How is SDN disrupting the way businesses develop technology?
You must have read so much about software-defined networking (SDN) by now that you probably think you know it inside and out. However, such a nascent industry is constantly evolving and there are always new aspects to discover and learn about. While much of the focus on SDN has focused on the technological benefits it brings, potential challenges are beginning to trouble some SDN watchers. While many businesses acknowledge that the benefits of SDN are too big to ignore, there are challenges to overcome, particularly with the cultural changes that it brings. In fact, according to attendees at the Open Networking Summit (ONS) recently the cultural changes required to embrace SDN outweigh the technological challenges. One example, outlined in this TechTarget piece, is that the (metaphorical) wall separating network operators and software developers needs to be torn down; network operators need coding skills and software developers will need to be able to program networking services into their applications. That’s because SDN represents a huge disruption to how organisations develop technology. With SDN, the speed of service provisioning is dramatically increased; provisioning networks becomes like setting up a VM... a few clicks of the button and you’re done. This centralised network provision means the networking element of development is no longer a bottleneck; it’s ready and available right when it’s needed. There’s another element to consider when it comes to SDN, tech development and its culture. Much of what drives software-defined networking is open source, and dealing with that is something many businesses may not have a lot of experience with. Using open source SDN technologies means a company will have to contribute something back to the community - that’s how open source works. But for some that may prove to be a bit of an issue: some SDN users such as banks or telecoms companies may feel protective of their technology and not want is source code to be released to the world. But that is the reality of the open source SDN market, so it is something companies will have to think carefully about. Are the benefits of SDN for tech development worth going down the open source route? That’s a question only the companies themselves can answer. Software-defined networking represents a huge disruption to the way businesses develop technology. It makes things faster, easier and more convenient during the process and from a management and scalability point of view going forward. There will be challenges - there always are when disruption is on the agenda - but if they can be overcome SDN could well usher in a new era of technological development.
Getting Around the Logon/Legal Banner Issues when using APM PCoIP Proxy and Horizon
If you're using APM's PCoIP Proxy and require a logon banner, you've probably figured out that the PCoIP Proxy integration stops working when you turn on the integrated logon banner from within the Horizon Administrator. Adding to the pain, internal users can't get any logon banner since you had to turn it off in order for your external access to work! Well, the wait is over! With the use of a nifty iRule that you can attach to your internal Horizon Connection Servers virtual server, you can now present a banner BOTH internal users as well as external users who access Horizon resources using APM PCoIP Proxy. Here's how it works: Disable the logon banner through Horizon Administrator - the BIG-IP will handle presenting the banners for internal users (through the iRule) and external users (through the View iApp) instead of Horizon. Modify the text in the iRule with the text you want to show in the logon banner. Apply the iRule to your LTM Virtual Server that services internal Horizon users (either manually to the LTM virtual server or through the View iApp). You're done! A couple of things to think about when you implement this: If you need to present a legal disclaimer your external users using the PCoIP Proxy, you can still do that through the Horizon View iApp. Do not apply this to any virtual server running the APM PCoIP Proxy - it's only for providing the logon banner to internal Horizon users. The banner for PCoIP Proxy can be easily enabled through the iApp It's important to ensure the PCoIP Proxy's Connection Server settings are pointing to the