SYS-CON Events announced today that VAI, a leading ERP software provider, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY.
VAI (Vormittag Associates, Inc.) is a leading independent mid-market ERP software developer renowned for its flexible solutions and ability to automate critical business functions for the distribution, manufacturing, specialty retail and service sectors. An IBM Premier Business Part...| By Rohit Gupta | Article Rating: |
|
| January 21, 2016 07:45 PM EST | Reads: |
161 |
I recently caught up with a former co-worker who now runs an information security program for a well-known retailer. While discussing new advances in cloud security and technology, he mentioned that his company had met with a provider that presented him with a mind-numbing number of deployment options for their solution. Some of the options rattled off included forward and reverse proxies; public, private, hybrid, and cloud versions of their product; an on-premise version; and packaging in an appliance or a box that could be racked in a data center.
Undoubtedly, a list of options this long provides increased flexibility to deploy solutions in a way that makes the most sense on a company-to-company basis. However, as deployment options increase, so does the complexity of creating a successful plan for deployment. In the list below, I'll provide helpful tips for balancing the aforementioned flexibility and complexity that make up the cloud security deployment space today.
1. Create a functional checklist
When selecting a cloud security solution, it's essential to identify which functions are most important to the company. For example, some organizations want visibility into activity in their cloud applications. Others want to protect against leaks of sensitive data and other security threats from both inside and outside sources. Some companies are especially concerned with regulatory compliance - the list goes on.
I suggest documenting fundamental criteria in a checklist because it offers a clean way to assess multiple providers and identify which is the best fit.
2. Select a deployment topology that maximizes coverage and minimizes user disruption
Theoretical deployment topologies can be ineffective. Your provider needs to give you documented evidence that the proposed topology has been tested and validated with other clients (ideally with similar requirements). Check with your network and industry analysts as well as your provider's references, being sure to ask questions about why they chose a particular topology, the trade-offs, and the impact to end users.
Security solutions have a reputation for not being business-friendly because of their invasive nature. Have an understanding of how your deployment will affect different user communities. For example, if you roll out a user monitoring solution for Salesforce CRM, you should evaluate the effects on:
- Sales reps who use Salesforce CRM
- Salesforce admins who manage and configure the service
- Security analysts who will use the monitoring solution
- Security executives who are responsible for oversight of all security issues
- The application LoB executive who sponsors the purchase of the CRM service.
3. Have a clear on-boarding plan with success criteria
When adopting a solution, make sure that your provider creates an on-boarding plan that addresses all major aspects of your cloud security requirements. The provider needs to break down the on-boarding plan into phases with milestones, as well as clearly document test cases and success criteria for each phase. The plan should list all dependencies for each success factor and identify whether they or you are responsible for each.
4. Insist on an annual success roadmap
Annual success roadmaps are critical because they document the usefulness of the service and identify value on an ongoing basis. In addition to proposing new capabilities, the roadmap should plan for any training required, quantify the extent to which the provider delivered on the value proposition, and identify areas for improvement. I suggest reviewing the roadmap quarterly and updating it as the organization's needs evolve. You may also want to ask for a dedicated customer success professional to be assigned to you.
Each cloud security journey will be unique, while also sharing attributes with others that have taken or are taking the same path. Understand and benefit from the lessons that companies have learned in the past. While having flexibility is great, having a clear path for your journey is even more valuable.
Important questions include: Does the solution change the behavior of users of the cloud service? Does it require installing agents on users' devices? Will it introduce performance or latency issues? What happens if the solution has an outage or downtime?
After identifying a deployment topology, test it in sandbox mode. The beauty of SaaS and cloud deployments is that most providers can offer a sandbox mode for testing the topology with appropriate use cases. If the provider does not offer a sandbox mode, it's probably a red flag.
Published January 21, 2016 Reads 161
Copyright © 2016 SYS-CON Media, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.
