RESTON, Va.--(BUSINESS WIRE)--OVHcloud US, a leading global cloud provider, today announced the availability of its managed Kubernetes Service. Kubernetes combined with OVHclouds Public Cloud service provides the perfect platform on which to build and operate scalable cloud-native applications with on-demand computing and storage resources.

As a managed service, in addition to maintaining the underlying hardware, OVHcloud also manages the Kubernetes software stack, keeping it up-to-date with critical updates associated with bugs and security patches. OVHclouds Kubernetes also delivers load-balancer and auto-scaling capabilities, giving developers the ability to start small with entry-level instances and then upgrade to more powerful instances when moving to larger-scale production.

The ability to deploy, manage, and scale consistent and secure-by-default Kubernetes instances on demand defines what it means to be cloud-native. The power of our managed Kubernetes in our Public Cloud environment allows teams to iterate faster, automate more aggressively, and exploit modern application-lifecycle paradigms. With an overwhelming amount of production applications expected to be cloud native within the next 18-24 months, this solution addresses the major challenges developers face in delivering superior software quickly, said Jeffrey Gregor, General Manager, OVHcloud US.

Key features of OVHclouds Free Managed Kubernetes Service

Kubernetes in combination with OVHclouds Public Cloud on-demand resources and pay-as-you-go consumption model provides access to several important features, including:

Additional details on this new product offering can be found at us.ovhcloud.com/public-cloud/.

About OVHcloud US

OVHcloud US is a subsidiary of OVHcloud, a global cloud provider that specializes in delivering industry-leading performance and cost-effective solutions to better manage, secure, and scale data. OVHcloud US delivers bare metal servers, hosted private cloud, and hybrid and public cloud solutions, and was recognized as a "Strong performer" in Forrester's Hosted Private Cloud Services in North America (2Q2020) and as a "Contender" in the IDC Worldwide Public Cloud as a Service Vendor Assessment (2020). OVHcloud manages 32 data centers across 12 sites on four continents, manufactures its own servers, builds its own data centers, and deploys its own fiber-optic global network to achieve maximum efficiency. Through the OVHcloud spirit of challenging the status quo, the company brings freedom, security, and innovation to solve data challenges today and tomorrow. With a 21-year heritage, OVHcloud is committed to developing responsible technology and strives to be the driving force behind the next cloud evolution. https://us.ovhcloud.com.

Follow this link:
OVHcloud US Announces the Availability of Managed Kubernetes Services - Business Wire

Enterprises are struggling with a swelling number of cloud identities, credentials sprawl and privilege creep. Gartner has sounded the alarm: by 2023, 75% of cloud security failures will result from inadequate management of identities, access and privileges.

Its time to tame the beast.

But first, we need to understand the components of an entitlement that can put security at risk. They can be broken down into: entities, identities, permissions and resources.

An entity is just what it sounds likea person, machine, service or application that needs access.

Identities can be cloud identity systems, on-premise identity systems, SaaS applications, etc. And theyre not always humans; they could be compute resources needed to complete a business function, like an application or a virtual machine using a service identity.

Identities do not necessarily have to belong to users or applications within your organization. We are seeing a sharp growth in what we call third-party identities belonging to vendors that need access to your public cloud infrastructure in order to provide some operational or business value. These can include security vendors, cost optimization vendors, etc.

These identities become more complicated depending on which public cloud infrastructure youre using. Each cloud platform manages identities differently, for example Microsoft Azure uses Azure Active Directory.

Meanwhile, many organizations also use on-premises identity systems, which are external to the cloud service provider. In these hybrid environments, users have two (or more) identities, a cloud platform specific identity and a federated identity to access the cloud infrastructure from on-premises identity systems.

Finally, every identity has entitlements or permissions such as the ability to read and write files, granted by policies associatedwith the cloud platform or custom-written by the organization based on the identitys roles and access. In addition, entitlements are linked to a specific resource or a group of resources, which could be virtual machines, containers, databases, serversor secrets such as encryption keys.

Entitlements can also be granted to identities in a number of ways that further complicate their management. These include:

To start connecting the dots between entities, identities, permissions and resources, an organization first needs to understand the permission structure of each cloud provider, whether its AWS, Azure, GCP or whomever. Each uses pre-baked permission policies that can lead to privilege creep. These policies tend to be extremely over-provisioned; we see many cases of DevOps or developers assigning administrative-type of policies to applications and resources such as databases, storage and machine IDs.

