Embrace cloud diversity and simplify application control

December 21, 2012

One of the more popular arguments made against cloud computing is a perceived lack of useful standards. For example, Dave Linthicum, the CTO and founder of Blue Lab Mountains, mentioned in a recent article:

…the notion that you can easily move from one provider to another without significant work and cost is largely science fiction at this point.”

While his argument may have a certain degree of technical merit, it still rings hollow. The growth of cloud computing shows no signs of slowing down: major providers display consistently strong growth. Analyst firm Gartner predicts worldwide cloud services spending to surpass $109 billion in 2012 alone. In fact, large enterprises willingly choose multiple clouds, and it’s illuminating to consider the reasons why this happens.

C24 Application hosting specialists

The entire premise of virtualizing your application infrastructure is to give you the ability to divorce your apps from your physical infrastructure on which they are hosted. This, in turn, allows your application workloads to be dynamically placed and migrated across a pool of application server resources, which allows the infrastructure to dynamically adapt and respond to your evolving business needs. If you look at traditional applications and how they are developed, it’s clear they were not designed for the cloud, and they definitely don’t take advantage of some of the best benefits a virtualized infrastructure can offer.

Traditional applications are based on vertical integration. So if you want to move an app to a different environment, it requires a significant amount of effort and will most likely impact your other apps, simply because these apps are so tightly integrated. Traditional applications were not built using modern development frameworks, which would help to decouple these components from each other.Changes to one application, often has an impact on the other making them complex, static and brittle. These types or changes are often a major cause of service disruptions. Each change needs to be tested comprehensively, which is time consuming. In addition, traditional applications do not take advantage of capabilities provided by the cloud, such as the elasticity to scale up to serve millions of users. This severely inhibits the ability of the business to expand and integrate, new types of applications and environments.The assertions skeptics make are based on the observation that you can’t move a virtual machine (VM) from one cloud to another considering most clouds have incompatible VM formats. But what they miss is that your apps are not made up of VMs.  They are made of software!  So how do you move software around? Easily: in the same way you have been doing for years with agile development processes, configuration management and automation tools, deployment blueprints, templates, installers, etc. If you can provision your app on one cloud, you can provision it on any cloud as they all provide the same basic building blocks – instances of an operating system or an application server that you provision on top of.

Each of the major cloud environments offers a unique set of benefits and differentiators. Users of AWS don’t choose that platform because they feel compelled to; instead, they choose AWS because it gives them flexibility and services for their particular application requirements. The very same user might select a private VMware-based cloud for a different application because, again, that application has a different set of requirements. Cloud diversity is a good thing because it presents developers a range of choices.

Blog 3a

So, yes, when discussing cloud diversity, you can have your cake and eat it, so long as you pick the cloud that is best suited to your:

  • Application and services, and it has the right technical capabilities that your application requires
  • Business and commercial criteria encompassing the cost imperatives and SLAs you need
  • Customer needs, including their geographical proximity, regulatory and data protection laws, etc.

At Riverbed, we see more and more of our customers considering cloud-based architectures as a means to transform their application business models, particularly those with fluctuations in traffic and seasonal demand. Essentially, our customers find that moving to the cloud gives them a competitive advantage, the ability to provide differentiated service offerings, and new revenue models.

Cloud computing isn’t limited to just a collection of virtual machines and storage you rent by the hour in a location far away from your data center. Mature cloud providers offer the ability to extend existing on-premise infrastructures into cloud facilities, creating a unified architecture with the benefits of instant infrastructure. Applications can span both, and users need not notice the difference.

Can I have cloud diversity if part of my app infrastructure is not software?

Here’s the catch. You’ve virtualized your application delivery infrastructure and have started to push some of your apps out into the cloud. But part of your app delivery solution is not software.  You have a hardware ADC that is critical to the correct operation of your apps and the vendor provides a virtual appliance. Neither of these are ‘software’ in the sense that they can be deployed anywhere.  How is this going to impede and limit your ability to truly virtualize and reap the benefits cloud diversity brings?

