The “Cloud Builder” Awakens

I have traveled extensively over the final quarter of 2015, meeting with customers, prospects and partners. There is something about being on the road that gives clarity to business and as a result, it is clear in my mind that Information Technology is witnessing its greatest period of change. The Internet of Things, Cloud and Big Data are driving the massive growth of new applications and data. Rapid rates of application and data growth are forcing organizations to move away from legacy scale-up approaches to ones that provide seamless scale-out. Siloed and monolithic approaches to delivering storage, compute and network resources must be replaced by integrated and elastic infrastructure and services consumption models.

In support of these new consumption models, IT is being delivered as services delivered on-demand, leveraging cloud architectures. I am seeing the emergence of a new customer, whom I call the Cloud Builder or Cloud Architect. Due to the rapid growth and importance of this new role, I somewhat jokingly say, “the Cloud Builder has awoken.” This new role takes a different IT approach to meeting the needs of the business. The Cloud Builder looks at applications and data requirements from the perspective of business goals, Continue reading

IDG Contributor Network: Experts predict more cyber attacks on universities

Attacks on major state universities will continue in 2016, according to a non-profit cybersecurity readiness organization that specializes in the public sector. And the problem is exacerbated because some state or small governments don’t have ‘mature’ cybersecurity plans in place, so they can’t mitigate it. The vulnerability has been tagged by a cybersecurity readiness organization The Center for Internet Security (CIS). The prediction was quoted in Fedscoop, a government-oriented IT website.Intellectual property “The universities are home to an awful lot of valuable intellectual property, so a lot of the major research universities are prime targets for attackers,” said Thomas Duffy, chair of the Multi-State Information Sharing and Analysis Center (MS-ISAC) that's operated by CIS. He was quoted by Fedscoop, writing about threats for states and localities.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Experts predict more attacks on universities

Attacks on major state universities will continue in 2016, according to a non-profit cybersecurity readiness organization that specializes in the public sector. And the problem is exacerbated because some state or small governments don’t have ‘mature’ cybersecurity plans in place, so they can’t mitigate it. The vulnerability has been tagged by a cybersecurity readiness organization The Center for Internet Security (CIS). The prediction was quoted in Fedscoop, a government-oriented IT website.Intellectual property “The universities are home to an awful lot of valuable intellectual property, so a lot of the major research universities are prime targets for attackers,” said Thomas Duffy, chair of the Multi-State Information Sharing and Analysis Center (MS-ISAC) that's operated by CIS. He was quoted by Fedscoop, writing about threats for states and localities.To read this article in full or to leave a comment, please click here

A Quick Look Back: Webinars in 2015

As you know I always promise my loyal subscribers at least 6 new webinars per year. Well, 2015 was a bit more fruitful. Let’s start with the easy ones:

However, I spent most of my time developing the SDN and network automation curriculum:

Read more ...

Russian group suspected to be linked to Ukraine power station cyberattack

A cyberattack that knocked out power in the Ukraine last month is believed to have been initiated by a hacking group with strong Russian interests.iSight Partners, a cybersecurity firm headquartered in Dallas, wrote on Thursday that a group called Sandworm was likely involved.The link was made after a study of a malware sample called KillDisk and a related one used by Sandworm in the past called BlackEnergy 3, wrote John Hultquist, director of cyberespionage analysis at iSight Partners.To read this article in full or to leave a comment, please click here

Android-powered smart TVs targeted by malicious apps

Smart TVs running older versions of Android are being targeted by several websites offering apps containing malware, according to Trend Micro.The security vendor wrote on Thursday that it found a handful of app websites targeting people in the U.S. and Canada by offering the malicious apps.The apps are exploiting a flaw in Android that dates to 2014, showing that many smart TVs do not have the latest patches."Most smart TVs today use older versions of Android, which still contain this flaw," wrote Ju Zhu, a mobile threats analyst with Trend. "While most mobile Android devices can easily be upgraded to the latest version, upgrading smart TV sets may be more challenging for users because they are limited by the hardware."To read this article in full or to leave a comment, please click here

Full Stack Journey Episode #1: Bart Smith

In this first-ever episode of the Full Stack Journey podcast, I talk with Bart Smith (old GitHub account migrating to new GitHub account, YouTube channel). Bart shares some details about his journey from being a Microsoft-centric infrastructure engineer to what he calls a cloud-native full-stack engineer. Here are some notes from our conversation, along with some additional resources Bart wanted to share with readers/listeners. Enjoy!

