Cloud infrastructure

The Register – Researchers steal data from CPU cache shared by two VMs

A group of researchers say they can extract information from an Amazon Web Services virtual machine by probing the cache of a CPU it shares with other cloudy VMs.

A paper titled Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud (PDF) explains the challenges of extracting data from CPU cache, a very contested resource in which the OS, the hypervisor and applications all conduct frequent operations. All that activity makes a lot of noise, defying attempts to create a persistent communications channel.

Until now, as the researchers claim they’ve built “a high-throughput covert channel [that] can sustain transmission rates of more than 45 KBps on Amazon EC2”. They’ve even encrypted it: the technique establishes a TCP network within the cache and transmits data using SSH.

The results sound scarily impressive: a Black Hat Asia session detailing their work promised to peer into a host’s cache and stream video from VM to VM.

The paper explains that this stuff is not entirely new, but has hitherto also not been entirely successful because it’s been assumed that “error-correcting code can be directly applied, and the assumption that noise effectively eliminates covert channels.”

More of The Register article from Simon Sharwood

CIO Strategy / Cloud Computing / Cloud infrastructure / IT Governance / IT Strategy — Comments Off
05
Apr 17

CIO Insight – Despite the Cloud’s Value, Funds Are Often Wasted

On average, the IT pros surveyed said their organization wastes 30% of its cloud spend.

With its days as an emerging technology behind us, the cloud is now firmly established in the fabric of modern companies: Nearly all organizations are investing in the cloud in some way, according to a recent survey report, “State of the Cloud,” from RightScale. The hybrid cloud has emerged as the most preferred option, followed by the public cloud. Regardless of the chosen cloud pathway, companies are reaping the rewards of faster access to infrastructure, greater scalability, higher availability, quicker time to market and more assured business continuity. Challenges linger, however, especially in the form of security concerns and a lack of needed staffing expertise.

More of the CIO Insight slideshow from Dennis McCafferty

CIO Strategy / Cloud Computing / Cloud infrastructure / IT Governance / IT Security / IT Strategy — Comments Off
15
Mar 17

The Register – It’s time for our annual checkup on the circus that is the Internet Governance Forum

Unaccountable? Check. Pointlessly bureaucratic? Check. Blocking reform? Check

It’s March again so it must be time for an annual checkup on the Internet Governance Forum – the United Nations body that is tasked with working through the complex social, technological and economic issues associated with a global communications network, and runs an annual conference to that end.

Around this time every year, the IGF’s organizing group the Multistakeholder Advisory Group (MAG) meets in Geneva to decide how the annual conference will be structured and what topics it will cover, and to set the rules for how sessions and the conference itself will be run.

And we are pleased to announce for another year, the IGF remains a circus, an unaccountable and pointlessly bureaucratic organization that goes to great lengths to pretend it is open to everyone’s input and even greater lengths to make sure it isn’t.

At the two-day meeting, the IGF’s three core issues again took pride of place at the event:

Fantasy of democratic representation
Opaque decision-making and finances
Bureaucratic blocking of any efforts at reform

Let’s take a look at each:

More of The Register article from Kieren McCarthy

CIO Strategy / Cloud Computing / Cloud infrastructure / Digital Transformation / Disaster Recovery / IaaS / IT Security / IT Strategy — Comments Off
28
Feb 17

TheWHIR – 3 Steps to Ensure Cloud Stability in 2017

We’re reaching a point of maturity when it comes to cloud computing. Organizations are solidifying their cloud use-cases, understanding how cloud impacts their business, and are building entire IT models around the capabilities of cloud.

Cloud growth will only continue; Gartner recently said that more than $1 trillion in IT spending will, directly or indirectly, be affected by the shift to cloud during the next five years.

“Cloud-first strategies are the foundation for staying relevant in a fast-paced world,” said Ed Anderson, research vice president at Gartner. “The market for cloud services has grown to such an extent that it is now a notable percentage of total IT spending, helping to create a new generation of start-ups and ‘born in the cloud’ providers.”

Continuity Central – Report looks at the prevalence of business-critical custom applications

At the 8th Annual Cloud Security Alliance (CSA) Summit at RSA in San Francisco, Skyhigh Networks unveiled its ‘Custom Applications and IaaS Report 2017’ report.

Conducted in partnership with the CSA, the report is based on a broad survey of software development, IT administration, IT security, operations and devops professionals across the Americas, EMEA and Asa Pacific, involved in developing, deploying and securing custom applications. While respondents forecast rapid IaaS adoption, they at the same time expressed numerous unresolved concerns about the security and compliance of their custom applications in IaaS platforms.

“Custom applications are a core part of how our business operates, and moving these to the cloud provide IT an opportunity to ‘start fresh’ with the right visibility, controls and overall security, without getting in the way of business operations,” said Stephen Ward, CISO, TIAA. “Meeting our security requirements for our applications, as well as our IaaS environment, is absolutely critical to accomplishing our business goals for cloud and overall software programs.”

Some of the key findings from the survey include:

Every company is a software company. Every company has developers writing custom code to improve engagement with employees, partners and customers.

