Feb
15

Top Cloud Security Trends for 2016

Top Cloud Security Trends for 2016

Tim Prendergast February 8, 2016

More organizations of all sizes are moving their business-critical operations and workloads to the cloud, and as we head 2016, these trends will only to intensify. According to a report from Gartner, public-cloud services will see growth of 13.5% during 2015, and spending on cloud services will continue to increase through 2019. Gartner also found that 80% of IT organizations expect to increase their investments in cloud computing in the years to come. This trend makes it more important than ever for IT organizations to use a cloud-specific security strategy that employs cloud-native solutions—those developed exclusively for cloud environments.

Cloud security requires a different approach than traditional IT security in an on-premises data center environment because it requires in-depth knowledge of certain nuances and challenges that are unique to working in the cloud. Yet many IT managers have yet to fully understand this new reality for securing their cloud infrastructure.

Without a cloud security strategy that is geared toward the unique intricacies of the cloud, your organization risks losing time and money by exposing your deployment to vulnerabilities that can be identified and mitigated with the right tools. After all, one of the biggest drivers behind moving to the cloud is reducing costs and gaining efficiencies of scale. But an uninformed approach to cloud security can jeopardize the gains you anticipate in moving business processes to the cloud. For example, if you simply try to drop an IDS in the midst of your cloud deployments, you risk losing elasticity, breaking things or simply falling short of the target security threshold for maintaining compliance or upholding service requirements.

With that in mind, as we look ahead to 2016, it’s worth taking a closer look at some of the top trends not only in cloud adoption, but in cloud security as well. Here are a few of the top trends that will be impacting organizations’ cloud security efforts in 2016:

Emergence of Serverless Frameworks

One of the most challenging innovations in the cloud in 2016 will be the rise of serverless frameworks. They includes elements like Amazon Web Services’ (AWS) Lambda and the rise of code-PaaS (code-based platforms-as-a-service), in which IT departments will no longer have to manage an operating system or virtual machine.

This is a big change for cloud security strategy, because it means APIs are becoming an additional area of vulnerability for attacks. It’s an area where IT teams are usually unaccustomed to configuring for and defending against these types of threats.

Host- and Network-Based Security Measures Move to the Control Plane

Another aspect of cloud security that differs from traditional data center environments is that security features are moving into the control plane. This change is opening up more opportunities for IT to get information about risks and vulnerabilities as they arise. And instead of presence-based discovery, as is par in a traditional in-line network, a big advantage for cloud security will come in the form of real-time “firehose streams” of updates on network, host and serverless-process events through APIs.

Cloud-Aware Security Solutions Delivered by Incumbents

Cloud security will be delivered by more than innovative startups, because as cloud infrastructure becomes more important to organizations of all sizes, cloud security solutions will have to evolve to keep up. This evolution will happen from cloud security providers of all sizes, including some of the big incumbent players in the IT security industry. For example, multiple vendors are coming to the market with solutions for Windows- and Linux-based workloads in AWS. Other incumbent vendors will see more pressure from customers who need them to support hybrid deployment models that include traditional data centers and AWS.

Whether it’s by acquiring smaller IT vendors or by developing innovative new products, big security players will become more involved with delivering cloud-based security solutions. And if not, they’re going to risk disruption by faster-moving competitors.

Azure and AWS Will Compete on Security Features

Large platform providers like Microsoft Azure and AWS practice a “shared security” model where they focus on securing the platform itself. Within that model, however, these providers will be looking to further enhance the features and security aspects that are the responsibility of customers to help improve their overall cloud security experience. Forrester describes the shared-security model as “an uneven handshake” where customers have a certain level of responsibility for security in a variety of roles, including enterprise integration, governance, architectural views and other areas.

In 2016, look for Azure and AWS to start offering new rich security capabilities via new platform features or third-party products. This effort will create less of an “uneven” handshake as platforms begin to offer greater transparency and new capabilities to support the customer’s security efforts.

Security Becomes Native to CI/CD Pipeline and Tool Set

In cloud infrastructure, especially as more organizations switch to a DevOps style of rapidly developing and deploying applications in the cloud, security should no longer be considered a separate entity from development and deployment. In 2016, cloud security will become more widely integrated and native to the overall process of continuous integration and continuous deployment (CI/CD), with tools like Jenkins being used to verify code and validate security as a standard quality-assurance step.

More vendors are offering DevOps-enabled tools for security testing and monitoring, such as SAST technologies to analyze source code and conditions of an application in a static state from the “inside out” to find security vulnerabilities and DAST technologies to detect possible security vulnerabilities while an application is running. IT security is becoming faster and more agile in the DevOps environment.

