All posts by Richard

5 Cloud Security Practices

2014 could have easily been host to some of the biggest security breaches ever. Many hackers have adapted to the ever-changing technological advances, but current security practices and technologies can prevent these breaches. Many companies that fell victim to security breaches fell into the compliance equals security trap. This trap concludes that if a company goes to the trouble of being legally compliant, to any number of regulations, then it will be secure. But this is not the case.

 

Security is never a guarantee. However, there are some things that can be done to help prevent serious breaches of security and the consequences that come along with it.

 


cloudsecurity1220

 

-Continuous Visibility: Companies need to have complete and total visibility into their technology assets and services. You cannot secure what you cannot see. You need to be aware of what you have and what it’s doing at all times if you want to keep things secure. Visibility can be a challenge due to the automated, on-demand modern infrastructure.

 

-Exposure Management: Once transparency is achieved, companies need to eliminate obvious vulnerabilities that are known in their networks. Continuous monitoring tools, strong vulnerability and security configuration management technology and practices are key to mitigating exposure.

 

-Strong Access Control: This practice is often implemented incorrectly. Many companies implement access control, however they give excess access. Recent breaches involved valid access control ID’s being used to compromise systems that had nothing to do with its function in the network. The ID’s had access to a lot of information that they shouldn’t have. Limit the access users receive and monitor all user actions.

 

-Data Protection and Encryption: Once all the aforementioned steps have been taken, it is important to encrypt any sensitive information. Both data at rest and data in motion need to be encrypted if they have any sensitive material. Data protection is needed to ensure that even if data gets compromised, it will not get sent outside of the network.

 

-Compromise Management: Few companies actually have plans to deal with a breach and how to mitigate the damage caused. No matter what preventative steps you have taken, breaches can still occur. Companies need to implement courses of action and technologies that allow them to act fast. This includes being able to tell that you have been compromised. This includes file integrity monitoring, intrusion detection, and forensic data for analysis.

 

These steps represent that bare minimum of protection and are suggested for implementation to limit your vulnerability.

The post 5 Cloud Security Practices appeared first on Cloud News Daily.

IBM’s Comprehensive Cloud Initiative

IBM announced earlier that it’s new initiative aims to help customers manage the hybrid cloud world. The hybrid cloud describes a mixed environment that includes a combination of public and private cloud resources as well as on-premise data centers.

 

Angel Diaz, the VP of cloud architecture and technology at IBM, says that the main idea is to make it as simple as possible to manage resources across a range of cloud platforms and types. Between public and private clouds, data centers and cloud to cloud will ideally behave as a single infrastructure, no matter where these are located.

 

IBM is trying to address an issue that every company faces at some point during their switch to using the cloud as most companies have a hybrid of cloud computing types. They are finding it difficult to access information from different sources. Diaz has said that there are three main problem areas. First, there needs to be a way to integrate data with the company’s systems. Second, they want to make it easier to access the data regardless of location or platform. Lastly, delivery of data to the device and location it is needed even if bits of information are on different platforms.

 

Along with these problems, IBM has announced several ways to solve these problems. The first solution involves container technology. IBM has partnered with Docker to create IBM-defined Dockerized containers for enterprises. These containers are designed to work no matter if the applications are on location or in the cloud, and to integrate processes like security, governance and a system of records.

 

The second solution is something called IBM DataWorks.  This was designed to help developers work with different sets of data by mapping connections between applications and locations to pull the data together in a secure manner automatically. IBM wants to tie this into Watson to provide access to API’s for intelligent use of the data. Diaz said that Watson does not just make sense of the data, but it can also draw correlations and give probability of what is right and what isn’t.

 

Another important piece is BlueMix Local. This allows a way to setup BlueMix, an IBM platform as a service offering, in a way that lets you choose where to store the application’s components. It will allow you to store these components in the public cloud as well as on-premise and cloud sources depending on the individual or company requirements. IBM’s BlueMix is trying to provide visibility, control and application in a seamless manner.

 

IBM is working with multiple companies to solve these cloud issues, and Diaz says it is important for companies to work together to overcome customer frustrations. IBM will continue to team up with other companies to solve these complex issues.

The post IBM’s Comprehensive Cloud Initiative appeared first on Cloud News Daily.