When everything is software, including the network and the ADC with robust and open APIs, you get into the realm of a truly programmable infrastructure model. A great way to look at this would be  the conventional jet engine of the cloud takes you supersonic, and the scramjet of programmable infrastructure then goes hypersonic.

Yesterday’s load balancers and legacy application delivery controllers are not designed for the cloud and to give you the type of diversity, portability, programmability and granular application-level control. The mismatch is clear.

Blog 4aA truly cloud-ready, software application delivery solution is what you will need to help you meet our applications requirements on any cloud. Such requirements include:

  • Enhancing efficiency and response times of applications and services
  • Improving availability between instances that span multiple geographic zones and regions
  • Solving latency problems with content optimization and acceleration tools
  • Ensuring proper protection using intelligent layer-7 inspection against known and unknown threats
  • Scaling resources to provide encryption and compression services without affecting performance.

Blog 5aOne example of a software ADC is the Riverbed Stingrayfamily. This new breed of ADC is natively designed for virtualization and cloud portability. As a pure software solution intended for the widest variety of deployments, the Stingray family enables a more flexible application delivery strategy and provides a common delivery and control platform that can grow with your business.

for more information on Riverbed please visit http://www.c24.co.uk

Leave a Comment » | Managed Service Hosting, Marketing, Retail IT Solutions | Tagged: , , , , , , , , , , | Permalink
Posted by david ricketts

The Biggest Hacks of 2012

December 19, 2012

With 2012 coming to a close, I decided to take a look back at some of the year’s more significant hacks. Two of the largest heists involved thefts of millions of records of personal data. In March, Global Payments, a credit card processor, revealed a breach in which at least 1.5 million credit card numbers were exported. And the year began when hackers targetedZappos, the online shoe retailer, and relieved this e-tailer of over 24 million rows of email addresses and other data.

Based on these gigantic incidents, I thought this was the year of the Big Hack and a unique turning point. For perspective, I reviewed two years’ worth of Verizon’s indispensable Data Breach Investigations Reports. The DBIR is based on data collected from the US Secret Service and the Dutch National High Tech Crime Unit. For 2011, Verizon reported over 855 incidents and 174 million records compromised. Last year was the second highest data loss recorded since Verizon began this study in 2004.

I’m not sure if 2012 hacking levels will surpass 2011, and neither of these two years will come close to the 360 million records compromised in 2008. However, there are other trends that seem to have remained relatively constant.

In recent years, the top three industry sectors breached have been hospitality (read: restaurants), retail, and financial services. No surprises here.

Another common theme in the report is that poor authorization monitoring and procedures often broaden the damage done by attackers. Verizon suggests that companies should constantly be on the lookout for new files, especially growing archive and log files, with unusual attribute settings. These often indicate an attack in progress.

The DBIR also tells us that straightforward hacking—using default passwords, stolen login credentials, or backdoor attacks—is still a very effective way to extract protected data.

One revealing stat is that most of the records hacked in the last few years have not involved credit card numbers. The winner in the most-hacked-data category instead goes to plain old PII—name, address, and social security number.

So how do Global Payments and Zappos match up with the overall trends? Depressingly, these two incidents fit it like a glove. Financial or retail? Check. External attack? Yes.  Straightforward hack? It seems so, and no malware was involved that we know about.

For both Global Payments and Zappos, the actual exploits used are still a  little fuzzy. According to Gartner Research’s Avivah Litan, the Global Payments attacker may have been able to get through the company’s knowledge-based authentication layer by answering questions correctly. This is still just speculation. Here’s what we do know: Global Payments was PCI-DSS compliant.Visa and Mastercard have since revoked their certification.

Zappos, which is also PCI-DSS compliant, kept their credit card numbers encrypted and separated from other personal information. Hackers were not able to access the “PANs”—PCI lingo for the card numbers. Zappos has kept their certification.

