Taming the Internet of Threats

Taming the Internet of Threats

Internet Security continues to plague us with relevations of expanding Malware introduced through advertising on the internet

The "Malvertising" Report

If you want to read the report from Cyphort Labs that shows a dramatic rise in the amount of malware sent through advertising, known as ‘malvertising’  

Having spent a majority of my career working with and supporting the Corporate CIO Function, I now seek to provide a forum whereby CIOs or IT Directors can learn from the experience of others to address burning Change or Transformation challenges.

Craig Ashmole

Founding Director CCServe

The shocking truth of an unbelievable 325% rise in malware-infected advertising hitting our email, PCs, Smartphones and Tablets.

In a recent report by security firm Cyphort Labs it has revealed a dramatic rise in the amount of malware sent through advertising, known as ‘malvertising’. It is fast becoming one of the most popular types of drive-by attack for cyber criminals, who can easily corrupt the legitimate ad supply chain, targeting consumers directly and infecting their machines with malware.

Malvertising works by hackers placing seemingly legitimate or ‘clean’ ads on sites, and then altering or executing secretly embedded codes that can force a computer to load malicious software. According to Cyphort, cyber criminals are choosing this method because it offers little or no resistance when attacking networks.

Some of these infected ads need to be clicked on in order to release the malware, but an increasing number of cases are appearing where the ads are instead covertly embedded with code that can exploit browser vulnerabilities, thus not even requiring the victim to click on anything before falling under attack.

per centThere is even an element of sophistication in the development of malvertising, as cyber criminals are able to conduct attacks with some degree of selective targeting – much in the same way that legitimate ads can.
During 2014 alone, it saw a colossal 325% rise in malvertising, with cybercriminals costing global advertisers an estimated $6.3 billion this year through the use of automated programs and click-through ads on third party sites.

With the continued increase of websites using cookies to produce targeted ads as well as our own growing online habits, malvertising looks set to rise further still. The challenge then is for ad networks to keep a hold of their ability to control and monitor each and every ad that is being cast out into the cyber-sphere.

So as we move rapidly into the IoT (Internet of Things) as many devices, and even toys we now buy have WIFI, Bluetooth or USB connectivity.

“As the world connects more and more smart devices to the internet, the number of potential vulnerabilities will increase in linear fashion.” Comments Craig Ashmole, founding Partner at London based IT Consulting CCServe. “I’m not one to give ammunition to the doomsayers about the Internet of Things, as I believe that on the whole it’s going to be a major change in what we do and see, but someone recently describe the IoT as the ‘Internet-of-Threats’ ! ”

There has been a period where many smart devices have already been installed with no security protocols. They were originally expected to be used only in a closed, secure loop but now regularly connecting to networks both home, in the office or on the factory floor.

Open by default?

Many smart devices that are ubiquitous throughout the manufacturing and processing industries have in fact turned out to have been installed with no security protocols. They were originally commissioned with the expectation that they would only be used in a closed, secure loop. Recent cyber security breaches have taught us that even the humble industrial (and even office) equipment devices could be subverted for malicious purposes.

Therefore, it’s only fair to suggest that we should certainly be looking to protect the corporate data centre from generic attacks, and the best way of doing that is not to leave the security door wide open.

Internet security advice is so often aimed at IT but we should also be considering other areas. So, for data centre and facility professionals, here are five basic things that will help protect your company and its reputation. Other than time and employee costs, many of these actions are “free”.

Basic fixes

  1. Simplify: Complexity increases the number of attack surfaces. An easy way to reduce this is to turn off default functionality that is not being used, and disconnect equipment that is not in use.
  2. Strengthen: Adopt the view that published default usernames and passwords are 100 percent compromised and should be changed. Eliminate default credentials (passwords, SNMP community strings, etc). Replace them with strong passwords and, wherever possible, use different usernames and passwords for different people.
  3. Partition: Isolate the facility network from the enterprise network. If possible build a separate physical network for the data centre and hide it behind a physical firewall to keep hackers away from mission-critical equipment.
  4. Update: Ensure that all devices have the latest firmware, and revisit this regularly to keep up with security patches. Do not make it easy to exploit known vulnerabilities.
  5. Lock down: Physically secure critical equipment, create an access control plan and be sure to use it. Some protocols used on equipment are 30 years old, developed at a time when we didn’t have security concerns. Putting equipment behind closed doors with access control goes a long way to making them secure.

