Welcome!

@CloudExpo Authors: Liz McMillan, Elizabeth White, Pat Romanski, Yeshim Deniz, William Schmarzo

Related Topics: @CloudExpo, Microservices Expo, Cloud Security

@CloudExpo: Blog Feed Post

Tune into the Cloud: Total Madness | @CloudExpo #Cloud #Security #Microservices

I’m not a security expert but to me the similarities between total quality and total security management are very striking

Tune into: Total Security

It took some time but the need for Total Security Management is slowly starting to sink in. With regard to quality it took the western manufacturing industry several decades before it realized that a separate quality department – standing at the end of the production line to check which products did not meet the mandated specs – was a costly and disastrous path to take. And slowly but surely we are seeing similar thinking with regard to cyber and cloud security emerge.

Not that we are taking cloud executives on today’s equivalent of a Japanese factory tour. A quality tour let managers firsthand experience it was everyone’s responsibility to ensure quality and that everyone had the right (and the moral obligation) to personally halt the line when something went wrong. But that may be more because we are not sure yet where the contemporary equivalent of such a tour would need to take our executives. Would it be visiting the hyperscale datacenters of a Google or an Amazon (assuming our executives could get in). Or maybe a visit to the offices of various security start-ups in Silicon Valley and Israel? Or are the cyber control rooms of major telco’s and big accounting firms a better wake up environment? The more courageous may even contemplate a trip to China, Russia or other emerging cyber hotspots, to encounter some of these modern threats in the wild?

I’m not a security expert but to me the similarities between total quality and total security management are very striking. The mantra “Zero Defects” can be easily exchanged for the just as catchy sounding “Zero Breaches” and “Design for Security” is today’s equivalent of “Design for Manufacturing”. With regard to quality it were guru’s like Demming that led the path from expensive and ad hoc quality control at the end of the production line to continuous and iterative quality processes incorporated and embedded into the design and the process.

In the area of security the Jericho Forum already in 2004 pointed out the dangers of merely focusing on perimeter security. In 2013 this forum even deemed itself no longer necessary, in their own words “on the basis of proven success”. Nevertheless it is often still scary what malicious things one can do once inside the firewall of many a company or organization. After complete de-perimeterisation you basically would not need a VPN to reach your applications and be protected from outsiders. Each application would protect itself and decide for each user what he is allowed to do or not do. But with the exception of maybe (web-)email and some SaaS applications, most companies have not come close to setting up the majority of their business applications in a way that they can protect themselves and are no longer dependent on a company perimeter defense.

The advent of micro-services is a good time to re-examine your current security policies. Not only because the security challenges around micro services will typically increase rather than decrease, but also because with the advent of the Internet of Things, security at the source is increasingly mandated and required. Ideally each micro-service will determine itself who does or does not get access to its services and should be able to adequately fence of access attempts by malicious external forces. Also because adding this type of security as an afterthought, on the outside of the service itself, is likely to be cost prohibitive, as many of these external security solutions are at least as pricy as maintaining after the fact quality control , like we did in the days that quality was still a cost instead of a benefit.

With regard to cost, total quality thinking does to reason in terms of an “optimal” rates of defects. A fictional point after which any further reduction of defects will cost more than is economically justifiable. In the end it is namely always cheaper to get things right the first time around, rather than having to return 5%, 0.5% or even 0:05% for repair. Or worse, having to compensate x% of customers for consequential damages (which can easily outweigh the cost of any production improvement). As a result the manufacturing industry no longer measures its defects in percentages but in the initially hard to imagine measure of PPM a.k.a. parts per million. And that iucreasingly in single digits, with a maximum of 1-9 parts per million produced products showing any defect

Now granted, security can be a little bit like health. No matter how healthy you live, you can be unlucky – statistically unexpected but nonetheless very devastating – and get seriously ill. Hence, security is increasingly extending on the one hand from preventive measures to keep out the bad guys, to ongoing monitoring of the current state for anomalies (similar to the active search for signs of a disease in a so-called health pre-scan) and on the other hand by taking measures to reduce the impact of any breaches by counter by beeing able to act appropriately and quickly when something does go wrong. And also for the latter it is necessary that the entire organization is involved with security, it can no longer be delegated to the department at the end of the hall.

Total Madness is the compilation album of the very British Ska revival band Madness. The song “Our House” is about a family that initially is kind of living apart together but that eventually come close together. The song achieved a global cult status in the Netherlands as theme song to the TV hit series “Divorce”.

Read the original blog entry...

