SOGETI UK BLOG

From GoT to the Enterprise

The continual increase in unstructured Big Data from the Internet of Things, the changeable requirements for developing successful mobile NoSQLapps and the trend for user-generated content are paving the way for NoSQL databases to prove their value. Relational databases will still be useful for managing more structured, uniform data sets, but they don’t possess the flexibility, agility, scalability and analytics capabilities of NoSQL database management systems. For example, multi-tenant applications such as popular games like Vainglory and Game of Thrones, require developers to make frequent feature updates and specific changes to individual characters for creating interesting capabilities to keep users interested. Similarly, as an increasing number of businesses undertake more Agile projects or undergo digital transformations, updates need to be made to enterprise apps much more quickly. The fixed schema in relational databases does not lend itself to this rapid process of continuous innovation.

 

 

Benefits of NoSQL

SQL vs noSQL

The main benefits that NoSQL databases bring to multi tenant applications are:

  • Faster iterations permitted by dynamic schema that accommodate real time and other unstructured data by enabling rapid changes and constant updates, without any adverse effect to the entire database
  • Faster and partially automated application management and maintenance, as areas of the database can be altered in isolation without causing changes elsewhere
  • Horizontal elastic scalability for peak loads, as opposed to the necessity for vertical scalability in SQL databases
  • High availability, reliable performance and better end user experience as NoSQL databases are built to serve predictable, low-latency requests
  • More cost effective than SQL as NoSQL only requires cheap commodity servers for effective operation

 

Health & Fitness

A good example of the benefits of a NoSQL database in action is Microsoft’s use of their own Azure DocumentDB to produce a scalable, schema-free and queryable distributed data store for MSN.com – their portal spanning 26 global markets with over half a billion monthly users. They initially rolled it out for the Health & Fitness section, which required scaling and authorisation capabilities to support 425 million unique users and 100 million direct authenticated users, creating a requirement for 20 TB of document storage. The write latency had to be under 15ms with 99% of read requests coming in at single digit latencies. The storage needed to be schema free and required rich query and transaction support with Hadoop based analytics, while the diverse set of vertical schemas required suitable data model extensions. MSN decided Azure DocumentDB was best placed to meet all their requirements and their applications were redirected and fully operational on the new database within just two months.

Several multi-tenant scaling solutions are available with Azure DocumentDB; and the type of project and desired outcomes will dictate which ones are right for you.

Sharding & Security

Here are some examples of the horizontal scaling or “sharding” and security capabilities:

  • Create multiple collections or reuse them for cost-effectiveness and choose to partition by collection or by database
  • Store tenants within a single collection for a simpler, more cost effective solution with transactional support across all data and then dynamically add collections as the application grows
  • When you partition across multiple collections in this way, you can also ensure that larger tenants have access to more resources by allocating them their own collection
  • Ensure security at the application level by adding a tenant property inside the document for tenant identification, using filters to retrieve data belonging to a particular sub-set of tenants and utilising authorisation keys to isolate tenant data and restrict access
  • Where you have a large set of users and permissions, you can place tenants across multiple databases to simplify the management process
  • Azure also allows you to partition tenants by database account, enabling isolation so that individuals can take responsibility for managing their own sets of collections and users
  • Various sharding options are available including, Range, Lookup and Hash partitioning for division by, for example, timestamp and geography, date by user / country / hash code for even distribution respectively.
  • Azure enables both read and write fan-out queries whereby the app queries /asks each of the partitions you have created in parallel and consolidates the results.

When considering which type of database to select, a great starting point is to look at your Customer Experience Management strategy and choose your solution based on the development speed, performance levels, security and scalability that best matches your customers’ needs and expectations.

To read the original post and add comments, please visit the SogetiLabs blog: Scalable Database Solutions for Multi Tenant Applications – The Rise of NoSQL

Related Posts:

  1. Top 10 post: “NoSQL: what’s in it for me?”
  2. NoSQL : What’s in it for me?
  3. NewSQL: what’s this?
  4. Our top 10 2014: NewSQL – what’s this?