individual connection server(s) and NOT the LTM virtual server that has the Logon Banner iRule applied. The iRule source is below. # Attach iRule to iApp created virtual server named "<iapp_name>_internal_https" # Replace the section “This is a XXX computer system that is FOR OFFICIAL USE ONLY. This # system is subject to monitoring. Therefore, no expectation of privacy is to be assumed. # Individuals found performing unauthorized activities are subject to disciplinary action # including criminal prosecution.” with your desired text. when RULE_INIT { # Debug Level 0=off, 1=on, 2=verbose set static::internal_disclaimer_debug 0 } when CLIENT_ACCEPTED { set log_prefix_cs "[IP::remote_addr]:[TCP::remote_port clientside] <-> [IP::local_addr]:[TCP::local_port clientside]" if { $static::internal_disclaimer_debug > 1 } { log local0. "<$log_prefix_cs>: CLIENT_ACCEPTED" } } when HTTP_REQUEST { set bypass 0 if {[HTTP::uri] starts_with "/portal/info.jsp"} { if { $static::internal_disclaimer_debug > 0 } { log local0. "<$log_prefix_cs>: Portal Info request, bypassing further processing"} set bypass 1 } else { if {[HTTP::header exists "Content-Length"]} { set content_length [HTTP::header "Content-Length"] } else { # If the header is missing, use a sufficiently large number set content_length 5000 } if { $static::internal_disclaimer_debug > 1 } { log local0. "<$log_prefix_cs>: Set content-length to $content_length"} HTTP::collect $content_length if { [HTTP::path] == "/broker/xml" && [HTTP::header Expect] == "100-continue" } { SSL::respond "HTTP/1.0 100 Continue\r\n\r\n" if { $static::internal_disclaimer_debug > 1 } { log local0. "<$log_prefix_cs>: Application requested: client requires 100 continue response, sending 100-continue"} } } } when HTTP_REQUEST_DATA { if { [HTTP::payload] contains "set-locale" and ( not ($bypass)) } { HTTP::respond 200 content {<?xml version="1.0"?><broker version="9.0"><configuration><result>ok</result><broker-guid>aaaaaaaa-bbbb-cccc-ddddddddddddddddd</broker-guid><authentication><screen><name>disclaimer</name><params><param><name>text</name><values><value>This is a XXX computer system that is FOR OFFICIAL USE ONLY. This system is subject to monitoring. Therefore, no expectation of privacy is to be assumed. Individuals found performing unauthorized activities are subject to disciplinary action including criminal prosecution.</value></values></param></params></screen></authentication></configuration><set-locale><result>ok</result></set-locale></broker>} noserver "Connection" "close" "Content-Type" "text/xml;charset=UTF-8" if { $static::internal_disclaimer_debug > 1 } { log local0. "<$log_prefix_cs>: Sending Disclaimer Message"} } if { [HTTP::payload] contains "disclaimer" } { if { $static::internal_disclaimer_debug > 1 } { log local0. "<$log_prefix_cs>: Disclaimer Message Accepted - waiting for credentials."} } } This solution has been tested using Horizon 6.0 (and later) as well as the Horizon 3.0 (and later) Client. Earlier versions of the client and/or Horizon Connection Server could produce unexpected results. Big shout-out to Greg Crosby for his work on the iRule!Load Balancing VMware's Workspace Portal/Identity Manager with F5 BIG-IP Local Traffic Manager (LTM)
What is VMware Identity Manager (formerly known as VMware Workspace Portal)? VMware Identity Manager is a service that extends your on-premises directory infrastructure to provide a seamless Single Sign-On (SSO) experience to Web, Mobile, SaaS, and legacy applications. Simply put, it's a service aggregator and identity provider for your IT resources. One single login to Identity Manager gains you access to Citrix XenApp, Horizon, Web, SaaS, and ThinApp resources. You can find more about Identity Manager at https://www.vmware.com/products/identity-manager/. BIG-IP can provide intelligent traffic management, high availability and monitoring through the use of BIG-IP Local Traffic Manager (LTM) and BIG-IP DNS (Global Traffic Management). BIG-IP's Access Policy Manager (APM) can also provide secure access to the apps and resources accessible through the Identity Manager portal as well as the actual Identity Manager portal itself. In this article, we'll focus on building a highly available Identity Manager implementation using BIG-IP LTM. You can download the updated step-by-step load-balancing guide for VMware Workspace Portal/Identity Manager here. What's