Welcome!

Microservices Expo Authors: Zakia Bouachraoui, Elizabeth White, Pat Romanski, Liz McMillan, Yeshim Deniz

Related Topics: @CloudExpo, Microservices Expo, Cloud Security

@CloudExpo: Blog Feed Post

Tune into the Cloud: Total Madness | @CloudExpo #Cloud #Security #Microservices

I’m not a security expert but to me the similarities between total quality and total security management are very striking

Tune into: Total Security

It took some time but the need for Total Security Management is slowly starting to sink in. With regard to quality it took the western manufacturing industry several decades before it realized that a separate quality department – standing at the end of the production line to check which products did not meet the mandated specs – was a costly and disastrous path to take. And slowly but surely we are seeing similar thinking with regard to cyber and cloud security emerge.

Not that we are taking cloud executives on today’s equivalent of a Japanese factory tour. A quality tour let managers firsthand experience it was everyone’s responsibility to ensure quality and that everyone had the right (and the moral obligation) to personally halt the line when something went wrong. But that may be more because we are not sure yet where the contemporary equivalent of such a tour would need to take our executives. Would it be visiting the hyperscale datacenters of a Google or an Amazon (assuming our executives could get in). Or maybe a visit to the offices of various security start-ups in Silicon Valley and Israel? Or are the cyber control rooms of major telco’s and big accounting firms a better wake up environment? The more courageous may even contemplate a trip to China, Russia or other emerging cyber hotspots, to encounter some of these modern threats in the wild?

I’m not a security expert but to me the similarities between total quality and total security management are very striking. The mantra “Zero Defects” can be easily exchanged for the just as catchy sounding “Zero Breaches” and “Design for Security” is today’s equivalent of “Design for Manufacturing”. With regard to quality it were guru’s like Demming that led the path from expensive and ad hoc quality control at the end of the production line to continuous and iterative quality processes incorporated and embedded into the design and the process.

In the area of security the Jericho Forum already in 2004 pointed out the dangers of merely focusing on perimeter security. In 2013 this forum even deemed itself no longer necessary, in their own words “on the basis of proven success”. Nevertheless it is often still scary what malicious things one can do once inside the firewall of many a company or organization. After complete de-perimeterisation you basically would not need a VPN to reach your applications and be protected from outsiders. Each application would protect itself and decide for each user what he is allowed to do or not do. But with the exception of maybe (web-)email and some SaaS applications, most companies have not come close to setting up the majority of their business applications in a way that they can protect themselves and are no longer dependent on a company perimeter defense.

The advent of micro-services is a good time to re-examine your current security policies. Not only because the security challenges around micro services will typically increase rather than decrease, but also because with the advent of the Internet of Things, security at the source is increasingly mandated and required. Ideally each micro-service will determine itself who does or does not get access to its services and should be able to adequately fence of access attempts by malicious external forces. Also because adding this type of security as an afterthought, on the outside of the service itself, is likely to be cost prohibitive, as many of these external security solutions are at least as pricy as maintaining after the fact quality control , like we did in the days that quality was still a cost instead of a benefit.

With regard to cost, total quality thinking does to reason in terms of an “optimal” rates of defects. A fictional point after which any further reduction of defects will cost more than is economically justifiable. In the end it is namely always cheaper to get things right the first time around, rather than having to return 5%, 0.5% or even 0:05% for repair. Or worse, having to compensate x% of customers for consequential damages (which can easily outweigh the cost of any production improvement). As a result the manufacturing industry no longer measures its defects in percentages but in the initially hard to imagine measure of PPM a.k.a. parts per million. And that iucreasingly in single digits, with a maximum of 1-9 parts per million produced products showing any defect

Now granted, security can be a little bit like health. No matter how healthy you live, you can be unlucky – statistically unexpected but nonetheless very devastating – and get seriously ill. Hence, security is increasingly extending on the one hand from preventive measures to keep out the bad guys, to ongoing monitoring of the current state for anomalies (similar to the active search for signs of a disease in a so-called health pre-scan) and on the other hand by taking measures to reduce the impact of any breaches by counter by beeing able to act appropriately and quickly when something does go wrong. And also for the latter it is necessary that the entire organization is involved with security, it can no longer be delegated to the department at the end of the hall.

