Virtual patching: how out of the patch maelstrom
By Tim Ayling, Director for Channels and Marketing, Trend Micro
One of the most important problems data center owners have today is patching.
It’s a burdensome, costly, and time-consuming affair that’s often done manually and, given the present threat landscape, can leave mission-critical systems hospitable to new threats for dangerously long periods. Typical datacentres today could also be running systems from a hotchpotch of vendors that require patching, all with different schedules and different levels of criticality. Oracle’s patch load is known, while Microsoft’s Patch Tuesday is written on the calendar of most system administrators in double-thick red pen.
Add to this complexity the very fact that a lot of systems are going out of support and not have patches issued you get another headache for the IT department. Then try multiplying this thousandfold within the environment of a cloud service provider, tasked with keeping secure a knowledge center servicing many thousands of users.
These businesses are increasingly differentiating on the safety and stability of their services – during this context a missed patch could lead to a significant outage or security incident, bad headlines and an exit of consumers.
Today’s patch managers have an unenviable task, not least due to zero-day threats. As soon as a vulnerability has been discovered or publicly announced the clock is ticking. Make no mistake; the bad guys have their own SLAs to supply an exploit before the seller gets there first with a patch of their own. It’s then the work of the overworked supervisor to form sure their systems aren’t exposed, and in virtual environments, it is often even tougher.
The most important thing to recollect is that security teams can’t shoe-horn their tried and tested physical security tools and techniques into virtual environments.
It must be virtual patching. If organizations simply don’t have the resources to patch more often than every 3-6 months, virtual patching can provide a plaster to repair the difficulty and protect the relevant systems from vulnerabilities until those patches are applied. It should be an agentless virtual patching system that protects at a hypervisor level because inserting agents onto each VM will degrade performance.
The benefits are obvious. It’s all about performance, cost, and security. If automated, virtual patching can save valuable man-hours, also as extend the lifespan of legacy applications that are not any longer supported, and reduce the business disruption caused by emergency patches.
More importantly, for the cloud provider, it means peace of mind and knowing your customers are safe.
Grey Clouds over Cost Savings
By Michael Queenan, Director – Nephos Technologies
If you're watching Cloud for just cost savings you’re getting to be disappointed.
Let me start with a bold statement – Cloud, like a vanilla term, isn't the value savings beast that everybody has been telling you it's. Don’t get me wrong there are cost savings opportunities in certain areas – which I will be able to come on to later – but if you're watching Cloud for a pure cost-saving exercise you're likely to be disappointed.
As a fast introduction, and just in case you haven’t heard of Nephos Technologies before, we are a totally independent Cloud services firm that was started thanks to the shortage of openness and transparency we heard from our customers. information technology education kept hearing that there didn’t seem to be enough companies looking to assist customers to understand Cloud, providing honest, unbiased advice and proposals into how and where customers could and will check out Cloud services. in order that is where we started from and one among the key services we offer.
The part that the majority amuses me about this subject is that it's a drag caused by the Cloud providers themselves as highlighted beautifully in Daniel Steeves post (Stop Selling Cloud). Everyone knows there's an enormous opportunity in Cloud, as all the analysts keep telling us, so it's the old “Field of Dreams” approach: “if you build it they're going to come”. rather than trying to know how their customers' businesses work and where is that the most appropriate place to seem at Cloud, these companies, realized that they had spent millions on building a Cloud and needed to sell it, therefore the easiest place to start out created an ROI whether that's real or imagined.
Really watching Costs
In my opinion, the primary thing that must be done before watching any Cloud service is to really understand the value of running this service in-house. Surprisingly to me, this is often still something that the majority of organizations don’t have a handle on yet, and until these costs are understood there are no thanks to knowing if moving them outside the business is best or not.
Building out the general internal cost of a service isn’t almost hardware there are a variety of other elements that require to be included; hosting, electricity, cooling, management, refresh rate, write-off period, etc. The last point is particularly important in certain market sectors like Public Sector as their write-off periods are often up to 10 years. Trying to create an ROI on hardware that isn’t getting to get replaced for 10 years is impossible! the value argument also can be a difficult one to form surely markets as they're not set up to suddenly drop 50% of their capital budgets but have their operational rise by 400%.