Kevin Whitehorn AUTHOR:
Kevin is Head of Delivery for all Infrastructural and Developmental engagements with Sogeti clients in the UK. The engagements he looks after range from Desktop Transformation, Hybrid Cloud implementations and Application Portfolio Refreshes, to the introduction of fully Managed Services.

Posted in: Application Lifecycle Management, Azure, Big data, Digital, Enterprise Architecture, Innovation, IT strategy, Microsoft, Security      
Comments: 0
Tags: , , , , , , , , ,

 

What’s Up Doc?

Digital globalization, the explosion of mobile technologies, increasingly complex supply chains, the BYOD trend and the tendency for even business people to use consumer caliber file sharing systems mean that the integrity and security of Info rights managementcorporate documents have never been more at risk. In a recent study, leading analyst organization Ovum discovered that majority of the organizations are relying on inadequate firewalls in a vain attempt to protect their sensitive information throughout its life span. This makes a business vulnerable to regulatory non-compliance and data leakage, with sensitive documents falling into the hands of competitors and costly mistakes being made when multiple versions of the same document are floating in the cyberspace. These are serious issues that will affect the reputation of your business and will challenge your clients’ loyalty to your brand.

This Message Will Self Destruct

Information Rights Management, the artillery of special document protection techniques, goes hand in hand with authentication, authoriz(s)ation, advanced multi-dimensional access control, auditing, encryption, electronic signatures, identity management and digital shredding. To meet the demands of new technologies, IRM has grown and the new generation of systems give you file-level control, auditing competencies and a more flexible and effective document protection strategy. Now, you can ensure that your intended privacy levels are integral to the document or file, the rights stay with the original ownership and your assets are properly secured within your corporate environment, in transit and beyond.

Today’s Secret Word Is…

Microsoft’s IRM solution is one of these super breeds and works alongside the easy-to-use interface of Office 365 Message Encryption for a comprehensive, simple-to-configure, user-friendly solution to all the potential challenges you face when your documents pass out of your control and into the hands of another team member or a partner. When you need an additional layer of protection, you can choose your own policy, for example by using the encryption feature and creating a named group of people who are the only ones with the power to make amendments. The IRM protection remains even when amendments are being made to the document in different locations. In addition, you can sync your protected documents to OneDrive for Business and syncing libraries, which was awkward and clunky before, is now simple to do. For document protection in the Cloud, Microsoft  Azure Rights Management (RMS) protects all file types in any environment, shares files securely by email, allows monitoring and auditing,  supports all commonly used devices (not just Windows computers) and supports B2B collaboration and on-premises services, in addition to providing excellent scalability and regulatory compliance.

Resistance is Futile

IRM is an important part of your Online Reputation Management Strategy (ORMS). When considering what provider to work with, ensure that the available features allow you to enforce your corporate policy, secure the safe passage of sensitive information, activate or end the life span of a document, restrict editing, viewing and forwarding, prevent screen printing and enable a full audit of your IRM. A sensible rule of thumb is to automate as much of the policy assignment as you can and enable users to add another layer of protection where necessary. It’s because this eliminates room for human error and forgetfulness. When IRM is this simple to implement, it would be foolish for us all to not make the most of this often-overlooked tool and reap the benefits of additional protection and enterprise-wide peace of mind that extends to your partners and clients.

Related posts:

Kevin Whitehorn AUTHOR:
Kevin is Head of Delivery for all Infrastructural and Developmental engagements with Sogeti clients in the UK. The engagements he looks after range from Desktop Transformation, Hybrid Cloud implementations and Application Portfolio Refreshes, to the introduction of fully Managed Services.

Posted in: Azure, Big data, BYOD, Cloud, Digital, Microsoft, privacy, Risk, Security, Test Tools      
Comments: 0
Tags: , , , , , , , , , , , , , , , , , , ,

 

cloud-securityThe great benefits of the Cloud are its flexibility, on-demand availability, cost effectiveness, scalability and the way it enables a more agile approach to working. When you’re considering your cloud security strategy, you need to ensure that it reflects these characteristics to be truly effective. Maintaining security in the Cloud also necessitates a shared responsibility between Cloud Service Providers and their clients. As it’s impossible for clients to simply walk into a supplier’s datacentre to implement security measures; you need to use tools such as guest operating system firewalls, Virtual Network Gateway configuration, and Virtual Private Networks to secure your estate.  Only by working together can you ensure that your applications and data are protected, the required compliance regulations are met and maximum levels of business continuity are achieved. It’s essential to take each of the different aspects of Cloud deployment, physical infrastructure, network infrastructure, virtualisation layer, operating system, applications and data to determine which security measures fall within the remit of the providers and which need to be dealt with directly by the client.

