Tag Archives: Cloud

Using Azure AD conditional access for tighter security

As is standard with technologies in the cloud, the features in Azure Active Directory are on the move.

The Azure version of Active Directory differs from its on-premises version in many ways, including its exposure to the internet. There are ways to protect your environment and be safe, but that’s not the case by default. Here are two changes you should make to protect your Azure AD environment.

Block legacy authentication

Modern authentication is Microsoft’s term for a set of rules and requirements on how systems can communicate and authenticate with Azure AD. This requirement is put in place for several security benefits, but it’s also not enforced by default on an Azure AD tenant.

Legacy authentication is used for many types of attacks against Azure AD-based accounts. If you block legacy authentication, then you will block those attacks, but there’s a chance you’ll prevent users trying to perform legitimate tasks.

This is where Azure AD conditional access can help. Instead of a simple off switch for legacy authentication, you can create one or more policies — a set of rules — that dictate what is and isn’t allowed under certain scenarios.

You can start by creating an Azure AD conditional access policy that requires modern authentication or it blocks the sign-in attempt. Microsoft recently added a “report only” option to conditional access policies, which is highly recommended to use and leave on a few days after deployment. This will show you the users still using legacy authentication that you need to remediate before you enforce the policy for real. This helps to ensure you don’t stop users from doing their jobs.

However, this change will severely limit mobile phone email applications. The only ones officially supported with modern authentication are Outlook for iOS and Android, and Apple iOS Mail.

Implement multifactor authentication

This sounds like an obvious one, but there are many ways to do multifactor authentication (MFA). Your Microsoft licensing is one of the factors that dictates your choices. The good news is that options are available to all licensing tiers — including the free one — but the most flexible options come from Azure AD Premium P1 and P2.

With those paid plans, conditional access rules can be a lot nicer than just forcing MFA all the time. For example, you might not require MFA if the user accesses a Microsoft service from an IP address at your office or if the device is Azure AD-joined. You might prefer that both of those scenarios are requirements to avoid MFA while other situations, such as a user seeking access on a PC not owned by the company, will prompt for extra authentication.

MFA doesn’t have to just be SMS-based authentication. Microsoft’s Authenticator App might take a few more steps for someone to set up the first time they register, but it’s much easier to just accept a pop-up on your mobile device as a second factor of authorization, rather than waiting for an SMS, reading the six-digit number, then typing it into your PC.

Without MFA, you’re running a high risk of having an internet-exposed authentication system that attackers can easily try leaked credentials or use spray attacks until they hit a successful login with a username and password.

The other common attack is credential phishing. This can be particularly successful when the threat actor uses a compromised account to send out phishing emails to the person’s contacts or use fake forms to get the contact’s credentials, too. This would be mostly harmless if the victim’s account required MFA.

Accounts in Azure AD will lock out after 10 failed attempts without MFA, but only for a minute, then gradually increase the time after further failure attempts. This is a good way to slow down the attackers, and it’s also smart enough to only block the attacker and keep your user working away. But the attacker can just move onto the next account and come back to the previous account at a later time, eventually hitting a correct password.

Azure AD conditional access changes are coming

The above recommendations can be enabled by four conditional access baseline policies, which should be visible in all Azure AD tenants (still in preview), but it appears these are being removed in the future.

baseline protection policies
Microsoft plans to replace the baseline protection policies with security defaults

The policies will be replaced by a single option called Security Defaults, found under the Manage > Properties section of Azure AD. The baseline policies helped you be a bit more granular about what security you wanted and the enablement of each feature. To keep that flexibility, you’ll need Azure AD Premium once these baseline policies go.

Turning on Security Defaults in your Azure AD tenant will:

  • force administrators to use MFA;
  • force privileged actions, such as using Azure PowerShell, to use MFA;
  • force all users to register for MFA within 14 days; and
  • block legacy authentication for all users.

I suspect the uptake wasn’t enough, which is why Microsoft is moving to a single toggle option to enable these recommendations. I also hazard to guess that Microsoft will make this option on by default for new tenants in the future, but there’s no need for you to wait. If you don’t have these options on, you should be working on enabling them as soon as you can.

Go to Original Article
Author:

Google Cloud security gets boost with Secret Manager

Google has added a new managed service called Secret Manager to its cloud platform amid a climate increasingly marked by high-profile data breaches and exposures.

Secret Manager, now in beta, builds on existing Google Cloud security services by providing a central place to store and manage sensitive data such as API keys or passwords.

The system employs the principle of least privilege, meaning only a project’s owners can look at secrets without explicitly granted permissions, Google said in a blog post. Secret Manager works in conjunction with the Cloud Audit Logging service to create access audit trails. These data sets can then be moved into anomaly detection systems to check for breaches and other abnormalities.

All data is encrypted in transit and at rest with AES-256-level encryption keys. Google plans to add support for customer-managed keys later on, according to the blog.

A secrets manager … is really no different than a database, but just with more audit logs and access checking.
Scott PiperAWS security consultant, Summit Route

Google Cloud customers have been able to manage sensitive data prior to now with Berglas, an open source project that runs from the command line, whereas Secret Manager adds a layer of abstraction through a set of APIs.

