|By Kevin Nikkhoo||
|December 20, 2012 09:00 AM EST||
Today's is a cautionary tale. One that you've probably heard before, but I promise a new spin on making sure it won't happen again.
It's a true story. It recently happened to a colleague's friend's business. But it is not an isolated incident. Because the information is sensitive and the wounds still raw, I have changed the names to protect the innocent and the not-so-innocent.
It was a dark and stormy night...
Dan is the CEO and CTO of a privately owned business that develops software tools to manage lease lifecycles and other financial information. His primary customer is commercial real estate agencies across the country. For the past 12 years, it has been highly successful despite some of the economic battering the housing market took over the past several years. The company clears somewhere in the neighborhood of 30-50 million per year. He employs about 150 people. And it is the story of one of those employees where the story takes a dark turn.
Recently Dan parted ways with his VP of Sales. Dan thought the split was amicable, but according to my colleague, in less than a month, Dan was confronted with the reality that the veep actually felt slighted, and allegedly took steps to hobble the company.
It seems several days after this employee left the company, he was able to access the network and allegedly remove client databases from the CRM, all his work files and even sent an "anonymous" message from the company's info@ email account to every customer decrying how Dan was personally trying to cheat them. And as a last "get stuffed" act was able to access several other applications and erased a good deal of data. Apparently he was able to clean his trail or else I would be talking about how this guy is currently being sued or in jail for theft. It is also why I cautiously use the word allegedly. Nonetheless, there was some serious damage done.
Now in terms of security, Dan had a decent firewall and anti-virus protection. He also had a log management solution for his financial compliance issue. Now the log didn't pick up any machine code of the veep's alleged visit because all the financial data required by the regulatory agency is on another server.
Now Dan is faced with several business issues and related costs of having to recreate the wheel, replace lost information and shore up security. Aside from the tribal knowledge and the recovery of the data, Dan's biggest mountain to climb is making sure something like this never happens again. If Dan relies on existing paradigms (buying new servers, workstations and 4 different software packages, finding a knowledgeable consultant to develop the processes, and development/deployment time) it is going to cost him a pocket load of front-ended capital expenditures, hundreds of man hours and other assets that will siphon resources from his core competencies.
If Dan REACTs and looks to the cloud, many of those headaches fade without the crushing blow to time, money and resources. REACT™ or Realtime Event and Access Correlation Technology is part of a game-changing holistic paradigm called UniSec (unified security) which delivers a comprehensive suite of solutions deployed and managed from the cloud. It comprises all the security elements that would've prevented Dan's breach and data theft and leverages all the various silos information into a centralized real time contextual analysis. In other words it provides 360o enterprise visibility to see who is doing what , when and where for any part of the IT landscape. It takes the historical backbone of Log Management, the intelligence of SIEM, the authenticating of Identity Management and the control of Access Management and provides a Single Source of analysis, alert and action in real time
Without the benefit of cloud computing, this solution would be well beyond the budget means of Dan's company. Even one doing as well as his. REACT puts enterprise power in the hands of smaller companies in a very affordable, scalable and flexible manner. Just deploying a single sign on initiative can be pricy. Then you add all these layers, all these endpoints... It used to make very little sense for modest organizations to invest in such protection. However bundled , deployed and managed from the cloud (for less than what it would cost support & maintenance for an on premise equivalent) Dan is able to better protect his assets and has a clearer vision of business needs; what department needs which application and providing access only to them.
Four solutions...does Dan really need all that? Yes. Is it overkill? Absolutely not. If Dan had each element deployed (realizing it is just a single solution underneath the REACT umbrella): 1) an identity management solution would have immediately prevented an ex-employee from coming in through automatic deprovisioning and password retirement, 2) access management would have blocked his way from reaching SaaS apps and downloading CRM databases and other proprietary files 3)SIEM would have noted his attempts to touch any part of the network and create an intrusion alert and Log Management would have recorded it all for compliance audits. That this solution is scalable to the exacting need and business requirements (today and tomorrow) of Dan's company make it a perfect fit. That the solution is zero-day deployment ready means no waiting on ROI and the important functionality it brings. That the solution is pay-as-you-go he's spending no CapEx money. That the solution includes security-as-a-service means he has an expert analyst working on his behalf that isn't on his payroll. The financial and administrative benefits make Dan the CEO sleep better at night. The enterprise power allows Dan the CTO to have more pleasant dreams.
