Category Archives: Software

Despite Considerable Kool-Aid Consumption, Security Heads for the Cloud

Kool Aid Man

This article looks at cloud as the final frontier for security, exploring the topic as follows:

  • CSO: 5 Ways Security Solutions Will Change
  • Change #1 – Web as Network Perimeter
  • Change #2 – SaaS Beats Out Endpoint Solutions: Swig of Kool-Aid
  • Change #3 – Integration of Network and Endpoint Protection
  • Change #4 – Transition from Alerts to Smart Use of Data
  • Change #5 – Internet of Things Will Use Cloud Protections as Its Basis
  • Superb Internet: Audited and Certified

CSO: 5 Ways Security Solutions Will Change

Security isn’t running away from the cloud but moving toward it. After all, the third platform (cloud, social, big data, and mobile) is where the action is.

That’s the thrust of a message by Paul Lipman of iSheriff, who wrote in CSO magazine last week that the standard methods businesses have used for security in the past are “insufficient for modern businesses.” While the third platform continues to build and overtake the second platform (personal computers) as the primary means through which the Internet is used, across-the-board security systems can help companies to streamline their operations and scale effectively.

Lipman argues that the current, highly disruptive state of technology – led by red-hot segments such as cloud computing, the Internet of Things, and data analytics – is prompting security professionals to come up with innovative means to protect the enterprise. Whitman argues that five major shifts will occur in the security world in response to the turbulently competitive, increasingly virtualized environment:

Change #1 – Web as Network Perimeter

Even just in the recent past, security officials at companies were concerned with preventing unauthorized intrusion into the network, accomplishing that goal through a variety of in-house applications and hardware. That worked fine when everything was contained within the enterprise’s firewall – which of course is not the case anymore.

Now, the chief information security officer (CISO) grapples with a bring-your-own-device (BYOB) environment in which employees tap into corporate apps based in the public cloud through their cell phones and tablets. The result? Says Lipman, “The potential attack surface has expanded from the corporate network perimeter – which was challenging enough to protect – to encompassing a completely unbounded environment.”

One area that has been growing as a result is cloud-based security, Security-as-a-Service. Three critical notes related to that approach:

  • It means the company no longer needs to backhaul traffic.
  • It creates a consistent umbrella of security that is ultimately managed by the CISO and adapts reasonably to the parameters of user privileges, network of access, and applications.
  • It positions the organization on “high ground,” with lightning-fast real-time monitoring.

Change #2 – SaaS Beats Out Endpoint Solutions

Okay, so let’s get real here. This article is written by a guy who is the CEO of a cloud security company, so it’s not all that surprising that he projects a bright future for his business. Yummy, that Kool-Aid is good! What is it, grape? Well, you call it cherry. I call it grape. We agree to disagree. Life isn’t about getting it right.

Nonetheless, Lipman does have a strong argument in terms of the challenge of integration of multiple endpoint products. The differentiation of security applications throughout the enterprise creates gaps, which means that the CISO’s experience becomes foggy: they can’t see everything. Cloud security could better fuse together the system and, surprisingly, improve clarity.

Change #3 – Integration of Network and EndpointProtection

Up to this point, security companies have created two different types of products for two different audiences: network solutions and endpoint solutions. That approach doesn’t cut it in the current threat environment: “The network layer [needs] to become aware of, and responsive to, endpoint device activity both on-network and off-network.”

What if a handful of PCs at one of your company’s locations start shooting out packets of information to a possibly criminal IP address in Russia? You can stop it immediately if your system is properly integrated, forming a web of protection that Lipman compares to the body’s connective tissue, fascia.

Change #4 – Transition from Alerts to Smart Use of Data

You don’t want to rely on fire alarms. You want predictive analysis that can prevent fires before they start. Hence, we move from alert systems to intelligent security.

When we pull all the elements of security together into one unified front, we can look at interactions and potential aberrations within the intranet, endpoint hardware, SaaS and cloud virtual machine environments, and the overall Web – creating a comprehensive strategy that is “impossible with today’s organizationally silo’d, event-driven approaches.”

Change #5 – Internet of Things Will Use Cloud Protections as Its Basis

The advancement of the Internet of Things is unlikely without security organized and delivered through the cloud. Whether iSheriff represents the best possible platform or not, many commentators have noted that the Internet of Things is at this point highly questionable due to the ridiculous lack of security exhibited by many devices. Along those lines, Lipman makes a sound point: many connected appliances have low processing capabilities, so it would be “impossible or prohibitively expensive” to enable security at the level of the device.

Superb Internet: Audited and Certified

Everyone knows that you need to set up your public cloud environment to optimize your security. That should be a no-brainer. It’s the reason why private and hybrid clouds are becoming so popular: speed, reliability, and enhanced protection as needed.