The podcast audio recording is available on Soundcloud.

Show Notes

  • His journey started in June 2014 as a result of the Microsoft announcement regarding support for Linux and Kubernetes on Azure—this really indicated a shift in the industry.
  • Bart’s view is that a full-stack engineer knows about operations, the hardware stack (compute, storage, network), the software (network, operating system [OS], management, logging), and most importantly knows how to “code” an immutable infrastructure. An operations full-stack engineer can read code, work with developers, and be part of a DevOps team of support DevOps teams in deploying code into production both to on-premises solutions and off-premises solutions.
  • IT folks don’t need to be strictly involved in software engineering to benefit from a journey toward a more full-stack role.
  • His journey from Microsoft-centric engineer to Continue reading

Microsoft, Google, Facebook to U.K.: Don’t weaken encryption

Microsoft, Google and Facebook are urging U.K. officials not to undermine encryption as they work on laws that would authorize forcing communications service providers to decrypt customer traffic.In a joint written submission to the U.K. Parliament the three U.S.-based companies lay down several areas of concern, which, if not addressed, they say could damage their businesses and leave them caught in legal crossfires among the many countries where they do business.To read this article in full or to leave a comment, please click here

How long will consumers put up with the IoT’s failures?

A recurring theme undercutting the enthusiasm surrounding the Internet of Things and smart home at CES this week has been how the shortcomings of the technology could hold back the market. How long will consumers put up with products that don't work, fail to connect to the network, or put their privacy at risk?A panel of IoT support experts speaking at CES today explained that, while some of the better-known products, like Google's Nest thermostat, are designed with easy setup and connectivity, many others fall short in important areas. Since consumers aren't always necessarily equipped to resolve these issues on their own, these concerns threaten to hold the IoT market back from reaching its lofty projections.To read this article in full or to leave a comment, please click here

Will the European Union’s new General Data Protection Regulation impact your business?  

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.   Does your company do business internationally, and especially with customers within the European Union (EU)? If so, then you need to pay attention to what's happening in the areas of data privacy and data sovereignty. Big changes are underway and they could have an impact on how you manage customer information. At the end of December, the European Commission (EC) approved the final version of the General Data Protection Regulation (GDPR). It's a massive overhaul of the EU's 1995 data protection rules (Directive 95/46/EC), which were quite out of date given the technology developments and globalization of the last two decades. The EC has been working on the GDPR since 2012 in order to strengthen online privacy rights and boost Europe's digital economy.To read this article in full or to leave a comment, please click here

Callous snow-plow-blade thieves violate first rule of security cameras

Not that much is expected of your garden-variety thieves, but stealing a 500-pound snow plow blade from a fire department in the dead of winter requires an elevated level of disregard for the wellbeing of your fellow citizens.Such a brazen theft in this era of ubiquitous surveillance also requires a surprisingly common breed of cluelessness, as the act violates the first rule of security cameras: They are everywhere.I note this particular case of reckless stupidity in part because the occupants of the pickup pictured above victimized the fire department and residents of North Attleboro, Mass., my hometown, when they attached the blade to their truck and drove off. Friends and former neighbors were put at risk.To read this article in full or to leave a comment, please click here

Drupal sites at risk due to insecure update mechanism

The update mechanism of the popular Drupal content management system is insecure in several ways, allowing attackers to trick administrators into installing malicious updates.Researcher Fernando Arnaboldi from security firm IOActive noticed that Drupal will not inform administrators that an update check has failed, for example due to inability to access the update server. Instead, the back-end panel will continue to report that the CMS is up to date, even if it's not.This can be a problem, considering that hackers are quick to exploit vulnerabilities in popular content management systems like Drupal, WordPress or Joomla, after they appear. In one case in 2014, users had only a seven-hour window to deploy a critical Drupal patch until attackers started exploiting the vulnerability that it fixed.To read this article in full or to leave a comment, please click here