More Stories By Gregor Petri

Gregor Petri is a regular expert or keynote speaker at industry events throughout Europe and wrote the cloud primer “Shedding Light on Cloud Computing”. He was also a columnist at ITSM Portal, contributing author to the Dutch “Over Cloud Computing” book, member of the Computable expert panel and his LeanITmanager blog is syndicated across many sites worldwide. Gregor was named by Cloud Computing Journal as one of The Top 100 Bloggers on Cloud Computing.

Follow him on Twitter @GregorPetri or read his blog at blog.gregorpetri.com

@CloudExpo Stories
"We were founded in 2003 and the way we were founded was about good backup and good disaster recovery for our clients, and for the last 20 years we've been pretty consistent with that," noted Marc Malafronte, Territory Manager at StorageCraft, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We are an IT services solution provider and we sell software to support those solutions. Our focus and key areas are around security, enterprise monitoring, and continuous delivery optimization," noted John Balsavage, President of A&I Solutions, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"DivvyCloud as a company set out to help customers automate solutions to the most common cloud problems," noted Jeremy Snyder, VP of Business Development at DivvyCloud, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We want to show that our solution is far less expensive with a much better total cost of ownership so we announced several key features. One is called geo-distributed erasure coding, another is support for KVM and we introduced a new capability called Multi-Part," explained Tim Desai, Senior Product Marketing Manager at Hitachi Data Systems, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
There is a huge demand for responsive, real-time mobile and web experiences, but current architectural patterns do not easily accommodate applications that respond to events in real time. Common solutions using message queues or HTTP long-polling quickly lead to resiliency, scalability and development velocity challenges. In his session at 21st Cloud Expo, Ryland Degnan, a Senior Software Engineer on the Netflix Edge Platform team, will discuss how by leveraging a reactive stream-based protocol,...
SYS-CON Events announced today that Calligo, an innovative cloud service provider offering mid-sized companies the highest levels of data privacy and security, has been named "Bronze Sponsor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Calligo offers unparalleled application performance guarantees, commercial flexibility and a personalised support service from its globally located cloud plat...
DevOps at Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to w...
Internet of @ThingsExpo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devic...
"The Striim platform is a full end-to-end streaming integration and analytics platform that is middleware that covers a lot of different use cases," explained Steve Wilkes, Founder and CTO at Striim, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"With Digital Experience Monitoring what used to be a simple visit to a web page has exploded into app on phones, data from social media feeds, competitive benchmarking - these are all components that are only available because of some type of digital asset," explained Leo Vasiliou, Director of Web Performance Engineering at Catchpoint Systems, in this SYS-CON.tv interview at DevOps Summit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
21st International Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Me...
SYS-CON Events announced today that DXWorldExpo has been named “Global Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Digital Transformation is the key issue driving the global enterprise IT business. Digital Transformation is most prominent among Global 2000 enterprises and government institutions.
SYS-CON Events announced today that Datera, that offers a radically new data management architecture, has been named "Exhibitor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Datera is transforming the traditional datacenter model through modern cloud simplicity. The technology industry is at another major inflection point. The rise of mobile, the Internet of Things, data storage and Big...
Kubernetes is an open source system for automating deployment, scaling, and management of containerized applications. Kubernetes was originally built by Google, leveraging years of experience with managing container workloads, and is now a Cloud Native Compute Foundation (CNCF) project. Kubernetes has been widely adopted by the community, supported on all major public and private cloud providers, and is gaining rapid adoption in enterprises. However, Kubernetes may seem intimidating and complex ...
"Outscale was founded in 2010, is based in France, is a strategic partner to Dassault Systémes and has done quite a bit of work with divisions of Dassault," explained Jackie Funk, Digital Marketing exec at Outscale, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We focus on SAP workloads because they are among the most powerful but somewhat challenging workloads out there to take into public cloud," explained Swen Conrad, CEO of Ocean9, Inc., in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We are still a relatively small software house and we are focusing on certain industries like FinTech, med tech, energy and utilities. We help our customers with their digital transformation," noted Piotr Stawinski, Founder and CEO of EARP Integration, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"I think DevOps is now a rambunctious teenager – it’s starting to get a mind of its own, wanting to get its own things but it still needs some adult supervision," explained Thomas Hooker, VP of marketing at CollabNet, in this SYS-CON.tv interview at DevOps Summit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We've been engaging with a lot of customers including Panasonic, we've been involved with Cisco and now we're working with the U.S. government - the Department of Homeland Security," explained Peter Jung, Chief Product Officer at Pulzze Systems, in this SYS-CON.tv interview at @ThingsExpo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We're here to tell the world about our cloud-scale infrastructure that we have at Juniper combined with the world-class security that we put into the cloud," explained Lisa Guess, VP of Systems Engineering at Juniper Networks, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.