The most eye-opening part of Verizon’s DBIR can be found in their conclusions. Not to put too fine a point on this, but companies are simply not making the attackers work very hard. It’s not that they are so clever; it’s that IT has been a bit lax.

Here’s some of their all-too-familiar advice:

  • change default credentials
  • review user accounts on a regular basis
  • restrict and monitor privileged users

On that last point, I’ll quote the actual text from the DBIR:

“Don’t give users more privileges than they need (this is a biggie) and use separation of duties. Make sure they have direction (they know policies and expectations) and supervision (to make sure they adhere to them). Privileged use should be logged and generate messages to management.”

Speaking as a Varonis blogger, I couldn’t have said it better.

Let’s hope some of this advice takes hold, and 2013 will be a more forgettable year in hacking annals.

Related articles

Leave a Comment » | Application Hosting, Marketing, Retail IT Solutions | Tagged: , , , , , , , , , , , , , , | Permalink
Posted by david ricketts

12 Days of Data Trends

December 19, 2012

With 2013 on the horizon, Forbes recently posted thoughts from Fusion-io Founder Rick White on the data trends we’ll see crossing over into the New Year.

Many companies powered by Fusion-io are already at the helm of a number of these data-driven trends. To see how today’s innovators tackle big data, cloud computing, and other advances inspired by our increasingly connected world, check out the case studies in the slides below:

12 Days of Data Trends for 2013 from fusionio

Leave a Comment » | Managed Service Hosting, Marketing, Retail IT Solutions | Tagged: , | Permalink
Posted by david ricketts

The future of CX

December 18, 2012

This is a great video from RightNow Technologies.

Leave a Comment » | Application Hosting, Marketing, Retail IT Solutions | Tagged: , , , , , | Permalink
Posted by david ricketts

The future of big data (Infographic)

December 17, 2012

Click to visit the original post

Leave a Comment » | Application Hosting, Marketing, Retail IT Solutions | Permalink
Posted by david ricketts

Top 3 SharePoint Security Challenges

December 14, 2012

The rapid adoption of SharePoint has outpaced the ability of organizations to control its growth and enforce consistent policies for security and access control. The ease with which SharePoint sites can be created means that SharePoint use is decentralized and often outside the purview of IT departments, security personnel and even dedicated SharePoint administrators.

So what are the top 3 SharePoint security challenges?

1 – Organic and chaotic deployment of SharePoint sites

Pervasive departmental use of SharePoint means that all types of data makes its way into SharePoint repositories. This can range in sensitivity and importance and may easily include human resources or product information. So, now the problem for organizations becomes not only identifying sensitive data but locating all SharePoint sites, existing and emerging.

2 – Ad hoc, complex permissions administration

The levels and types of permissions available with SharePoint are more complex than their NTFS counterparts, and the additional granularity and inheritance complexity creates more access levels and a high probability for erroneous or overly permissive access.

While access control decisions may be (rightly) left to the data owners through SharePoint’s permissions workflow, the complexity of its implementation often leads to inconsistency in ACL configuration and group assignment. Without strict auditing and oversight, permissions may be set in conflict with enterprise-level access policies, and may not include key business intelligence about why the access should be limited (e.g., content might be regulated or copyright protected).

3 – Limited, resource-intense auditing

Key to maintaining good access control over data is continuous monitoring of how data is being used. This is another challenge with a SharePoint environment. Microsoft SharePoint audit detail is geared toward helping site administrators manage content, not toward refining access policy. Consequently there is no way for SharePoint administrators to easily establish which users took what action on data.

The native auditing capabilities are also limited in terms of scalability across sites. “Normalizing” the data, i.e., creating a unified and accurate view of data use and access across sites and locations, is challenging and time-intensive. Exacerbating the problem is that files on SharePoint often make their way to other platforms like file shares and email – without a unified audit trail of activity, understanding how and by whom data is accessed in the collaborative environment can be a significant challenge.

Download our FREE guide to learn how to make sense of SharePoint permissions & lock down and monitor your sensitive data.

