|By Jim Potter||
|January 20, 2014 07:00 AM EST||
Recent reports of a massive data breach affecting popular sites like Facebook, Twitter, Google and Yahoo have many companies rethinking security practices and wondering how to protect vital data. If your company uses cloud services to conduct business and manage data or is contemplating a hosting partnership, it's natural to wonder if your service provider is taking all the steps necessary to keep your confidential information secure.
It's an important issue: Cloud resources are becoming a must-have service for businesses since they offer scalability without requiring a massive investment in hardware. But before choosing a cloud service provider, it's crucial to make sure the company can deliver the security your business needs. Here are some questions to keep in mind when making an evaluation:
What kind of physical security does my cloud hosting partner maintain?
Assess your cloud service provider's physical security safeguards, including controls on facility entry, login access restrictions, CCTV monitoring capabilities, limits on who can access internal systems and administrative functions.
What assurances does the provider offer around confidentiality?
A reputable hosting partner will conduct background checks on employees who handle confidential data and require staff to sign confidentiality agreements. They will also restrict credentials so that only employees who need access can handle your data.
How are firewalls structured, and what other network security measures are in place?
Virtually all hosting providers have a firewall infrastructure in place, but it's a good idea to ask about how it's configured and whether there's an additional charge for the service. Also ask how frequently audits are conducted and what additional network security is in place.
How does the cloud service provider keep software secure?
Many security breaches occur due to software issues, so ask your hosting partner about auditing and find out how often they update security patches. Inquire about automatic update installation and reboots as well to see if these are permitted.
Does the cloud hosting company submit to audits from independent agencies?
One way companies can demonstrate compliance is by submitting to independent audits. SSAE 16 standards verify that an independent auditor assessed the company to make sure their service description matches their organization system.
What backup and redundancy capabilities are available?
Another good question for cloud service providers is what volume of backup space they maintain and how long they keep stored data. Also ask about the cloud infrastructure - specifically inquire about performance levels and system availability as well as failover capabilities and use of redundant clusters.
What kind of protection is available for data during transmission?
It's crucial to make sure confidential information like passwords and client information remain secure during transmission. Ask the company about how firewalls protect this information and if data is protected by VPN encryption. Also inquire about remote access and the use of SSL for logins.
Is it possible to connect physical and virtual resources?
To maintain tight security, potential hosting partners may require safeguards for physical servers that interact with cloud assets. Ask if this can be configured so that you can use both solutions in a single environment for greater efficiency.
What kind of Service Level Agreements (SLAs) are offered?
It's important to pay close attention to the SLAs a cloud service provider offers since this is how providers define their services and describe the performance levels you can expect. Make sure your hosting partner backs promises up with SLAs.
Companies are increasingly using hosted cloud services because it enables them to do more with less and expand capabilities without huge investments in infrastructure. But hacking is on the rise, so it's crucial to make sure a prospective cloud provider offers robust security.
If you're currently using cloud services or thinking about partnering with a hosting provider, take the time to investigate the security measures the company uses to keep client data safe. It takes a bit of time and effort, but it's well worth it to avoid a costly data breach.
The 4th International DevOps Summit, co-located with16th International Cloud Expo – being held June 9-11, 2015, at the Javits Center in New York City, NY – announces that its Call for Papers is now open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's largest enterprises – and delivering real results. Among the proven benefits, DevOps is correlated with 2...
Oct. 31, 2014 08:15 PM EDT Reads: 2,191
We live in a time when seconds – even milliseconds – can have a dramatic economic impact on your company’s future. With technology being the primary conduit for consumer interaction, the user experience is at center stage. User experience will be a deciding factor in separating the future winners from the losers. By building more speed and agility into the application delivery process, DevOps promises great rewards. However, with this promise, also come significant ramifications for failure. In his session at DevOps Summit, Tom Lounibos, SOASTA CEO, will explore both the benefits and the som...
Oct. 31, 2014 06:00 PM EDT Reads: 1,466
Our expectations for buying all sorts of consumer goods has gone through a radical transformation we now take for granted. Why should we not expect this same level of service from IT businesses? We accept the status quo for how software delivery exists today but would reject it without hesitation if it were applied to pretty much any other online consumer experience. Take pizza delivery as an example. Fifteen years ago ordering a pizza meant trying to choose an item from a grease-stained menu somebody shoved under your door. You'd make a phone call and end up speaking to somebody who sounded ...