also cool is you can do a walk through of this very setup in the VMware Hands-On-Lab at VMworld 2015 (Look for HOL-MBL-1659) or by clicking the following link - http://labs.hol.vmware.com/HOL/catalogs/lab/2078. Special thanks to Bryan Salek, Matt Mabis, and Mosa Emamjomeh for helping put this together! Stay tuned for a future post on how to securely access Workspace Portal/Identity Manager using BIG-IP Access Policy Manager (APM), which includes proxying Citrix XenApp, Horizon, and Web Application resources. WorkspaceOne/Identity Manager 2.6 Update: When changing the FQDN of VMware Identity Manager there is an additional (and new) stepthat needs to be done.After changing the FQDN, log back into the Workspace One Admin UI using a local account and clickCatalog --> Settings. Next, selectNew End User Portal UIand clickEnable New Portal UI. Once completed, log out and you should now be able to login using a domain account.US FEDERAL: DISA UCCO APL Certification
Great news! We have finally been posted to the Defense Information Systems Agency (DISA) Unified Capability (UC) Approved Product List (APL), as an IA Tool. The certification covers all F5 BIG-IP platforms (VE through Viprion) running a minimum of TMOS 11.6. The certification Memo can be found at the following link: DISA UC APL F5 Approval Memo Anyone that has been through the now defunct DoD Information Assurance Certification and Accreditation Process (DIACAP) or DoD Information Technology Security Certification and Accreditation Process (DITSCAP) in the past (1) knows it’s a party, and (2) may know that F5 BIG-IP used to be classified as a “Content Switch / Load Balancer with an OS of Other Network OS.” With the new APL certification, F5 is now classified as an IA tool. While the Certification and Accreditation process will look pretty much the same, things concerning the F5 are starting to change quite a bit. Change 1. F5 Military Unique Deployment Guide. This document helps identify and configure the BIG-IP base configuration required to pass IA scans. Change 2. There is much better clarification on which STIGS apply to F5 BIG-IP, and stronger guidance on how to configure your platform in adherence to STIG and Security Requirements Guidelines (SRG). Change 3. There is also the new National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) process (DoD Instruction 8501.01). We didn’t have anything to do with this, but its new, and its important to know that we are in line with this process. Getting Started To start preparing the F5 BIG-IPs on your network, you should reach out to your account team to acquire a copy of the Military Unique Deployment Guide (MUDG), which details the proper base configuration. The MUDG can be acquired from any member of the F5 Federal team. However, due to sensitive information, a copy of the Information Assurance Assessment Package (IAAP) must be acquired directly from the Unified Capability Certification Office (UCCO), details on this information is located within the DISA UC APL Certification Memo. Next, Apply STIG/SRG. These are currently in process, but the MUDG is sufficient to lock the appliance down to pass initial IA scans. Draft STIG Release Guidance -Update: Final F5 STIG / SRG released, see below. There have been a lot of questions lately on the release of the Draft STIGS for BIG-IP. The important things to note are as follows: First and foremost, do not apply draft STIGS. These are drafts and not yet final. Do not start applying draft STIGS in production environments. Draft STIGS are subject to change. Finally, do not apply draft STIGS. To access and review the Draft STIGS, you can find them at the following location:http://iase.disa.mil/stigs/net_perimeter/network-infrastructure/Pages/network-overview.aspx Final STIG/SRG Release Guidance There have been a lot of questions lately on the release of the Final STIGS / SRGS for BIG-IP. The important things to note are as follows: It is important to first follow and apply the guidance provided in the Military Unique Deployment Guide v1.2 (MUDGv1.2). If you have any questions or concerns regarding the guidance or text in the F5 Final STIGS, do not hesitate to reach out to your account team. To access the Final F5 STIGS, you can find them at the following location: http://iase.disa.mil/stigs/net_perimeter/network-infrastructure/Pages/other.aspx Need Help? Contact Federal [at] F5.com.