REACT and UniSec are paradigm changing concepts in the security and cloud computing sphere that I predict will soon become the norm.
Of course, in the interest of full disclosure, I called Dan last week and I am optimistic he will be subscribing at the end of the month.
WebRTC sits at the intersection between VoIP and the Web. As such, it poses some interesting challenges for those developing services on top of it, but also for those who need to test and monitor these services. In his session at WebRTC Summit, Tsahi Levent-Levi, co-founder of testRTC, reviewed the various challenges posed by WebRTC when it comes to testing and monitoring and on ways to overcome them.
Jan. 17, 2017 07:45 AM EST Reads: 5,876
For basic one-to-one voice or video calling solutions, WebRTC has proven to be a very powerful technology. Although WebRTC’s core functionality is to provide secure, real-time p2p media streaming, leveraging native platform features and server-side components brings up new communication capabilities for web and native mobile applications, allowing for advanced multi-user use cases such as video broadcasting, conferencing, and media recording.
Jan. 17, 2017 07:00 AM EST Reads: 6,761
Every successful software product evolves from an idea to an enterprise system. Notably, the same way is passed by the product owner's company. In his session at 20th Cloud Expo, Oleg Lola, CEO of MobiDev, will provide a generalized overview of the evolution of a software product, the product owner, the needs that arise at various stages of this process, and the value brought by a software development partner to the product owner as a response to these needs.
Jan. 17, 2017 06:00 AM EST Reads: 1,120
"Plutora provides release and testing environment capabilities to the enterprise," explained Dalibor Siroky, Director and Co-founder of Plutora, in this SYS-CON.tv interview at @DevOpsSummit, held June 9-11, 2015, at the Javits Center in New York City.
Jan. 17, 2017 05:45 AM EST Reads: 3,502
SYS-CON Events announced today that Enzu will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Enzu’s mission is to be the leading provider of enterprise cloud solutions worldwide. Enzu enables online businesses to use its IT infrastructure to their competitive ad...
Jan. 17, 2017 05:30 AM EST Reads: 1,527
In his session at DevOps Summit, Tapabrata Pal, Director of Enterprise Architecture at Capital One, will tell a story about how Capital One has embraced Agile and DevOps Security practices across the Enterprise – driven by Enterprise Architecture; bringing in Development, Operations and Information Security organizations together. Capital Ones DevOpsSec practice is based upon three "pillars" – Shift-Left, Automate Everything, Dashboard Everything. Within about three years, from 100% waterfall, C...
Jan. 17, 2017 05:15 AM EST Reads: 9,333
SYS-CON Events announced today that MobiDev, a client-oriented software development company, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MobiDev is a software company that develops and delivers turn-key mobile apps, websites, web services, and complex softw...
Jan. 17, 2017 04:15 AM EST Reads: 1,787
Internet of @ThingsExpo, taking place June 6-8, 2017 at the Javits Center in New York City, New York, is co-located with the 20th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. @ThingsExpo New York Call for Papers is now open.
Jan. 17, 2017 03:45 AM EST Reads: 3,525
In his session at 19th Cloud Expo, Claude Remillard, Principal Program Manager in Developer Division at Microsoft, contrasted how his team used config as code and immutable patterns for continuous delivery of microservices and apps to the cloud. He showed how the immutable patterns helps developers do away with most of the complexity of config as code-enabling scenarios such as rollback, zero downtime upgrades with far greater simplicity. He also demoed building immutable pipelines in the cloud ...
Jan. 17, 2017 03:45 AM EST Reads: 3,380
DevOps is being widely accepted (if not fully adopted) as essential in enterprise IT. But as Enterprise DevOps gains maturity, expands scope, and increases velocity, the need for data-driven decisions across teams becomes more acute. DevOps teams in any modern business must wrangle the ‘digital exhaust’ from the delivery toolchain, "pervasive" and "cognitive" computing, APIs and services, mobile devices and applications, the Internet of Things, and now even blockchain. In this power panel at @...
Jan. 17, 2017 03:45 AM EST Reads: 2,712
SYS-CON Events announced today that Catchpoint Systems, Inc., a provider of innovative web and infrastructure monitoring solutions, has been named “Silver Sponsor” of SYS-CON's DevOps Summit at 18th Cloud Expo New York, which will take place June 7-9, 2016, at the Javits Center in New York City, NY. Catchpoint is a leading Digital Performance Analytics company that provides unparalleled insight into customer-critical services to help consistently deliver an amazing customer experience. Designed ...