Berglas can be used on its own going forward, as well as directly through Secret Manager beginning with the recently released 0.5.0 version, Google said. Google also offers a migration tool for moving sensitive data out of Berglas and into Secret Manager.

Secret Manager builds on the existing Google Cloud security lineup, which also includes Key Management Service, Cloud Security Command Center and VPC Service Controls.

With Secret Manager, Google has introduced its own take on products such as HashiCorp Vault and AWS Secrets Manager, said Scott Piper, an AWS security consultant at Summit Route in Salt Lake City.

Scott Piper, an AWS security consultant at Summit Route Scott Piper

A key management service is used to keep an encryption key and perform encryption operations, Piper said. “So, you send them data, and they encrypt them. A secrets manager, on the other hand, is really no different than a database, but just with more audit logs and access checking. You request a piece of data from it — such as your database password — and it returns it back to you. The purpose of these solutions is to avoid keeping secrets in code.”

Doug Cahill, an analyst at Enterprise Strategy GroupDoug Cahill

Indeed, Google’s Key Management Service targets two different audiences within enterprise IT, said Doug Cahill, an analyst at Enterprise Strategy Group in Milford, Mass.

“The former is focused on managing the lifecycle of data encryption keys, while the latter is focused on securing the secrets employed to securely operate API-driven infrastructure-as-code environments,” Cahill said.

As such, data security and privacy professionals and compliance officers are the likely consumers of a key management offering, whereas secret management services are targeted toward DevOps, Cahill added.

Meanwhile, it is surprising that the Google Cloud security portfolio didn’t already have something like Secret Manager, but AWS only released its own version in mid-2018, Piper said. Microsoft released Azure Key Vault in 2015 and has positioned it as appropriate for managing both encryption keys and other types of sensitive data.

Pricing for Secret Manager during the beta period is calculated two ways: Google charges $0.03 per 10,000 operations, and $0.06 per active secret version per regional replica, per month.

Go to Original Article
Author:

Microsoft and Genesys expand partnership to help enterprises seize the power of the cloud for better customer experiences – Stories

Genesys Engage on Microsoft Azure is a new trusted and secure cloud offering built to ease the transition to the cloud for large enterprises

Microsoft CEO Satya Nadella and Tony Bates, CEO of Genesys
Microsoft CEO Satya Nadella (left), and Tony Bates, CEO of Genesys (right)

REDMOND, Wash., and SAN FRANCISCO — Jan. 23, 2020 — Microsoft Corp. and Genesys have expanded their partnership to provide enterprises with a new cloud service for contact centers that enables them to deliver superior interactions for customers. With the omnichannel customer experience solution Genesys Engage™ running on Microsoft Azure, enterprises have the security and scalability they need to manage the complexities involved with connecting every touchpoint throughout the customer journey.

Genesys Engage on Microsoft Azure will be available in late 2020. To accelerate adoption, the companies are providing Genesys Engage on Microsoft Azure through a joint co-selling and go-to-market strategy. Customers will benefit from a streamlined buying process that puts them on a clear path to the cloud.

The power of Genesys Engage on Microsoft Azure

With its multitenant architecture, Genesys Engage on Microsoft Azure gives customers the ability to innovate faster and improve their business agility. In addition, by running the Genesys customer experience solution on this dependable cloud environment, enterprises will be able to maximize their investment in Microsoft Azure through simplified management and maintenance requirements, centralized IT expertise, reduced costs, and more. These solutions make it easier for enterprises to leverage cloud and artificial intelligence (AI) technologies so they can gain deeper insights and provide tailor-made experiences for their customers.

Nemo Verbist, senior vice president of Intelligent Business and Intelligent Workplace at NTT Ltd., one of the top five global technology and services providers for the world’s largest enterprises and a partner of both Microsoft and Genesys, sees great value in the partnership. Verbist said, “Many of our customers have standardized on Microsoft solutions, and Genesys Engage on Microsoft Azure gives them an additional opportunity to take advantage of their investment. Together, these solutions provide enterprises a secure and powerful foundation to communicate with their customers in creative and meaningful ways.”

“Large contact centers receive an exceptionally high volume of inquiries across a growing list of channels and platforms. One of the biggest challenges is connecting the details of every interaction across all channels to ensure each customer has a seamless experience,” said Kate Johnson, president, Microsoft U.S. “By leveraging Microsoft’s Azure cloud and AI technologies, Genesys is helping enterprises create a seamless customer journey with Microsoft’s trusted, secure and scalable platform.”

“We are thrilled to give large enterprises the opportunity to run their mission-critical customer experience platform in the cloud environment they already know and trust — Microsoft Azure,” said Peter Graf, chief strategy officer of Genesys. “Together, we’re making it simpler for even the most complex organizations to transition to the cloud, enabling them to unlock efficiencies and accelerate innovation so they can build deeper connections with customers.”

The companies are also exploring and developing new integrations for Genesys and Microsoft Teams, Microsoft Dynamics 365 and Azure Cognitive Services to streamline collaboration and communications for employees and customers. More information will be released about these upcoming integrations later this year.

Register for the upcoming webinar, Genesys Engage + Microsoft Azure: Transform Your Customer Experience in the Cloud, to learn more on March 4.

To learn more about how Genesys and Microsoft are partnering, please visit the Microsoft Transform blog.