There are very few applications that really need the ability to read, write and delete all the storage services in your environment. Usually an application would be using a specific storage service to fulfill its business function. Savvy organizations are recognizing this risk and moving to custom-managed policies or policies that allow them to granularly control permissions.

Managing permissions starts with visibility. You have to be able to discover all the human and machine identities in the environment. Then you have to be able to map all the permission structures, identities and resources to answer one basic question: Who can access sensitive data in my environment?

Answering that question requires mapping permissions and analyzing the broader security context of your resources, such as their network exposure and who can update their configurations. You have to be able to remove stale access and do it at scale. In most cases, the number of permissions that the environment really requires is around 10% to 20% of the actual number that are provisioned.

This requires determining riskwhich users and machines have access to sensitive resources. You have to be able to identify excessive permissions, right-size them and remediate security problems such as lack of multi-factor authentication or failing to rotate access keys. This includes detecting and automatically removing inactive identities.

The biggest barrier to this exercise is the effort involved. Its impossible to do it manually; were talking about hundreds of thousands of users and resources, maybe even millions. Analytics can help you review access policies to provide a clearer picture of the organizations security posture vis-a-vis identities and their entitlements.

Its also difficult to address these challenges using tools that come with each cloud platform since they lack the granularity to capture and unravel the complexities of all the privileges attached to identities. They can look at a specific user and understand the permissions attached to that user directly, but they will miss groupings, or chaining of identities inside your organization that can introduce risk. They also miss the broader network context, like the ability to understand if an application is exposed to the internet.

If you are using more than one cloud platform, cloud provider tools will not be able to manage identities and permissions in other cloud infrastructures.

Cloud platform agonistic automation technology is available for managing identities and permissions at scale. By providing visibility into over privileged user and machine accounts its possible to tame the wilderness that cloud entitlements have become for many organizations.

ABOUT THE AUTHOR

Arick Goomanovsky, Chief Business Officer of Ermetic

Excerpt from:
Taming the Overprivileged Cloud | eWEEK - eWeek

Planning a cloud migration is like going on a trip. Its important to double-check that everything you need is in your suitcase and make sure that all travel sections are on time. When an administrator moves a VM to the cloud, they need to make sure they have the right tools and enough storage to move all their critical virtual infrastructure. Microsofts Azure Migrate can help with this type of task.

Microsoft Azure Migrate It provides IT teams with a centralized portal for discovering, evaluating, and migrating systems and data from their on-premises infrastructure to the Azure cloud.

Administrators can use the portal to move physical and virtual servers, VDIs, databases, web applications, and large datasets. You can use Azure Migrate to migrate your VMs to Azure in private and public clouds. This service is included in your Azure subscription at no additional cost.

Azure Migrate provides a single portal for managing the entire VM migration process. The portal guides administrators through the discovery, evaluation, and migration phases and provides end-to-end operational visibility. Administrators can start, run, track, and analyze workflows.

These tools allow administrators to perform a variety of tasks based on the system or data type they plan to migrate. Organizations need to be aware that Azure Migrate is a one-way service specifically designed to move servers, applications, and data to Azure.

The portal includes:

Azure Migrate also integrates several third-party tools such as Carbonite, Lakeside, RackWare, and UnifyCloud.

For certain operations, the administrator Install a lightweight appliance For infrastructure setup. Azure Migrate uses this appliance to discover and evaluate physical servers, VMware VMs, and Hyper-V VMs. A single Azure Migrate appliance can discover up to 1,000 physical servers, 10,000 VMware VMs, and 5,000 Hyper-V VMs. You can also use the appliance to perform agentless migration of your on-premises VMware VMs.

For administrators who are already using Azure, the service is free, so try Azure Migrate to minimize the risk. However, you may still incur charges if you are using integrated third-party tools or certain Azure services. The Database Migration Service Tool is free for the first 180 days only.

To better understand how Azure Migrate works, administrators need to refer to specific use cases. Suppose your IT department decides to migrate your on-premises Hyper-V VM to an Azure VM.

For this, administrators can use server evaluation and server migration tools with the Azure Migrate appliance. The entire migration process can be divided into three basic phases: discovery, evaluation, and migration.

