Click here to close now.




















Welcome!

Microservices Expo Authors: Yeshim Deniz, Liz McMillan, Carmen Gonzalez, Samuel Scott, Pat Romanski

Related Topics: @CloudExpo, Microservices Expo, Microsoft Cloud, Cloud Security, @BigDataExpo, @ThingsExpo

@CloudExpo: Article

What Cloud Startups Need to Know About Hunting Elephants

Large companies have several sets of requirements for solution providers that differ from smaller companies

"Cloud computing" is more than just a buzzword - it has transformed the tech industry. Having been in the business of building enterprise infrastructure for over 15 years, I've had the opportunity to witness how cloud has altered the landscape, including most recently at my company, Nexgate. It has not only ushered in a radical wave of innovation, but has also created new business models. The easily accessible and inexpensive nature of its on-demand structure has both paved the way for the rapid launch of new technologies and enabled the growth of businesses.

Yet, as with any technology, it also has its limits and risks, especially for cloud startups. If not configured well, cloud doesn't necessarily fit hand-in-hand with the needs of large enterprises. While the benefits of gaining a big customer are certainly obvious, the demands of doing so are not talked about nearly as frequently, despite that both are important. Hunting elephants is a dangerous game if you're a mouse.

Large companies have several sets of requirements for solution providers that differ from smaller companies, which aren't as concerned about security and scalability. Whereas the size of smaller companies doesn't require a focus on mitigating the risk of a high profile security breach or managing complex systems on a mass scale, for larger companies, these concerns are very real. Hence, it's not enough to just have a great product to engage on an enterprise level - large companies have dedicated security teams and requirements that you as a vendor need to work with to close the deal.

Having a disaster recovery plan in place is one of the first steps to becoming enterprise ready. Any sizeable organization is going to want assurance that in the event of a crisis, any lapse in the service you provide is going to be as brief and as painless as possible. And, furthermore, that enterprise is going to want proof to back up that assurance. That proof is called a disaster recovery plan. A disaster recovery plan specifies how your company intends to mitigate the risk of an incident resulting in downtime, as well as the processes in place for remediating and recovering from one. Given organizations' increasing dependency on information technology to run their operations, the more critical your product is to the day-to-day functioning of an enterprise, the more you must demonstrate this competency.

Creating and maintaining a disaster recovery plan is no simple task. Each employee should be trained in his or her role and responsibility in the event of a crisis or outage, and the plan should be documented and tested to ensure continuity of procedures and availability of essential resources in the event of a disaster. Your plan should specify easily executable and repeatable procedures for recovering and repairing any damaged IT resources and restoring them to operation as rapidly as possible. Be sure to include a summary of the critical assets and services, their recovery objectives, and recovery priorities, in addition to the contact information for disaster support agencies and a secondary data center service provider or other temporary means of providing service.

Security policy and practices are another prerequisite for navigating a large corporate environment. Without demonstrating the security of your product, you've effectively lost your seat at the table with enterprise companies. In today's tech-saturated world, an information security breach, hack, or hijack can cost thousands of dollars - not to mention inestimable damage to brands and consumer trust. This means an even greater burden of proof lies on vendors (and their cloud providers) as far as security is concerned to prevent such an event from happening. For example, if you're storing data on behalf of customers, are they encrypted in your database? Do you have strong access policies? Are your employees trained and certified when it comes to securing both corporate and personal accounts? If you're a web-based app, do you use a web app firewall (WAP)? Do you have IP and firewall restrictions in place from a cloud security service like Dome9? And what level of security does your cloud provider (e.g., Amazon Web Services) provide? The answers to these questions can help you structure your security policy and practices in alignment with enterprise needs.

To augment these policies and practices, you should also implement security review and testing. Policy and procedures are critical, but without confirmation and review of their execution, they only live in theory. For this reason, implementing internal and external reviews to ensure that your company, your employees, and your partners are all following your policy is critical. Ultimately, you should be able to show that you've created a process that's being applied day-to-day, which is sufficient enough to hold off socially engineered attacks and risks from phishing and malware, among other threats to your security. Allowing for third-party penetration testing is a great strategy to demonstrate your security capacity in this way. The more you can verify the process and results of that testing, the more you can prove to an enterprise that your product is effective and safe for use on a large scale.