About Genesys

Every year, Genesys® delivers more than 70 billion remarkable customer experiences for organizations in over 100 countries. Through the power of the cloud and AI, our technology connects every customer moment across marketing, sales and service on any channel, while also improving employee experiences. Genesys pioneered Experience as a ServiceSM so organizations of any size can provide true personalization at scale, interact with empathy, and foster customer trust and loyalty. This is enabled by Genesys CloudTM, an all-in-one solution and the world’s leading public cloud contact center platform, designed for rapid innovation, scalability and flexibility. Visit www.genesys.com.

About Microsoft

Microsoft (Nasdaq “MSFT” @microsoft) enables digital transformation for the era of an intelligent cloud and an intelligent edge. Its mission is to empower every person and every organization on the planet to achieve more.

©2020 Genesys Telecommunications Laboratories, Inc. All rights reserved. Genesys and the Genesys logo are trademarks and/or registered trademarks of Genesys. All other company names and logos may be registered trademarks or trademarks of their respective companies.

For more information, press only:

Microsoft Media Relations, WE Communications for Microsoft, +1 (425) 638-7777, [email protected]

Shaunna Morgan, Genesys Media Relations, +1 (317) 493-4241, [email protected]

Note to editors: For more information, news and perspectives from Microsoft, please visit the Microsoft News Center at http://news.microsoft.com. Web links, telephone numbers and titles were correct at time of publication, but may have changed. For additional assistance, journalists and analysts may contact Microsoft’s Rapid Response Team or other appropriate contacts listed at https://news.microsoft.com/microsoft-public-relations-contacts.

Go to Original Article
Author: Microsoft News Center

Cisco Webex Edge for Devices links on-prem endpoints to cloud

Businesses using on-premises video gear from Cisco can now get access to cloud services, while keeping their video infrastructure in place.

A new service, called Cisco Webex Edge for Devices, lets businesses connect on-premises video devices to cloud services like Webex Control Hub and the Webex Assistant. Customers get access to some cloud features but continue to host video traffic on their networks.

Many businesses aren’t ready to move their communications to the cloud. Vendors have responded by developing ways to mix on-premises and cloud technologies. Cisco Webex Edge for Devices is the latest offering of that kind.

“It gives users that cloudlike experience without the businesses having to fully migrate everything to the cloud,” said Zeus Kerravala, principal analyst at ZK Research.

Cisco wants to get as many businesses as possible to go all-in on the cloud. Webex Edge for Devices, introduced this month, tees up customers to make that switch. Companies will have the option of migrating their media services to the cloud after connecting devices to the service.

Webex Edge for Devices is available for no additional charge to businesses with an enterprise-wide Collaboration Flex Plan, a monthly per-user subscription. Alternatively, companies can purchase cloud licenses for the devices they want to register with the service for roughly $30 per device, per month. The service won’t work with gear that’s so old Cisco no longer supports it.

Video hardware linked to the cloud through the service will show up in the Webex Control Hub, a console for managing cloud devices. For on-premises devices, the control hub will provide diagnostic reports, usage data, and insight into whether the systems are online or offline.

Many businesses are already using a mix of on-premises and cloud video endpoints. Webex Edge for Devices will let those customers manage those devices from a single console. In the future, Cisco plans to add support for on-premises phones.

Businesses will also be able to sync on-premises video devices with cloud-based calendars from Microsoft and Google. That configuration will let the devices display a one-click join button for meetings scheduled on those calendars.

Another cloud feature unlocked by Webex Edge for Devices is the Webex Assistant. The service is an AI voice system that lets users join meetings, place calls and query devices with their voice.

In the future, Cisco plans to bring more cloud features to on-premises devices. Future services include People Insights, a tool that provides background information on meeting participants with information gleaned from the public internet.

Cisco first released a suite of services branded as Webex Edge in September 2018. The suite included Webex Edge Audio, Webex Edge Connect and Webex Video Mesh. The applications provide ways to use on-premises and cloud technologies in combination to improve the quality of audio and video calls.

Cisco’s release of Webex Edge for Devices underscores its strategy of supporting on-premises customers without forcing them to the cloud, said Irwin Lazar, analyst at Nemertes Research.

Go to Original Article
Author:

Cloud consultants set for massive workload shift to cloud

Cloud consultants take heed: Customers are pushing the bulk of their workloads to cloud infrastructure and a significant number are adopting related technologies such as containers.

AllCloud, a cloud and managed service provider based in Tel Aviv, Israel, said 85% of the 150 respondents to its cloud infrastructure survey expect to operate the majority of their workloads in the cloud by the end of 2020. Twenty-four percent of the IT decision-makers polled said they plan to be cloud-only organizations. The respondents work for companies with at least 300 employees and represent a range of industries.

AllCloud’s survey, published Jan. 15, also points to growing acceptance of containers, a trend other cloud consultants view as accelerating. More than 56% of respondents reported at least half of their cloud workloads use containers or microservices.

AllCloud CEO Eran Gil said cloud adoption, as reflected in the survey sample, is further along than he anticipated. He also said the amount of containers adoption surprised him.  

“It is interesting to see how many organizations are leveraging them,” he said of containers. “It’s far more than I expected to see.”

Eran Gil, CEO at AllCloudEran Gil

For cloud consultants, the transition from small-scale, individual workload migrations to more decisive shifts to the cloud may open opportunities for IT modernization.