The Mounting Case for Cloud Access Brokers
#infosec #cloud #iam Addressing the need for flexible control of access to off-premise applications Unifying identity and access management has been a stretch goal for IT for nearly a decade. At first it was merely the need to have a single, authoritative source of corporate identity such that risks like orphaned or unauthorized accounts could be addressed within the enterprise. But with a growing number of applications - business applications - being deployed "in the cloud", it's practically a foregone conclusion that organizations are going to need similar capabilities for those applications, as well. It's not easy, there are myriad reasons why unifying identity and access control is a stretch goal and not something easily addressed by simply deploying a solution. Federation of identity and access control requires integration. It may require modification of applications. It may require architectural changes. All of these are disruptive and, ultimately, costly. But the costs of not addressing the issue are likely higher. Security a Rising Concern for Cloud-Based Application Usage With access to these applications taking place from a variety of locations including smartphones (80 percent),tablets (71 percent) and non-company computers (80 percent) and with a large percentage of organizations (73 percent) needing to grant temporary access to cloud apps, respondents cited concerns around identity management, governance and complexity. ... Nearly three-quarters (72 percent) of the respondents said they have the need to provide external users, such as consultants, with temporary access to the company’s cloud applications, while just under half (48 percent) of respondents said they are still not able to sign in to cloud applications with a single set of credentials. [emphasis mine] There is a significant loss of control - in terms of governance - that's occurring, where the organization no longer has the means by which they can control who has access to applications, from what device or location, and when. That's the downside of cloud, of distributed systems that are not architected with security in mind. Make no mistake, it's not just IT making a power grab for power's sake. This is a real, significant issue for the business side of the house, because it is their applications - and ultimately data - that is at risk by failing to properly address issues of access. THE CASE FOR CLOUD ACCESS BROKERS The least disruptive - and most efficient - means of addressing this disconnect is to insert into the data center architecture an access broker tier, a layer of dynamic access and identity management services designed to provide federation and unification of credentials across cloud and data center resources based on the organization's authoritative source of identity. The advantages of such a tier are that they are less disruptive, it respects the authoritative source of identity and it is highly flexible. The same cloud access broker that provides authentication and authorization to internal resources can do so for cloud-based resources. The downside is integration with a growing variety of SaaS and custom cloud-deployed applications used by the enterprise. A standards-based way of integrating off-premise applications with a cloud access broker is needed, and we find such a standard in SAML 2.0, an increasingly popular means of integrating identity and access management services across the cloudosphere. In addition to providing access control through such integration, a cloud access broker also provides the means for IT to address the issue of password security noted in "Security a Rising Concern for Cloud-Based Application Usage": The survey indicated unsafe password management continues to be a challenge, with 43 percent of respondents admitting that employees manage passwords in spreadsheets or on sticky notes and 34 percent share passwords with their co-workers for applications like FedEx, Twitter, Staples and LinkedIn. Twenty percent of respondents said they experienced an employee still being able to log in after leaving the company. By enabling federation and single-sign on capabilities, organizations can mitigate this problem by ensuring users have fewer passwords to recall and that they do not share them with off-premise applications like FedEx. Because IT controls the authoritative source of identity, it also governs policies for those credentials, such as password length, history, interval of change, and composition. FEDERATION MEANS HEIGHTENED (AND ENFORCEABLE) SECURITY Federation of identity and access management through a cloud access broker can alleviate the loss of control - and thus expanding security threats. By maintaining the authoritative source of identity on-premise, organizations can enforce security policies regarding password strength and length while improving the overall experience for end-users by reducing the number of credentials they must manage to conduct daily business operations. Issues such as orphaned or rogue accounts having access to critical business applications and data can be more easily - and quickly - addressed, and by using a flexible cloud access broker capable of transitioning security protocols, device incompatibility becomes a non-issue. As more and more organizations recognize the ramifications of unfettered use of cloud services it is inevitable that cloud access brokers will become a critical component in the data center.