Working with enterprise certainly has massive upsides, but with those benefits inherently comes a higher level of skepticism, scrutiny, and caution. Expect to have to prove that you can support sophisticated systems on a large scale, not only in terms of operation but also when it comes to appropriate processes, documentation, and security. The more you can anticipate enterprise needs and have the necessary procedures in place right out of the gate, the greater the level of confidence larger organizations will have in your company, and the better you can serve your customers.

For additional information about making your organization enterprise ready, check out these resources:

  1. Disaster Recovery Journal Sample Plans
  2. Cloud Security Alliance (CSA) Security Guidance
  3. AWS Security Center

More Stories By Rich Sutton

Rich Sutton is co-founder and CTO at Nexgate, a cloud-based social media compliance and security solution. Along with holding multiple patents, he has more than 15 years of experience in enterprise software and application development experience. Prior to working at Nexgate, Rich led a 50+ person engineering team building Websense’s web security product portfolio and also held senior management and technical positions at Symantec, 8e6 Technologies (now Trustwave), and eFunds (now Fidelity) building everything from SaaS applications to high-throughput network appliances, client security software, and mobile applications.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@MicroservicesExpo Stories
ElasticBox, the agile application delivery manager, announced freely available public boxes for the DevOps community. ElasticBox works with enterprises to help them deploy any application to any cloud. Public boxes are curated reference boxes that represent some of the most popular applications and tools for orchestrating deployments at scale. Boxes are an adaptive way to represent reusable infrastructure as components of code. Boxes contain scripts, variables, and metadata to automate proces...
Puppet Labs is pleased to share the findings from our 2015 State of DevOps Survey. We have deepened our understanding of how DevOps enables IT performance and organizational performance, based on responses from more than 20,000 technical professionals we’ve surveyed over the past four years. The 2015 State of DevOps Report reveals high-performing IT organizations deploy 30x more frequently with 200x shorter lead times. They have 60x fewer failures and recover 168x faster
To support developers and operations professionals in their push to implement DevOps principles for their infrastructure environments, ProfitBricks, a provider of cloud infrastructure, is adding support for DevOps tools Ansible and Chef. Ansible is a platform for configuring and managing data center infrastructure that combines multi-node software deployment, ad hoc task execution, and configuration management, and is used by DevOps professionals as they use its playbooks functionality to autom...
Containers are not new, but renewed commitments to performance, flexibility, and agility have propelled them to the top of the agenda today. By working without the need for virtualization and its overhead, containers are seen as the perfect way to deploy apps and services across multiple clouds. Containers can handle anything from file types to operating systems and services, including microservices. What are microservices? Unlike what the name implies, microservices are not necessarily small,...
DevOps has traditionally played important roles in development and IT operations, but the practice is quickly becoming core to other business functions such as customer success, business intelligence, and marketing analytics. Modern marketers today are driven by data and rely on many different analytics tools. They need DevOps engineers in general and server log data specifically to do their jobs well. Here’s why: Server log files contain the only data that is completely full and accurate in th...
All major researchers estimate there will be tens of billions devices - computers, smartphones, tablets, and sensors - connected to the Internet by 2020. This number will continue to grow at a rapid pace for the next several decades. With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo, November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Learn what is going on, contribute to the discussions, and e...
Skeuomorphism usually means retaining existing design cues in something new that doesn’t actually need them. However, the concept of skeuomorphism can be thought of as relating more broadly to applying existing patterns to new technologies that, in fact, cry out for new approaches. In his session at DevOps Summit, Gordon Haff, Senior Cloud Strategy Marketing and Evangelism Manager at Red Hat, discussed why containers should be paired with new architectural practices such as microservices rathe...
It’s been proven time and time again that in tech, diversity drives greater innovation, better team productivity and greater profits and market share. So what can we do in our DevOps teams to embrace diversity and help transform the culture of development and operations into a true “DevOps” team? In her session at DevOps Summit, Stefana Muller, Director, Product Management – Continuous Delivery at CA Technologies, answered that question citing examples, showing how to create opportunities for ...
