Welcome!

Microservices Expo Authors: Elizabeth White, Pat Romanski, Liz McMillan, Yeshim Deniz, Zakia Bouachraoui

Related Topics: @CloudExpo, Microservices Expo, Cloud Security

@CloudExpo: Blog Feed Post

Tune into the Cloud: Total Madness | @CloudExpo #Cloud #Security #Microservices

I’m not a security expert but to me the similarities between total quality and total security management are very striking

Tune into: Total Security

It took some time but the need for Total Security Management is slowly starting to sink in. With regard to quality it took the western manufacturing industry several decades before it realized that a separate quality department – standing at the end of the production line to check which products did not meet the mandated specs – was a costly and disastrous path to take. And slowly but surely we are seeing similar thinking with regard to cyber and cloud security emerge.

Not that we are taking cloud executives on today’s equivalent of a Japanese factory tour. A quality tour let managers firsthand experience it was everyone’s responsibility to ensure quality and that everyone had the right (and the moral obligation) to personally halt the line when something went wrong. But that may be more because we are not sure yet where the contemporary equivalent of such a tour would need to take our executives. Would it be visiting the hyperscale datacenters of a Google or an Amazon (assuming our executives could get in). Or maybe a visit to the offices of various security start-ups in Silicon Valley and Israel? Or are the cyber control rooms of major telco’s and big accounting firms a better wake up environment? The more courageous may even contemplate a trip to China, Russia or other emerging cyber hotspots, to encounter some of these modern threats in the wild?

I’m not a security expert but to me the similarities between total quality and total security management are very striking. The mantra “Zero Defects” can be easily exchanged for the just as catchy sounding “Zero Breaches” and “Design for Security” is today’s equivalent of “Design for Manufacturing”. With regard to quality it were guru’s like Demming that led the path from expensive and ad hoc quality control at the end of the production line to continuous and iterative quality processes incorporated and embedded into the design and the process.

In the area of security the Jericho Forum already in 2004 pointed out the dangers of merely focusing on perimeter security. In 2013 this forum even deemed itself no longer necessary, in their own words “on the basis of proven success”. Nevertheless it is often still scary what malicious things one can do once inside the firewall of many a company or organization. After complete de-perimeterisation you basically would not need a VPN to reach your applications and be protected from outsiders. Each application would protect itself and decide for each user what he is allowed to do or not do. But with the exception of maybe (web-)email and some SaaS applications, most companies have not come close to setting up the majority of their business applications in a way that they can protect themselves and are no longer dependent on a company perimeter defense.

The advent of micro-services is a good time to re-examine your current security policies. Not only because the security challenges around micro services will typically increase rather than decrease, but also because with the advent of the Internet of Things, security at the source is increasingly mandated and required. Ideally each micro-service will determine itself who does or does not get access to its services and should be able to adequately fence of access attempts by malicious external forces. Also because adding this type of security as an afterthought, on the outside of the service itself, is likely to be cost prohibitive, as many of these external security solutions are at least as pricy as maintaining after the fact quality control , like we did in the days that quality was still a cost instead of a benefit.

With regard to cost, total quality thinking does to reason in terms of an “optimal” rates of defects. A fictional point after which any further reduction of defects will cost more than is economically justifiable. In the end it is namely always cheaper to get things right the first time around, rather than having to return 5%, 0.5% or even 0:05% for repair. Or worse, having to compensate x% of customers for consequential damages (which can easily outweigh the cost of any production improvement). As a result the manufacturing industry no longer measures its defects in percentages but in the initially hard to imagine measure of PPM a.k.a. parts per million. And that iucreasingly in single digits, with a maximum of 1-9 parts per million produced products showing any defect

Now granted, security can be a little bit like health. No matter how healthy you live, you can be unlucky – statistically unexpected but nonetheless very devastating – and get seriously ill. Hence, security is increasingly extending on the one hand from preventive measures to keep out the bad guys, to ongoing monitoring of the current state for anomalies (similar to the active search for signs of a disease in a so-called health pre-scan) and on the other hand by taking measures to reduce the impact of any breaches by counter by beeing able to act appropriately and quickly when something does go wrong. And also for the latter it is necessary that the entire organization is involved with security, it can no longer be delegated to the department at the end of the hall.