It is assumed that active scanning tools (network scans, intrusion-detection and penetration logs, email scanners and antivirus software) will have been implemented by IT as part of sensible enterprise protection measures, but if you work in the data centre and are unsure about this, one should definitely be checking.

To read the report from Cyphort Labs that shows the dramatic rise in the amount of malware sent through advertising, known as ‘malvertising’ fill in the form on the left to access it.

Comments also from: Soeren Jensen - VP Schneider Electric.
Cloud Comparison Index

Cloud Comparison Index

The ISG Technology Insights Group Launches the Cloud Comparison Index™

The First Benchmarking Service That Compares Costs of Public Cloud versus Internal IT
Study Shows Usage Matters; Public Cloud Not Always Cheaper
Price Differential Among Public Cloud Providers as High as 35%

STAMFORD, USA ― Information Services Group (ISG), a leading technology insights, market intelligence and advisory services company, has announced the launch of the ISG Cloud Comparison Index™, a new advisory and benchmarking service that offers clients a first-ever view of how public cloud costs differ among providers and how they stack up against those of internal information technology (IT) solutions.

ISG plans to publish in-depth analysis every quarter and make the reports available via subscription to the AccessISG™ on-demand information and consulting service. Future reports will examine the relative costs of using the public cloud versus internal IT for a variety of infrastructure configurations, applications and workloads.

The ISG Cloud Comparison Index™ leverages internal IT cost data from ISG’s proprietary benchmarking database and compares it with the prices of public cloud configurations from the four major public cloud providers: Amazon Web Services, Google Cloud Platform, Microsoft Azure and IBM SoftLayer. The public cloud data is sourced from Gravitant, a global strategic partner of ISG.

“ISG is in a unique position to help clients understand the true cost of moving work to the public cloud, versus performing the work in-house,” said Todd Lavieri, president of ISG Americas and Pacific. “The ISG Cloud Comparison Index™ combines our market-leading IT cost data with public cloud pricing data from Gravitant – creating an incredibly powerful analytical platform that delivers new insights into the relative benefits of harnessing Infrastructure-as-a-Service (IaaS) offerings versus leveraging fixed-cost, on-premises IT assets. This unique combination of data sets offers CIOs and other IT leaders a solid basis for sound decision-making, along with an objective view of the complex and rapidly evolving market for cloud-enabled services.”

First Report Shows Usage Matters in Public Cloud Pricing
The inaugural report of the ISG Cloud Comparison Index™ shows the cost of running an application on an internal IT platform is cheaper than running the same program in the public cloud when compute instance usage is higher than 55 percent, but the pendulum swings in favor of public cloud when usage drops below that mark for certain configurations.

For specific infrastructure configurations, the study found the price of public cloud services varies significantly from one provider to the next, ranging from $811 per month to $1,096 per month at 100 percent usage levels. The cost of internal IT for the same configuration was $548 a month, 32 percent lower than the lowest public cloud price. Cloud instance usage is the percentage of time that a compute instance is running and accruing charges from the public cloud provider.

However, when the average usage level for public cloud falls to 55 percent, the cost of public cloud is at parity with the cost of internal IT. The cost advantage for public cloud increases significantly as the amount of time that instances can be released increases (that is, usage falls), the study finds.

“Pubic cloud is not always cheaper,” said Christopher Curtis, partner, ISG Emerging Technologies, and head of ISG’s Cloud Solutions practice. “It’s largely a factor of usage. High levels of public cloud usage can create scenarios in which internal IT is more cost effective; conversely, the cost advantage of internal IT disappears when public cloud usage is at lower levels, that is, applications can release more resources. The break-even point appears to be around 55 percent for the specific configuration we analyzed.”

