Stupidity and Cyber Security

The Norwegian incumbent telecom Telenor filed a criminal police case last year for unlawful computer intrusion, and a Norwegian security analyst uncovered a previously unknown and sophisticated infrastructure for targeted attacks - and Phishing attacks are the most common method. Telenor and other large enterprises spends a silly amount of millions to repair the damages after these cyber attacks - and none of us should be surprised as all of us are almost daily receiving various phishing attacks that are getting more and more sophisticated.

The problem is however possible to avoid by more sophisticated analysis of the content of your incoming email's. One simple method is of course to investigate the attachments thoroughly (we are already doing that) and specifically the URL's, but we all know that at the end of day it is really very hard to avoid stupidity - that is executives that double clicks on "anything"and consequently they are exposing not only themselves, but all of their executive peers by clicking on one of these URL's without caution (apparently because they believe they have a fool proof early detection system) and all it does is opening a back door to your system. Its happening every day, thus the enterprises need to make major investments into sophisticated solutions that can cover up for the executives stupidity - whilst the rest of us just have to apply a small portion of intelligence and consideration before we dump the phishing email in the waste box. One thing is that we who receives these phishing attempts can possibly try to apply a bit of common sense, but we should also educate all those that are sending us serious and proper emails to avoid sending links, in most cases it is more than enough to just instruct us to login on to a specific site (your named bank etc) without providing the link.



References:
Telenor cyber attack

Hybrid Cloud - an Orchestration Nightmare?

Gartner Says Nearly Half of Large Enterprises Will Have Hybrid Cloud Deployments by the End of 2017. Interesting, multiple analysts and market research companies predicts more or less the same, thus we should possibly prepare our self for an avalanche of large enterprises that wants to connect their private cloud to various public cloud offerings - or what?

Hybrid Cloud - multi cloud

We all know that most of the large enterprises are all engaged in building their private cloud solutions, for the right reasons, i.e. automated, ubiquitous, agile and flexible services - all to a lower cost than the traditional IT services!

Lets assume that the enterprises are achieving what they expect from their private cloud and is now ready for the next big step, the Hybrid Cloud.

Until recently this basically implied setting up an agreement with a public SaaS supplier and integrate their services as transparent as possible - including by deployment of an appliance that was "out-of-the-box" integration ready - all good, but the reality of today is that the enterprises wants to move discrete workloads into the cloud and establish this cloud service transparently to their users, not only specific applications.
We also know that the enterprises have spent lots of resources into finding the right tools and management software enabling them to orchestrate their private cloud environment. So how are they going to establish seamless and transparent services integration across the clouds? How are the enterprises going to leverage the synergy from their private cloud investments and automation/service management tools?
Not by some integration appliances because they don't exist! Also, each of the public cloud providers  have selected, and in many cases developed (home-brewed), their own tools and management software - so how are the enterprises going to integrate across all these desperate service management solution and make the environment manageable and seamless across the clouds?

Orchestration Nightmare!

Cloud providers, and consultancy companies, will of course offer you services that will help you on your way.... but will you be able to not compromise your own investments in tools and software when your public cloud provider have selected completely different solutions and tools?

Okay, we have not mentioned standards - after all the whole idea with standards is to make sure you actually will be able to integrate across different platforms, but to me the only standards that are of interest in order to protect existing investments and make sure you will be able to control and establish the seamless and transparent hybrid cloud solution, are the integration standards, i.e. the APIs like REST and its web services.

Through publication of standardised APIs, by the cloud providers, the enterprises will be able to integrate and control their discrete environment that they have lifted into the public cloud - and it gives the enterprises the ease of moving these discrete workloads to other cloud providers, if required - thats the agility and flexibility that is needed for the enterprises in the future to ensure the most cost efficient dynamic cloud...