Still, don’t trust anyone with your cloud infrastructure. Superb Internet is audited and certified to meet three internationally recognized standards. Plus, we won’t waste your time. As our customer Howard Barr said, “I use three other hosting companies, and none of them are as efficient as Superb.”

Try out our Cost Estimator today.

By Kent Roberts

Image Credit: Licensed for Free Use via Flickr

Talkin’ Cloud: 46% of Firms Buying More Software as a Service

Business Cloud

Cloud computing has been growing enormously over the last two years, attracting attention not just from businesspeople and journalists but from research firms as well. Gartner, MarketsandMarkets, and similar organizations that analyze industries to suggest trends and forecast growth have tracked and projected the rise of the cloud model..

A recent study by IDC, published in December 2013, explored the growth of software as a service, which IDC also called “cloud software.” The total revenue generated for SaaS solutions in 2012 was $28 billion, 28.4% higher than the previous year. IDC stated that this segment will continue to grow at a remarkable pace, achieving a 22% compound annual growth rate to exceed $76 billion in 2017. Furthermore, the software as a service market will expand nearly 400% more rapidly than the general software industry. Three years from now, cloud software will represent 17% of all business software purchases.

This particular cloud product has been a popular choice for many businesses wanting to test out distributed virtual environments. IDC’s cloud VP, Robert P. Mahowald, noted that in the IT world, public cloud and software as a service are at the center of a “transformation [that] is the number one strategic goal of all major IT product vendors.”

A recent report released by cloud publication Talkin’ Cloud generally agrees with cloud software growth predictions released elsewhere and, by looking directly at the perspectives of cloud service providers, gives us an inside peek at how hosting providers are adjusting to demand. We will review that cloud analysis, which was just released on October 14, in detail. First, though, let’s look at the three major types of cloud service (of course, skip down if you already know that stuff).

SPI Cloud Model

Techopedia notes that cloud computing is often arranged into the software, platform, infrastructure model – also called the SPI model. TechTarget describes the three components of the SPI model as follows:

  • Software as a Service (SaaS) – provision of software by a cloud host through the Internet or another network;
  • Platform as a Service (PaaS) – a way to use an operating system and related technology through the web rather than having to download updates; and
  • Infrastructure as a Service (IaaS) – an arrangement with a third-party organization to provide backend hardware for any of a company’s digital needs, such as operations and storage.

Survey: What Type of Cloud Service for 2014?

Much of the conversation on cloud has turned toward the security and access categorization: public versus private versus community (the latter a collaborative effort in which several organizations share cloud infrastructure that was just adopted by Salesforce). The other basic way to designate cloud is in terms of the service provided: software as a service (SaaS) vs. platform as a service (PaaS) vs.infrastructure as a service (IaaS).

Talkin’ Cloud (TC) asked visitors to its website what type of cloud service was accounting for the most increased expenditure during 2014. The press release issued by TC noted the responses to the survey, alongside information regarding the cloud offerings of hosting providers derived from the 2014 Talkin’ Cloud 100 Survey.

The Weekly Poll

The poll asked specifically, “Will you invest more in SaaS, PaaS or IaaS in 2014?” The results were as follows, based on the responses of 66 individuals:

  • SaaS – 31 votes (46%)
  • IaaS– 22 votes (33%)
  • PaaS – 14 votes (21%).

Granted, TC noted that the survey is “unscientific,” and a quick test revealed that it is possible to vote twice from the same IP address. That said, it provides an opening for discussion.

In commentary related to the poll, CJ Arlotta of TC wrote that SaaS was defining itself at the top choice for cloud investment by companies. Arlotta also remarked that Salesforce (mentioned above regarding community clouds) was a market leader in platform as a service with its customer relationship management (CRM) offerings.

Relationship to 2014 Talkin’ Cloud 100 Survey

The weekly poll is somewhat limited and superficial because it only asks one question. However, TC has also collected a huge amount of information from 100 worldwide cloud service providers through an annual survey. That survey serves as a reflective complement to the weekly poll, offering a glimpse of provider perspectives to accompany those of customers. The principal findings are as follows:

1.) The amount of focus paid by providers to the various cloud services did not change significantly between 2012 and 2013. Most providers had plans available for each of the three types, with emphasis on software as seen with the weekly poll:

  • 81% cloud software;
  • 71% cloud infrastructure; and
  • 54% cloud platform.

2.) What is the function of the cloud software, though? The breakdown of the various types of SaaS offerings is as follows:

  • 70% disaster recovery and/or backup;
  • 69% email;
  • 62% email security;
  • 62% storage; and
  • 56% general security.

Notably, the general security software option has taken a nosedive since last year, when 68% of respondents were providing applications of that type.

The Power of Solid State Drives

It’s clear that the cloud hosting industry is a solid market, with businesses agreeing more all the time that it holds incredible organizational value. Superb Internet is solid with its cloud, leaving SATA-format hard disk drives (HDDs) behind for solid state drives (SSDs): the latter are faster and more durable, with no moving parts. That’s one reason your business can move 40 times faster with us than the competition. Sign up today!