A New Twist on DNS NXDOMAIN DDoS
DDoS attacks are increasing in scale and complexity, threatening to overwhelm the internal resources of businesses around the world. The F5 Silverline Security Operations Center (SOC) recently saw a new distributed denial-of-service (DDoS) attack vector targeting a customer’s DNS servers with malicious traffic averaging between 8 and 12 Mbps and bursts of malicious traffic peaking at over 100 Mbps. This attack began in mid-August and continued through November 2015. It was not a typical reflection attack where DNS servers are used to attack a web site, but an attack against the actual DNS servers. Through additional investigation, the SOC analysts identified the vector and crafted a targeted mitigation for this new “_dmarc” attack. In their investigation, Edgar Ojeda and his colleagues found that F5 Silverline customer's DNS servers were receiving hundreds of thousands of randomized queries for “_dmarc” DNS records even if from a volumetric standpoint this amount of traffic seems to be trivial. Then, they noticed that _dmarc DNS queries were for non-existent subdomains and that customer’s DNS infrastructure was becoming unstable. As the attack continued and after further investigation, F5 SOC created a finely tuned signature that successfully scrubbed all malicious traffic and the customer’s service became operational again. To read the full report describing the attack, click here. If you are under attack, just click this link and we can get you back online! Click here to learn more about howF5 Silverline mitigate DDoS attack.
La transition vers HTTP/2, l'envisager, s'y préparer, la réaliser
HTTP/2 est désormais un standard avec son support intégré dans les browsers modernes. Les serveurs Web, proposent aussi dans leurs dernières versions, la compatiliblité avec cette évolution. Ce qu'il faut retenir est qu'HTTP/2 vient accéler le transport du contenu Web en maintenant la confidentialité à travers SSL. Un des bénéfices pour les developpeurs et fournisseurs de contenu est la capacité à se rendre compte des apports de ce protocole sans remettre en cause toute son infrastructure. Les démonstrations montrent bien les gains à travers un browser sur un ordinateur portable, choses encore plus appréciables sur les plateformes mobiles. La version 12.0 de TMOS permet de se comporter comme un serveur HTTP/2 vis à vis des clients tout en continuant à solliciter le contenu en HTTP/1.0 et HTTP/1.1 auprès des serveurs. Pour trouver des raisons de s'interesser à ce protocole, plusieurs sources d'information peuvent y aider : Making the journey to HTTP/2 HTTP/2 homeBillionaires, Icons and Movie Stars – Why Geek Is Now Chic
Over the past few years we’ve seen the unstoppable rise of the geek. From popular culture to big business,the geeks have inherited the earth. They’re the billionaires, the modern day rock stars, and their many achievements have resulted in a significant change to their status in popular society. They are now often championed, given the limelight or even imitated- geek is now chic! So let’s take some time out to look how the geek – and our perception of the geek – has evolved… The Geek Revolution Before the dawn of the information age, being an IT expert was associated with social ineptitude, a stereotype amplified by films such as 'Revenge of the Nerds.’ Although this negative stigma has not quite been completely reversed, the rise of the geek has been prolific, driven by the mainstream rise of tech and the acute relevance of previously niche skills. Whether consumers or enterprises, society relies heavily on certain technologies, making IT experts and their knowledge indispensable. Employment of ‘Genius’ assistants in Apple stores show the change in status and dependence of society on the geek, as customers compete for the attention of who can fix their gadgets. The behaviour of geek idols such as Mark Zuckerberg and Bill Gates also helped make geeks cool, by having the audacity to drop out of (a Harvard) education to follow their dreams. The relevance of geek knowledge to businesses has been demonstrated by the scramble to fill the tech skills gap, but it spreads beyond classic computing know-how. Political forecaster Nate Silver received attention after mathematically predicting an Obama victory in 2012, resulting in a call to ‘hire geeks not pundits’ if you want to win a presidential election. The government introduction of compulsory IT-based aspects to school curriculums also shows the value attributed to IT know-how. The Omni-Present Geek Popular culture too is now exploring the techie as an unorthodox hero. This is perhaps most evident on the screen, demonstrated recently through television shows such as 'The Big Bang Theory' and 'The IT Crowd,' which explicitly focus their stories around stereotypical geeks. 