“We are talking to [customers] about modernizing their infrastructure — not just simply taking what they have on premises and hosting it on AWS or other vendors,” Gil said.

Amid broader cloud adoption, AllCloud plans to expand in North America. The company in 2018 launched operations in North America, acquiring Figur8, a Salesforce partner with offices in San Francisco, Toronto, New York City and Vancouver, B.C. AllCloud is a Salesforce Platinum partner and an AWS Premier Consulting Partner.

“We are focusing on growing North America in particular,” Gil said, noting the company has received a new round of funding to support its expansion. “You will hear us announce acquisitions this year in either one of our ecosystems.”

The funding will also help AllCloud grow organically. Gil said the company plans to hire an AWS practice leader, who will report to Doug Shepard, AllCloud’s general manager for North America. Shepard previously was president of the Google business unit at Cloud Sherpas, a cloud consultancy Gil co-founded in 2008. Accenture acquired Cloud Sherpas in 2015.

Gil said the fundamental drivers of cloud adoption have changed dramatically since the launch of Cloud Sherpas. Back then, he said, cost was the main consideration, and security and reliability concerns were obstacles to acceptance. Security, however, emerged in AllCloud’s survey as the top consideration in cloud selection, followed by reliability. Cost ranked fourth in the list of adoption drivers.

“All the factors 10, 12 years ago that were the determents are now the drivers,” Gil said. 

New channel hires

  • DevOps lifecycle tool provider GitLab has appointed Michelle Hodges as vice president of global channels. GitLab, which plans to go public this year, said Hodges’ hiring is part of an initiative to ramp up the company’s channel strategy. Hodges joins GitLab from Gigamon, where she served as vice president of worldwide channels.
  • Avaya named William Madison as its vice president of North America cloud sales. Madison’s prior roles included vice president of global channel development and channel chief at Masergy Communications.
  • Managed services automation company BitTitan hired Kirk Swanson as its corporate development associate. Swanson will help BitTitan pursue acquisitions in the enterprise cloud market, targeting companies with SaaS products and relationships with IT service providers and MSPs, the company said. Prior to BitTitan, Swanson served as an associate at investment firm D.A. Davidson & Co.
  • Exclusive Networks, a cloud and cybersecurity distributor, named Christine Banker as vice president of North American sales. Banker will lead vendor recruitment, inside and field sales, and Exclusive’s PC and server business, among other departments and teams, the company said.
  • Anexinet Corp., a digital business solutions provider based in Philadelphia, has appointed Suzanne Lentz as chief marketing officer. She was previously chief marketing officer of Capgemini Invent NA.
  • Workspace-as-a-service vendor CloudJumper named Amie Ray as its enterprise channel sales manager. Ray comes to CloudJumper from PrinterLogic, where she was national channel account manager.

Other news

  • WESCO International Inc. has agreed to acquire distributor Anixter International Inc. for $4.5 billion. WESCO outbid Clayton, Dubilier & Rice LLC. The deal is expected to close in the second or third quarter of 2020. According to Pittsburgh-based WESCO, the combined entity would have revenue of about $17 billion. The pending deal follows Apollo Global Management’s agreement to acquire Tech Data Corp., a distributor based in Tampa, Fla.
  • Lemongrass Consulting, a professional services and managed service provider based in Atlanta, has completed a $10 million Series C round of financing, a move the company said will help it build out its senior leadership team, boost product development, and expands sales and marketing. Rodney Rogers, co-founder and general partner of Blue Lagoon Capital, joins Lemongrass as chairman. Blue Lagoon led the new funding round. Mike Rosenbloom is taking on the group CEO role at Lemongrass. He was formerly managing director of Accenture’s Intelligent Cloud & Infrastructure business. Walter Beek, who has been group CEO at Lemongrass, will stay on with company as co-founder and chief innovation officer. Lemongrass focuses on SAP applications running on AWS infrastructure.
  • Strategy and revenue are getting a heightened focus among CIOs, according to a Logicalis survey. The London-based IT solutions provider’s poll of 888 global CIOs found 61% of the respondents “spent more time on strategic planning in the last 12 months, while 43% are now being measured on their contribution to revenue growth.” The emphasis on strategy and revenue comes at the expense of innovation. About a third of the CIOs surveyed said the time available to spend on innovation has decreased over the last 12 months.
  • IT infrastructure management vendor Kaseya said it ended 2019 with a valuation exceeding $2 billion. Kaseya added more than 5,000 new customers and had more than $300 million in annual bookings, according to the company. Kaseya noted that the company had an organic growth rate of about 30%.
  • Cybersecurity vendor WatchGuard Technologies updated its FlexPay program with automated, monthly billing for its network security hardware and services. Partners can acquire subscriptions from WatchGuard’s distributor partners in various purchasing models, including one- and three-year contracts and pay-as-you-go terms, WatchGuard said. In the U.S., WatchGuard Subscriptions are available exclusively through the Synnex Stellr online marketplace.
  • Copper, which provides CRM for G Suite, rolled out its 2020 Partner Ambassador Program. The referral program has four partner tiers with incremental incentives, marketing resources, and training and certifications.
  • GTT Communications Inc., a cloud networking provider based in McLean, Va., has added Fortinet Secure SD-WAN to its SD-WAN service offering.
  • EditShare, a storage vendor that specializes in media creation and management, signed Key Code Media to its channel program. Key Code Media is an A/V, broadcast and post-production reseller and systems integrator.
  • Accenture opened an intelligent operation center in St. Catharines, Ont., as a hub for its intelligent sales and customer operations business. Accenture said the location is the company’s third intelligent operations center in Canada and its second in the Niagara region.