More Stories By Rohit Gupta
Rohit Gupta founded Palerra in 2013 with the vision of ushering in a new paradigm in security and DevOps, one that would enable enterprises to confidently embrace and accelerate the move to the cloud. As CEO at Palerra, he is responsible for creating, communicating and delivering on the overall vision and strategy for the company. Connect with Rohit on Twitter and LinkedIn.
SYS-CON Events announced today that VAI, a leading ERP software provider, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY.
VAI (Vormittag Associates, Inc.) is a leading independent mid-market ERP software developer renowned for its flexible solutions and ability to automate critical business functions for the distribution, manufacturing, specialty retail and service sectors. An IBM Premier Business Part...Jan. 22, 2016 10:00 AM EST Reads: 149 |
By Liz McMillan There are so many tools and techniques for data analytics that even for a data scientist the choices, possible systems, and even the types of data can be daunting.
In his session at @ThingsExpo, Chris Harrold, Global CTO for Big Data Solutions for EMC Corporation, showed how to perform a simple, but meaningful analysis of social sentiment data using freely available tools that take only minutes to download and install. Participants received the download information, scripts, and complete end-t...Jan. 22, 2016 10:00 AM EST Reads: 829 |
By Pat Romanski Jan. 22, 2016 10:00 AM EST Reads: 134 |
By Liz McMillan Jan. 22, 2016 09:30 AM EST Reads: 135 |
By Liz McMillan Jan. 22, 2016 09:00 AM EST Reads: 160 |
By Elizabeth White Actifio has announced its partnership with Camouflage Software Inc., a leading provider of solutions for data masking in Test Data Management. The partnership brings a best-in-class solution to address the challenges of data access, control, security, and storage costs in the test and development space.
"Software is eating the world," as Marc Andreessen famously said in 2011. Since then, more and more industries have been transformed by software, to the point where the largest distributor of fi...Jan. 22, 2016 08:15 AM EST Reads: 405 |
By Elizabeth White Developing software for the Internet of Things (IoT) comes with its own set of challenges. Security, privacy, and unified standards are a few key issues. In addition, each IoT product is comprised of (at least) three separate application components: the software embedded in the device, the backend service, and the mobile application for the end user’s controls. Each component is developed by a different team, using different technologies and practices, and deployed to a different stack/target – ...Jan. 22, 2016 08:00 AM EST Reads: 643 |
By Pat Romanski How do you securely enable access to your applications in AWS without exposing any attack surfaces? The answer is usually very complicated because application environments morph over time in response to growing requirements from your employee base, your partners and your customers.
In his session at DevOps Summit, Haseeb Budhani, co-founder and CEO of Soha, shared five common approaches that DevOps teams follow to secure access to applications deployed in AWS, Azure, etc., and the friction and...Jan. 22, 2016 07:45 AM EST Reads: 868 |
By Laureen Fagan Radical business transformation is an essential part of business growth, but that transformation is dependent more on process than it is technology – and on creating a culture of change within the business that has buy-in at every level. Technology vendors often tout the transformative potential of products, but when those initiatives fail to deliver? A company must take a deeper look at the reasons because it may not be the vendor or flaw in the technology, so much as the problem lies within th...Jan. 22, 2016 07:00 AM EST Reads: 341 |
By Elizabeth White Jan. 22, 2016 07:00 AM EST Reads: 159 |
By Elizabeth White Clearly the way forward is to move to cloud be it bare metal, VMs or containers. One aspect of the current public clouds that is slowing this cloud migration is cloud lock-in. Every cloud vendor is trying to make it very difficult to move out once a customer has chosen their cloud.
In his session at 17th Cloud Expo, Naveen Nimmu, CEO of Clouber, Inc., advocated that making the inter-cloud migration as simple as changing airlines would help the entire industry to quickly adopt the cloud without ...Jan. 22, 2016 07:00 AM EST Reads: 854 |
By Elizabeth White Between the compelling mockups and specs produced by analysts, and resulting applications built by developers, there exists a gulf where projects fail, costs spiral, and applications disappoint. Methodologies like Agile attempt to address this with intensified communication, with partial success but many limitations.
