The merits of cloud have long been a point of discussion. Is a public or private cloud more preferable? What should government consider versus the private sector when using a cloud-based content delivery network (CDN)?

The four-hour outage of a public cloud in March, which impacted hundreds of thousands of websites, re-ignited the debate. While this episode seemingly highlighted the pitfalls of the cloud, particularly the public cloud, agencies shouldnt panic there still isnt a one-size-fits-all approach to deployment. Instead, agencies should be educated on all facets of cloud, and understand the pros and cons of every option, as well as contingency plans.

Regulations, strict budgets and aging legacy technology are limiting the capabilities of government at every level, but migrating data to the cloud allows agencies to adapt and adjust. Many government organizations are finding that cloud-based applications and services are an effective way to meet both the current and long-term needs that a government Web portal requires. Cloud computing has the potential to play a major role in addressing the inefficiencies in some government IT environments while improving government service delivery. It can also help agencies coping with the need to quickly deliver highly reliable, innovative services despite strains on resources.

Agencies that have decided to make the move to cloud should evaluate their needs and budget when deciding to opt for the public or private cloud. Most cloud adopters are more likely to select the private cloud over public for apps that handle sensitive information or are highly specialized, which is the case for many government agencies. The stability and security of the private cloud are its biggest benefits. But the flexibility of the public cloud is also attractive services can be quickly turned up and turned back down depending on the storage needs of the organization. The flexibility of the public cloud also offers opportunity for cost savings.

One of the pitfalls of moving applications to the cloud is that theres a domino effect any time there is a problem. No agency is immune to the possibility of an outage. The most common causes of outages are typically software related, or in the recent case, human error. But there are a number of steps that agencies can take to be better prepared for potential issues.

Agencies should not let the outage earlier this year deter them from migrating to the cloud, either public or private, as cloud-based storage holds many advantages. Moving to cloud-based services means that agencies dont need to invest in or maintain the infrastructure, hardware or bandwidth required to deliver Web portal services, instead delivering specific IT capabilities as they are needed. Such an offering is particularly important when a government portal offers services that fluctuate in demand or consume a large amount of bandwidth, all while reducing cost, deployment time and complexity.

Tom Ruff is vice president of public sector for Akamai.

Read the rest here:
5 Steps Agencies Can Take to Prepare for Pitfalls in the Cloud (Industry Perspective) - Government Technology

Belfast IT firm celebrates cloud computing success in 57 countries

BelfastTelegraph.co.uk

A Belfast-based IT firm has said it has grown its team in Northern Ireland as its software customer numbers hit six million.

http://www.belfasttelegraph.co.uk/business/news/belfast-it-firm-celebrates-cloud-computing-success-in-57-countries-35790730.html

http://www.belfasttelegraph.co.uk/incoming/article35792149.ece/3730e/AUTOCROP/h342/lSkehelAwar.jpg

A Belfast-based IT firm has said it has grown its team in Northern Ireland as its software customer numbers hit six million.

CloudMigrator365, which was founded by Antrim man Darren Mawhinney, offers cloud migration services and software to customers across the globe.

The company has said it has now doubled its sales and tripled its headcount in Belfast over the last year.

It added it has "successfully migrated over six million people to the cloud in 57 countries".

The business helps companies migrate their email and data across to Microsoft Office 365 cloud.

It is expanding its workforce and global partnership network to support this growth, and is "continuing to scale its operations including recruiting for a number of new positions".

Mr Mawhinney said: "The international response to CloudMigrator365 has been phenomenal.

"From our base in Belfast we have so far helped companies in 57 countries to migrate while ensuring the safety and sovereignty of their data.

"We are delighted to be working with world-class organisations including LinkedIn, YMCA and the University of Bristol.

"We are currently recruiting a number of new positions in response to increasing demand from companies such as these, who are keen to invest in a simple, secure and cost-effective cloud migration solution.

"I'm extremely proud this is being developed and delivered in Northern Ireland, where we have been able to build a highly skilled global technology team alongside support from Invest NI, which has made a difference as we continue to significantly scale our operations."

And Steve Harper, Invest NI's executive director of international business, said: "Having benefited from Invest NI employment and trade support, CloudMigrator365 has been able to capitalise on new market opportunities and growing sales.

"Our employment support is enabling the company to scale its business to support an increase in productivity and export sales," he added.

Last year, welcoming the new Belfast jobs, former Economy Minister Simon Hamilton said that the firm was a "leader in its field".

Belfast Telegraph

Read more from the original source:
Belfast IT firm celebrates cloud computing success in 57 countries ... - Belfast Telegraph

IDC predicts that the cloud computing market in 2017 will be worth $107 billion and, according to Gartner, by 2020 a corporate no-cloud policy will be as unusual as a no-internet policy would be today

The adoption of cloud computing has been on the up since as far back as 2008, when a survey conducted by the Pew Research Institute found that cloud services were used by nearly 69% of Americans. Since then, the industry has experienced hyper-growth and exceeded the already vast predictions of how big it would become.

IDC predicts that the cloud computing market in 2017 will be worth $107 billion and, according to Gartner, by 2020 a corporate no-cloud policy will be as unusual as a no-internet policy would be today. Indeed, it would be difficult to imagine an organisation in 2017 that did not use webmail, file sharing and storage, and data backup.

As the use of cloud computing spreads so does awareness of the associated risks. At the time of writing, there have been 456 data breaches worldwide this year according to the Identity Theft Resource Center (ITRC). The ITRC also noted a 40% increase in data breaches in 2016 compared to the previous year. Yet, despite the well-documented cases of data breaches, organisations continue to invest in and adopt cloud computing services because the benefits usually outweigh the risks.