Public cloud presents a compelling value proposition for enterprise buyers of IT outsourcing services, Curtis noted. “Think of it: pay for your infrastructure only when you need it, dramatically reduce capital expenditures and virtually eliminate the need for commitment, all while reducing the time to provision servers and storage. For most buyers, that sounds like a pretty good deal. However, buyers are discovering this value proposition applies only to selected applications and workloads, not to entire data centers,” Curtis said.

Other key findings of the inaugural ISG Cloud Comparison Index™ report include:

  • Prices for identical infrastructure configurations vary substantially among public cloud providers. At 100 percent usage, the price differential is 35 percent from the highest cost option to the lowest, with the range narrowing gradually as average usage decreases.
  • Public cloud prices are highly sensitive to usage. The price spread among public cloud providers is twice as wide at 100 percent usage as it is at 50 percent usage.
  • Usage is the primary driver of cost in the cloud, but configurations and features also play a significant role. Different configurations and additional options, often specific to each cloud provider, can dramatically influence the break-even point between public cloud and internal IT costs.

“Enterprises should avoid viewing the public cloud only as a lever to reduce operating costs, as they do with traditional outsourcing solutions,” said Curtis. “Instead, they should view public cloud as a way to reduce or eliminate future capital expense by avoiding over-provisioning of internal IT resources to meet high levels of periodic demand. Public cloud creates significant cost-avoidance opportunities for volatile workloads. Applications with the most wide-ranging usage patterns are strong candidates for the cloud.”

“There are horses for courses in the usage of cloud services and what works for one company may not be the best for another.” Stated Craig Ashmole, Founding Partner of London-based IT Consulting CCServe. “To create viable business cases for workload migration, enterprises increasingly will need a deep understanding of the nuances of various pricing models, as well as how those models relate to specific workloads.”

To read the inaugural report of the ISG Cloud Comparison Index™ in its entirety, click here.

isg-cloud-comparison-infographic-june-2015-1-638

Having spent a majority of my career working with and supporting the Corporate CIO Function, I now seek to provide a forum whereby CIOs or IT Directors can learn from the experience of others to address burning Change or Transformation challenges.

Craig Ashmole

Founding Director CCServe

Cloud Complexity

Cloud Complexity

Is Cloud complexity still hiding behind a pretty face?

The interesting relevation of what Cloud adopters feel and the approach that those are taking to get cloud services, under their belts, within the CIO Office.

Reading the November issue of Comupting.co.uk there was a survey that they conducted on 130 IT decision makers ranging from CIOs to system specialists and Programme Directors where 76 per cent said that their organisation was deploying Cloud services, with the largest portion indicating that their current deployment strategy was a step on a journey towards a much wider adoption. Great news then that Cloud is being deployed in earnest which is better than most actually openly state in events and seminars.

cloud1

“The cycle I am seeing in the market and during Advisory assignments I have engaged in, shows that Technology facilitates business change, which in turn spurs new technologies, ” comments Craig Ashmole, Founding Partner of London-based IT Consulting CCServe.

The self-perpetuating whirlwind of change was the factor underlying many of the reasons given for cloud adoption, with flexibility the main driver and cost benefits and scalability coming next as seen in figure 2 below. It’s not all about external factors as one of the growing themes in cloud deployment is unlocking internal talent and ideas, is a goal for more than a quarter of the respondents in the survey.

Amongst the negatives in the cloud survey, was security (mentioned by nearly 55 per cent) and cost control (15 per cent). Clearly the argument by cloud vendors that their infrastructure is more secure is still viewed by scepticism, especially after recent well-publicised events like the UK’s mobile giant – TalkTalk.

cloud2

In summary then, customers are looking for cloud-based solutions to increase flexibility and agility, to enable them to scale and to cut costs while boosting collaboration. However, they are worried about security implications of trusting sensitive data to cloud providers and sensitive to the need to control costs, essential when spinning up a server.

When Computing asked in the survey what were the skills that were sort after to manage the new world, the answers fit in neatly with business-focused goals like, Negotiation/Contract skills, Security, Understanding the Business, Regulatory, Cost Control, Evolving Technology Awareness. None of these skills were core technology focussed really but rather a more commercial savvy approach to the market which was interesting.