In his session at DevOps Summit, Charles Kendrick, CTO and Chief Architect at Isomorphic Software, presented a revolutionary model enabled by new technologies.Jan. 22, 2016 06:00 AM EST Reads: 738 |
By Pat Romanski Automating AWS environments is important for all businesses as it simplifies creation and setup of cloud resources, facilitates otherwise complex processes, and streamlines management. The benefits of automation are clear: accelerate execution, reduce human error and unwanted consequences, and increase the enterprise’s ability to rapidly adapt, all while reducing the overall cost of IT operations.
In his session at 17th Cloud Expo, Patrick McClory, Director of Automation and DevOps at Datapipe...Jan. 22, 2016 05:00 AM EST Reads: 673 |
By Liz McMillan Learn how IoT, cloud, social networks and last but not least, humans, can be integrated into a seamless integration of cooperative organisms both cybernetic and biological. This has been enabled by recent advances in IoT device capabilities, messaging frameworks, presence and collaboration services, where devices can share information and make independent and human assisted decisions based upon social status from other entities.
In his session at @ThingsExpo, Michael Heydt, founder of Seamless...Jan. 22, 2016 05:00 AM EST Reads: 609 |
By Elizabeth White Most people haven’t heard the word, “gamification,” even though they probably, and perhaps unwittingly, participate in it every day.
Gamification is “the process of adding games or game-like elements to something (as a task) so as to encourage participation.” Further, gamification is about bringing game mechanics – rules, constructs, processes, and methods – into the real world in an effort to engage people.
In his session at @ThingsExpo, Robert Endo, owner and engagement manager of Intrepid D...Jan. 22, 2016 04:45 AM EST Reads: 345 |
By Elizabeth White The traditional, on-premise computing model has established processes, accreditations, certifications, governance and compliance rules - FISMA, NERC CIP, HIPAA, PCI-DSS, IRS 1075. While the security industry is aggressively addressing the technical security gaps in cloud-driven services, many organizations using cloud services are struggling to implement and adapt strategic processes, procedures, and controls for cloud governance and due diligence. Jan. 22, 2016 02:15 AM EST Reads: 607 |
By Liz McMillan The Internet of Things has the potential to disrupt all industries, not just consumer, as businesses leverage the new insights and capabilities enabled by new devices / things, automation, integration and analytics, etc., to transform how they do business.
One industry ripe for disruption is higher education. Colleges and universities are being challenged with serving more students and at the same time ensuring successful student outcomes.
In his session at @ThingsExpo, Chris Witeck, Principa...Jan. 22, 2016 12:15 AM EST Reads: 708 |
By Liz McMillan For it to be SOA – let alone SOA done right – we need to pin down just what "SOA done wrong" might be. First-generation SOA with Web Services and ESBs, perhaps?
But then there's second-generation, REST-based SOA. More lightweight and cloud-friendly, but many REST-based SOA practices predate the microservices wave.
Today, microservices and containers go hand in hand – only the details of "container-oriented architecture" are largely on the drawing board – and are not likely to look much like S...Jan. 21, 2016 10:45 PM EST Reads: 1,003 |
By Liz McMillan With containerization using Docker, the orchestration of containers using Kubernetes, the self-service model for provisioning your projects and applications and the workflows we built in OpenShift is the best in class Platform as a Service that enables introducing DevOps into your organization with ease.
In his session at DevOps Summit, Veer Muchandi, PaaS evangelist with RedHat, provided a deep dive overview of OpenShift v3 and demonstrated how it helps with DevOps.Jan. 21, 2016 06:15 PM EST Reads: 955 |
By Pat Romanski Enterprises require the performance, agility and on-demand access of the public cloud, and the management, security and compatibility of the private cloud. The solution? In his session at 15th Cloud Expo, Simone Brunozzi, VP and Chief Technologist(global role) for VMware, will explore how to unlock the power of the hybrid cloud and the steps to get there. He'll discuss the challenges that conventional approaches to both public and private cloud computing, and outline the tough decisions that mus...Jan. 21, 2016 04:00 PM EST Reads: 2,564 |

There are so many tools and techniques for data analytics that even for a data scientist the choices, possible systems, and even the types of data can be daunting.