'The Social Network' saw an entire film made about the rise of the IT genius. Characters are by no means portrayed with model good looks and bulging muscles, but the idea that the geek can 'win' is becoming more prevalent. In fashion, thick-rimmed, non-prescriptive glasses have become popular as an optional accessory rather than an optical necessity and been embraced by stars and school children alike. T-shirts sold by 'Topshop' emblazoned with the word 'NERD' or 'GEEK' were hugely successful when launched in 2013; it seems the implication of intellect, whether genuine or ironic, is now considered fashionable. Geek Power If society has progressed through the Iron Age and the Industrial Age, we are undoubtedly in the Tech Age. IT geeks have done amazing things with their inventions and innovations: Sir Tim Berners-Lee revolutionised global society by giving life to the World Wide Web; the inventions of Steve Jobs and Apple are omnipresent and envelop popular society and business; Mark Zuckerberg has helped shape a generation through social media – just try to escape social networks today! Despite geeks hitting the headlines for all the right reasons, there remains a significant gap between the level of demand for staff with specialist knowledge and the number of prospective employees who possess it. A number of recent high-profile hacking scandals show that IT experts have the potential to mould the business landscape in a variety of ways and have catapulted the cyber-security skills shortage to up the national agenda. These achievements have not gone unnoticed by businesses or the government, who have increased IT spending budgets and launched recruitment drives. The success of tech companies and individuals has seen expert knowledge come to be associated with entrepreneurial flair, with the stories of innovators like Zuckerberg carrying the geek into the unchartered realms of, dare we say it, coolness. Now that geek is chic, how about meeting some of the F5 geeks keeping businesses current in the age of tech? Why not join us at F5 Agility in Scotland in May? There will be F5 experts on hand to discuss your ideas and answer questions, as well as a host of sessions from a range of executives, from our CTO to our field engineers.How the cloud can improve your security solutions?
The advantage of being in this industry for a while is that you get to see first hand how things change. Mostly for the better, and usually quite quickly, too. Some of these changes have a knock-on effect on other parts of the industry. One recent example of this is security. In days gone by security was very much focused within a company’s network; all the necessary data and applications sat behind the firewall so that’s where defences were concentrated. These days, that’s simply not the case. Thanks to a raft of industry developments, primarily mobile devices and cloud computing, network perimeters are no longer contained within a company’s (metaphorical) four walls. That’s made security a slightly more difficult task - how can you be expected to use on-premises security solutions to protect apps, data, devices and so on, when they themselves are far beyond the traditional network perimeter? That’s why security solutions delivered via the cloud could help protect today’s businesses. It means workers - and all that important, sensitive data - are protected, no matter where they are, what device they’re using or what service/application they’re connecting to. It simply isn’t feasible for a company to protect each endpoint, inside and outside the perimeter. Using cloud-based security solutions can help with a variety of different threats. Take DDoS attacks, for example. DDoS attacks are getting bigger in scale, and when you’re talking about attacks around 300 Gbps in size (and up), the only way to stop these is with cloud-based technologies, as local network appliances won’t be able to cope with the bandwidth required. Delivering DDoS protection from the cloud also means (depending on the service provided) companies can call on a globally-distributed DDoS mitigation network operated by experts. On-premises DDoS protection is unlikely to be able to say the same. When you think about it, if you need to protect cloud-based devices, applications, data and so on, it makes sense to do that in the cloud, right? Cloud-based security can stop many attacks before they reach a corporate network and can use intelligence from its entire network to spot anomalies and new threats as they emerge. That real-time defence is something that on-premises software can struggle with, as databases have to be updated and new versions rolled out before the corporate network is secure. It’s worth noting that many of the benefits of cloud computing - cost reduction, better scaling, automation and so on - apply when it comes to using cloud-based security services. As we trust more and more of our critical applications, services and systems to the cloud there is no reason why security should not be on that list.