To understand why the growth of cloud computing has continued in the face of high-profile data breaches, look first to what it can offer an organisation.

>See also: Building trust in cloud security is crucial to UKs digital future

Cloud computing is a virtual environment that can adapt to meet user needs. It is not constrained by physical limits, and is easily scalable making it an obvious choice for start-ups. Cloud computing makes state-of-the-art capability available to anyone with an internet connection and a browser, reducing hardware and IT personnel costs.

Cloud services and software applications are managed and upgraded off-site by the provider, meaning organisations can access technology they would not have been able to afford to install and manage on their own. The popularity of the cloud essentially comes down to its provision of advanced, next-generation IT resources in an environment that is cheaper and more scalable than local networks.

The risks involved with cloud computing are mostly security-based. Clouds are often made up of multiple entities, which means that no configuration can be more secure than its weakest link. The link between separate entities means that attacks to multiple sites can occur simultaneously. When cloud providers do not employ adequate cyber security measures, those clouds become a target for cybercriminals.

Yet, its not all bad news. A user survey conducted by one cloud service provider found that concerns about security fell to 25% compared to 29% last year. And as more becomes known about security risks so too does our knowledge around what organisations can do to protect themselves.

The Cloud Security Alliance (CSA) released its Treacherous Twelve in March 2016 detailing the top 12 threats to cloud security based on responses from their members. At the top of this list was data breaches.

Any leak or exposure of sensitive information such as usernames, passwords, credit card numbers, social security and health records constitutes a data breach. The organisation, and not the cloud service provider, is ultimately accountable for keeping their data secure.

When a data breach does occur, a company could be fined or face criminal changes, regardless of whether it was intentional or not. Even though cloud service providers will deploy a high level of security measures, the CSA advises organisations to implement a multifactor authentication and encryption system on the user end to protect against data breaches. This could involve single-use passwords, smartcards, or phone-based authentication.

These multifactor authentication processes can also work to prevent the occurrence of compromised credentials, which can expose an organisation to a data breach. Commonly, data breaches and cyber security attacks rely on lax security systems like predictable passwords and poor certificate management.

Allocating permissions within an organisation is another area where credentials could be compromised if they are misallocated or not removed when a user leaves or changes roles. As well as multifactor authentication, companies should prohibit the sharing of account credentials and ensure permissions are allocated or removed as soon as is necessary.

Organisations can also increase their chances of avoiding a data breach by implementing proper training. Innocent mistakes can often look like deliberately harmful insider activity. Would your data administrators ever unintentionally copy sensitive customer information over to a publicly accessible server? The only way to be truly confident in a workforce and prevent mistakes happening in the cloud is to implement correct training and management.

While the cloud may differ to local networks in many ways, its data centres remain just as susceptible to damage or destruction by natural disasters. To avoid losing data to fires and floods, distribute data and applications across more than one zone. Implement appropriate data backup procedures, and adopt best practices in business continuity and disaster recovery.

Consider using off-site storage for data that, if lost, would result in its own kind of disaster. As the General Data Protection Regulation (GDPR) start date approaches, protecting your data is more important than ever. GDPR sees both data destruction and corruptions as serious breaches.

>See also: What to do when it comes to cloud security?

It would be unwise and certainly a bad business decision for an organisation to not take advantage of the technological advances made by the cloud. More than that, however, cloud computing services and applications also support growth in a way that traditional IT hardware cannot. Whether it is a start-up with a handful of staff, or a multinational corporation with a headcount of thousands, the cloud continues to be the way of the future.

Over the next years and decades, the regulations and laws around data in the cloud will come into maturity. Like many times in the past, governments are moving slower than the technology when it comes to implementing policies and law. Decisions made in the courts will instead set the precedent of who is ultimately responsible for the security of information stored within the cloud. In the meantime, organisations around the world can focus on self-regulation as they tackle cyber security in the cloud.

Sourced from Dean Sappey, president and co-founder, DocsCorp

Follow this link:
How to approach cloud computing and cyber security in 2017 - Information Age

In a recent article which focused on cloud security I presented a comparison between security-as-a-service and traditional style security tooling in the cloud. This installment is a deeper dive into the security as a service (SECaaS) paradigm.

It would seem to me that a natural outgrowth of the cloud computing and 'everything as a service' paradigm that the technology world is undergoing, would be that the tools and services we use to manage and secure our cloud environments also move into an as a service mode.

In much the way one would expect, SECaaS works under the principle of a small agent controlled from an external service provider. It is not so different conceptually from controlling a number of firewalls (virtual or physical) from an external management console.

Heres how it works. A security administrator sets the policy for the service in the SECaaS provider cloud, using online management tools, and sets what policy or policies applies to a group of VMs classified by any number of criteria.

Then, the SECaaS services governs the security activity within and around the VM via a lightweight, generic, agent installed within the VM. When a new VM is created out of a template the agent is included in the image.

Finally, the agent executes various security functions according to the direction/policy communicated from within the providers cloud environment.

For example, the security administrator creates a segmentation policy that all webserver VMs will only accept traffic on ports 80 and 443. The administrator creates a policy in the SECaaS cloud which is transmitted to the agents on all webserver VMs in the environment. The agent then acts to block and/or allow traffic as per this and other policies that apply to this type of VM.

The advantages of using a SECaaS solution include:

As more organisations continue to adopt and move to the public cloud it becomes even more critical to secure those environments, applications and services. SECaaS providers continue to enhance their offerings and continue to add specific security services to their portfolios. As SECaaS matures it becomes an even more viable option for securing enterprise public and hybrid cloud deployments.

Read more: Cloud security best practice: Security as a service or cloud security tooling?

Read more here:
A deeper dive into cloud security as a service: Advantages and issues - Cloud Tech