Cloud Security Will Accelerate

Attacks on cloud infrastructure are becoming more sophisticated and automated, and this trend is unlikely to abate in 2016; if anything, attacks on the cloud will become even more intense because more organizations are storing more and more valuable data in cloud infrastructure. But the cloud security landscape will reflect the same tension in that “uneven handshake” of shared security responsibilities. According to research from Gartner, “Through 2020, 80% of cloud breaches will be due to customer misconfiguration, mismanaged credentials or insider theft, not cloud provider vulnerabilities.”

IT organizations need to upgrade their security preparations with real-time alerts and response capabilities while also taking a closer look at their in-house operations, internal configurations and employee security training and credentialing.

Conclusion

Cloud security is on the minds of more IT managers than ever before, and as the threats and vulnerabilities become more complex, the solutions and systems for responding to those threats are becoming more agile and integrated into the overall picture of what it means to work in the cloud. Hopefully in 2016, all of these trends will combine to result in stronger and a more adaptable security presence for cloud platforms and IT organizations alike.

P3 strives to bring you quality relevant industry related news.
See the origial article at: http://www.datacenterjournal.com/top-cloud-security-trends-for-2016/

Continue reading
  2874 Hits
2874 Hits
Jan
26

2016 Cost of Data Center Outages report

Data Center Outage Costs Continue to Rise

Latest benchmark study finds price of downtime continues to climb; average outage cost rose 38% in five years.

datacenter2

The 2016 Cost of Data Center Outages report estimates the full costs associated with unplanned outages at data centers.  63 data center organizations in the U.S. that had experienced an outage in the past 12 months were polled.

  • The average total cost per minute of an unplanned outage increased from $5,617 in 2010 to $7,908 in 2013 to $8,851 in this report.
  • The average cost of a data center outage rose from $505,502 in 2010 to $690,204 in 2013 to $740,357 in the latest study. This represents a 38% increase in the cost of downtime since the first study in 2010.
  • Maximum downtime costs are rising faster than average, increasing 81% since 2010 to a current high of $2,409,991.
  • UPS system failure, including UPS and batteries, is the No. 1 cause of unplanned data center outages, accounting for one-quarter of all such events (see Bar Chart 1 below). Cybercrime represents the fastest growing cause of data center outages, rising from 2% of outages in 2010 to 18% in 2013 to 22% for those sampled in the latest cost of downtime study.

Bar Chart 1: Root Causes of Unplanned Outages

barchart9

Root causes of unplanned outages: Comparison of 2010, 2013 and 2016 results

Bar Chart 2 (below) reports the average cost of outage by primary root cause of the incident. As shown below, IT equipment failures result in the highest outage cost, followed by cyber crime. The least expensive root cause appears to be related to weather followed by accidental/human errors.

Bar Chart 2: Total Cost by Primary Root Causes of Unplanned Outages (thousands of dollars)

barchart10

Total cost by primary root causes of unplanned outages: Comparison of 2010, 2013 and 2016 results, $1,000 omitted

P3 strives to bring you quality relevant industry related news.
See the origial article at: http://ecmweb.com/power-quality/data-center-outage-costs-continue-rise?NL=ECM-06&Issue=ECM-06_20160126_ECM-06_290&sfvc4enews=42&cl=article_1&utm_rid=CPG04000000088416&utm_campaign=6334&utm_medium=email&elq2=62b66a18ce2344abb8ae4caa138260dd

Continue reading
  3807 Hits
3807 Hits
Jan
26

Eaton Selected to Modernize American Electric Power Substation Automation Systems

Eaton Selected to Modernize American Electric Power Substation Automation Systems

Eaton Selected to Modernize American Electric Power Substation Automation Systems

Power management company Eaton today announced a contract win to help American Electric Power (AEP) implement substation automation upgrades to enhance power reliability and real-time response to events. Eaton’s substation automation solutions, turnkey engineering and project management services will help the major utility continue to deliver high quality electric power to nearly 5.4 million customers across 11 states. Contract terms were not disclosed.

“Substation automation systems are integral to supporting an adaptable, secure and responsive infrastructure,” said John Stampfel, vice president and general manager, Electrical Engineering Services and Systems Division, Eaton. “With world-class services and technology, Eaton is well positioned to help AEP modernize legacy substation automation solutions with the real-time data and analytics needed to support a smarter grid.”

Under the contract, Eaton will evaluate the communications and intelligence systems at designated AEP substation locations. Systems will then be modernized in compliance with industry requirements. Real-time communications and data acquisition capabilities will be supported by Eaton’s Cooper PowerTM series substation gateways. Eaton will also manage all substation system design, project management, installation and commissioning to help ensure a seamless transition to the new technology.

