|By David Canellos||
|May 27, 2014 04:41 PM EDT||
Until this week the biggest anxiety when dealing with eBay has likely been fretting over a negative rating, concerns about slow shipping or a delayed refund. Then suddenly yesterday the media jumped all over the story that eBay had been hacked and users need to change their passwords. By the way, I can tell you from experience the password change process is not as easy or straightforward as you would expect.
EBay is now in damage control mode and trying to calm fears after revealing that hackers attacked its network three months ago. It is believed over 145 million user records were accessed, forcing eBay to issue a security warning. Three states are conducting a joint investigation which will focus on eBay's measures for securing personal data, the circumstances that led to the breach, how many users were affected, and the company's response to the breach, said a spokeswoman for Connecticut Attorney General George Jepsen.[i] The breach could possibly be the second-biggest in US history, based on the number of records accessed by the hackers. Massive data breaches seem to be occurring much more frequently with Heartland Payments, Target, Neiman Marcus, Living Social, Zappos, AOL and now eBay all reporting damages in the news recently.
Why is this happening?
Enterprises that act as large repositories of data aggregated from consumers and businesses find themselves attractive targets for today's cybercriminals. Think about it, a successful hack provides a colossal "Return on Investment" for the cybercriminal. I believe we will continue to see aggressive attempts to break into shared consumer services like eBay as well as their "equivalents" in the business world - Enterprise Cloud Applications. Enterprises are increasingly turning to these cloud solutions to run operations such as Sales, Finance, Customer Support, etc. All of these groups within an organization maintain records with confidential files, proprietary data as well as Intellectual Property that is frequently the source of a business' competitive advantage.
How can enterprises protect sensitive data?
EBay says financial data was not affected; pointing out credit card information is encrypted and stored separately from the affected database. This is positive news, but what if they had taken the extra step of encrypting all data stored in their systems? If eBay had encrypted or tokenized all sensitive data, the hackers would have received meaningless information rather than private email addresses, birth dates, mailing addresses, etc. The same holds true for enterprise cloud systems. Sensitive/regulated data and IP should never be processed or stored in the clear when outside of an organization's control.
Executives and security professionals at enterprises need to consider broad based use of encryption and tokenization. And by the way, tokenization and encryption technologies can also protect information from unlawful surveillance and even safeguard against the loss of Intellectual Property due to cyber espionage (U.S. Charges Five Chinese Military Hackers for Cyber Espionage Against U.S. Corporations and a Labor Organization for Commercial Advantage.
Solutions such as Cloud Data Control Gateways can be deployed to protect all sensitive data. These Gateways allow enterprises to keep sensitive data behind their firewall, replacing it with tokens or encrypted values which then go to the cloud for processing and storage. Sensitive data never leaves the organization's control in any format, so information a cybercriminal obtains is either tokenized or encrypted so it is meaningless. Best of all, these gateways ensure that users of cloud applications are not impacted - they can still enjoy all the benefits of their critical cloud applications while the enterprise benefits from complete control of their data. Learn more at http://perspecsys.com/how-we-help/
Perspecsys Inc. is a leading provider of cloud data tokenization and cloud encryption solutions that enable mission-critical cloud applications to be adopted throughout the enterprise. Cloud security companies like Perspecsys remove the technical, legal and financial risks of placing sensitive company data in the cloud. Perspecsys accomplishes this for many large, heavily regulated companies across the world by never allowing sensitive data to leave a customer's network, while maintaining the functionality of cloud applications. For more information please visit perspecsys.com or follow on Twitter @perspecsys.
@DevOpsSummit at Cloud taking place June 6-8, 2017, at Javits Center, New York City, is co-located with the 20th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long developm...
Feb. 22, 2017 11:30 AM EST Reads: 1,108
For organizations that have amassed large sums of software complexity, taking a microservices approach is the first step toward DevOps and continuous improvement / development. Integrating system-level analysis with microservices makes it easier to change and add functionality to applications at any time without the increase of risk. Before you start big transformation projects or a cloud migration, make sure these changes won’t take down your entire organization.
Feb. 22, 2017 11:15 AM EST Reads: 729
Microservices (μServices) are a fascinating evolution of the Distributed Object Computing (DOC) paradigm. Initial design of DOC attempted to solve the problem of simplifying developing complex distributed applications by applying object-oriented design principles to disparate components operating across networked infrastructure. In this model, DOC “hid” the complexity of making this work from the developer regardless of the deployment architecture through the use of complex frameworks, such as C...
Feb. 22, 2017 11:15 AM EST Reads: 837
DevOps and microservices are permeating software engineering teams broadly, whether these teams are in pure software shops but happen to run a business, such Uber and Airbnb, or in companies that rely heavily on software to run more traditional business, such as financial firms or high-end manufacturers. Microservices and DevOps have created software development and therefore business speed and agility benefits, but they have also created problems; specifically, they have created software securi...
Feb. 22, 2017 11:00 AM EST Reads: 3,248
All clouds are not equal. To succeed in a DevOps context, organizations should plan to develop/deploy apps across a choice of on-premise and public clouds simultaneously depending on the business needs. This is where the concept of the Lean Cloud comes in - resting on the idea that you often need to relocate your app modules over their life cycles for both innovation and operational efficiency in the cloud. In his session at @DevOpsSummit at19th Cloud Expo, Valentin (Val) Bercovici, CTO of Soli...
Feb. 22, 2017 10:45 AM EST Reads: 381
The rise of containers and microservices has skyrocketed the rate at which new applications are moved into production environments today. While developers have been deploying containers to speed up the development processes for some time, there still remain challenges with running microservices efficiently. Most existing IT monitoring tools don’t actually maintain visibility into the containers that make up microservices. As those container applications move into production, some IT operations t...