It’s crucial to choose a provider with a trusted Cloud infrastructure and a dynamic security strategy with a combination of access controls, authentication and encryption, firewalls and logical isolation. It’s necessary to design, create and manage your own applications and additional infrastructure in the Cloud … safe with the knowledge that they are as secure as possible from malware attacks, zero-day vulnerabilities and data breaches. It’s also highly recommended to choose a provider that undergoes regular third party audits to ensure that security measures adhere to industry standard frameworks, and be innovative and find a good balance between provider and client ownership and accountability.

Microsoft’s White Paper on Azure Network Security, is an interesting example of a powerful shared responsibility security strategy. Azure uses a distributed virtual firewall for the secure, logical isolation of customer infrastructure on a public cloud, balanced with the client deploying multiple logically isolated deployment and virtual networks according to business requirements. Azure’s internet communication security is very high, disallowing any inbound traffic but allowing client administrators to enable communication with a choice of three different techniques via defining input end points, delineating Azure Security Groups or through a public IP address. The White Paper gives full details of securing all the different types of communication that you might require, including:

  • Securing communications among VMs inside the private network
  • Securing inbound communications from the Internet
  • Securing communications across multiple subscriptions
  • Securing communications to on-premises networks with Internal or Public Facing Multi-Tier Application

Security Management and Threat Defence are also explored in detail. Administrators can create a VM using either the Azure Management Portal or Windows PowerShell, both of which have in-built security measures. The first assigns random port numbers to reduce the chances of a password dictionary attack and the second is needed for remote ports to be explicitly opened. Again, these strong measures can be minimised by client administrators; and Microsoft gives good advice on how this can be achieved.

Azure offers a continuous monitoring service with a distributed denial-of-service (DDoS) defence system, which is continually improved through penetration-testing.  Although not mentioned in the White Paper in detail, it’s worth noting that Microsoft conducts regular penetration testing and also allows customers to carry out their own pre-authorised penetration testing. Network Security Groups are used to isolate VMs within a virtual network for in- depth defence and to control inbound and outbound internet traffic. Microsoft’s guidelines for Virtual Machines and Virtual Networks also apply to securing Azure Cloud Services. There have been further improvements to MS Azure’s Network Security since the  3rd version of the White Paper was released in February 2014. The most notable improvements were noticed since October 2014, when MS announced the general release of Network Security Groups with easier subnet isolation in multi-tier topologies, simpler policy validation and compliance with site to site forced tunnelling and VPN support for Perfect Forward Secrecy.

Regardless of whether you decide to use Azure or not, the White Paper is worth a read as a good overview of how a strong cloud security strategy divides responsibility between the provider and the client.

To read the original post and add comments, please visit the SogetiLabs blog: Cloud Security is a Shared Responsibility

Related Posts:

  1. The Winds of Change in Cloud Security
  2. It’s the platform, stupid
  3. Hybrid Cloud, Hybrid clients…hybrid solutions!
  4. Cloud usage flavors for Development and Test teams

Kevin Whitehorn AUTHOR:
Kevin is Head of Delivery for all Infrastructural and Developmental engagements with Sogeti clients in the UK. The engagements he looks after range from Desktop Transformation, Hybrid Cloud implementations and Application Portfolio Refreshes, to the introduction of fully Managed Services.