Total Madness is the compilation album of the very British Ska revival band Madness. The song “Our House” is about a family that initially is kind of living apart together but that eventually come close together. The song achieved a global cult status in the Netherlands as theme song to the TV hit series “Divorce”.

Read the original blog entry...

More Stories By Gregor Petri

Gregor Petri is a regular expert or keynote speaker at industry events throughout Europe and wrote the cloud primer “Shedding Light on Cloud Computing”. He was also a columnist at ITSM Portal, contributing author to the Dutch “Over Cloud Computing” book, member of the Computable expert panel and his LeanITmanager blog is syndicated across many sites worldwide. Gregor was named by Cloud Computing Journal as one of The Top 100 Bloggers on Cloud Computing.

Follow him on Twitter @GregorPetri or read his blog at blog.gregorpetri.com

Microservices Articles
When building large, cloud-based applications that operate at a high scale, it’s important to maintain a high availability and resilience to failures. In order to do that, you must be tolerant of failures, even in light of failures in other areas of your application. “Fly two mistakes high” is an old adage in the radio control airplane hobby. It means, fly high enough so that if you make a mistake, you can continue flying with room to still make mistakes. In his session at 18th Cloud Expo, Lee A...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...
Lori MacVittie is a subject matter expert on emerging technology responsible for outbound evangelism across F5's entire product suite. MacVittie has extensive development and technical architecture experience in both high-tech and enterprise organizations, in addition to network and systems administration expertise. Prior to joining F5, MacVittie was an award-winning technology editor at Network Computing Magazine where she evaluated and tested application-focused technologies including app secu...
Containers and Kubernetes allow for code portability across on-premise VMs, bare metal, or multiple cloud provider environments. Yet, despite this portability promise, developers may include configuration and application definitions that constrain or even eliminate application portability. In this session we'll describe best practices for "configuration as code" in a Kubernetes environment. We will demonstrate how a properly constructed containerized app can be deployed to both Amazon and Azure ...
Modern software design has fundamentally changed how we manage applications, causing many to turn to containers as the new virtual machine for resource management. As container adoption grows beyond stateless applications to stateful workloads, the need for persistent storage is foundational - something customers routinely cite as a top pain point. In his session at @DevOpsSummit at 21st Cloud Expo, Bill Borsari, Head of Systems Engineering at Datera, explored how organizations can reap the bene...
Using new techniques of information modeling, indexing, and processing, new cloud-based systems can support cloud-based workloads previously not possible for high-throughput insurance, banking, and case-based applications. In his session at 18th Cloud Expo, John Newton, CTO, Founder and Chairman of Alfresco, described how to scale cloud-based content management repositories to store, manage, and retrieve billions of documents and related information with fast and linear scalability. He addresse...
The now mainstream platform changes stemming from the first Internet boom brought many changes but didn’t really change the basic relationship between servers and the applications running on them. In fact, that was sort of the point. In his session at 18th Cloud Expo, Gordon Haff, senior cloud strategy marketing and evangelism manager at Red Hat, will discuss how today’s workloads require a new model and a new platform for development and execution. The platform must handle a wide range of rec...
SYS-CON Events announced today that DatacenterDynamics has been named “Media Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY. DatacenterDynamics is a brand of DCD Group, a global B2B media and publishing company that develops products to help senior professionals in the world's most ICT dependent organizations make risk-based infrastructure and capacity decisions.
Discussions of cloud computing have evolved in recent years from a focus on specific types of cloud, to a world of hybrid cloud, and to a world dominated by the APIs that make today's multi-cloud environments and hybrid clouds possible. In this Power Panel at 17th Cloud Expo, moderated by Conference Chair Roger Strukhoff, panelists addressed the importance of customers being able to use the specific technologies they need, through environments and ecosystems that expose their APIs to make true ...
In his keynote at 19th Cloud Expo, Sheng Liang, co-founder and CEO of Rancher Labs, discussed the technological advances and new business opportunities created by the rapid adoption of containers. With the success of Amazon Web Services (AWS) and various open source technologies used to build private clouds, cloud computing has become an essential component of IT strategy. However, users continue to face challenges in implementing clouds, as older technologies evolve and newer ones like Docker c...