The problem I’m beginning to see during this area, more within the SME and Midmarket organizations, is that because there are now numerous un-regulated Cloud companies out there trying to sell their services on cost instead of business benefit is that once they don’t get the savings or service, they expect which ultimately leaves the customer disappointed or disillusioned with Cloud because it doesn’t live up to the hype. information technology consulting I think this is often why the work of organizations like The Cloud Industry Forum is so important and wishes to be encouraged to assist act as a kitemark to prevent the cowboy companies out for a fast buck.
Where Cloud does Help
Despite these challenges, it’s not all doom and gloom. If you check out Cloud services for quite just cost savings your business will undoubtedly reap the rewards. There are a variety of areas that I think Cloud is great for…… and that I do!
– Agility: This to me is that the biggest reason to seem at Cloud from a business perspective because the ability to “right-size” your environment supported usage is hugely key to a variety of markets such as; retail, media, consumer brands whose infrastructure requirements go up and down counting on time of year
Management: For organizations with small IT Teams this is often an enormous consideration. the very fact that they do not need to worry about hardware upgrades, patch management, and overall operational cost of keeping services running means they will specialize in delivering business innovation through IT.
Get access to enterprise software you couldn’t afford before: the times of only large enterprises having access to enterprise software is long gone and SaaS provides companies of all sizes access to software that permits them to compete with organizations of a way bigger size.
– Certain Cloud Services work on an ROI model: There are a variety of Cloud services like DR as a Service, Storage as a Service, and Backup as a Service that is very easy to create out an ROI thanks to the known costs of providing these services in-house. an honest example is a backup where Nephos Technologies partners with companies that will provide this service for around £1500 per TB per annum, which is hugely cheaper than providing it on-site.
– Test and Development: To me, this is often a no brainer because it greatly reduces the value of deploying these sorts of environments and also decreases the time to plug for brand spanking new services through the software lifecycle.
– Technology Refresh: this is often the time when an ROI argument involves the fore if customers are watching changing from capital to operational model.
– Mobile/New Markets: With a variety of companies looking into interacting with customers in a new way (mobile/social media) and also looking into new international markets Cloud provides a simple thanks to testing these strategies without an enormous investment.
To highlight the very fact that if you understand the purchasers business requirements it's indeed possible to supply cost savings through Cloud; Nephos Technologies recently completed a bit of labor for an EU retailer where we delivered 45% savings on predicted cost, 38% savings on overall operational cost and 61% savings thereon for opening up a replacement site. information technology colleges
We did this by understanding their business plans and matching services to those problems, not by pumping a load of numbers into a spreadsheet to demonstrate an ROI.
The last item I will be able to say on this subject is that Cloud must be checked out as equivalent as any new technology and will be supported by business requirements not because it's the newest flashy thing to try to do. you would like to know why you’re considering it as an option and what the top game is – what benefit are you actually trying to achieve!
Cloud must be checked out as an equivalent as any new technology… what benefit are you actually trying to achieve?!
At Nephos Technologies our Cloud Feasibility Study delivers an adoption strategy that highlights the areas we believe you ought to, could, and definitely shouldn't check out as potential candidates for deploying Cloud services. It starts with speaking with a line of business managers to urge an understanding of how your business works and what your future business plans are. We also evaluate your current IT infrastructure to know about development plans and changing requirements. Then, and only then, can we feel we are in a place to start out watching where Cloud could be ready to help our customers achieve those goals? Office 365 and Google Apps, what's there to choose??
By Kerry Burn, CEO, 848 GroupKerry Burn of 848 Group
Understanding the differences between Google Apps and Office 365 may be a bit just like the comparison made a couple of years ago by an Italian journalist Umberto Eco between Apple and PCs.
Umberto argued the following:
‘The fact is that the planet is split between users of the Macintosh computer and users of MS-DOS compatible computers. I'm firm of the opinion that the Macintosh is Catholic which DOS is Protestant. Indeed, the Macintosh is counter reformist and has been influenced by the “ratio studiorum” of the Jesuits. it's cheerful, friendly, conciliatory, it tells the faithful how they need to proceed step by step to succeed in – if not the dominion of Heaven – the instant during which their document is printed. it's catechistic: the essence of revelation is addressed via simple formulae and luxurious icons. Everyone features a right to salvation.
DOS is Protestant, or maybe Calvinistic. It allows free interpretation of scripture, demands difficult personal decisions, imposes a subtle hermeneutics upon the user, and takes without any consideration the thought that not all can reach salvation. to form the system work you would like to interpret the program yourself: an extended way from the baroque community of revelers, the user is closed within the loneliness of his own inner torment.’