SearchCloudComputing – For enterprises, multicloud strategy remains a siloed approach

Although not mentioned in this article, enterprise cloud providers like Expedient are often a key player in the multicloud mix. Enterprise clouds deliver VMware or HyperV environments that require little or no retraining for the infrastructure staff.

Enterprises need a multicloud strategy to juggle AWS, Azure and Google Cloud Platform, but the long-held promise of portability remains more dream than reality.

Most enterprises utilize more than one of the hyperscale cloud providers, but “multicloud” remains a partitioned approach for corporate IT.

Amazon Web Services (AWS) continues to dominate the public cloud infrastructure market it essentially created a decade ago, but other platforms, especially Microsoft Azure, gained a foothold inside enterprises, too. As a result, companies must balance management of the disparate environments with questions of how deep to go on a single platform, all while the notion of connectivity of resources across clouds remains more theoretical than practical.

Similar to hybrid cloud before it, multicloud has an amorphous definition among IT pros as various stakeholders glom on to the latest buzzword to position themselves as relevant players. It has come to encompass everything from the use of multiple infrastructure as a service (IaaS) clouds, both public and private, to public IaaS alongside platform as a service (PaaS) and software as a service (SaaS).

More of the SearchCloudComputing article

CIO Strategy / Cloud Computing / Cloud infrastructure / Disaster Recovery / IT Security / IT Strategy — Comments Off
09
Feb 17

CIO Insight – Deep Insecurities: Things Just Keep Getting Worse

Ninety-three percent of companies’ security operation centers admit they’re not keeping up with the volume of threat alerts and incidents, putting them at risk.

Cyber-threats
Despite a growing focus on cyber-security—along with gobs of money and staff time thrown at the task—things just seem to get worse. According to a December 2016 report from McAfee Labs, 93 percent of organizations’ security operation centers admit that they are not keeping up with the volume of threat alerts and incidents, putting them at significant risk of moderate to severe breaches.

Altogether, 67 percent of the survey respondents (more than 400 security practitioners spanning multiple countries, industries and company sizes) reported an increase in security breaches. Yet, on average, organizations are unable to sufficiently investigate 25 percent of security alerts.

More of the CIO Insight article from Samuel Greengard

CIO Strategy / Cloud Computing / Cloud infrastructure / IT Governance / IT Strategy — Comments Off
02
Jan 17

Informatica – What is an Enterprise Architecture Maturity Model?

Enterprise IT is in a state of constant evolution. As a result, business processes and technologies become increasingly more difficult to change and more costly to keep up-to-date. The solution to this predicament is an Enterprise Architecture (EA) process that can provide a framework for an optimized IT portfolio. IT Optimization strategy should be based on a comprehensive set of architectural principles which ensure consistency and make IT more responsive, efficient, and economical.
The rationalization, standardization, and consolidation process helps organizations understand their current EA maturity level and move forward on the appropriate roadmap. As they undertake the IT Optimization journey, the IT architecture matures through several stages, leveraging IT Optimization Architecture Principles to attain each level of maturity.

Multiple Levels of Enterprise Architecture Maturity Model

Level 1: The first step involves helping a company develop its architecture vision and operating model, with attention to cost, globalization, investiture, or whatever is driving the company strategically.

GigaOM – The enterprise CIO is moving to a consumption-first paradigm

Take yourself back a couple of decades and the IT industry looked very different than it does today. Back then the number of solution choices was relatively limited and only available to those with the finances to afford it. Many of the core services had to be built from the ground up. Why? There simply wasn’t the volume or maturity of the IT marketplace for core services. Today, that picture is very different!

For example, consider email. Back in 1995, Microsoft Exchange was just a fledgling product that was less than two years old. The dominant email solutions were cc:Mail (acquired by Lotus in 1991), Lotus Notes (acquired by IBM in 1995) along with a myriad of mainframe, mini and UNIX-based mail servers.

Every enterprise had to setup and manage their individual email environment. Solutions like Google Apps and Microsoft 365 simply did not exist. There was no real alternative…except for outsourcing.

More of the GigaOM post from Tim Crawford

CIO Strategy / Cloud Computing / Cloud infrastructure / Digital Transformation / IT Strategy — Comments Off
29
Dec 16

Information Age – IT can make or break the success of a deal

This article is a couple of years old, but the topic of IT agility is more important than ever in the merger and acquisition space.

Businesses are increasingly under pressure to deliver value to stakeholders, particularly when undertaking bold initiatives such as mergers, acquisitions or asset disposals. This is the case not only for corporate acquirers but also for private equity (PE) firms, whose strategy is leaning toward add on acquisitions as a means of growing their portfolio companies.

Among the fundamental change brought on by mergers and acquisitions (M&A), management teams often require significant effort in restructuring or streamlining operations of acquired businesses to deliver success in the absence of financial engineering. But given the challenging success rate of M&A activity delivering realised value to organisations in the short and medium term how can those parties involve in M&A actually deliver realised value?

More of the Information Age article from Tony Qui

Doug Theis Leave your comfort zone.