The most favoured architecture for cloud deployments, particularly in highly regulated industries or for those that require high-speed processing plus flexibility and scalability was Hybrid Cloud. This involves integrating both public and private cloud and private virtual on-premises environments, generally running on hardware supplied by different vendors.

Ignoring the skills gap is an issue, given the changing landscape, there is a growing strategic importance of cloud-related knowledge from a business awareness perspective. Among those that have adopted or are adopting cloud-based services only 24 per cent have a training plan in place, with almost half saying they have no such scheme and no plans in place to implement one, a remarkably low figure given the importance of cloud services as we go ahead.

cloud4

The lack of Training programmes could be a result of the low self-service nature of many cloud services, it could be that cloud is being adopted in a piecemeal rather than strategic fashion; or it may be that many of those responsible underestimate the complexities of rolling out an integrated cloud infrastructure and achieving a healthy return on investment. The view of John Leonard from Computing was that it might be a result of those falling for the promises of the pretty face of the emerging cloud providers.

Article: November 2015 edition of Computing 

 

 

Having spent a majority of my career working with and supporting the Corporate CIO Function, I now seek to provide a forum whereby CIOs or IT Directors can learn from the experience of others to address burning Change or Transformation challenges.

Craig Ashmole

Founding Director CCServe

Cloud Cover takes over Europe

Cloud Cover takes over Europe

Now’s the time to consider Cloud applications & Contact Centre Services in the Cloud

Cloud providers coming into Europe in their droves as the demand rises

In a research report from Computer Weekly nine months ago they stated that cloud providers like IBM, Microsoft and Salesforce.com were building datacentres in Europe in response to in-country data protection concerns effectively moving the Cloud into Europe. Microsoft also continues to successfully embrace the cloud and mobile by decoupling Office365 from its Windows desktop platform.

More recently we are seeing major Cloud providers such as Amazon, Microsoft, Google and VMware all building datacentres in the European Union (EU) as locally based enterprises insist their cloud data stays in the region. One such cloud provider, IBM, also announced the opening of a SoftLayer datacentre in Paris by the end of 2014.

This was IBM’s third cloud-focused facility in Europe, after its Amsterdam datacentre and the more recent UK facility in Chessington. The Parisian datacentre will be part of IBM’s $1.2bn overall plan to build 15 datacentres across Europe.

Other vendors such as Genesys, a major player in Contact Centre software solutions is now leading the way forward with Contact Centre Cloud services installing their software in data centres across the UK and the European region.

Genesys have also focussed heavily on the other well-spoken subject of security and as such their Cloud has PCI Level 1 certification, SOC 2 certifications and HIPAA compliance. Their data centres have ISAE 3402 and ISO 27001 certifications and their virtualisation architecture ensures separation and security of customer-specific data. This is driving the Contact Centre in the Cloud and bringing more flexibility and commercial attractiveness to users.

Another Contact Centre player, Interactive Intelligence, has announced that it has been named one of four Market Leaders in Ovum’s MultiChannel Cloud Contact Centre Report with the most flexible cloud deployment options being one of the key contributors to its leadership position. Interactive Intelligence has been an early adopter deploying cloud based solutions well ahead of others and as a result sees more than 50% of its new customers deploying in the Cloud.

The European Commission has highlighted three main areas of focus in its digital single market strategy.

  1. Making it easier to access digital services online
  2. Investing in digital networking infrastructure, and
  3. Create a European digital economy

Barriers such as geo-blocking, lack of cross-border delivery initiatives and other technical issues currently prevent many citizens from using cross-border digital services, such as online shopping or sharing digital goods.

The commission aims to review current telecoms and media rules to promote growth of digital services and networks. This will also encourage investment in infrastructure, faster rollout of 4G and data protection development. This strategy has been observed over the British 2015 summer with the marketing campaigns from the mobile operators attempting to remove the cross border roaming changes we are all so familiar with when using mobile data abroad.

“For those Cloud sceptics out there, I think the race is on and the proof is in the eating”, states Craig Ashmole, Founding Partner of London based IT Consulting CCServe Ltd. “The CIO community should be taking note and if not using cloud in earnest then they should be seriously considering some elements of non-core application usage to ensure their IT departments are able to skill up and test for robustness.”