On Cloud Nine: Lucky 7 questions you have about Singapore’s journey to becoming a Smart Nation
The Infocomm Development Authority (IDA) wants to make Singapore the world’s first Smart Nation, and this vision means connecting devices, things and people to provide better quality of life in an era of mobility, urban density, aging population and so on. IDA's executive deputy chairman, Steve Leonard, has said that when tackling difficult urban challenges in areas such as healthcare and energy, enterprises in Singapore need to capture and analyze massive amounts of data, and use that situational awareness to take meaningful actions (link). From a technology perspective, cloud has reached a tipping point in the enterprise. An exciting new era of cloud deployments is being ushered in, one characterised by high levels of flexibility, agility and innovation. Today, cloud is no longer just a buzzword, but an integral fabric of the modern enterprise. Conversation nowadays have shifted from cloud deployments to optimizing those resources and thus improving the overall user experience. Singapore’s Smart Nation vision has entered the “build” phase. What gives? The focus on infrastructure and services will serve as the nation’s framework. There are three areas of innovation: Smart Logistics, Smart Nation Tech Challenges and Smart Health-Assist. The vision to connect devices, things and people is a grand one, and starts with ensuring the integrity of the nation’s framework is built on a strong foundation. Applications and connectivity are at the heart of this vision and the technologies enabling flow of information are increasingly cloud-based. Enterprises are fast adopting a hybrid-cloud infrastructure, so sensitive data can be stored in a private cloud while the public cloud can be leveraged for computational resources to provide for the running of less critical applications. 2.To cloud or not to cloud? – That is the question! As early as 2013, 83% of Singaporean companies felt they have already experienced the financial advantages of cloud deployments. This is 16% more than the global average (link). The journey of cloud adoption is aligned with the Smart Nation Initiative and Singapore is a significant investor in cloud adoption. State initiatives aside, a question to ask is “to cloud or not to cloud”? The many benefits of cloud adoption include quicker disaster recovery times and increased collaboration amongst employees since they are able to sync up and work on documents and shared apps simultaneously. All these can only result in a positive business impact as productivity goes up. More importantly the cloud provides for business agility allowing companies to scale up and down their information infrastructure in a relatively short time frame, sometimes with the benefit of paying for capacity that is being consumed. “Pay to use” versus “Buy to Depreciate” provides for a better financial argument which generally goes well with CFOs. As technologies such as IoT become mainstream and as Singapore moves forward to becoming a Smart Nation, the correct question to ask is “How do we effectively deploy and maximise the potential of cloud?” Right…so, how can we fully maximise the potential of cloud and turn them into a positive business impact? Business has reached the tipping point of cloud computing with the utilisation of cloud both inside and outside the enterprise. To fully maximize the potential of cloud, there are 4 notable considerations for an enterprise cloud strategy. Applications: Companies today run a remarkable number of workloads within their IT environments, with some enterprises running more than 100 concurrently. Most of these applications demand differing sets of requirements and characteristics. However, as cloud-based services start to demonstrate the capability and maturity to run core workloads, confidence in off-premise solutions is increasing. The result, today’s enterprises are gaining more confidence in migrating critical workloads to a cloud environment. Business Decision-makers: The self-service nature of cloud solutions is starting to evolve decision-making process away from IT, and into one that involves multiple stakeholders and business leaders. More and more, departmental heads will play major role in identifying needs and shortlisting cloud solutions. Compliance/risk directors then need to take the lead in evaluating solutions and manage risks, while the entire C-suite make the final purchase-decision. Customers: Cloud, and indeed IT in general, has traditionally focused on internal enterprise and benefits such as cost savings, resource optimization and business agility. However, this ignores a key segment of IT user pool – the Customer! Forward-thinking businesses are now beginning to evaluate what cloud means to their customers and how they can leverage it to enhance the customer experience. Defence: Security and privacy of IT environments are perennial topics to any cloud discussions, whether it is about apps, business or customers. Security is often highlighted as the biggest