Oct. 30, 2014 10:00 PM EDT Reads: 1,272
When an enterprise builds a hybrid IaaS cloud connecting its data center to one or more public clouds, security is often a major topic along with the other challenges involved. Security is closely intertwined with the networking choices made for the hybrid cloud. Traditional networking approaches for building a hybrid cloud try to kludge together the enterprise infrastructure with the public cloud. Consequently this approach requires risky, deep "surgery" including changes to firewalls, subnets and other modifications to the corporate security infrastructure. Connecting a public cloud to the ...
Oct. 30, 2014 07:00 PM EDT Reads: 1,634
SYS-CON Events announced today that Grid Dynamics, the leading provider of scalable eCommerce technology solutions, will exhibit at DevOps Summit Silicon Valley, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Grid Dynamics is a leading provider of open, scalable, next-generation commerce technology solutions for Tier 1 retail. Grid Dynamics has in-depth expertise in commerce technologies, wide involvement in the open source community and a modern, global workforce. Great companies, partnered with Grid Dynamics, gain a sustainable business...
Oct. 30, 2014 06:00 PM EDT Reads: 1,273
Docker offers a new, lightweight approach to application portability. Applications are shipped using a common container format and managed with a high-level API. Their processes run within isolated namespaces that abstract the operating environment independently of the distribution, versions, network setup, and other details of this environment. This "containerization" has often been nicknamed "the new virtualization." But containers are more than lightweight virtual machines. Beyond their smaller footprint, shorter boot times, and higher consolidation factors, they also bring a lot of new fea...
Oct. 30, 2014 05:00 PM EDT Reads: 1,827
For better or worse, DevOps has gone mainstream. All doubt was removed when IBM and HP threw up their respective DevOps microsites. Where are we on the hype cycle? It's hard to say for sure but there's a feeling we're heading for the "Peak of Inflated Expectations". What does this mean for the Enterprise? Should they avoid DevOps? Definitely not. Should they be cautious though? Absolutely. The truth is that DevOps and the Enterprise are at best strange bedfellows. The movement has its roots in the tech community's elite. Open source projects and methodologies driven by the alumni of companies ...
Oct. 30, 2014 01:45 PM EDT Reads: 2,012
SYS-CON Events announced today that Serena Software will exhibit at DevOps Summit Silicon Valley, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Serena Software supports DevOps and Continuous Delivery by providing application deployment automation and software release management solutions to replace slow and error-prone manual processes. 2,500 enterprises around the world trust Serena to help them develop and deploy better software.
Oct. 30, 2014 01:30 PM EDT Reads: 1,636
We are all here because we are sold on the transformative promise of The Cloud. But what good is all of this ephemeral, on-demand infrastructure if your usage doesn't actually improve the agility and speed of your business? How must Operations adapt in order to avoid stifling your Cloud initiative? In his session at DevOps Summit, Damon Edwards, co-founder and managing partner of the DTO Solutions, will highlight the successful organizational, process, and tooling patterns of high-performing companies that have reshaped their Operations to enable the business to get full value from their Clo...
Oct. 29, 2014 01:35 PM EDT Reads: 1,338
SYS-CON Events announced today that O'Reilly Media has been named “Media Sponsor” of SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. O'Reilly Media spreads the knowledge of innovators through its books, online services, magazines, and conferences. Since 1978, O'Reilly Media has been a chronicler and catalyst of cutting-edge development, homing in on the technology trends that really matter and spurring their adoption by amplifying "faint signals" from the alpha geeks who are creating the future. An...
Oct. 29, 2014 01:00 PM EDT Reads: 1,657
SYS-CON Events announced today that Gigaom Research has been named "Media Sponsor" of SYS-CON's 15th International Cloud Expo®, which will take place on November 4-6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Ashar Baig, Research Director, Cloud, at Gigaom Research, will also lead a Power Panel on the topic "Choosing the Right Cloud Option." Gigaom Research provides timely, in-depth analysis of emerging technologies for individual and corporate subscribers. Gigaom Research's network of 200+ independent analysts provides new content daily that bridges the gap between break...
Oct. 28, 2014 11:45 PM EDT Reads: 1,719
Sanjeev Sharma is the latest author to join DevOps Journal. Sanjeev is a solution architect and DevOps Worldwide lead with Rational Software, an IBM brand and the author of 'DevOps for Dummies.' DevOps Journal is focused on this critical enterprise IT topic in the world of cloud computing. SYS-CON Media CEO Carmen Gonzalez is founder and publisher of DevOps Journal, and Roger Strukhoff, long-time SYS-CON editor and the conference chair of Cloud Expo is the editor of the world's leading DevOps resource.