SYS-CON Events announced today that G2G3 will exhibit at SYS-CON's @DevOpsSummit Silicon Valley, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Based on a collective appreciation for user experience, design, and technology, G2G3 is uniquely qualified and motivated to redefine how organizations and people engage in an increasingly digital world.
Whether you like it or not, DevOps is on track for a remarkable alliance with security. The SEC didn’t approve the merger. And your boss hasn’t heard anything about it. Yet, this unruly triumvirate will soon dominate and deliver DevSecOps faster, cheaper, better, and on an unprecedented scale. In his session at DevOps Summit, Frank Bunger, VP of Customer Success at ScriptRock, will discuss how this cathartic moment will propel the DevOps movement from such stuff as dreams are made on to a prac...
Docker containerization is increasingly being used in production environments. How can these environments best be monitored? Monitoring Docker containers as if they are lightweight virtual machines (i.e., monitoring the host from within the container), with all the common metrics that can be captured from an operating system, is an insufficient approach. Docker containers can’t be treated as lightweight virtual machines; they must be treated as what they are: isolated processes running on hosts....
SYS-CON Events announced today that DataClear Inc. will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. The DataClear ‘BlackBox’ is the only solution that moves your PC, browsing and data out of the United States and away from prying (and spying) eyes. Its solution automatically builds you a clean, on-demand, virus free, new virtual cloud based PC outside of the United States, and wipes it clean...
SYS-CON Events announced today that HPM Networks will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. For 20 years, HPM Networks has been integrating technology solutions that solve complex business challenges. HPM Networks has designed solutions for both SMB and enterprise customers throughout the San Francisco Bay Area.
SYS-CON Events announced today the Containers & Microservices Bootcamp, being held November 3-4, 2015, in conjunction with 17th Cloud Expo, @ThingsExpo, and @DevOpsSummit at the Santa Clara Convention Center in Santa Clara, CA. This is your chance to get started with the latest technology in the industry. Combined with real-world scenarios and use cases, the Containers and Microservices Bootcamp, led by Janakiram MSV, a Microsoft Regional Director, will include presentations as well as hands-on...
Microservice architecture is fast becoming a go-to solution for enterprise applications, but it's not always easy to make the transition from an established, monolithic infrastructure. Lightweight and loosely coupled, building a set of microservices is arguably more difficult than building a monolithic application. However, once established, microservices offer a series of advantages over traditional architectures as deployment times become shorter and iterating becomes easier.
The pricing of tools or licenses for log aggregation can have a significant effect on organizational culture and the collaboration between Dev and Ops teams. Modern tools for log aggregation (of which Logentries is one example) can be hugely enabling for DevOps approaches to building and operating business-critical software systems. However, the pricing of an aggregated logging solution can affect the adoption of modern logging techniques, as well as organizational capabilities and cross-team ...
Puppet Labs has announced the next major update to its flagship product: Puppet Enterprise 2015.2. This release includes new features providing DevOps teams with clarity, simplicity and additional management capabilities, including an all-new user interface, an interactive graph for visualizing infrastructure code, a new unified agent and broader infrastructure support.
SYS-CON Events announced today that Pythian, a global IT services company specializing in helping companies leverage disruptive technologies to optimize revenue-generating systems, has been named “Bronze Sponsor” of SYS-CON's 17th Cloud Expo, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Founded in 1997, Pythian is a global IT services company that helps companies compete by adopting disruptive technologies such as cloud, Big Data, advance...
In today's digital world, change is the one constant. Disruptive innovations like cloud, mobility, social media, and the Internet of Things have reshaped the market and set new standards in customer expectations. To remain competitive, businesses must tap the potential of emerging technologies and markets through the rapid release of new products and services. However, the rigid and siloed structures of traditional IT platforms and processes are slowing them down – resulting in lengthy delivery ...
The web app is agile. The REST API is agile. The testing and planning are agile. But alas, data infrastructures certainly are not. Once an application matures, changing the shape or indexing scheme of data often forces at best a top down planning exercise and at worst includes schema changes that force downtime. The time has come for a new approach that fundamentally advances the agility of distributed data infrastructures. Come learn about a new solution to the problems faced by software organ...