To make the system work you would like to interpret the program yourself. (Umberto Eco)
The current bully-off between Google and Microsoft isn't dissimilar. within the following paragraphs, I provide a brief overview of every, 848 cloud services can advise further on both.
Microsoft Office 365Following the purpose made by Umberto, Office 365 for Enterprises may be a product that gives salvation to those that are prepared to place the trouble in. Out of the box, you'll found out a strong messaging and collaboration platform (using Lync) and you'll found out saving documents to a web SharePoint platform. The effort is required however to commission the collaboration features of Office 365 and in our experiences, you'll get to employ SharePoint expertise as a part of the rollout of such technology.
Mobile connectivity is additionally impressive on Android and Windows mobile but there's an additional charge for BlackBerry. Connectivity is that the same as people are wont to with BlackBerry services today
Office 365 also includes impressive Unified Communications capabilities, you'll federate users on Office 365 to other company’s using Lync and it's superior sharing and collaboration facilities borne out of its Live Meeting service.
The Office Web apps also offer an identical look and feel to Office, therefore there's a shorter learning curve than using Google Apps.
Google AppsGoogle represents the purest sort of cloud computing, built from the online up it means anyone with access to an online browser can use the suite of applications within Google Apps. Google apps offer mail, calendar, contacts, sites, and Google Talk with the power to use a custom domain (we are surprised what percentage of people don't realize that you simply can use your own Internet domain) and also include an Office-compatible web apps suite permanently measure.
Google offers a variety of features in its Google Apps for business service that provide immediate gratification and ‘out of the box’ features that include superb collaboration and therefore the ability to use your existing Microsoft Applications with the Google rear. the mixing isn't perfect and would wish to be tested but it's a reasonably compelling experience for the investment required.
Mobile connectivity is well catered for, all of the leading mobile devices are ready to connect via Google Sync and sync mail, contacts and calendars. within the case of the iPhone and Android (arguably the 2 platforms which will be left standing within the coming months), you'll sync and search server side. A service that has only really been available for people with an outsized Exchange environment so far.
Google apps include Google Hangouts, supported the Plus service, this enables up to 20 people to speak in real-time and perform a spread of sharing and collaboration tasks. it's likely that Google will charge for this within the future except for now it's a really attractive add-on for people using the platform.
The soon to be released Office 2013 will see Microsoft further consolidate their strategy to form their products ‘more cloud-like’ and critically it'll appeal to corporate IT departments where the new functionality in Office 2013 will allow public sharing via SkyDrive and – in fact – integration with enterprise storage like Sharepoint.
Google Apps have, needless to say, modified the Google Plus offering in order that it's much more enterprise-friendly with restricted sharing and integration with calendar and email. Using video conferencing as a neighborhood of online collaboration may be a natural extension and Google have an outstanding integration.
One cannot rule out the importance of federation either…
One cannot rule out the importance of federation either, Box.com is leading the way here with a decent and well-managed service that integrates with Google and Microsoft solutions. People using Box can easily set up secure areas to make virtual deal rooms between partners and suppliers and integrate this into existing applications. Box may be a luminary within the BYOD strategy because it allows an enterprise client the prospect to offer the users what they need by allowing use on devices whilst maintaining enterprise security. it's not always that easy to maneuver email systems, particularly with larger numbers of users.
What do you have to choose?
Choosing a cloud-based mail and collaboration service from any of the large players is like choosing a luxury car, all luxury brands can get you from A to B but they're going to roll in the hay in a slightly different way and portray a view of the sort of selections you the driving force have made to settle on that car. Google and Microsoft want IT to be fun and productive and these products go how towards offering this.
For the IT departments in Mid Market to Enterprise Microsoft may be a logical choice, it's more complex to line up and in larger deployments, the lower disruption shouldn't be underestimated. A business can deliver a cloud-based solution and if they want the users can almost migrate with a minimum of disruption.
In a more disruptive and indeed more maverick type company, Google Apps is that the friend of the anti-microsoft brigade, but it's a robust enterprise pedigree and has won a substantial amount of plaudits with their larger corporate wins with Rentokil, BBVA, Hillingdon council, et al. . there's also much to be said for the simplicity of its licensing model and cross-platform and device support.
either way, people aren't getting to put up with a scarcity of choice for much longer people want their own devices and their own way of working. I cannot consider a time where it's been easier to realize this.