Market Share is a news roundup published every Friday.

Go to Original Article
Author:

Google Cloud support premium tier woos enterprise customers

Google Cloud has introduced a Premium Support option designed to appeal to large enterprises through features such as 15-minute response times for critical issues.

Premium Support customers will be serviced by “context-aware experts who understand your unique application stack, architecture and implementation details,” said Atul Nanda, vice president of cloud support.

These experts will coordinate with a customer’s assigned technical account manager to resolve issues faster and in a more personalized manner, Nanda said in a blog post.

Google wanted to expand its support offerings beyond what basic plans for Google Cloud and G Suite include, according to Nanda. Other Premium Support features include operational health reviews, training, preview access to new products and more help with third-party technologies.

In contrast, Google’s other support options range from a free tier that provides help with only billing issues; Development, which costs $100 per user per month, with a four-hour response time; and Production, which costs $250 per user per month and has a one-hour response time.

Premium Support carries a base annual fee of $150,000 plus 4% of the customer’s net spending on Google Cloud Platform and/or G Suite. Google is also working on add-on services for Premium Support, such as expanded technical account manager coverage and mission-critical support, which involves a site reliability engineering consulting engagement. The latter is now in pilot.

Cloud changes the support equation

Customers with on-premises software licenses are used to paying stiff annual maintenance fees, which give them updates, bug fixes and technical support. On-premises maintenance fees can generate profit margins for vendors north of 90%, consuming billions of IT budget dollars that could have been spent on better things, said Duncan Jones, an analyst at Forrester.

Duncan JonesDuncan Jones

Google is recognizing they need to move up the stack in terms of support to make further inroads into the enterprise space.
Grant KirkwoodCTO, Unitas Global

“But customers of premium support offerings such as Microsoft Unified (fka Premier) Support and SAP MaxAttention express much higher satisfaction levels with value for money,” Jones said via email. “They are usually an alternative to similar services that the vendor’s SI and channel partners offer, so there is competition that drives up standards. Plus, they are optional extras so price/demand sensitivity keeps pricing at reasonable levels.” On the whole, Google’s move to add Premium Support is positive for customers, according to Jones.

But it’s clear why Google did it from a business perspective, said Grant Kirkwood, CTO of Unitas Global, a hybrid cloud services provider in Los Angeles. “Google is recognizing they need to move up the stack in terms of support to make further inroads into the enterprise space,” he said.

Microsoft today probably has the most robust support in terms of a traditional enterprise look-and-feel, while AWS’ approach is geared a bit more toward DevOps-centric shops, Kirkwood added.

“[Google is] taking a bit out of both playbooks,” he said. Premium Support could appeal to enterprises that have already done easier lift-and-shift projects to the cloud and are now rebuilding or creating new cloud-native applications, according to Kirkwood.

But as with anything, Google will have to prove its Premium Support option is worth the extra money.

“Successful [support] plans require great customer success management, highly trained technical account managers and AI-driven case management,” said Ray Wang, founder and CEO of Constellation Research.

Go to Original Article
Author:

New Oracle Enterprise Manager release advances hybrid cloud

In a bid to meet customers’ needs for hybrid cloud deployments, Oracle has injected its Oracle Enterprise Manager system with new capabilities to ease cloud migration and hybrid cloud database management.

The software giant unveiled the new Oracle Enterprise Manager release 13.4 on Wednesday, with general availability expected by the end of the first quarter.

The release includes new analytics features for users to make the most of a single database and optimize performance. Lifecycle automation for databases gets a boost in the new release. The update also provides users with new tools to enable enterprises to migrate from an on-premises database to one in the cloud.

“Managing across hybrid on-prem and public cloud resources can be challenging in terms of planning and executing database migrations,” said Mary Johnston Turner, research vice president for cloud management at IDC. “The new Migration Workbench addresses this need by providing customers with guided support for updating and modernizing across platforms, as appropriate for the customer’s specific requirements.”

Beyond helping with migration, Turner noted that Oracle Enterprise Manager 13.4 supports customer choice by enabling consistent management across Oracle Cloud and traditional on-premises resources, which is a recognition that most enterprises are adopting multi-cloud architectures.

The other key addition in Oracle Enterprise Manager 13.4 is advanced machine learning analytics, Turner noted.

“Prior to this release the analytics capabilities were mostly limited to Oracle Management Cloud SaaS [software as a service] solutions, so adding this capability to Enterprise Manager is significant,” she said.

Oracle Enterprise Manager 13.4 features

Nearly all large Oracle customers use Enterprise Manager already, said Mughees Minhas, vice president of product management at Oracle. He said Oracle doesn’t want to force a new management tool on customers that choose to adopt the cloud, which is why the vendor is increasingly integrating cloud management features with Oracle Enterprise Manager.