The engineering service contracts follow previous agreements with AEP to incorporate Eaton’s Cooper Power series SMP gateway and Remote Terminal Units (RTUs), which are used in thousands of substations worldwide to gather data, translate protocols and provide secure remote access to substation intelligent electronic equipment devices. The project is expected to be complete in 2018.
Eaton has one of the largest and most experienced teams of power system engineers in the industry. Eaton's Electrical Engineering Services and Systems team offers a comprehensive portfolio of services tailored for every stage of a power system's life cycle, whether design, build or support.

EatonLogo

P3 strives to bring you quality relevant industry related news.
See the origial article at: http://www.eaton.com/Eaton/OurCompany/NewsEvents/NewsReleases/PCT_1627344

Continue reading
  2769 Hits
2769 Hits
Jan
26

The 10 Craziest Code Violations of 2015

AppallingPanel slide 1

ConduitCluster slide 2

GroundsforRemoval Slide 3

HoleyHacker slide 4

InstallerGrounded Slide 5

NoSupport Slide 6

SaunaSwitches Slide 7

ScrewLoose Slide 8

Sleeve Slide 9

SunDamage Slide 10

P3 strives to bring you quality relevant industry related news.
See the origial article at: http://ecmweb.com/nec/10-craziest-code-violations-2015#slide-9-field_images-131291

Continue reading
  2383 Hits
2383 Hits
Jan
18

Outages fail to take holiday break, leave 1 million+ without power

December is traditionally a month filled with festive holiday lights, but that celebration was cut short for more than 1.1 million people as Eaton’s Blackout Tracker logged 299 power outages to close out 2015. Even Old Saint Nick was forced to reach for a flashlight, considering 29 outages occurred on either Christmas Eve or Christmas Day. In all, power was collectively knocked out for more than 6 ½ days last month, with cuts spanning a variety of causes. Here's a roundup of some of the most significant:


A non-patented approach to power outages

The U.S. Patent and Trademark Office's Web applications were finally back online Dec. 28 after the agency’s Alexandria, Va., headquarters endured a malfunction in the power supply lines that feed into two power filtration systems. The Dec. 22 incident shut down data center services and damaged IT equipment, causing filing, searching and payment systems used by examiners and the public to go dark.  With its IT staff working through the Christmas holiday weekend to restore the systems, the agency warned that continued fixes might cause systems to go offline again.

A USPTO spokesman would not say whether the outage could have been caused by malicious activity or whether the incident would change how the agency backs up its systems.


Blackout prevents city from blasting tornado warning

Millions of people who reside in tornado-prevalent areas rely on warning systems to stay safe. Unfortunately, residents in Waxahachie, Texas, didn’t receive notification of a violent storm barreling toward them on Dec. 26 after a power outage cut communication with storm spotters and failed to activate outdoor emergency sirens. The National Weather Service issued a tornado warning that the dangerous storm would be near Waxahachie, advising residents to "Take cover now! Move to a basement or an interior room on the lowest floor of a sturdy building."

A city spokeswoman revealed that during the storms, city hall experienced a brief power outage, causing the emergency management office to lose communication with the National Weather Service and local storm spotters. "Although the outage only lasted a few minutes, once the communication was re-established the threat had passed,” the statement said. “As a result, the outdoor warning sirens were not activated."  While Waxahachie does have backup generators, the spokesperson said it takes about seven minutes for all of the systems to reboot and come back online. Fortunately, the city escaped damage.

Mother Nature’s wrath struck again on Dec. 29 in Oklahoma, when the U.S. Geological Survey reported a 4.3 magnitude earthquake centered near Edmond. Immediately following the quake, some 4,400 people lost power and residents near the epicenter reported property damage.


Snakes and squirrels and hawks, oh my!

A variety of critters were blamed for knocking out power in locations across the country throughout December, with 18 separate animal-related incidents tracked. In Bellevue, Tenn., a rat in an underground cable caused a lengthy outage for 1,000 residents, while 2,500 customers in Mequon, Wis., were left in the dark after a snake slithered into some equipment there. A utility representative said that normally reptiles are hibernating in the winter months, but it's possible that with unseasonably warm temperatures, the snake was moving and got nabbed by a bird of prey. And speaking of birds of prey, a hawk landed on a transmission line and cut power to 13,000 residents in Concord, N.H.  Five additional outages were attributed to birds, while squirrels were held accountable for knocking out power in nine other instances.

P3 strives to bring you quality relevant industry related news.
See the origial article at: http://switchon.eaton.com/plug/article.aspx/outages-fail-to-take-holiday-break-leave-1-mi?utm_source=The_Plug_Weekly_01-12-16&utm_medium=end-user-email&utm_campaign=The_Plug_END&utm_content=Article_1_01-12-16&elq=27691f264d8048b680db98a662bffe6f&elqCampaignId=2557&elqaid=8473&elqat=1&elqTrackId=d1d855c6a4334de6a709a6652d1a7d96#modal

Continue reading
  2595 Hits
2595 Hits