Related articles

1 Comment | Application Hosting, Marketing, Retail IT Solutions | Tagged: , , , , , , , , , | Permalink
Posted by david ricketts

Business Intelligence for all business

December 14, 2012

Looking at the information below truly highlights what big businesses are looking at in terms of their technology. It has been recognised for many years that forward thinking businesses have adopted certain technology and increased market share, customer satisfaction or any number of other important business metrics.

The term CEO is usually associated with businesses of a certain size who have the money, people and often the products that enables them to fully benefit from adopting technologies, thus enabling them to, often dominate their chosen markets.

Business Intelligence has always been relatively expensive, difficult to install and has a significant ongoing cost that has seen smaller mid-market players shy away from even attempting to use it. This is where the sales pitch enters for Bi24, C24s leading business intelligence solution that has all the strengths of a traditional solution but has been developed for today’s market.

Most companies we work with have a number of locations, numerous sales staff on the road and a number of large clients that are expecting more and more from the relationship. Key business differentiation is notoriously hard to create, and usually it is replicated quite quickly, so these businesses are building on their client relationships, retention strategies and increasing client spend.

Addressing these areas are where we have seen a tremendous growth in the use of our flagship business intelligence tool Bi24. The beauty of the solution is:

- It is easy to install
- It can interrogate multiple data sources simultaneously
- It is based on a cost per user per month
- The solution is non cubed and is based on Google type technology
- The pricing has been created so that all employees can benefit from making accurate decisions
- It is agile and information can be delivered to mobile devices and tablets

If you would like to see the solution in action please visit http://www.c24.co.uk or call us it will be worth the chance….

Strategic Value

Related articles

Leave a Comment » | Application Hosting, Marketing, Retail IT Solutions | Tagged: , , , , , , , , , , , | Permalink
Posted by david ricketts

C24s business intelligence solution is child’s play

December 13, 2012

C24 have seen a significant uptake of our Bi24 business intelligence solution over the last year. The solution has been applauded for it ease of use and the speed of installation.

The following is a comment from a recent research document that highlights the strengths of the solution:

Business intelligence (BI) technology holds out much promise, but experience would tend to indicate that it can be difficult to use, requiring specialist skills and imposing considerable latency between need and information delivery. Bi24 addresses these issues for many business needs and the ease-of-use has to be seen to be appreciated. The technology is built on the well regarded Lucene open software search technology and because of this most things are possible. While Bi24 does not give much profile to unstructured data search, a great deal of functionality is delivered out-of-the-box so that email and documents can be incorporated into search and analytic’s functionality. The key to understanding the power of Bi24 is that it provides a search approach to BI.”

“What this means on a day-to-day level is that business users can formulate their own analytical and search needs with ease. This is a highly pragmatic, but in no way compromised BI tool and we would recommend that organisations of all sizes should look at the offering.”

To prove the point the below image is of the daughter of a BI lead who is using the Venn elements of the solution for her homework

IMAG0600

5 Comments | Managed Service Hosting, Marketing, Retail IT Solutions | Tagged: , , , , , , , , , | Permalink
Posted by david ricketts

Using Varonis: Who Owns What?

December 13, 2012

(This one entry in a series of posts about the Varonis Operational Plan – a clear path to data governance.  You can find the whole series here.)

All organizational data needs an owner. It’s that simple, right? I think most of us would be hard pressed to argue against that as a principle—the data itself is an organizational asset, so of course it’s not the Help Desk or AD Admin folks who own it, it’s the users or business units that should own it. Of course, that’s great in theory, but with 1, 5, 10, or even 20 years’ worth of shared, unstructured data, figuring out who owns data is far from simple, let alone involving those owners in any meaningful way.

Before we get into using Varonis to locate owners, I want to talk about why finding a single data owner can be such a problem. IT probably knows who owns the Finance folder.  It’s the CFO or a delegated steward. Same with HR, Marketing or Legal—these tend to be clearly-delineated departmental shares and it’s not hard to figure out whom to go to if we need an informed decision. (Regularly involving those owners in data governance is a different problem, and one I will cover in future posts.)  The identification for these folders is relatively straightforward.