Jan. 17, 2017 03:15 AM EST Reads: 6,227
While many government agencies have embraced the idea of employing cloud computing as a tool for increasing the efficiency and flexibility of IT, many still struggle with large scale adoption. The challenge is mainly attributed to the federated structure of these agencies as well as the immaturity of brokerage and governance tools and models. Initiatives like FedRAMP are a great first step toward solving many of these challenges but there are a lot of unknowns that are yet to be tackled. In hi...
Jan. 17, 2017 02:15 AM EST Reads: 3,756
With the proliferation of both SQL and NoSQL databases, organizations can now target specific fit-for-purpose database tools for their different application needs regarding scalability, ease of use, ACID support, etc. Platform as a Service offerings make this even easier now, enabling developers to roll out their own database infrastructure in minutes with minimal management overhead. However, this same amount of flexibility also comes with the challenges of picking the right tool, on the right ...
Jan. 17, 2017 01:45 AM EST Reads: 5,217
The cloud market growth today is largely in public clouds. While there is a lot of spend in IT departments in virtualization, these aren’t yet translating into a true “cloud” experience within the enterprise. What is stopping the growth of the “private cloud” market? In his general session at 18th Cloud Expo, Nara Rajagopalan, CEO of Accelerite, explored the challenges in deploying, managing, and getting adoption for a private cloud within an enterprise. What are the key differences between wh...
Jan. 17, 2017 12:45 AM EST Reads: 6,021
One of the hottest areas in cloud right now is DRaaS and related offerings. In his session at 16th Cloud Expo, Dale Levesque, Disaster Recovery Product Manager with Windstream's Cloud and Data Center Marketing team, will discuss the benefits of the cloud model, which far outweigh the traditional approach, and how enterprises need to ensure that their needs are properly being met.
Jan. 16, 2017 11:45 PM EST Reads: 4,210
WebRTC has had a real tough three or four years, and so have those working with it. Only a few short years ago, the development world were excited about WebRTC and proclaiming how awesome it was. You might have played with the technology a couple of years ago, only to find the extra infrastructure requirements were painful to implement and poorly documented. This probably left a bitter taste in your mouth, especially when things went wrong.
Jan. 16, 2017 09:00 PM EST Reads: 7,454
Up until last year, enterprises that were looking into cloud services usually undertook a long-term pilot with one of the large cloud providers, running test and dev workloads in the cloud. With cloud’s transition to mainstream adoption in 2015, and with enterprises migrating more and more workloads into the cloud and in between public and private environments, the single-provider approach must be revisited. In his session at 18th Cloud Expo, Yoav Mor, multi-cloud solution evangelist at Cloudy...
Jan. 16, 2017 08:45 PM EST Reads: 4,582
The proper isolation of resources is essential for multi-tenant environments. The traditional approach to isolate resources is, however, rather heavyweight. In his session at 18th Cloud Expo, Igor Drobiazko, co-founder of elastic.io, drew upon his own experience with operating a Docker container-based infrastructure on a large scale and present a lightweight solution for resource isolation using microservices. He also discussed the implementation of microservices in data and application integrat...
Jan. 16, 2017 06:45 PM EST Reads: 3,495
Containers have changed the mind of IT in DevOps. They enable developers to work with dev, test, stage and production environments identically. Containers provide the right abstraction for microservices and many cloud platforms have integrated them into deployment pipelines. DevOps and containers together help companies achieve their business goals faster and more effectively. In his session at DevOps Summit, Ruslan Synytsky, CEO and Co-founder of Jelastic, reviewed the current landscape of Dev...
Jan. 16, 2017 05:00 PM EST Reads: 4,035
In his General Session at DevOps Summit, Asaf Yigal, Co-Founder & VP of Product at Logz.io, will explore the value of Kibana 4 for log analysis and will give a real live, hands-on tutorial on how to set up Kibana 4 and get the most out of Apache log files. He will examine three use cases: IT operations, business intelligence, and security and compliance. This is a hands-on session that will require participants to bring their own laptops, and we will provide the rest.
Jan. 16, 2017 03:30 PM EST Reads: 4,833