These steps are short versions of the steps that an administrator must perform on a Hyper-V VM, but they should serve as an overview.

Before attempting to migrate a VM, please refer to the Azure Migrate documentation and pay close attention to potential limits and workload requirements.

Administrators can discover and evaluate up to 35,000 Hyper-V VMs in a single Azure Migrate project. However, a single appliance instance can only detect 5,000 Hyper-V VMs, distributed across 300 Hyper-V hosts. That said, administrators can deploy multiple appliances and create multiple projects. The project can include physical servers, VMware VMs, and Hyper-V VMs.

Hyper-V hosts can be standalone machines or deployed in clusters. It can be used as a server core installation, but the host must have administrator privileges.In addition, the system PowerShell remoting must be enabled, And Hyper-V Integration Services must run on the evaluated VM.

Administrators should consider port settings and storage limits. Azure Migrate only supports Integrated Drive Electronics and SCSI virtual controllers. The system cannot detect machine metadata or dynamic performance data for Hyper-V VMs, but it can for VMware VMs. However, even VMware VMs are limited to detection, not evaluation.

Read more from the original source:
Easily transfer VMs to the cloud with Microsoft Azure Migrate - Illinoisnewstoday.com

During the COVID-19 pandemic, many enterprises faced immense operational resilience challenges. As such, the pandemic accelerated the shift to the cloud. This sudden shift to an online, no-contact economy prompted what Microsoft CEO Satya Nadella said was "two years' worth of digital transformation in two months."

Cloud platforms helped companies deploy new digital customer experiences in days rather than months, supporting analytics, agility and scalability that would be uneconomical or impossible with legacy platforms.

Yet, at the same time, numerous opportunities were presented to cybercriminals who exploited the new operating environment and preyed on a remote and vulnerable workforce. Data residing on premises and in the cloud quickly became a natural target for bad actors. The seemingly overnight shift of enterprise data to the cloud increased the number of possible failure points in security systems. In fact, McAfee reported a 630% increase in attack attempts from external threat actors on its customer's cloud accounts in early 2020.

This reality has driven enterprises to build an effective cloud security architecture and strategy -- but the path to achieving this has not been an easy one.

While organizational inertia to move to the cloud might have been overcome due to the pandemic, the shift itself is not without three major complexities:

Challenge No. 1: Confusion around the shared responsibility model hasn't helped the situation.

Public cloud providers take responsibility for their clouds' security, but they don't take responsibility for their clients' applications, servers and data security. Companies must encrypt and secure their own data. Yet, many enterprises leave data unencrypted on the cloud or do not implement available encryption tools and management services. Additionally, companies need to invest in a variety of tools, including antimalware, antivirus and secure web gateways, from cloud service providers to protect their data.

Challenge No. 2: CISOs must establish a solid foundation for their cloud security architecture on a security framework that can help define and prioritize risk areas.

Begin by identifying organizational requirements and completing security risk assessments. Next, implement safeguards to ensure infrastructure can self-sustain during an attack. The framework will have to use detection systems to monitor networks and identify security-related events, which will then launch countermeasures to combat potential or active threats. Finally, the framework will need inbuilt recovery capabilities to restore system capabilities and network services in the event of a disruption.

Challenge No. 3: CISOs have to prepare for the worst and hope for the best.

Focus remediation efforts and align security policies across the digital landscape by embedding security in the enterprise architecture. When migrating workloads to the cloud, the security architecture will clearly define how an organization should identify users and manage their access, and protect applications and data, with appropriate security controls across networks, data and applications. It also helps provide visibility into security, compliance and threat posture while injecting security-based principles into the development and operation of cloud-based services.

Cybersecurity regulations are evolving rapidly with the threat landscape, so architectures should design strict security policies and governances to meet compliance standards. CISOs also have the challenge of designing systems that cater to authentication and authorization needs of both on-premises and cloud workloads, which have different protocols. Finally, the IT team should build a centralized dashboard and reporting for security metrics before cloud operations begin.

Security concerns within the cloud landscape are complex due to rapid development. This complexity requires a paradigm shift to protect applications. It can be achieved by migrating from a perimeter-based approach to one where security moves closer to dynamic workloads that are identified based on attributes and metadata. This approach identifies and secures workloads to meet the scale needs of cloud-native applications while accommodating constant flux.