But what happens if you need to find the owner of a folder that has a less obvious name? What if the folder’s name is a project ID, or an acronym of some kind? In my experience, a majority of unstructured data resides in folders that aren’t obviously owned by anyone.

What IT tends to do then is a few different things:

  • Check the ACL and see which groups have access. If it’s a single group with an obvious owner, that’s a likely candidate. If the ACL contains many different groups or a global access group like Domain Users, though, this tactic tends to fail.
  • Check the Windows owner under Special Permissions. This metadata can be helpful, but can also be a red herring since it’s often just set to the local Administrator of the server. Even if there’s actually a human user there (who likely created the folder), that value may be outdated or inaccurate.
Special Permissions Dialog
  • Check the owner of files within the folder. Same problems as above.
File Properties Dialog
  • Enable operating system auditing to identify the most active user. Anyone out there excited about turning on file level auditing in Windows? I have yet to talk to anyone who answers yes to this question because of the performance hit on the server as well as the storage required and expertise to parse the logs effectively.
  • Turn off access and see who complains. Not an optimal strategy when it comes to critical data.
  • Email the world and hope for a response. In general, people don’t want to take ownership of something without good reason, since it may mean more work. How confident are you that the proper owners (who may be at a management or director level) are going to know exactly which data sets their teams are using regularly? If they’re not sure, are they going to jump to take responsibility?

So finding owners is hard, let alone finding owners at scale. If you’ve got thousands of unique ACLs and you want owners for all of them (or at least the ones that make sense) you’re going to have to go through some version of this process for each one. It’s no wonder we haven’t done a good job of this over time. Thankfully, there’s a better way.

Step 4: Identify Data Owners

The key difference between attempting to solve this problem manually and attacking it intelligently with Varonis is the DatAdvantage audit trail. A normalized, continuous, non-intrusive audit record of all data access is a key piece of DatAdvantage, and it allows us to actually identify data owners at scale without having to hunt and peck. Once you start gathering usage data and rolling it up into high level stats you can start to see the likely owners of any data set, not just the obvious ones.

DatAdvantage gives you two straightforward ways to get this information: First, we can quickly take a look at a high-level view of a single folder within the Statistics pane of the DatAdvantage GUI. This will show us the most active users of a particular folder. We like to say that at most, you’re one phone call away, since if the most active user isn’t the data owner, they almost certainly know who is.

You can operationalize this process even further by creating a statistics report, which can be run on an entire tree or even a server. A single report can show the top users of every unique ACL, and it’s possible to set up advanced filters to make this even more useful—showing only users outside of IT or in a specific OU, for example. You can even add additional properties from AD to the report, showing each user’s department or line manager, if available. None of this is possible without constantly gathering access activity and providing an interface to combine it with other available metadata.

Identifying owners is useful, but actually involving them is where IT can really start to make headway when it comes to ongoing governance. We’ll tackle that next.

Leave a Comment » | Application Hosting, Managed Service Hosting, Retail IT Solutions | Tagged: , , , , , , , , , | Permalink
Posted by david ricketts

IBM IOD 2012 – How Analytics is Transforming the C-Suite.

December 12, 2012

Fred Balboni, Global Leader, Business Analytics and Optimization, speaking to the need of infusing analytics throughout the organization and how IT and LOB executives are changing partnership models to bring this to reality. In the panel discussion, JP Morgan Chase shared how they are using analytics to mine information from the “new” customer who is banking via mobile channels and Thompson Reuters described the role that analytics plays in their customer centricity by creating upsell and cross-sell opportunities externally and greatly reducing the cost of ownership internally.

1 Comment | Application Hosting, Managed Service Hosting, Marketing | Tagged: , , , , , , , , , , , , | Permalink
Posted by david ricketts

« Previous Entries
Follow

Get every new post delivered to your Inbox.

Join 752 other followers