In his session at @ThingsExpo, Chris Harrold, Global CTO for Big Data Solutions for EMC Corporation, showed how to perform a simple, but meaningful analysis of social sentiment data using freely available tools that take only minutes to download and install. Participants received the download information, scripts, and complete end-t...
Actifio has announced its partnership with Camouflage Software Inc., a leading provider of solutions for data masking in Test Data Management. The partnership brings a best-in-class solution to address the challenges of data access, control, security, and storage costs in the test and development space.
"Software is eating the world," as Marc Andreessen famously said in 2011. Since then, more and more industries have been transformed by software, to the point where the largest distributor of fi...
Developing software for the Internet of Things (IoT) comes with its own set of challenges. Security, privacy, and unified standards are a few key issues. In addition, each IoT product is comprised of (at least) three separate application components: the software embedded in the device, the backend service, and the mobile application for the end user’s controls. Each component is developed by a different team, using different technologies and practices, and deployed to a different stack/target – ...
How do you securely enable access to your applications in AWS without exposing any attack surfaces? The answer is usually very complicated because application environments morph over time in response to growing requirements from your employee base, your partners and your customers.
In his session at DevOps Summit, Haseeb Budhani, co-founder and CEO of Soha, shared five common approaches that DevOps teams follow to secure access to applications deployed in AWS, Azure, etc., and the friction and...
Radical business transformation is an essential part of business growth, but that transformation is dependent more on process than it is technology – and on creating a culture of change within the business that has buy-in at every level. Technology vendors often tout the transformative potential of products, but when those initiatives fail to deliver? A company must take a deeper look at the reasons because it may not be the vendor or flaw in the technology, so much as the problem lies within th...
Clearly the way forward is to move to cloud be it bare metal, VMs or containers. One aspect of the current public clouds that is slowing this cloud migration is cloud lock-in. Every cloud vendor is trying to make it very difficult to move out once a customer has chosen their cloud.
In his session at 17th Cloud Expo, Naveen Nimmu, CEO of Clouber, Inc., advocated that making the inter-cloud migration as simple as changing airlines would help the entire industry to quickly adopt the cloud without ...
Between the compelling mockups and specs produced by analysts, and resulting applications built by developers, there exists a gulf where projects fail, costs spiral, and applications disappoint. Methodologies like Agile attempt to address this with intensified communication, with partial success but many limitations.
In his session at DevOps Summit, Charles Kendrick, CTO and Chief Architect at Isomorphic Software, presented a revolutionary model enabled by new technologies.
Automating AWS environments is important for all businesses as it simplifies creation and setup of cloud resources, facilitates otherwise complex processes, and streamlines management. The benefits of automation are clear: accelerate execution, reduce human error and unwanted consequences, and increase the enterprise’s ability to rapidly adapt, all while reducing the overall cost of IT operations.
In his session at 17th Cloud Expo, Patrick McClory, Director of Automation and DevOps at Datapipe...
Learn how IoT, cloud, social networks and last but not least, humans, can be integrated into a seamless integration of cooperative organisms both cybernetic and biological. This has been enabled by recent advances in IoT device capabilities, messaging frameworks, presence and collaboration services, where devices can share information and make independent and human assisted decisions based upon social status from other entities.
In his session at @ThingsExpo, Michael Heydt, founder of Seamless...
Most people haven’t heard the word, “gamification,” even though they probably, and perhaps unwittingly, participate in it every day.
Gamification is “the process of adding games or game-like elements to something (as a task) so as to encourage participation.” Further, gamification is about bringing game mechanics – rules, constructs, processes, and methods – into the real world in an effort to engage people.
In his session at @ThingsExpo, Robert Endo, owner and engagement manager of Intrepid D...
The traditional, on-premise computing model has established processes, accreditations, certifications, governance and compliance rules - FISMA, NERC CIP, HIPAA, PCI-DSS, IRS 1075. While the security industry is aggressively addressing the technical security gaps in cloud-driven services, many organizations using cloud services are struggling to implement and adapt strategic processes, procedures, and controls for cloud governance and due diligence.