Managing across hybrid on-prem and public cloud resources can be challenging in terms of planning and executing database migrations.
Mary Johnston TurnerResearch vice president for cloud management, IDC

As users decide to move data from on-premises deployments to the cloud, it’s rarely just an exercise in moving an application from one environment to another without stopping to redesign the workflow, Minhas said.

The migration tool in the new enterprise manager update includes a SQL performance analyzer feature to ensure that database operations are optimized as they move to the cloud. The tool also includes a compatibility checker to verify that on-premises database applications are compatible with the autonomous versions of Oracle database that runs in the cloud.

Migrating to new databases with Enterprise Manager 13.4

Helping organizations migrate to new database versions is one of the key capabilities of the latest version of Oracle Enterprise Manager.

“Normally, you would create a separate test system on-prem where you would install it and then once you’re done with the testing, then you’d upgrade the actual system,” Minhas said. “So we are promoting these use cases to Enterprise Manager through the use of real application testing tools, where we let you create a new database in the cloud to test.”

Intelligent analytics

The new Oracle Enterprise Manager release also benefits from Exadata Warehouse technology, which now enables analytics for Oracle database workloads.

“The goal of a great admin or cloud DBA [database administrator] is that they want to avoid problems before they happen, and not afterwards,” Minhas said. “So we are building analytical capabilities and some algorithms, so they can do some forecasting, so they know limits and are able to take action.”

Minhas said hybrid management will continue to be Oracle’s focus for Oracle Enterprise Manager.

“Over time, you’ll see us doing more use cases where we also let you do the same thing you’re doing on premises in the cloud, using the same APIs users are already familiar with,” Minhas said.

Go to Original Article
Author:

Public cloud vendors launch faulty services as race heats up

The public cloud services arena has turned a corner, introducing new challenges for customers, according to the latest edition of “Technology Radar,” a biannual report by global software consultancy ThoughtWorks. Competition has heated up, so top public cloud vendors are creating new cloud services at a fast clip. But in their rush to market, those vendors can roll out flawed services, which opens the door for resellers to help clients evaluate cloud options.

Public cloud has become a widely deployed technology, overcoming much of the resistance it had seen in the past. “Fears about items like security and sovereignty have been calmed,” noted Scott Shaw, director of technology for Asia Pacific region at ThoughtWorks. “Regulators have become more comfortable with the technology, so cloud interest has been turning into adoption.”

The cloud market shifts

With the sales of public cloud services rising, competition has intensified. Initially, Amazon Web Services dominated the market, but recently Microsoft Azure and Google Cloud Platform have been gaining traction among enterprise customers.

Corporations adopting public cloud have not had as much success as they had hoped for.
Scott ShawDirector of technology for Asia Pacific region, ThoughtWorks

One ripple effect is that the major public cloud providers have been trying to rapidly roll out differentiating new services. However, in their haste to keep pace, they can deliver services with rough edges and incomplete feature sets, according to ThoughtWorks.

Customers can get caught in this quicksand. “Corporations adopting public cloud have not had as much success as they had hoped for,” Shaw said.

Businesses try to deploy public cloud services based on the promised functionality but frequently hit roadblocks during implementations. “The emphasis on speed and product proliferation, through either acquisition or hastily created services, often results not merely in bugs but also in poor documentation, difficult automation and incomplete integration with vendors’ own parts,” the report noted.

Top public cloud vendors chart
The global public cloud market share in 2019.

Testing is required

ThoughtWorks recommended that organizations not assume all public cloud vendors’ services are of equal quality. They need to test out key capabilities and be open to alternatives, such as open source options and multi-cloud strategies.

Resellers can act as advisors to help customers make the right decisions as they consider new public cloud services, pointing out the strengths and flaws in individual cloud options, Shaw said.

To serve as advisors, however, resellers need in-depth, hands-on experience with the cloud services. “Channel partners cannot simply rely on a feature checklist,” Shaw explained. “To be successful, they need to have worked with the service and understand how it operates in practice and not just in theory.”

Go to Original Article
Author:

Google buys AppSheet for low-code app development

Google has acquired low-code app development vendor AppSheet in a bid to up its cloud platform’s appeal among line-of-business users and tap into a hot enterprise IT trend.

Like similar offerings, AppSheet ingests data from sources such as Excel spreadsheets, Smartsheet and Google Sheets. Users apply views to the data — such as charts, tables, maps, galleries and calendars — and then develop workflows with AppSheet’s form-based interface. The apps run on Android, iOS and within browsers.

AppSheet, based in Seattle, already integrated with G Suite and other Google cloud sources, as well as Office 365, Salesforce, Box and other services. The company will continue to support and improve those integrations following the Google acquisition, AppSheet CEO Praveen Seshadri said in a blog post.

“Our core mission is unchanged,” Seshadri said. “We want to ‘democratize’ app development by enabling as many people as possible to build and distribute applications without writing a line of code.”

Terms of the deal were not disclosed, but the price tag for the low-code app development startup is likely far less than Google’s $2.6 billion acquisition of data visualization vendor Looker in June 2019.

Under the leadership of former longtime Oracle executive Thomas Kurian, Google Cloud was expected to make a series of deals to shore up its position in the cloud computing market, where it trails AWS and Microsoft by significant percentages.