impediment in adopting cloud services or choosing service providers. Security considerations should never be an afterthought to any cloud migration planning and should be considered and deliberated extensively prior to any move to the cloud. A “security-first” approach to a cloud strategy will ensure that the move to the cloud does not cause any major operational or internal policy issues as well as ensure a smooth customer experience. This should be complemented with a “follow the apps” defensive posture where the app security services should be fronting the application wherever it resides. Where’s the future of cloud headed? From optimization to orchestration. Today, the primary use of cloud services is to optimize and streamline conventional business processes. This will change. Enterprises will next leverage cloud services to automate business processes and drive business transformation. There will also be more collaborative decision-making in cloud service procurement. The role of the CIO is set to shift from information to innovation. With the inclusion of customers in the IT user pool, enhancing customer experience through high availability and performance of business apps is crucial. Cloud will continue to evolve. 5. Is Cloud safe? As more applications and technology becomes increasingly cloud-based, especially as we mature into a Smart Nation, how can we ensure information transfer over Cloud is safe? Every battle is won before it is fought, says Sun Tzu. This is also the philosophy undertaken by Singapore in the march towards being a Smart Nation. And security continues to be one of the largest barriers to cloud adoption. It is also a key consideration in a hyper-connected environment and the prolific use of applications adds an additional layer of challenge. Organisations generally do a decent job securing their infrastructure but face challenges when securing applications regardless if these applications are hosted in-house, in a cloud environment or both. The security strategy should encompass considerations at the network/infrastructure area, applications and web assets, endpoints and devices, users behaviours. Security is everyone’s business and a foresight consideration. How can Cloud benefit enterprises as Singapore moves to become a Smart Nation? Companies are investing in cloud and using it for competitive reasons. 77% of senior information technology executives have placed high importance on digital transformation and count it as a key factor for driving the business growth of their organisations (link). Improving operational excellence and customer experience are some of the reasons why cloud adoption is on the rise. Innovations in IoT are evolving and continue to shape how people use and interact with the technologies. New devices will emerge and the technologies will evolve with these devices which in turn will shape how information is being delivered to users. In a Smart Nation where hyper connectivity is at the heart of everything, accessing information and applications in a secure and seamless manner is key and cloud will play a crucial part in its success. OK, so Cloud deployment and Smart Nation: they are highly intertwined but the investment outlay and management complexity remains a key barrier. How can we efficiently manage this? It is a common perception associated with the build out of a cloud strategy but the key consideration is knowing how applications are being consumed and the corresponding services they need. In reality, not all applications will be delivered from the cloud due to the nature or the intent of the application, especially if there is a high level of data sensitivity or the need for high operational in house secure management. We will likely see the emergence of a hybrid cloud architectures requiring seamless management and orchestration services with a balanced security posture both in house and in the cloud. This will be especially applicable for the delivery of citizen services in an aspiring smart nation like Singapore where mobile and internet penetration rates are high and technology adoption is prevalent in every aspect of our daily lives. The expectation for service on demand will increase as IoT adoption becomes mainstream and becomes interconnected with the social platforms. Architecting the infrastructure from this perspective allows for better and efficient management and reduce costs in deploying cloud. Organisations and Governments alike are already starting to build out their own cloud strategy in an attempt to drive business growth and national transformation. In an increasingly connected world where mobility is driving productivity and consumption of information, cloud adoption in a hyper connected Smart Nation will spur productivity and improve customer satisfaction, with the right consideration and strategy. At the end of the day, a cloud strategy is just one of the many means to an end – an end to become a smart nation, a nation where the citizens and corporations alike are empowered to harness technology for driving growth.