By Kent Roberts

 

Xen vs. OpenVZ & Shoelaces vs. Velcro, Part 2

 

Xen Topology
 Xen Topology (Photo credit: lindztrom)

At Superb Internet, we have virtual private servers (VPSs) as an alternative to dedicated or shared hosting. As you may be aware, the VPS solution lies between dedicated and shared. Essentially, it allows you a plot of server soil to call your own while not causing you to have to bear the upfront cost and maintenance expenses of an entire independent server.

In this article, we are looking at two potential platforms you can use to establish and run a VPS: Xen and OpenVZ. The comments of Scott Yang (HostingFu), VPS6.net (via HostingDiscussion.com), and Steven (The Linux Fix) all bolster our sense of the subject and provide a well-rounded picture. Note that our company works specifically with OpenVZ – and the reasoning for that is briefly provided at the conclusion of this three-part series.
Continue reading Xen vs. OpenVZ & Shoelaces vs. Velcro, Part 2

Using CloudFlare to protect and speed up your website & brain

 

Wow! If you run a forum you need Cloudflare - ...
Wow! If you run a forum you need Cloudflare - it cut my webserver CPU usage in half!

Speed: it’s crucial online. The rate at which a page loads is important both to keep customers happy and to keep them from leaving your site. However, your site’s speed is not just about UX (user experience) but about search engine rankings. That latter factor is becoming more and more important as the Google algorithm weighs it more heavily. Tumblr’s servers, for example, do not meet Google’s standards for speed.

Obviously the speed at which your site populates content depends on a mixture of diverse factors. For example, how many images do you have on your page? Are they compressed? What type of hardware are using (server, etc.)? Are there a lot of WordPress plugins on your site? Simple sites running off of great equipment load very quickly, and complex sites on clunky equipment don’t. However, there is a cheat.

CloudFlare is that cheat. It’s free. It makes your site faster. It makes it more difficult for spammers to harass you. It strengthens the security of your site. I know… It sounds implausible. In this three-part series, we will look at CloudFlare from a variety of different angles.
Continue reading Using CloudFlare to protect and speed up your website & brain

How to improve your ecommerce server security & love yourself

 

SSL

Server security is one of the first things we should consider when we get ready to go into online business, and it’s a factor of the market that should be regularly reviewed. PCI compliance is one thing, but it’s a little obtuse and complicated when we’re taking initial steps to “harden” (enhance the protections of) the server.

Also we must love ourselves. Sometimes everything looks bright and sunny. Sometimes, it looks blue (that’s not a happy color). Sometimes it looks dreary and gray. When we start seeing colors that make us want to cry, we must grab all of our stuffed animals, line them up in a row, and have them sing the Hallelujah Chorus to us (don’t worry, all stuffed animals know it by heart).

We’ll look at a number of different issues in this series: SSL, perimeter security such as firewalls, passwords, site backups, policies, authorizations, etc.. Our general overview will cover the first two parts, and then the final part will focus specifically on passwords – the simplest form of protection but also the simplest, in some ways, to penetrate.
Continue reading How to improve your ecommerce server security & love yourself

Many Different Flavors of Linux: A Look at Distros & How They Taste – Part 3

 

Logo Puppy Linux

To quickly review our previous discussion, we are discussing the different types of Linux. Linux, along with Windows, is one of the two basic operating systems used on servers. It’s also used on personal desktops, though not nearly as frequently (meaning it’s a tiny percentage of consumer use). The basis for that is because IT folks appreciate the control, freedom, and security Linux allows – like any open-source software, its source code is accessible and changeable – so they build it into networks.

Because the source code is changeable, it invites experimentation, in a similar way to a chef who learns the basic recipes of other chefs and then elaborates on them to concoct his own version. Linux in this way is unlike Microsoft code, which is, for better (one simple standard) and worse (lack of access and freedom) inaccessible (well, sorta) and unmanipulable (legally speaking). Standardization with Microsoft allows one efficient and predictable taste. Experimentation with Linux allows manifold community recipes.

Linux is delicious—so delicious, in fact, that some people can’t get enough, even if it’s awkward to pull out the OS and get a brief blast to the tastebuds. A key example is when Bill Gates was riding a glass elevator with me in Chicago, Illinois. He suddenly started speaking rapidly into a microsensor on his arm, “Open Linux Mint. Must feel something. Sixteen-year-old virtual reality overlord removing my feeling code. My love for Cinnamon Bun is dying. Sad Bill. Where are my pills?” Though Cinnamon Bun was his dog, it did not appear that his arm heard him, or that he was the real Bill Gates.
Continue reading Many Different Flavors of Linux: A Look at Distros & How They Taste – Part 3