Secure File Delivery with an Audit Trail

My Docs Online has enhanced its web-based secure file delivery feature to add additional controls and a comprehensive delivery audit trail.

“We were the first to offer web-based file delivery, back in 1999,” said Stephen Campbell, CEO of My Docs Online, “and we’ve consistently enhanced and expanded our capabilities as user needs have evolved. What we are seeing now is the need for optional controls like passwords, variable expiration limits, and most importantly, a detailed audit trail documenting delivery and the ability to make changes after the fact. No other product offers our range of options coupled with an audit trail.”

In order to offer such a wide range of options without making the feature cumbersome to use, customization controls allow unneeded options to be hidden, allowing a streamlined, custom experience for each user. In addition, group administrators can control defaults and enforce group policies such as requiring passwords or setting a fixed expiration.

The new “Smart Label” feature allows users label a Share, and also save default values like custom comments and expirations for future use. Smart Labels also add more value to the Share Management portion of the product, making it easier to locate, verify and control Shares.

Users also have the option to generate a link they can send themselves, or select email addresses from an address book and let My Docs Online send the email.

The file delivery page displays the customer’s logo, and offers an optional zipped download of all files when there is more than one.

A web API is also available for third-party use.

More details are available in the My Docs Online FAQ.

Global Healthcare Cloud Computing Market to Triple to 12 Billion in Five Years

According to a new market report published by Persistence Market Research “Global Market Study on Healthcare Cloud Computing: Hybrid Clouds to Witness Highest Growth by 2020″ the global healthcare cloud computing market was valued at USD 4,216.5 million in 2014 and is expected to grow at a CAGR of 20.1% from 2014 to 2020, to reach an estimated value of USD 12,653.4 million in 2020.

Healthcare cloud computing refers to a process which involves delivering hosted medical services to the clients. These services can be classified into majorly three types: infrastructure-as-a-service, platform-as-a-service, and software-as-a-service. A cloud can be public, private, hybrid or community in nature.

Globally, the healthcare cloud computing market is witnessing significant growth due to increased government healthcare IT spending and advanced features of cloud computing services In addition, rising demand for better healthcare facilities, increasing in popularity of wireless and cloud technologies are driving the healthcare cloud computing market. However, factors such as high cost involved in the implementation of clinical information systems and lack of security and privacy of patient’s information restrain the global market for healthcare cloud computing market. In addition, interoperability issues negatively impact the growth of the healthcare cloud computing market. The global healthcare cloud computing market is estimated at USD 4,216.5 million in 2014 and expected to reach USD 12,653.4 million in 2020, growing at a CAGR of 20.1%.

North America has the largest market for the global healthcare cloud computing market. This is due to technological advancements in the region. North American market for healthcare cloud computing is estimated at USD 1,857.5 million in 2014 and is expected to reach USD 5,757.7 million in 2020, growing at a CAGR of 20.7%. In terms of deployment model, hybrid clouds are the fastest growing segment. In terms of service model, software-as-a-service (Saas) is the largest segment of healthcare cloud computing market.

One of the latest trends that have been observed in the global healthcare cloud computing market includes increasing use of mobile devices for delivering healthcare services.

When Businesses Share Files They Need Control, Tracking and Audit

When My Docs Online, an online file sharing and delivery service with 15 years experience, revamped their Share feature in July, they focused on control, tracking  and audit.

“We’ve been doing this for businesses and professionals for some time,” said CEO Stephen Campbell, “And we know that in addition to ease of use for both sender and recipients, the sender also needs the ability to control, modify, and track delivery.”

The result is the addition of a Share Management tool that lets senders see exactly what transpired on the receiving side, with download logging, IP addresses, and results. The new tool also allows easy cancellation, modification of expiration, addition or change to delivery passwords, and more.

The new release also introduced labels to allow tagging of a Share with a meaningful label, including “Smart Labels” that pre-determine delivery features including a default password, number of days before the delivery expires, and a pre-formatted comment.

“A decade ago all our file deliveries were done with My Docs Online sending an email on the customer’s behalf,” said Campbell. “Now fully 50 per cent of the time customers choose to get a link from us and send it themselves. The label option in part replaces the email address they are no longer including, making it easier to find and track a particular Share.”

Six weeks into the new release, the company has been able to gain some insight into usage patterns:

  • 8 percent of Shares use a delivery password for increased security
  • 59 percent involved a single file, and another third were for between 2 and ten files. Only one in a hundred Shares involved more than 30 files.