Total Madness is the compilation album of the very British Ska revival band Madness. The song “Our House” is about a family that initially is kind of living apart together but that eventually come close together. The song achieved a global cult status in the Netherlands as theme song to the TV hit series “Divorce”.

Read the original blog entry...

More Stories By Gregor Petri

Gregor Petri is a regular expert or keynote speaker at industry events throughout Europe and wrote the cloud primer “Shedding Light on Cloud Computing”. He was also a columnist at ITSM Portal, contributing author to the Dutch “Over Cloud Computing” book, member of the Computable expert panel and his LeanITmanager blog is syndicated across many sites worldwide. Gregor was named by Cloud Computing Journal as one of The Top 100 Bloggers on Cloud Computing.

Follow him on Twitter @GregorPetri or read his blog at blog.gregorpetri.com

Microservices Articles
Using new techniques of information modeling, indexing, and processing, new cloud-based systems can support cloud-based workloads previously not possible for high-throughput insurance, banking, and case-based applications. In his session at 18th Cloud Expo, John Newton, CTO, Founder and Chairman of Alfresco, described how to scale cloud-based content management repositories to store, manage, and retrieve billions of documents and related information with fast and linear scalability. He addresse...
Containers and Kubernetes allow for code portability across on-premise VMs, bare metal, or multiple cloud provider environments. Yet, despite this portability promise, developers may include configuration and application definitions that constrain or even eliminate application portability. In this session we'll describe best practices for "configuration as code" in a Kubernetes environment. We will demonstrate how a properly constructed containerized app can be deployed to both Amazon and Azure ...
SYS-CON Events announced today that DatacenterDynamics has been named “Media Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY. DatacenterDynamics is a brand of DCD Group, a global B2B media and publishing company that develops products to help senior professionals in the world's most ICT dependent organizations make risk-based infrastructure and capacity decisions.
Most DevOps journeys involve several phases of maturity. Research shows that the inflection point where organizations begin to see maximum value is when they implement tight integration deploying their code to their infrastructure. Success at this level is the last barrier to at-will deployment. Storage, for instance, is more capable than where we read and write data. In his session at @DevOpsSummit at 20th Cloud Expo, Josh Atwell, a Developer Advocate for NetApp, will discuss the role and value...
DevOpsSummit New York 2018, colocated with CloudEXPO | DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City. Digital Transformation (DX) is a major focus with the introduction of DXWorldEXPO within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term.
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
Enterprise architects are increasingly adopting multi-cloud strategies as they seek to utilize existing data center assets, leverage the advantages of cloud computing and avoid cloud vendor lock-in. This requires a globally aware traffic management strategy that can monitor infrastructure health across data centers and end-user experience globally, while responding to control changes and system specification at the speed of today’s DevOps teams. In his session at 20th Cloud Expo, Josh Gray, Chie...
Adding public cloud resources to an existing application can be a daunting process. The tools that you currently use to manage the software and hardware outside the cloud aren’t always the best tools to efficiently grow into the cloud. All of the major configuration management tools have cloud orchestration plugins that can be leveraged, but there are also cloud-native tools that can dramatically improve the efficiency of managing your application lifecycle. In his session at 18th Cloud Expo, ...
Discussions of cloud computing have evolved in recent years from a focus on specific types of cloud, to a world of hybrid cloud, and to a world dominated by the APIs that make today's multi-cloud environments and hybrid clouds possible. In this Power Panel at 17th Cloud Expo, moderated by Conference Chair Roger Strukhoff, panelists addressed the importance of customers being able to use the specific technologies they need, through environments and ecosystems that expose their APIs to make true ...
In his session at 20th Cloud Expo, Mike Johnston, an infrastructure engineer at Supergiant.io, discussed how to use Kubernetes to set up a SaaS infrastructure for your business. Mike Johnston is an infrastructure engineer at Supergiant.io with over 12 years of experience designing, deploying, and maintaining server and workstation infrastructure at all scales. He has experience with brick and mortar data centers as well as cloud providers like Digital Ocean, Amazon Web Services, and Rackspace. H...