CIA was “behind where [they] hoped to be” in terms of cloud adoption.

Wolfe had previously spoken at the Amazon Web Services government symposium in Washington back in June, where he said the AWS cloud would take “a few months to get online in a robust way.” In August, writing for Defense One, Frank Konkel reported the cloud was online.

It’s all a long way away from the argument and counter-argument when AWS and IBM were battling for the contract 18 months ago. AWS was given the decision, despite its proposal costing more than $50m a year than IBM’s.

There was a fair amount of mudslinging from both sides at the time. AWS said IBM had “belatedly” moved into cloud computing yet “does not even register on many leading commercial cloud computing analyses”, while IBM said that “unlike Amazon, IBM has a long history of delivering successful transformational projects like this for the US government.” The Government Accountability Office (GAO) released a report in which IBM’s complaint was both sustained and rejected, yet noting Amazon’s offer was both “the best value” and a “superior technical solution.”

IBM did lodge an appeal, in which it alleged the procedures used to rank Amazon’s proposal as technically superior were wide of the mark, but it fell on deaf ears in October 2013 when a federal judge ruled against the Armonk firm.

Wolfe defended the decision to award the contract to AWS, praising the vendor for delivering the cloud infrastructure and getting the project up and running in less than 18 months.

CIA claims its Amazon Web Services cloud is at ‘final operational capability’

(c)iStock.com/EdStock

It was one of the most fascinating battles of 2013: who would win the lucrative CIA cloud computing contract? Two horses were in the race, Amazon Web Services (AWS) and IBM; and it was the former who eventually came out on top despite appeals from the latter.

Now, according to CIA chief information officer Doug Wolfe, the AWS cloud has attained “final operational capability”.

As reported by Enterprise Tech, Wolfe told delegates at an industry event this week the CIA cloud would be “offset” on a private security network, and AWS had “made a big investment” in the project.

The AWS cloud will be unleashed across 17 US intelligence agencies according to the report, with Wolfe noting the CIA was “behind where [they] hoped to be” in terms of cloud adoption.

Wolfe had previously spoken at the Amazon Web Services government symposium in Washington back in June, where he said the AWS cloud would take “a few months to get online in a robust way.” In August, writing for Defense One, Frank Konkel reported the cloud was online.

It’s all a long way away from the argument and counter-argument when AWS and IBM were battling for the contract 18 months ago. AWS was given the decision, despite its proposal costing more than $50m a year than IBM’s.

There was a fair amount of mudslinging from both sides at the time. AWS said IBM had “belatedly” moved into cloud computing yet “does not even register on many leading commercial cloud computing analyses”, while IBM said that “unlike Amazon, IBM has a long history of delivering successful transformational projects like this for the US government.” The Government Accountability Office (GAO) released a report in which IBM’s complaint was both sustained and rejected, yet noting Amazon’s offer was both “the best value” and a “superior technical solution.”

IBM did lodge an appeal, in which it alleged the procedures used to rank Amazon’s proposal as technically superior were wide of the mark, but it fell on deaf ears in October 2013 when a federal judge ruled against the Armonk firm.

Wolfe defended the decision to award the contract to AWS, praising the vendor for delivering the cloud infrastructure and getting the project up and running in less than 18 months.

Salesforce delivers another billion dollar quarter, $5bn in annual revenue, shares skyrocket

Picture credit: Salesforce

Cloudy software provider Salesforce has announced its latest financial results, with $5.37bn (£3.46bn) in total annual revenue and another billion dollar quarter.

The results were in line with Wall Street’s expectations, with earnings per share at $0.14 and a year on year growth of 26.1%.

It certainly seems a long way since 2009, when Salesforce’s first billion dollar annual figures arrived, and late 2013, when the first billion dollar quarter arrived. CEO Marc Benioff saw the latter, understandably, as a major achievement initially – it’s now almost de facto.

“Salesforce delivered yet another year of exceptional growth, with revenue, deferred revenue and operating cash flow all growing more than 30%,” Benioff said in a statement. “Salesforce reached $5 billion in annual revenue faster than any other enterprise software company and now it’s our goal to be the fastest to reach $10 billion.”

Gross profit for Q414 ended at $1.09bn, up from $871,000 this time last year, while annual gross profit stood at $4.23bn, an increase of 25% from 2013’s $3.39bn.

Shares of Salesforce shot up as much as 10% in the aftermath of the news, yet the analysts were keeping their powder relatively dry. Tim Beyers, of the Motley Fool, said the company’s deferred revenue figures looked good – understandably given their main selling point is subscription based – yet added if balance grew more slowly compared to deferred revenue in the future, it “could suggest the company is having a tougher time signing the sorts of lucrative, multi-year deals Benioff wants.”

Kara Ordway, senior market dealer at City Index Australia, told CloudTech the results were “no great surprise” yet added the market was “pleasantly surprised” by Salesforce’s hike in its revenue outlook range.

“Going forward Salesforce looks well positioned to take advantage of one of the fastest growing markets in technology and is set to reap the benefits of its expansion into the fast growing European markets,” she said. “However Salesforce is yet to fully explore the advantages of geographic revenue diversity which is where the opportunity sits for the future.”

Ordway added: “Salesforce performed in line with expectations, however those forecasts were already well above the previous year’s results. With such an upbeat outlook, investors were particularly keen to jump on board.”

2014 highlights for Salesforce included the launch of the Salesforce1 app, as well as the opening of a first UK data centre, with further European expansion on the horizon. The company has also announced a global agreement with Sage with employees of the business management provider using Salesforce’s Customer Success Platform, as well as an update to its Desk.com product, which is now available in more than 50 languages.

The hype around cloud computing has been justified, say enterprises

(c)iStock.com/ferlistockphoto

85% of respondents in a Tata Communications survey say that cloud computing had lived up to industry hype in their experience, with 23% saying cloud had exceeded their expectations.

Increased productivity was the most popular benefit according to 69% of those polled, with better access to data (65%) and reductions in costs (63%) also highly cited. 83% of respondents admitted they experienced benefits they weren’t expecting to see.

The report added to the plethora of research confirming cloud computing was being widely used in the enterprise. 97% of respondents overall said their organisation had already adopted cloud, with only 1% saying it wasn’t an important part of their infrastructure. Private remains the most popular use case – 50% of respondents said they had deployed private cloud for between one and three years – while hybrid is certainly on the rise, with one in 10 deploying within the last year.

Almost two third (65%) of respondents said using the cloud had led to increased speed of access to technology, while a similar number (67%) experienced reduced delivery times to clients and partners.

Yet this doesn’t explain the full story. More than half (57%) of respondents admit they have migrated data back in-house from the cloud. Not surprisingly, it’s security and data protection they’re concerned about. Of the application structure in organisations polled, only two in five (39%) apps are ready to move to the cloud – and as a result companies are primarily relying on private cloud.

However 94% said their organisations would be more partial to using hybrid cloud is the connections within publicly-used internet structure could be made more predictable.

“This independent research shows that the cloud has exited the hype cycle and entered the real adoption phase for businesses globally,” said Julie Woods-Moss, CMO at Tata Communications. “It is now a strategic investment and a competitive differentiator.”

You can find the full report (email required) here.