The Internet of Things has the potential to disrupt all industries, not just consumer, as businesses leverage the new insights and capabilities enabled by new devices / things, automation, integration and analytics, etc., to transform how they do business.
One industry ripe for disruption is higher education. Colleges and universities are being challenged with serving more students and at the same time ensuring successful student outcomes.
In his session at @ThingsExpo, Chris Witeck, Principa...
For it to be SOA – let alone SOA done right – we need to pin down just what "SOA done wrong" might be. First-generation SOA with Web Services and ESBs, perhaps?
But then there's second-generation, REST-based SOA. More lightweight and cloud-friendly, but many REST-based SOA practices predate the microservices wave.
Today, microservices and containers go hand in hand – only the details of "container-oriented architecture" are largely on the drawing board – and are not likely to look much like S...
With containerization using Docker, the orchestration of containers using Kubernetes, the self-service model for provisioning your projects and applications and the workflows we built in OpenShift is the best in class Platform as a Service that enables introducing DevOps into your organization with ease.
In his session at DevOps Summit, Veer Muchandi, PaaS evangelist with RedHat, provided a deep dive overview of OpenShift v3 and demonstrated how it helps with DevOps.
Enterprises require the performance, agility and on-demand access of the public cloud, and the management, security and compatibility of the private cloud. The solution? In his session at 15th Cloud Expo, Simone Brunozzi, VP and Chief Technologist(global role) for VMware, will explore how to unlock the power of the hybrid cloud and the steps to get there. He'll discuss the challenges that conventional approaches to both public and private cloud computing, and outline the tough decisions that mus...
Web performance issues and advances have been gaining a stronger presence in the headlines as people are becoming more aware of its impact on virtually every business, and 2015 was no exception. We saw a myriad of major outages this year hit some of the biggest corporations, as well as some technology integrations and other news that we IT Ops aficionados find very exciting.
This past year has offered several opportunities for growth and evolution in the performance realm — even the worst failures presented valuable lessons to be carried into the New Year. So before we dive headfirst into 201...
Developers are often caught between a rock and a hard place. They aren’t allowed to employ the tricks of the trade that can squeeze more performance out of their code because the consequences – technical debt stemming from impaired maintainability - are generally considered even worse. It’s not appropriate, for example, to use bit-shifting techniques to do simple multiplication because while it might be milliseconds faster, it isn’t always universally understood and thus can cause issues with long-term maintainability.
Everything will be on the cloud. It almost sounds like overstatement even in 2016 doesn’t it?
Could we really get ourselves to the point where we regard the cloud layer as our first, primary, default and de facto location for data? The answer is: yes, we do already… although perhaps not all of us have even realized it yet.
When we do start to fully appreciate what the cloud computing layer of data storage and application services can really do for us, we will find ourselves almost ‘set free’ from our previous notions of how we use the computers, laptops, tablets and smartphones that we rega...
Learn how a new user group being formed around TOGAF, The Open Group standard, and how this group will further foster the practical use of TOGAF for effective and practical business transformation.
The next BriefingsDirect thought leadership interview explores a new user group being formed around TOGAF, The Open Group standard, and how this group will further foster the practical use of TOGAF for effective and practical business transformation.
The discussion, which comes in conjunction with The Open Group San Francisco 2016 event on January 25, sets the stage for the next chapter in enterpr...
Most of the Java developers I know don’t like JavaScript. Initially. They would give you different reasons why, but the real one is simple: too much to learn to make it work. For many Java developers creating the front end of a Web application in JavaScript is a chore to write and a burden to maintain. Nevertheless JavaScript rules in Web development and the new version of JavaScript (ES6) will make it even more popular.
On January 4, General Motors announced a $500 million investment in Lyft, the #2 player in the rapidly growing ride sharing market. To quote the press release[1]:
“We see the future of personal mobility as connected, seamless and autonomous,” said GM President Dan Ammann. “With GM and Lyft working together, we believe we can successfully implement this vision more rapidly.”