Feb. 22, 2017 10:45 AM EST Reads: 594
Feb. 22, 2017 08:30 AM EST Reads: 6,513
Microservices are a very exciting architectural approach that many organizations are looking to as a way to accelerate innovation. Microservices promise to allow teams to move away from monolithic "ball of mud" systems, but the reality is that, in the vast majority of organizations, different projects and technologies will continue to be developed at different speeds. How to handle the dependencies between these disparate systems with different iteration cycles? Consider the "canoncial problem" ...
Feb. 22, 2017 06:00 AM EST Reads: 5,270
Both SaaS vendors and SaaS buyers are going “all-in” to hyperscale IaaS platforms such as AWS, which is disrupting the SaaS value proposition. Why should the enterprise SaaS consumer pay for the SaaS service if their data is resident in adjacent AWS S3 buckets? If both SaaS sellers and buyers are using the same cloud tools, automation and pay-per-transaction model offered by IaaS platforms, then why not host the “shrink-wrapped” software in the customers’ cloud? Further, serverless computing, cl...
Feb. 22, 2017 06:00 AM EST Reads: 1,840
Hardware virtualization and cloud computing allowed us to increase resource utilization and increase our flexibility to respond to business demand. Docker Containers are the next quantum leap - Are they?! Databases always represented an additional set of challenges unique to running workloads requiring a maximum of I/O, network, CPU resources combined with data locality.
Feb. 22, 2017 02:45 AM EST Reads: 2,054
As software becomes more and more complex, we, as software developers, have been splitting up our code into smaller and smaller components. This is also true for the environment in which we run our code: going from bare metal, to VMs to the modern-day Cloud Native world of containers, schedulers and micro services. While we have figured out how to run containerized applications in the cloud using schedulers, we've yet to come up with a good solution to bridge the gap between getting your contain...
Feb. 22, 2017 01:30 AM EST Reads: 3,567
An overall theme of Cloud computing and the specific practices within it is fundamentally one of automation. The core value of technology is to continually automate low level procedures to free up people to work on more value add activities, ultimately leading to the utopian goal of full Autonomic Computing. For example a great way to define your plan for DevOps tool chain adoption is through this lens. In this TechTarget article they outline a simple maturity model for planning this.
Feb. 22, 2017 12:00 AM EST Reads: 1,984
The rapid growth of hyperscale IaaS platforms that provide Serverless and Software management automation services is changing how enterprises can get better Cloud ROI. Heightened security concerns and enabling developer productivity are strategic issues for 2017. The emergence of hyper-scale Infrastructure as-a-Service (IaaS) platforms such as Amazon Web Services (AWS) that offer Serverless computing, DevOps automation and large-scale data management capabilities is changing the economics of so...
Feb. 21, 2017 11:45 PM EST Reads: 2,336
"We got started as search consultants. On the services side of the business we have help organizations save time and save money when they hit issues that everyone more or less hits when their data grows," noted Otis Gospodnetić, Founder of Sematext, in this SYS-CON.tv interview at @DevOpsSummit, held June 9-11, 2015, at the Javits Center in New York City.
Feb. 21, 2017 09:15 PM EST Reads: 5,717
Updating DevOps to the latest production data slows down your development cycle. Probably it is due to slow, inefficient conventional storage and associated copy data management practices. In his session at @DevOpsSummit at 20th Cloud Expo, Dhiraj Sehgal, in Product and Solution at Tintri, will talk about DevOps and cloud-focused storage to update hundreds of child VMs (different flavors) with updates from a master VM in minutes, saving hours or even days in each development cycle. He will also...
Feb. 21, 2017 06:30 PM EST Reads: 2,486
Thanks to Docker, it becomes very easy to leverage containers to build, ship, and run any Linux application on any kind of infrastructure. Docker is particularly helpful for microservice architectures because their successful implementation relies on a fast, efficient deployment mechanism – which is precisely one of the features of Docker. Microservice architectures are therefore becoming more popular, and are increasingly seen as an interesting option even for smaller projects, instead of being...
Feb. 21, 2017 03:30 PM EST Reads: 3,595
In his session at 20th Cloud Expo, Mike Johnston, an infrastructure engineer at Supergiant.io, will discuss how to use Kubernetes to setup a SaaS infrastructure for your business. Mike Johnston is an infrastructure engineer at Supergiant.io with over 12 years of experience designing, deploying, and maintaining server and workstation infrastructure at all scales. He has experience with brick and mortar data centers as well as cloud providers like Digital Ocean, Amazon Web Services, and Rackspace....
Feb. 21, 2017 02:45 PM EST Reads: 2,575
SYS-CON Events announced today that CA Technologies has been named “Platinum Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business – from apparel to energy – is being rewritten by software. From ...
Feb. 21, 2017 02:30 PM EST Reads: 1,478
SYS-CON Events announced today that Fusion, a leading provider of cloud services, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Fusion, a leading provider of integrated cloud solutions to small, medium and large businesses, is the industry’s single source for the cloud. Fusion’s advanced, proprietary cloud service platform enables the integration of leading edge solutions in the cloud, including cloud...
Feb. 21, 2017 01:45 PM EST Reads: 3,671
SYS-CON Events announced today that Outlyer, a monitoring service for DevOps and operations teams, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Outlyer is a monitoring service for DevOps and Operations teams running Cloud, SaaS, Microservices and IoT deployments. Designed for today's dynamic environments that need beyond cloud-scale monitoring, we make monitoring effortless so you...
Feb. 21, 2017 01:15 PM EST Reads: 1,356