Implementing security in a cloud environment may seem like a difficult task and slows down, or even prevents, some organizations from migrating to the cloud. Some cloud security models have similarities to traditional data center or on-premises security; however, there are opportunities to implement new security measures as well as tweak your existing security plan. Here are five tips for getting started with cloud security.
- Secure your application security code
Knowing and understanding account usage and the types of coding languages, inputs, outputs, and resource requests is essential.
- Implement a solid patch management and configuration management strategy
These strategies are usually more people and process driven, but are important components to the care of feeding of the technology solution. Organizations should take inventory of all the data they are maintaining and understand what type of data it is, where it is being stored, what accounts have access to this data, and how is it being secured.
- Dedicate time and resources to the design and maintenance of identity and access management solutions
Attackers continue to use brute force attacks against accounts to crack passwords and gain authenticated privileges in your environment. Accounts should follow the least privilege concept and account activity should be logged. A robust logging and log review system should be a standard implementation for all systems, accounts, and configuration modifications to ensure accountability of legitimate activity.
- Understand the shared responsibility of security
Generally, cloud providers will have security implemented throughout their core infrastructure, which is primarily designed to safeguard their systems and the basic foundational services for each of their customers. Cloud providers will maintain and secure their infrastructure; however, they won’t necessarily provide customers reports or notifications from this layer unless it impacts a significant amount of customers. Therefore, it is highly recommended that you implement a customized security plan within your own cloud environment.
At the moment a cloud provider drops a network packet onto your systems, you should employ security monitoring and network threat detection. The customer responsibility for security increases when moving from the network level to the host level and further to the application level. Once you have access to your operating system, you are giving root/administrator access and therefore, that system is yours to secure and manage.
At this point, the customer is responsible for the security of the applications and the application code that is used on the host systems. Cloud customers need to pay particular attention to the application code that is used in their environment since web application attacks are the most prevalent type of attacks used by adversaries.
- Stay informed about the la threats and vulnerabilities
Organizations should also stay informed about the la threats and vulnerabilities to their cloud systems. Adversaries, hacking groups and security researchers are constantly working to discover new vulnerabilities within systems and keeping up with these threats is imperative. Organizations that have dedicated resources to monitoring and responding to the la threat activities are able to anticipate cyber activity and minimize the impact of an attack.
Implementing effective security within a cloud environment may seem to be a challenging task; however, a strategic plan and the proper integration of people, process, and technology enable organizations to overcome this challenge.
Learn more about 2W Managed Cloud Security and how our partnership with Alert Logic can ensure your environment’s security.
Blog contributed by Alert Logic
Customized mobile device digital marketing gets a lot easier
When marketers think digital, they think mobile, but the best way to reach people on their smartphones is an app, not a website. Still, mobile apps are a double-edged sword for companies. They deliver more users with higher engagement but are also harder and more costly to develop and . Given that mobile devices are inherently connected, the first cloud services emerged to simplify app development. Mobile backends and SDKs like Facebook Parse, Kumulos or AWS Mobile Services tackled the backend services data management, synchronization, notification and analytics. Real world ing is the la service, courtesy of the AWS Device Farm, which provides virtual access to myriad mobile devices and operating environments. Device Farm, released in July, allows developers to easily apps on hundreds of combinations of hardware and OS (with a constantly growing list) using either custom scripts or a standard AWS compatibility suite. Although the service launched targeting the most acute problem, on fragmented Android, it now supports iOS as well. But the cloud service isn’t just able to provide instant access to a multitude of devices for hardware-specific s – it also allows ing on multiple devices in parallel, which greatly cuts time.
Bootstrapping mobile development with cloud services can yield huge dividends for organizations wanting to better connect with customers, employees and partners. Not only are there more mobile than desktop users, but their usage is heavier. The average adult in the US spends almost three hours per day consuming digital content on a mobile device, 11% more than just last year. This means that businesses without a mobile strategy, don’t have any digital strategy.
The problem is that providing a richer, customized, differentiated experience requires building a custom mobile app – a task that’s made more daunting by the cornucopia of devices in use. It means supporting multiple versions of two operating systems and countless hardware variations. Although Apple users generally upgrade to the la iOS release within months, the la Android development stats show four versions with at least 13% usage. Worse yet, a 2015 OpenSignal survey of hundreds of thousands of Android devices found more than 24,000 distinct device types. Such diversity makes developing and thoroughly ing mobile apps vastly more complex than a website or PC application. One mobile app developer does QA ing on 400 different Android devices for every app – a ing nightmare that’s even worse when you consider that the mobile app release cycle is measured in weeks, not months. If ever a problem was in need of a virtualized cloud service, this is it; and AWS has delivered.