Having spent a majority of my career working with and supporting the Corporate CIO Function, I now seek to provide a forum whereby CIOs or IT Directors can learn from the experience of others to address burning Change or Transformation challenges.

Craig Ashmole

Founding Director CCServe

Cloud Affecting India Outsourcing

Cloud Affecting India Outsourcing

Cloud Computing Is Going To Rain on India’s Outsourcing Parade

There are dark clouds on the horizon of India’s information technology and outsourcing industry.

AstraZeneca PLC is sharply scaling back the business it gives to the Indian outsourcing companies that it has long relied on for tech help. David Smoley, AstraZeneca’s technology chief, said he expects to cut in half the $750 million the drug maker used to spend annually on outsourcing over the next two years. He said the number of people working on information technology also would drop by 50%.

The changes at AstraZeneca are part of a major shift toward cloud computing, which is starting to bite into the revenue and profits as well as hiring in India’s critical outsourcing industry and poses an existential threat to the players that fail to adapt.

Outsourcing executives are bracing for a big disruption. “It’s like what happened when Amazon arrived,” said C.P. Gurnani, chief executive of Tech Mahindra Ltd., a large Pune-based outsourcer that specializes in work for telecommunications companies. U.S. bookstore chain Borders closed and Barnes & Noble had to reinvent itself, Mr. Gurnani said.

Mritunjay Singh, operating chief of outsourcer Persistent Systems, predicts a “bloodbath” in which only nimbler companies will survive.

Outsourcing accounts for around 20% of all of India’s exports of goods and services. The industry employs millions of Indians and has become an important route into the middle class in the world’s second-most populous country.

The impact of the move to cloud computing — where servers and software are accessed via the Internet rather than on local networks or personal computers — is being amplified by other trends, from automated code-writing to increased competition and falling corporate information-technology budgets.

There are dark clouds on the horizon of India’s information technology and outsourcing industry. Profit growth at even India’s most successful and sophisticated software companies could be doused as companies, governments and consumers around the world do an increasing amount of their computing on the cloud, says outsourcing services advisory firm ISG Inc.

Companies that have traditionally used in-house servers running on custom-made applications are putting more of their business on external servers and using off-the-shelf software. Using the cloud often means using fewer people so Indian software companies—once dubbed “body shops” because they could supply as many computer engineers as a project needed—are going to suffer as they lose much of their competitive advantage.

“It is only going to get cheaper and easier for companies to switch to the cloud, outsource providers need to get ready for the storm and modify their business models and move with the digital times”, said Craig Ashmole, Founding Partner of London based IT Consulting CCServe Ltd.

This means, developing software that allows businesses to (interact) faster and more efficiently with their external stakeholders – customers and suppliers, rather than focus on changes to the internal workings of a client.

Around one in four of the deals ISG helped advise involved cloud computing last year. That’s more than three times more than the percentage of cloud deals it saw three years earlier.

India’s software and outsourcing companies are still too reliant on the business model that uses lots of relatively inexpensive Indian engineers and sends them to client sites to build software and fix problems, ISG and other analysts say.

Cloud providers use external servers, sophisticated technology and automation to manage clients’ data using fewer employees. Where a traditional service provider deploys one employee to monitor up to 200 servers, cloud players can use one employee to monitor up to 10,000 servers, ISG estimates.

The cloud infrastructure players are drastically cutting down prices and starting to create pricing pressure on service providers in India and elsewhere who continue to set contracts based on the number of engineers deployed in a project.

Cloud infrastructure providers such as Amazon Web Services, Red Hat, Rackspace Hosting and others are emerging as a formidable threat to Indian outsourcers and other traditional service providers and consultants including IBM and Accenture that earn revenues from managing the technology infrastructure of clients.

Traditional service providers now have to strive to get more cloud contracts–where they help clients shift data to cloud infrastructure providers–rather than focusing on creating their own clouds, ISG said.

Having spent a majority of my career working with and supporting the Corporate CIO Function, I now seek to provide a forum whereby CIOs or IT Directors can learn from the experience of others to address burning Change or Transformation challenges.

Craig Ashmole

Founding Director CCServe