According to IDC, 80 percent of enterprise IT organizations will commit to hybrid cloud architectures by 2017. This has significant implications for the way enterprises need to organize themselves. All enterprises, not just those on the cutting edge, need to adapt their business models to leverage services that are made possible by the cloud. Beyond the requisite cost reduction, new opportunities emerge with cloud that are impossible to achieve in an environment of discrete platforms and applications. We need to move up from storage and simple application hosting to embrace business models and...
If you were too busy with things and unable to give the desired attention to planning the right steps for your business in 2016, fear not. You’re not alone, and yes welcome to the party! With too many things going on, I could completely believe if you said you don’t have time to breathe. The boss wants the reports, the customer wants the installation while the sales teams have been asking for help on some technical stuff. You can only do as much as you do. With so much going around us, it’s also sometimes hard to keep up with what really matters. Here is how to achieve planned success in this ...
We are well into the first month of 2016, and many predictions from the cloud sector have started to reveal different trends that we may see over the next 12 months. In 2015 we saw IaaS (Infrastructure as a Service) and PaaS (Platform as a Service) growing 51 per cent, with cloud firmly being pushed into the limelight. Looking to the future, there are many indications of what to expect in the year to come, including improvements to current-generation cloud environments as well as private cloud resurging amongst early and late cloud adopters,
You can’t seem to have a conversation about cloud technology and its impact on the business without the topic of Shadow IT coming up. The two concepts at times seem so tightly intertwined, one would think there is a certain inevitability, almost a causal linkage between them. Shadow IT tends to be an emotional topic for many, dividing people into one of two camps. One camp tends to see Shadow IT as a great evil putting companies, their data and systems at risk by implementing solutions without oversight or governance. Another camp sees Shadow IT as the great innovators that are helping the com...
I recently spotted a five-year-old blog post by Mike Gualtieri of Forrester, where he suggests firing your quality assurance (QA) team to improve your quality. He got the idea from a client who actually tried and succeeded with this counterintuitive move.
The thinking goes that without a QA team to cover for them, developers are more likely to take care of quality properly – or risk getting the dreaded Sunday morning wakeup call to fix something.
Gualtieri’s post generated modest buzz at the time, but since 2011 the world has changed. DevOps has turned a corner, representing an end-to-end...
It seems that all we hear about these days is the move to the cloud. Certainly, it’s a top-trending technology topic for enterprise-sized organizations. But don’t let the hype mislead you into believing cloud deployment is just for large businesses. Small- to medium-sized organizations can absolutely reap the benefits of cloud. In fact if you’re an SMB, you have even more to gain from cloud deployment – and you run a real risk of missing out by not going to the cloud.
According to a September 2014 study by Deloitte, SMBs using an above-average number of cloud services grow 26 percent faster o...
As organizations try to increase their velocity and agility, there’s a widening gap between the IT department and the provisioning of new services. This can lead to serious security risks and operational inefficiency. But if we really want to tackle shadow IT, we have to get to the root of the problem. Why are people bypassing the IT department or failing to ask management for permission? What can we do about it?
Explore the 10 most popular continuous testing resources of 2015, including Forrester and Gartner research, interviews, infographics, an ebook, and more.
With today's DevOps and "Continuous Everything" initiatives, teams need the ability to assess the risks associated with a release candidate-instantly and continuously. Maybe that's why 2015 seemed to be all about Continuous Testing, from conferences, to analyst research, to the blogosphere.
When it comes to protecting their brand, there is little that any successful company would not do. But what if the brand is being damaged just by people being unable to find the store?
If you think of the internet as a virtual network, then DNS lookup and resolution is like the 411 service. Websites are not located at text addresses, but rather IP addresses – that series of numbers and decimals that may not make any sense to you, but actually identifies the actual server that you’re trying to contact. So when you type www.catchpoint.com into your web browser or click on a link to it from a ...





