So far, Kurian has not made moves to buy core enterprise applications such as ERP and CRM, two markets dominated by the likes of SAP, Oracle and Salesforce. Rather, the AppSheet purchase reflects Google Cloud’s perceived strength in application development, but with a gesture toward nontraditional coders.

As for why Google chose AppSheet to boost its low-code/no-code strategy, one reason could be the dwindling number of options. In the past couple of years, several prominent low-code/no-code vendors became acquisition targets. Notable examples include Siemens’ August 2018 purchase of Mendix for $730 million, and more recently, Swiss banking software provider Temenos’ move to buy Kony in a $559 million deal.

It’s not as if Google, Siemens and Temenos made a long shot bet, either. A survey released last year by Forrester Research, based on data collected in late 201, found that 23% of more than 3,000 developers surveyed reported their companies were already using low-code development platforms. In addition, another 22% indicated their organizations would buy into low-code within a year.

Low-code app dev platforms foster quick creation of business data-driven mobile apps.
Google’s purchase of AppSheet gives it low-code app dev tools for business users.

Low-code competition heightens

Google’s AppSheet buy pits it directly against cloud platform rival Microsoft, which has the citizen developer-targeted Power Apps low-code app development platform that has taken off like a rocket, said John Rymer, an analyst at Forrester. The acquisition of AppSheet also sets Google apart from cloud market share leader AWS, whose alleged super-secret low-code/no-code platform that was said to be under development by a team led by prominent development guru Adam Bosworth has yet to appear.

However, in AppSheet, Google is getting a winner, Rymer noted. “It’s a really good product and a really good team,” he said.

Moreover, the addition of AppSheet will help Google get more horsepower out of Apigee than just API management. The company wanted a broader platform with more functionality to address more customers and more use cases, Rymer said.

“So, I think they will be positioning this as a new platform anchored by Apigee,” he said. “Customers could use Apigee to create and publish APIs and AppSheet is how they would consume them. But they won’t stop there. They need process automation/workflow, so I would expect them to go there as well.”

AppSheet gives Google the potential to craft a more cohesive story that integrates that with Google Cloud and Anthos in the future.
Jeffrey HammondAnalyst, Forrester

Meanwhile, another key benefit Google gains from this acquisition is the integration that AppSheet already has with Google’s office productivity products, said Jeffrey Hammond, another Forrester analyst.

“G Suite has always felt a bit out of place to me at Google’s developer conferences, but it used to be one of the main ‘leads’ for the enterprise,” he said. “AppSheet gives Google the potential to craft a more cohesive story that integrates that with Google Cloud and Anthos in the future.”

Overall, this acquisition is yet another indication that low-code/no-code development has gone mainstream and the number of people building applications will continue to grow.

Go to Original Article
Author:

AWS security faces challenges after a decade of dominance

Amazon Web Services has a stranglehold on the public cloud market, but the company’s dominance in cloud security is facing new challenges.

The world’s largest cloud provider earned a reputation over the last 10 years as an influential leader in IaaS security, thanks to introducing products such as AWS Identity & Access Management and Key Management Service in the earlier part of the decade to more recent developments in event-driven security. AWS security features helped the cloud service provider establish its powerful market position; according to Gartner, AWS in 2018 earned an estimated $15.5 billion in revenue for nearly 48% of the worldwide public IaaS market.

But at the re:Invent 2019 conference last month, many of the new security tools and features announced were designed to fix existing issues, such as misconfigurations and data exposures, rather than push AWS security to new heights. “There wasn’t much at re:Invent that I’d call security,” said Colin Percival, founder of open source backup service Tarsnap and an AWS Community Hero, via email. “Most of what people are talking about as security improvements address what I’d call misconfiguration risk.”

Meanwhile, Microsoft has not only increased its cloud market share but also invested heavily in new Azure security features that some believe rival AWS’ offerings. Rich Mogull, president and analyst at Securosis, said there are two sides to AWS security — the inherent security of the platform’s architecture, and the additional tools and products AWS provides to customers.

“In terms of the inherent security of the platform, I still think Amazon is very far ahead,” he said, citing AWS’ strengths such as availability zones, segregation, and granular identity and access management. “Microsoft has done a lot with Azure, but Amazon still has a multi-year lead. But when it comes to security products, it’s more of a mixed bag.”

Most of what people are talking about as [AWS] security improvements address what I’d call misconfiguration risk.
Colin PercivalFounder, Tarsnap

Microsoft has been able to close the gap in recent years with the introduction of its own set of products and tools that compete with AWS security offerings, he said. “Azure Security Center and AWS Security Hub are pretty comparable, and both have strengths and weaknesses,” Mogull said. “Azure Sentinel is quite interesting and seems more complete than AWS Detective.”

New tools, old problems

Arguably the biggest AWS security development at re:Invent was a new tool designed to fix a persistent problem for the cloud provider: accidental S3 bucket exposures. The IAM Access Analyzer, which is part of AWS’ Identity and Access Management (IAM) console, alerts users when an S3 bucket is possibly misconfigured to allow public access via the internet and lets them block such access with one click.

AWS had previously made smaller moves, including changes to S3 security settings and interfaces, to curb the spate of high-profile and embarrassing S3 exposures in recent years. IAM Access Analyzer is arguably the strongest move yet to resolve the ongoing problem.