Device Farm takes an app archive (.apk file for Android or .ipa for iOS) and s it against either custom scripts or an AWS compatibility suite using a fuzz of random events. Test projects are comprised of the actual suite (Device Farm supports five scripting languages), a device pool (specific hardware and OS versions) and any predefined device state such as other installed apps, required local data and device location. Aggregate results are presented on a summary screen with details, including any screenshots, performance data and log file output, available for each device.
Device Farm doesn’t replace the need for in-field beta ing and mobile app instrumentation to measure real world usage, performance and failures, however with thorough, well-crafted suites and a diverse mix of device types, it promises to dramatically improve the end-user experience by eliminating problems that only manifest when running on actual hardware instead of an IDE simulator.
Developers can automate and schedule s using the Device Farm API or via Jenkins using the AWS plugin. Like every AWS service, pricing is usage based, where the metric is the total time for each device at $0.17 per device minute, however by judiciously selecting the device pool, it’s much cheaper than buying and configuring the actual hardware. Developers can automate and schedule s using the Device Farm API or via Jenkins using the AWS plugin. Like every AWS service, pricing is usage based, where the metric is the total time for each device at $0.17 per device minute.
Along with Mobile Services for backend infrastructure, Device Farm makes a compelling mobile app development platform, particularly for organizations already using AWS for website and app development.
To learn more about AWS Device Farm or to get started on your Digital Marketing initiatives, contact us.
-2nd Watch blog by Kurt Marko
In an effort to better understand the relationship between cloud computing and digital business in large enterprises, we have just completed a survey of 498 IT and business executives in the US, our most comprehensive research to date. The survey uncovered a stronger than expected connection between cloud technologies and digital sales and marketing programs. Half of all persons responding to the survey said that moving to the cloud would be their most important digital initiative in 2015.
Digital business has come to define a wave of applications and services that, in Gartner’s words, “blur the physical and digital worlds.” Millions of Internet-connected devices have created new ways for companies to engage customers and prospects, from social marketing campaigns to mobile loyalty apps. Cloud technologies, with their flexibility and affordability, are considered foundational to digital business, and yet many companies are still struggling with operational blockades like inflexible systems.
Nevertheless, cloud computing seems to be driving the digital enterprise. Nearly 59% of respondents to this la survey reported they’re using a combination of on-premise and cloud technologies to power digital business initiatives, while 22% of companies follow a “cloud first” methodology. The survey also asked about specific initiatives. The majority (36%) of persons responding said that between 25% and 50% of their digital sales and marketing services will leverage cloud-computing technologies this year, and almost a quarter (24%) will leverage cloud technologies for 50% to 75% of digital sales and marketing programs. Many companies are also using cloud-based tools to measure time to deployment for new digital programs (54%), the cost of said programs (48%), ROI (43%), and automation (33%).
Other digital business survey highlights:
- 60% said cloud tools will support digital sales and marketing programs this year
- 36% said understanding cloud was their most important consideration when going digital, followed by creating a roadmap of business and tech initiatives (25%) and cultural change (20%)
- 38% said improving customer service was their company’s top driver for leveraging new cloud technologies, while 27% said the top driver was increasing revenue
- 35% said more than half their budget this year would go toward digital campaigns
- 44% said it takes up to three months to provision new infrastructure for complex applications
- 52% said developing and deploying new digital programs rapidly and to scale was the primary advantage to using cloud technologies; 50% said cost savings was the primary advantage (respondents could select multiple answers to this question)
The results of the la survey show pretty clearly that companies are thinking about cloud technologies more strategically than just a year or two ago. Enterprises are also seeing private cloud not providing the benefits it claimed in the last few years and thus are more likely moving to the public cloud.
Cloud computing is no longer simply an infrastructure play but a set of business-oriented capabilities that companies are using to better serve customers, be more agile and grow sales. Enterprises are also requiring that the providers they are selecting must have critical capabilities for common workloads.
-Jeff Aden, EVP BD & Marketing