More stats and info are available on the My Docs Online blog.

Amazon AWS Moving ‘Up the Stack’ to Applications

Amazon Web Services has entered the applications end of the cloud world with several recent releases:

  • Log monitoring and admin with Logs for CloudWatch
  • Collaboration and file sharing with Zocalo
  • Mobile application development with Cognito, Mobile Analytics and a new Mobile SDK

Logs for Cloudwatch works with the AWS CloudWatch network monitoring console to collect log file activities which can then be stored and analyzed in AWS Kinesis. The new tool automatically moves logs from instances and aggregates them into a central service where exceptions can be set directly on those applications.

Third-party products already that, and companies like Splunk, Logentries, and New Relic , which launched its new Insights real-time analytics tool just hours before the AWS news, will all be watching this very carefully (probably also very nervously).

The new AWS Zocalo collaboration/file-sharing plans are further proof that Amazon knows it must be a broad platform player to compete against two mega platform rivals – Google and Microsoft, as well as two younger, well-funded but more limited contenders in Dropbox and Box. Zocalo thus targets Google Drive and Microsoft OneDrive, which are part of a much bigger portfolio of end-user products at those companies.

PowerDMS Expanding in Orlando Aided by City Incentives

PowerDMS, Inc., a cloud-based document management software company, will expand its presence in downtown Orlando, Florida, adding 65 new jobs over the next three years and investing $400,000 into the region. In addition to being awarded a financial incentive from the City of Orlando, PowerDMS recently secured growth equity funding from Ballast Point Ventures and plans to use the investment to augment its sales and marketing team and enhance its technology platform by offering new features to its customer base, which includes law enforcement, public safety, healthcare and retail.

Founded in 2001, the company’s software platform provides “practical tools necessary to organize and manage crucial documents and industry standards, thereby helping organizations maintain compliance with constantly evolving industry accreditation protocols.”

Structured as a software-as-a-service (SaaS) model, PowerDMS combines attributes of Governance and Risk Compliance (GRC) and Enterprise Content Management (ECM) into its software platform, allowing customers to manage risk through living compliance documentation and content.

The application provides tools to organize and manage crucial documents and industry standards, train and test employees, and uphold proof of compliance, thereby helping organizations reduce risk and liability.

“Downtown Orlando is a great location for dynamic tech companies like PowerDMS,” said Orlando Mayor Buddy Dyer, “with a talented labor force, business friendly environment and high quality of life, Orlando has become an ideal site for corporate headquarters looking to expand.”

 

Google Adds Docker Image Support to App Engine, Announces Kubernetes Container Manager

Google continues to up the cloud ante by adding a set of extensions that allow Google App Engine developers to build and deploy Docker images in Managed VMs. Developers can use these extensions to easily access the large and growing library of Docker images, and the Docker community can easily deploy containers into a completely managed environment with access to services such as Cloud Datastore.

From the Google Cloud Platform Blog:

“Based on our experience running Linux containers within Google, we know how important it is to be able to efficiently schedule containers at Internet scale. To that end, we’re announcing Kubernetes, a lean yet powerful open-source container manager that deploys containers into a fleet of machines, provides health management and replication capabilities, and makes it easy for containers to connect to one another and the outside world. We’ll continue to build out the feature set, while collaborating with the Docker community to incorporate the best ideas from Kubernetes into Docker.”

 

Full details here.

Google Adds Docker Image Support to App Engine, Announces Kubernetes Container Manager

Google continues to up the cloud ante by adding a set of extensions that allow Google App Engine developers to build and deploy Docker images in Managed VMs. Developers can use these extensions to easily access the large and growing library of Docker images, and the Docker community can easily deploy containers into a completely managed environment with access to services such as Cloud Datastore.

From the Google Cloud Platform Blog:

“Based on our experience running Linux containers within Google, we know how important it is to be able to efficiently schedule containers at Internet scale. To that end, we’re announcing Kubernetes, a lean yet powerful open-source container manager that deploys containers into a fleet of machines, provides health management and replication capabilities, and makes it easy for containers to connect to one another and the outside world. We’ll continue to build out the feature set, while collaborating with the Docker community to incorporate the best ideas from Kubernetes into Docker.”

 

Full details here.