Resource on Demand

Call us today on or click here to email us

Category: Cloud Security

Bring Your Own Device

Posted on

The biggest mega-trends we have seen in 2012 are; SDN (Software-Defined Networking), cloud computing, social analytics, apps stores and BYOD (Bring Your Own Device), with the two biggest trends being cloud and BYOD. As we see the popularity of smart-devices now infiltrating the workplace, it has been a natural progression for people to want to use their own familiar devices to carry out work functions.

With this occurrence though comes real security risks, as data is no longer being protected via the IT Department. A recent study has shown that approximately 73% of enterprises have non-IT managed devices accessing company data.

Thomas Borrel of BlueCat Networks Inc, recently said “The main problems with the BYOD culture is how to have secure onboarding, how to prevent applications like DropBox being installed and how to restrict access to web browsers in order to prevent data leakage. The idea is not to force users to uninstall Apps they usually use at home, but how to prevent them accessing them within the four walls of the enterprise”.

Bring Your Own Device (BYOD)When it comes to protecting corporate data, there needs to be a good strategy behind how users can access the network. Therefore, individual devices should be made to registered onto the network, so that IT can manage users access privileges to corporate data and see when any conflicts occur. And in the event of lost or stolen devices, remotely clean corporate data from the device.

At present some of the BYOD processes can be very convoluted; as the user generally has to make a BYOD request, then read and sign the end user licence agreement, before connecting their device to a network to download software that then prevents the user from accessing certain applications from their device. The good news is, that as we start to see a sharp uptake of BYOD, so too are we seeing a much more automated and simpler process as enterprises now enforce compliance using Network Access Control (NAC) and device MAC addresses. So all the while your device is attached to the enterprise network if you try to access a restricted application, your device will be unable to locate the server and thereby preventing data leakage.

Generally if an enterprise embraces cloud technology they usually also adopt a mobile policy, but studies show that for now companies are still lagging behind when it comes to creating a BYOD strategy for the use of personal devices. But if you consider the value of corporate data and the risk of losing it and potentially your reputation, it is surprising that so few mobile conscientious companies have personal devices on their security radar.

 

 

 

 

 

 

Image from http://www.freedigitalphotos.net


Cloud Security reaches new heights

Posted on

Cloud SecurityAs many of you were enjoying the delights that Dreamforce had to offer, there were some of us, who were very much interested in Gartner’s Security & Risk Management Summits taking place around the globe.

It has long been acknowledged that security was a real issue for cloud computing, but the summits sought to bring together dozens of risk managers and IT security professionals to showcase risk and security products. Hot topics on the summit agenda was mobile applications & security; bring your own device (BYOD); cloud computing and security, governance risk and compliance and data loss prevention.

As mentioned in one of our previous blogs, according to Gartner, the biggest influences that are changing the way we approach IT are mobile, social, cloud and big data. But, with these changes we also see the challenges of transforming your business. In order to survive the challenges, whilst ensuring that your business continues to prosper you need to be building a strategic plan to deliver adequate protection, whilst understanding the four forces that are driving the change.

Security and IT managers need to really understand the business, whilst ensuring that IT is supporting the businesses goals. But to do this, you must first define the purpose of the business; its objectives and processes and understand where IT systems sit within this. Only then will you understand where security risks might lie, so that you can build a policy and an infrastructure around them.

It is predicted that around 52% of large enterprises are using some form of security services, but until now SME’s have struggled to overcome these challenges, as their resources determine that they would have to buy many products to offer them the same protection as larger enterprises. Business have not wanted to migrate from legacy systems to new platforms on their own, and as a result the service cloud providers are now looking to offer storage, system networking, computing and security all rolled into one neat package.

Michael Dell, CEO of Dell, said that they saw the need to offer security across connected devices, such as smart phones and laptops; infrastructure and cloud storage, and security as one seamless service. This level of structure is now offering small businesses the same level of protection that was previously unavailable to them, making the shift to the cloud suddenly much less daunting.

 

 

 

 

 

Image from http://www.freedigitalphotos.net


In ‘Cloud’ We Trust

Posted on

Cloud Industry ForumIt has long been acknowledged that cloud computing is leading IT in innovation, scalability and mobility, but with approximately 60% of companies now participating formally in cloud services (according to an independent survey conducted on behalf of CIF), this figure is set to increase as we head into the next twelve months.

Resource On Demand Limited, the UK’s leading cloud recruitment company, has confirmed that they have seen a sharp uptake of companies now utilising their services, as a direct result of adopting some form of cloud technology.

Director and founder, Lee Durrant, had this to say “In the first quarter of 2012 alone, we have seen an 84% increase in the number of clients, compared to previous years, now wishing to utilise our specialist recruitment services, in order to grow their cloud-IT teams”.