“They created the S3 exposure issue, but they also fixed it,” said Jerry Gamblin, principal security engineer at vulnerability management vendor Kenna Security, which is an AWS customer. “I think they’ve really stepped up in that regard.”

Still, some AWS experts feel the tool doesn’t fully resolve the problem. “Tools like IAM Access Analyzer will definitely help some people,” Percival said, “but there’s a big difference between warning people that they screwed up and allowing people to make systems more secure than they could previously.”

Scott Piper, an AWS security consultant and founder of Summit Route in Salt Lake City, said “It’s yet another tool in the toolbelt and it’s free, but it’s not enabled by default.”

There are other issues with IAM Access Analyzer. “With this additional information, you have to get that to the customer in some way,” Piper said. “And doing that can be awkward and difficult with this service and others in AWS like GuardDuty, because it doesn’t make cross-region communication very easy.”

For example, EC2 regions are isolated to ensure the highest possible fault tolerance and stability for customers. But Piper said the isolation presents challenges for customers using multiple regions because it’s difficult to aggregate GuardDuty alerts to a single source, which requires security teams to analyze “multiple panes of glass instead of one.”

Metadata headaches

AWS recently addressed another security issue that became a high-profile concern for enterprises following the Capital One breach last summer. The attacker in that exploited an SSRF vulnerability to access the AWS metadata service for company’s EC2 instances, which allowed them to obtain credentials contained in the service.

The Capital One breach led to criticism from security experts as well as lawmakers such as Sen. Ron Wyden (D-Ore.), who questioned why AWS hadn’t addressed SSRF vulnerabilities for its metadata service. The lack of security around the metadata service has concerned some AWS experts for years; in 2016, Percival penned a blog post titled “EC2’s most dangerous feature.”

“I think the biggest problem Amazon has had in recent years — judging by the customers affected — is the lack of security around their instance metadata service,” Percival told SearchSecurity.

In November, AWS made several updates to the metadata service to prevent unauthorized access, including the option to turn off access to the service altogether. Mogull said the metadata service update was crucial because it improved security around AWS account credentials.

But like other AWS security features, the metadata service changes are not enabled by default. Percival said enabling the update by default would’ve caused issues for enterprise applications and services that rely on the existing version of the service. “Amazon was absolutely right in making their changes opt-in since if they had done otherwise, they would have broken all of the existing code that uses the service,” he said. “I imagine that once more or less everyone’s code has been updated, they’ll switch this from opt-in to opt-out — but it will take years before we get to that point.”

Percival also said the update is “incomplete” because it addresses common misconfigurations but not software bugs. (Percival is working on an open source tool that he says will provide “a far more comprehensive fix to this problem,” which he hopes to release later this month.)

Still, Piper said the metadata service update is an important step for AWS security because it showed the cloud provider was willing to acknowledge there was a problem with the existing service. That willingness and responsiveness hasn’t always been there in the past, he said.

“AWS has historically had the philosophy of providing tools to customers, and it’s kind of up to customers to use them and if they shoot themselves in the foot, then it’s the customers’ fault,” Piper said. “I think AWS is starting to improve and change that philosophy to help customers more.”

AWS security’s road ahead

While the metadata service update and IAM Access Analyzer addressed lingering security issues, experts highlighted other new developments that could strengthen AWS’ position in cloud security.

AWS Nitro Enclaves, for example, is a new EC2 capability introduced at re:Invent 2019 that allows customers to create isolated instances for sensitive data. The Nitro Enclaves, which will be available in preview this year, are virtual machines attached to EC2 instances but have CPU and memory isolation from the instances and can be accessed only through secure local connections.

“Nitro Enclaves will have a big impact for customers because of its isolation and compartmentalization capabilities” which will give enterprises’ sensitive data an additional layer of protection against potential breaches, Mogull said.

Percival agreed that Nitro Enclaves could possibly “raise the ceiling,” for AWS Security, though he cautioned against using them. “Enclaves are famously difficult for people to use correctly, so it’s hard to predict whether they will make a big difference or end up being another of the many ‘Amazon also has this feature, which nobody ever uses’ footnotes.”

Experts also said AWS’ move to strengthen its ARM-based processor business could have major security implications. The cloud provider announced at re:Invent 2019 that it will be launching EC2 instances that run on its new, customized ARM chips, dubbed Graviton2.

Gamblin said the Graviton2 processors are a security play in part because of recent microprocessor vulnerabilities and side channel attacks like Meltdown and Spectre. While some ARM chips were affected by both Meltdown and Spectre, subsequent side channel attacks and Spectre variants have largely affected x86 processors.

“Amazon doesn’t want to rely on other chips that may be vulnerable to side channel attacks and may have to be taken offline and rebooted or suffer performance issues because of mitigations,” Gamblin said.

Percival said he was excited by the possibility of the cloud provider participating in ARM’s work on the “Digital Security by Design” initiative, a private-sector partnership with the UK that is focused in part on fundamentally restructuring — and improving — processor security. The results of that project will be years down the road, Percival said, but it would show a commitment from AWS to once again raising the bar for security.

“If it works out — and it’s a decade-long project, which is inherently experimental in nature — it could be the biggest step forward for computer security in a generation.”

Go to Original Article
Author: