Click here to close now.





















Welcome!

@DevOpsSummit Authors: Liz McMillan, Hovhannes Avoyan, Mike Kavis, Cloud Best Practices Network, PagerDuty Blog

Related Topics: Mobile IoT, Containers Expo Blog, Cloud Security, @DevOpsSummit

Mobile IoT: Article

Performance Testers Secure IT | @DevOps #APM #DevOps #Microservices

The most important thing to think about is protecting personally identifiable informatio

Don't Feel Insecure! How Performance Testers Can Help Protect and Secure IT

Have you heard all the buzz about the latest security breach at the Office of Personnel Management? It has caused many government workers a lot of stress - and with good reason. The personal information of more than 21 million people is now in the hands of hackers. If you've worked for the government, or had a government background check in the last 15 years, you've probably been affected.

It's a big deal, yet also just the latest in a string of high-profile identity theft cases. Remember the Target fiasco from December 2013? It was the largest retail hack in history, affecting a whopping110 million people. They only just reached a settlement to create a $10 million fund for hacking victims. This all goes to show that, while security technology continues to improve, so do hackers. It's been a trend for quite some time.

Here's why: there is great profit in hacking. Rather than putting their skills towards the overall good, some hackers spend their time, energy and talent plotting how to get rich quick off of the misery of others. You can never be too careful. Security is on everyone's mind. Not too long ago, we talked about how beefed up security impacts load testing and we want to continue the conversation. How do you keep yourself and your company safe in the age of industrial and state-sponsored hacking?

Here are a few things you must know.

Don't Take It Personally: Protect Sensitive Information
When it comes to performance testing, the most important thing to think about is protecting personally identifiable information. If it falls into the wrong hands, we know what happens. You also need to be conscious of opening holes that allow hackers to get into the network and steal personal information. Follow your corporate standards and policies for security, as well as common best practices for strong passwords. Don't take shortcuts, as tempting as it can be. Keep these tips in mind when focusing on security:

1) Always Use Dummy Data for Testing Purposes
Never scrape names or credit card numbers from real users on your website and use them to create a bunch of scripts that test load and performance. All personal information used for load testing should be dummy data and not even remotely identifiable. That doesn't just mean eliminate names. Identities can be exposed even from metadata. Instead, invest in a dummy data generator. Be smart, and treat customer data as if it were your own.

2) Play It Smart in the Cloud
Companies tend to be more cautious when operating in the cloud. Conducting load testing from the public cloud is a great idea, but just make sure that you do it right. Remember, cloud based companies spend a lot of money on security and have entire teams monitoring security infrastructure all the time, and they probably have better resources at their disposal than you do. However, it's always a good rule of thumb to make sure that sensitive data never leaves the machines it was intended for. So keep that information out of the cloud when doing performance testing.

3) Communicate with Your Operations and Security Teams
If you conduct lowd testing from the cloud, work with your operations team to make sure that they know where your traffic will be coming from. Think about how they would react upon seeing a lot of network requests coming from cloud servers across the world. They may think it's a DDoS attack when in fact it's just your cloud-based load generators operating an organized test. They could accidentally do something that messes up your test and ruins hours of data gathering and monitoring. Don't distract them from their real job of finding and stopping the bad guys. Focus on working with them to put proper controls and identification parameters in place.

4) Control Any Public Tests
You will often need to test new software for performance with real users on live systems. This is often done publicly as part of a public beta or as an A/B test. Any public beta software should be shut down when no longer in use as these tests may not be fully vetted from a security perspective. Keep exposure brief and monitor it closely. When the test is complete, remove access instantly. You don't want a security hole to be discovered in temporary software that's a year old and not in use. For hackers, that looks like a pretty tempting access channel.

5) Keep All Software Patched and up to Date
Bring anything public-facing to the attention of your security team. They have processes to monitor software, update it, and control the environment. Check regularly for out-of-date apps that may contain active vulnerabilities, as unpatched software is one of the easiest ways for hackers to gain access to your systems.

Security First and Always
With all the recent hacks and security breaches, just discussing your security plan can be intimidating enough to put it off. Remember that the secret to security in performance testing is in the planning. With these tips in mind, you'll be well on your way to developing a security plan that protects the personal data of your company and users.

Photo: Pixabay

More Stories By Tim Hinds

Tim Hinds is the Product Marketing Manager for NeoLoad at Neotys. He has a background in Agile software development, Scrum, Kanban, Continuous Integration, Continuous Delivery, and Continuous Testing practices.

Previously, Tim was Product Marketing Manager at AccuRev, a company acquired by Micro Focus, where he worked with software configuration management, issue tracking, Agile project management, continuous integration, workflow automation, and distributed version control systems.

@DevOpsSummit Stories
Webair, a leading provider of Cloud Hosting, Colocation and Managed solutions, today announces that its Chief Technology Officer, Sagi Brody, will speak at Cloud Expo 2015 Silicon Valley, to be held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, California. Cloud Expo 2015 Silicon Valley is a world-class conference that brings together thought-leaders and cutting edge practitioners in the cloud / utility computing, Big Data, Internet of Things (IoT), Software-Defined Data Center (SDDC), DevOps and Web Real-Time Communication (WebRTC) space, which, in addition to prest...
Logz.io, the Predictive ELK (Elasticsearch, Logstash and Kibana) log analytics cloud service company, announced today that it was chosen to speak at DevOps Summit, which will take place on November 3-5 in Santa Clara, California. Logz.io will explore the entire process that we have undergone – through research, benchmarking, implementation, optimization, and customer success – in developing a processing engine that can handle petabytes of data. We will also discuss the requirements of such an engine in terms of scalability, resilience, security, and availability along with how the architectur...
Father business cycles and digital consumers are forcing enterprises to respond faster to customer needs and competitive demands. Successful integration of DevOps and Agile development will be key for business success in today’s digital economy. In his session at DevOps Summit, Pradeep Prabhu, Co-Founder & CEO of Cloudmunch, he will cover the critical practices that enterprises should consider to seamlessly integrate Agile and DevOps processes, barriers to implementing this in the enterprise, and provide examples on how an integrated approach has helped major companies embrace a cloud first,...
In his General Session at DevOps Summit, Asaf Yigal, Co-Founder & VP of Product at Logz.io, will explore the value of Kibana 4 for log analysis and will give a real live, hands-on tutorial on how to set up Kibana 4 and get the most out of Apache log files. He will examine three use cases: IT operations, business intelligence, and security and compliance. This is a hands-on session that will require participants to bring their own laptops, and we will provide the rest.
SYS-CON Events announced today that TechTarget has been named “Media Sponsor” of SYS-CON's 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. TechTarget storage websites are the best online information resource for news, tips and expert advice for the storage, backup and disaster recovery markets.
Automating AWS environments is important for all businesses as it simplifies creation and setup of cloud resources, facilitates otherwise complex processes, and streamlines management. The benefits of automation are clear: accelerate execution, reduce human error and unwanted consequences, and increase the enterprise’s ability to rapidly adapt, all while reducing the overall cost of IT operations. In his session at 17th Cloud Expo, Patrick McClory, Director of Automation and DevOps at Datapipe, dives deep into the technical specifics of automation for AWS including a discussion of best pract...
In a recent research, Analyst firm IDC found that the average cost of a critical application failure is $500,000 to $1 million per hour and the average total cost of unplanned application downtime is $1.25 billion to $2.5 billion per year for Fortune 1000 companies. In addition to the findings on the cost of the downtime, the research also highlighted best practices for development, testing, application support, infrastructure, and operations teams.
DevOps is a software development method that places emphasis on communications between Software Engineering, Quality Assurance and IT Operations (SEQAITO ) with the goal to produce software and services to improve, increase the operational performance for the Enterprise. Communications is key not only between the SEQAITO team members but also the communication between the applications and the SEQAITO team. How can an organization provide the human communication and the application communication to the SEQAITO team to ensure the successful development, deployment of the application?
Most of the IoT Gateway scenarios involve collecting data from machines/processing and pushing data upstream to cloud for further analytics. The gateway hardware varies from Raspberry Pi to Industrial PCs. The document states the process of allowing deploying polyglot data pipelining software with the clear notion of supporting immutability. In his session at @ThingsExpo, Shashank Jain, a development architect for SAP Labs, will discuss the objective, which is to automate the IoT deployment process from development to production scenarios using Docker containers.
Culture is the most important ingredient of DevOps. The challenge for most organizations is defining and communicating a vision of beneficial DevOps culture for their organizations, and then facilitating the changes needed to achieve that. Often this comes down to an ability to provide true leadership. As a CIO, are your direct reports IT managers or are they IT leaders? The hard truth is that many IT managers have risen through the ranks based on their technical skills, not their leadership ability. Many are unable to effectively engage and inspire, creating forward momentum in the direction...
SYS-CON Events announced today that Ericsson has been named “Silver Sponsor” of SYS-CON's 17th Cloud Expo, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Ericsson strives to connect everyone, wherever they may be. Because by being connected, people can take part in the emerging global collaboration that is the Networked Society – a society in which every person and every industry is empowered to reach their full potential.
In his session at @ThingsExpo, Ben Bromhead, CTO of Instaclustr, will walk you through the basics of building an IoT-based platform leveraging Cassandra, Spark and Kafka. This session is aimed at developers, admins and DevOps engineers who have to build, run and maintain high performance IoT platforms as well as data scientists/engineers who are sick of ETL and want to work with the most up to date information.
Discussions of cloud computing have evolved in recent years from a focus on specific types of cloud, to a world of hybrid cloud, and to a world dominated by the APIs that make today's multi-cloud environments and hybrid clouds possible. In this Power Panel at 17th Cloud Expo, moderated by Conference Chair Roger Strukhoff, panelists will address the importance of customers being able to use the specific technologies they need, through environments and ecosystems that expose their APIs to make true change and transformation possible.
After more than five years of DevOps, definitions are evolving, boundaries are expanding, ‘unicorns’ are no longer rare, enterprises are on board, and pundits are moving on. Can we now look at an evolution of DevOps? Should we? Is the foundation of DevOps ‘done’, or is there still too much left to do? What is mature, and what is still missing? What does the next 5 years of DevOps look like? In this Power Panel at DevOps Summit, moderated by DevOps Summit Conference Chair Andi Mann, panelists will look back at what DevOps has become, and forward at what it might create next.
Most everyone in Cloud IT circles has realized the power of containerization and that companies are adopting Docker containers at a remarkable rate. There are many good reasons for this, such as easily setting up dev/test scenarios (DevOps), and building out sophisticated, distributed computing clusters. But there are some deeper questions this talk will address from the Microsoft perspective. For example, what is the future of Windows in a containerized world? How will Windows and Linux work together in Azure?
SYS-CON Events announced today that Colovore, the Bay Area’s leading provider of scalable, high-density colocation solutions, will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. With power densities of 20 kW per rack and a pay-by-the-kW pricing model, Colovore is Silicon Valley’s premier provider of flexible, high-density colocation solutions. Our 9 MW facility has the power and cooling your servers need, and our team has decades of experience managing web infrastructure. We are optimized to ...
Docker is hot. However, as Docker container use spreads into more mature production pipelines, there can be issues about control of Docker images to ensure they are production-ready. Is a promotion-based model appropriate to control and track the flow of Docker images from development to production? In his session at DevOps Summit, Fred Simon, Co-founder and Chief Architect of JFrog, will demonstrate how to implement a promotion model for Docker images using a binary repository, and then show how to distribute them to any kind of consumer, being it a customer or a data center.
In their session at DevOps Summit, Asaf Yigal, co-founder and the VP of Product at Logz.io, and Tomer Levy, co-founder and CEO of Logz.io, will explore the entire process that they have undergone – through research, benchmarking, implementation, optimization, and customer success – in developing a processing engine that can handle petabytes of data. They will also discuss the requirements of such an engine in terms of scalability, resilience, security, and availability along with how the architecture accomplishes these requirements. Lastly, they will review the gory details of the technolo...
Most everyone in Cloud IT circles has realized the power of containerization and that companies are adopting Docker containers at a remarkable rate. There are many good reasons for this, such as easily setting up dev/test scenarios (DevOps), and building out sophisticated, distributed computing clusters. But there are some deeper questions this talk will address from the Microsoft perspective. For example, what is the future of Windows in a containerized world? How will Windows and Linux work together in Azure?
Container technology is shaping the future of DevOps and it’s also changing the way organizations think about application development. With the rise of mobile applications in the enterprise, businesses are abandoning year-long development cycles and embracing technologies that enable rapid development and continuous deployment of apps. In his session at DevOps Summit, Kurt Collins, Developer Evangelist at Built.io, examines how Docker has evolved into a highly effective tool for application delivery by allowing increasingly popular Mobile Backend-as-a-Service (mBaaS) platforms to quickly crea...
Join IBM Bluemix on November 4 at 17th Cloud Expo at the Santa Clara Convention Center in Santa Clara, CA, and learn how to jump start your IoT strategy with MobileFirst, cloud and cognitive computing. Transform everyday MobileFirst Cloud Apps into IoT solutions in 2.5 seconds! What happens when you combine a SmartPhone, a watch and a sassy robot with one MobileFirst Application? What happens when Watson does it - on Cloud!?! Join this session to see IOT in action! There are over nine billion Internet of Things devices in the world today, and the number is growing. Move your MobileFirst Appde...
The 6th International DevOps Summit, co-located with 18th International Cloud Expo – being held June 7-9, 2016, at the Javits Center in New York City – announces that its Call for Papers is open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's largest enterprises – and delivering real results. Among the proven benefits, DevOps is correlated with 20% faster...
SYS-CON Events announced today that O'Reilly Media has been named “Media Sponsor” of SYS-CON's 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. O'Reilly spreads the knowledge of innovators through its technology books, online services, research, and tech conferences. An active participant in the technology community, O'Reilly has a long history of advocacy, meme-making, and evangelism.
In today's enterprise, digital transformation represents organizational change even more so than technology change, as customer preferences and behavior drive end-to-end transformation across lines of business as well as IT. To capitalize on the ubiquitous disruption driving this transformation, companies must be able to innovate at an increasingly rapid pace.
IT is often cast in a dichotomy where things are either viewed as traditional, stable, and safe or innovative, impermanent, and vulnerable. There have been multiple attempts to organize these classifications in a fashion that make IT budget and planning more predictable such as various agile methodologies, DevOps, and the bimodal model. What qualifies as success depends on the customer and producer involved in a project. A survey conducted by Scott Ambler in 2013 suggests that being on schedule is valued more than being on budget, and coding to specification is of the least concern among the ...