In previous years, cloud computing was seen by many organisations as too risky, but as we see spending increases in SaaS technology and a clearer understanding of cloud security, this figure has dropped from 10% to 3%.

Durrant went on to say “In previous years, we have mainly specialised in people with salesforce.com CRM skills, but as we see the confidence in cloud computing grow, we are now being approached by more clients asking us to assist in finding people with other skills too, and not just SaaS or cloud products, but PaaS and IaaS”.

This announcement comes as it was recently reported that with the growing success of SaaS products, we are now seeing more interest in PaaS (Platform-as-a-Service) and IaaS (Infrastructure-as-a-Service), which has been estimated will be worth a staggering $11 billion by the end of 2013.

It is predicted that over the next five years, we will see three quarters of all vendors building software with PaaS, as organisations find cloud alternatives can be deployed across private, public and hybrid platforms to address critical business challenges like Big Data.

 

 

 

Image courtesy of http://www.freedigitalphotos.net


Setting the Cloud Standard

Posted on

Following on from our article last week about the Cloud Industry Forum (CIF) and user adoption; also on the CIF agenda was the need for standardising the cloud industry to address some of the concerns raised by cloud adopters.

Cloud securityWhilst cloud security is still a concern, according to their survey, it is no longer stalling the buying process. In fact the main cause for concern among EU companies was sovereignty, as organisations want data stored locally. Of those end users not moving to the cloud 75% said their reason was to keep data in-house.

As new user adoption is set to grow by 25% over the next 12 months, so there has been a renewed effort to set some industry standards among the Cloud Service Providers (CSP). CIF are promoting their Code of Practice, which at present is an esteemed but voluntary certification that promotes CSPs to ensure there is transparency, accountability and capability within their offerings.

The recent survey by CIF showed that governance and hybrid management will take centre stage (i.e. data protection) as organisations will look to adopt best practice. It was reported that 78% of organisations would want to buy from a Certified Code Of Practice supplier, making implementation and management service skills critical to their decision making.

The CIFs message was clear for end users. Before signing up with any CSP, you need to think about the following:

  • Where will my data be stored/consolidated?
  • Who will have access to my data?
  • Usage and consumption needs?
  • Requirements to integrate with other applications?
  • How transparent is the CSP?
  • Where does accountability lay?

The CIF Code of Practice Certificate will provide a short-cut for cloud adopters to identify which CSPs have been assessed to ensure they have a transparent offering, they can provide value and a good level of professional and service quality.

Martin Banks, guest author for CIF had this to say “Technical standards are of decreasing relevance, except infrastructure, because whatever the users want to do, there are technical ways to do it. Many, many companies can come up with a technical solution or design an App, so standardisation at the IaaS/PaaS level is important, as this is the area that underpins the structure”.

CIF predicted that an increasing number of cloud adopters will require some form of standard certification from their CSP, which is likely to drive the need for voluntary certification into a regulatory requirement.


The 4th Annual Cloud Computing World Forum

Posted on

Once again the ROD team were out and about at the 4th Annual Cloud Computing World Forum event held in London.  Theresa Durrant, gives us her opinion on the two day event.

CCWF at Earls CourtWhilst the attendance was good, I was slightly disappointed with the lack of attendance from the likes of Google & Amazon. However, the two day event was packed with talks from some of the leading specialists, which saw the conference theatres struggle to find room to accommodate everyone.

The exhibitors were dominated by Infrastructure-as-a-Service (IaaS) Providers, Virtual Desktop Service Providers and those offering Cloud Security Solutions, which backed up the promise that this event was not aimed at technical people; but more at IT Managers and CIOs as a way to plan their future cloud and IT strategy.

I managed to attend several of the conference speeches and demonstration, including the Google App Demo by Jon Watson, and came away buzzing with ideas.

I was even fortunate enough to find a seat in the Microsoft theatre to listen to Matt Ballantine, Principle Evangelist. His topic was about Cloud & the Future of IT, but whilst the topic was very tantalising, the prediction proved to be very elusive. At the very start Ballantine informed us that his speech would reflect little on what his predictions were, and was merely a response to fit in with the title of the presentation. Slightly perturbed by this development, we sat on anyway, and listened to Ballantine outline his 5 practical approaches to his green field thinking strategy which included “Avoiding Stupider faster” and “Providing a service”. Not by any means ground breaking topics, but still very interesting and engaging none the less.

To sum up, strategy is no longer about IT projects with a business element, but is about business projects that have an IT solution. The future of any project should start with a holistic view of the organisation, before talking about systems. And whilst it might be tempting for CIOs to lock-down the desktop, beware this could be counterintuitive as it restricts innovation and experimentation.

All-in-all a very productive couple of days, with plenty of food for thought.