Oct. 28, 2014 11:00 PM EDT Reads: 1,342
SYS-CON Events announced today that IBM is holding a Bluemix Developer Playground on November 5, 10:30 am to 5:30 pm at 15th Cloud Expo. 15th Cloud Expo, co-located with @ThingsExpo, Big Data Expo, and DevOps Summit is taking place Nov. 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. The labs, for developers of all levels, will highlight the ease of use of Bluemix, its services and functionality and provide short-term introductory projects that developers can complete between sessions. Developers will be able spend as much time as they want working on specific DevOps pro...
Oct. 28, 2014 08:00 PM EDT Reads: 1,633
When you set off to build an app that will change the world, designing your system architecture to be reliable and scalable is important but the stark reality is that, for your MVP, you probably had a “need for speed” (of development). You didn’t know what all the axes were to scale your application, where your stress points would be, and what weird and wonderful ways your customers would use it down the road. In a world of zero-downtime services, landing the plane to figure it out is not an option. In his session at DevOps Summit, Andrew Miklas, CTO of PagerDuty, will share lessons learned ...
Oct. 27, 2014 09:00 PM EDT Reads: 1,943
SYS-CON Events announced today that SOASTA, the leader in cloud and mobile testing, will exhibit at DevOps Summit Silicon Valley, which will take place November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. SOASTA is the leader in cloud testing. Its web and mobile test automation and monitoring solutions, CloudTest, TouchTest and mPulse, enable developers, QA professionals and IT operations teams to test and monitor users with unprecedented speed, scale, precision and visibility. The innovative product set streamlines test creation, automates provisioning and execution, ...
Oct. 27, 2014 06:45 PM EDT Reads: 1,595
Founded in 1997, ActiveState is a global leader providing software application development and management solutions. The Company's products include: Stackato, a commercially supported Platform-as-a-Service (PaaS) that harnesses open source technologies such as Cloud Foundry and Docker; dynamic language distributions ActivePerl, ActivePython and ActiveTcl; and developer tools such as the popular Komodo Edit and Komodo IDE. Headquartered in Vancouver, Canada, ActiveState is trusted by customers and partners worldwide, across many industries including telecommunications, aerospace, software, fina...
Oct. 23, 2014 09:00 PM EDT Reads: 1,942
SYS-CON Events announced today that ElasticBox is holding a Hackathon at DevOps Summit, November 6 from 12 pm -4 pm at the Santa Clara Convention Center in Santa Clara, CA. You can enter as an individual or team of up to 10 developers. A New Star Is Born Every Month! All completed ElasticBoxes will then be sent to a judging panel - 12 winners will be featured on the ElasticBox website in 2015. All entrants will receive five full enterprise licenses for one year + ElasticBox headphones + ElasticBox T-shirt. Winners can also choose to interview with ElasticBox to join one of the fastest growi...
Oct. 22, 2014 01:00 PM EDT Reads: 1,777
SYS-CON Events announced today that Calm.io has been named “Bronze Sponsor” of DevOps Summit Silicon Valley, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Calm.io is a cloud orchestration platform for AWS, vCenter, OpenStack, or bare metal, that runs your CL tools puppet, Chef, shell, git, Jenkins, nagios, and will soon support New Relic and Docker. It can run hosted, or on premise and provides VM automation / expiry, self-service portals, audit, approvals, and budgeting.
Oct. 21, 2014 08:45 PM EDT Reads: 1,787
Blue Box has closed a $10 million Series B financing. The round was led by a strategic investor and included participation from prior investors including Voyager Capital and Founders Collective, as well as the Blue Box executive team. This round follows a $4.3 million Series A closed in December of 2012 and led by Voyager Capital. In May of this year, the company announced general availability of its private cloud as a service offering, Blue Box Cloud. Since that release, the company has demonstrated market validation through customer adoption, positive reviews from industry analysts and k...
Oct. 21, 2014 01:45 PM EDT Reads: 1,830
The speed of product development has increased massively in the past 10 years. At the same time our formal secure development and SDL methodologies have fallen behind. This forces product developers to choose between rapid release times and security. In his session at DevOps Summit, Michael Murray, Director of Cyber Security Consulting and Assessment at GE Healthcare, will examine the problems and present some solutions for moving security in to the DevOps lifecycle to ensure that we get fast AND secure.
Oct. 20, 2014 11:45 PM EDT Reads: 1,668