The cloud paradigm requires enterprises to upgrade their legacy technologies and increase automation in the application security lifecycle and secure-by-design architectures. Cloud-native security can be modeled in distinct phases that constitute the application lifecycle -- development, distribution, deployment and operation. This ensures security is embedded throughout these phases instead of separately managed. In addition to cloud-native security controls, add-on components such as security groups and network access control lists for firewalls and distributed denial-of-service attack mitigation must be implemented. AI will also become a core component of all cybersecurity systems to address vulnerabilities and detect security issues.

Cloud security services should safeguard physical infrastructure, applications, data, networks and endpoint devices with a proven technology reference architecture for quality assurance and risk management. Adapting existing authentication methods to enable consistent access control for cloud and on-premises network resources is the route toward greater security. Use real-time security monitoring and reporting to address cloud-specific, industry and compliance standards.

Cloud architects and systems designers must incorporate network security appliances at the design stage for unified control of distributed IT resources. Security protocols should combine multifactor authentication protocols and role-based access control systems. Cloud security itself remains an interdisciplinary field that cannot be isolated from the development lifecycle or treated as a purely technical domain. In the same vein, cybersecurity is not just an IT problem, it is a business problem. For it to be ultimately effective, organizations must focus on people, process and technology to make necessary changes and ensure security is practiced and embedded as part of the company's DNA.

About the author

Anant R. Adya is the senior vice president of cloud, infrastructure and security (CIS) services at Infosys. Adya is responsible for growth of the CIS service line in the Americas and Asia-Pacific regions for Infosys. In his 25 years of professional experience, he has worked closely with many global clients to help define and build their cloud and infrastructure strategies and run end-to-end IT operations. He currently works with customers and the industry sales and engagement teams on the digital transformation journey. He defines digital transformation as helping customers determine the location of workloads, using new-age development tools for cloud apps, enabling DevOps and, most importantly, keeping the environment secure and enhancing customer experience.

Here is the original post:
Invest in cloud security to future-proof your organization - TechTarget

Results from a TechRepublic Premium survey show that more respondents are using a hybrid combination of internal and cloud servers than they were in 2020.

Image: iStock/metamorworks

Picking the best IT infrastructure and tech vendor for your company is taxing in normal times, but it's even rifer with challenges during a global pandemic. That's what many small and medium businesses faced last year when COVID-19 caused them to accelerate digital transformation initiatives, software deployments and tech spends.

This is no easy task; as an organization's technology stack could mean the difference between operating a successful, innovative company or a struggling, unsustainable one. TechRepublic Premium wanted to find out how SMBs build their perfect technology infrastructure. So they conducted a survey and compared the results to a similar survey from last year.

SEE:Research: COVID-19 causes SMBs to increase IT deployment and spending(available free for TechRepublic Premium subscribers)

COVD-19 has impacted IT deployment and spending for 46% of respondents and affected the types of services SMBs tried, tested or experimented with over the last 12 months. In the previous year, only 27% experimented with Zoom, but that number rose to 60% in 2021.

Download this article and thousands of whitepapers and ebooks from our Premium library. Enjoy expert IT analyst briefings and access to the top IT professionals, all in an ad-free experience.

Consistent with last year's survey, SMBs continue to use Microsoft Office 365 (56%), Microsoft Azure (43%), and Amazon AWS (43%). However, the number of respondents who experimented and tested Google Cloud Platform (28%) was down from the 33% that experimented with the platform last year.

It's no surprise that SMBs are turning to cloud services for solutions. However, in 2021, 46% of respondents rely on internal on-premises systems, which is a stark decrease from the previous year's response of 63%. Also in 2021, some 44% of respondents use a hybrid combination of internal and cloud servers, which is notably higher than the 2020 survey result of 39%. Furthermore, survey results show that 26% of respondents use more than one cloud service, which is up significantly from the 17% reported in 2020.

The importance of fulfilling business needs has not changed much over the years. The 2021 survey reports that 45% of respondents believe fulfilling business needs is the most important factor when making decisions on IT deployment, which was the same sentiment reported in the 2020 survey.

The infographic below contains selected details from the research. To read more findings, plus analysis, download the full report:Research: COVID-19 causes SMBs to increase IT deployment and spending(available for TechRepublic Premium subscribers).

View post:
Research: SMBs rely on a mix of internal and cloud-based servers - TechRepublic