Posted in: Azure, Cloud, communication, Microsoft, Point Zero, privacy, Security      
Comments: 0
Tags: , , , , , , , , , , , , , ,

 

ostrich_head_in_ground_fullThe Ostrich Affliction

From naked celebrities gaining allegedly unwanted publicity from hacked iClouds to Sony’s misfortunes at the hands of the inaptly named Guardians of Peace, hearts were left bleeding after an alarming number of scurrilous, high-profile cyber security attacks last year. As Lancope CTO, TK Keanini told E&T Magazine: “The big message in 2015 is that security is everyone’s problem.” Therefore, although essentially a top-down initiative, every employee needs to take responsibility and be accountable for security breaches; and every business needs to rethink their security strategy. However, various reports/studies reveal that several organisations are not taking the necessary actions to control security breaches. In their “Get Ahead of Cyber Crime” report, Ernst & Young found organisations remain unprepared and PWC discovered that 60% of Boards are not involved in security. These organisations seem to be taking the ‘ostrich stance,’ burying their heads in the sand, forgetting that their back end is exposed, making their hiding place visible, accessible and insecure.

Security Deficit

There are several reasons for inadequate cyber protection. As Fred Piper, Emeritus Professor at Royal Holloway told delegates at the SC Congress 2015 that there is a deficit of education, knowledge and expertise in cyber security. Also, technology is developing faster than the rate at which security is advancing. A vast number of users access a plethora of resources, from myriad devices with variable security, using an inordinate number of identities… therefore, the usual security measures are simply not sufficient.

Dr Who, Doomesday and the Daleks

One of the five key critical areas, identified in the UK government’s Cyber essentials Scheme, is Access Control, Identity and Administrative Privilege. The inadequacy of perimeter security is driving us to adopt flexible solutions such as Cloud-based identity as a service (IDaaS), which enables the fast deployment of new features and increased agility for upscaling and downscaling security measures. A good security strategy teaches users, what strong passwords look like, favours alternative security measures, increases multifactor authentication and reduces the number of identities per user. This may start to sound like the Cybermen and Daleks stand-off in the Doomesday episode of Dr Who, with both sides yelling “identify yourself” repeatedly; but worry not, there are some simple solutions to these challenges and at least, high profile attacks have raised awareness before your business got exterminated!

Keeping it Simple

There are three basic identity models. Cloud, Synchronized and Federated and Microsoft offer all three. So, let’s take a look at what they comprise, what the benefits are and how you can decide which one is right for your business. If you have a small number of users and don’t require any on-premise identity configuration, or your on-premise directory is complex and you want to avoid difficult integration or trial Office 365, then choose Cloud identity; however, bear in mind that users will have a siloed set of identities inside an Azure AD.

Synchronized Identity is a one-way sync between your on-premise Active Directory and Office 365. Users have the same username and password, but they will need to re-enter them. It’s simple to configure and eliminates the need to manage passwords in two locations.

Federated identity (single sign on) allows you to use your on-premise identity to authenticate Office 365, but there’s a real-time check against AD. So, users don’t have to re-authenticate if they are on the corporate network. Note that it requires deploying two-eight additional internal and internet-facing servers. This model works best when you already have an ADFS deployment, use a third party federated identity provider, have multiple forests in your on-premise AD or have an on-premise integrated smart card or multi-factor authentication (MFA) solution.

The good news is that with Microsoft, it’s simple to switch between the models. Therefore, you can start with the simplest model that fits your requirements and then switch according to the changing demands of the business. By doing this, you can rest assured that with regard to identity management at least, you have your head out of the sand and you’re protecting your business from the Daleks and Cybermen.

To read the original post and add comments, please visit the SogetiLabs blog: Identity Management, Ostriches, Daleks and the Dr.

Related Posts:

  1. The Winds of Change in Cloud Security
  2. The management problem of the 21st century
  3. Blockchain: The Missing Link to Multi-Billion Secure Connections
  4. New book: Staying ahead in the Cyber Security Game!

Kevin Whitehorn AUTHOR:
Kevin is Head of Delivery for all Infrastructural and Developmental engagements with Sogeti clients in the UK. The engagements he looks after range from Desktop Transformation, Hybrid Cloud implementations and Application Portfolio Refreshes, to the introduction of fully Managed Services.

Posted in: Big data, Business Intelligence, Cloud, communication, Digital strategy, IT strategy, Microsoft, Opinion, Research, Security, Technology Outlook      
Comments: 0
Tags: , , , , , , , , , , , , ,

 

cloud securityDon’t be Careless with Cloud

With the healthcare and finance industries storing sensitive data in the Cloud and high profile security breaches occuring at JP Morgan and Adobe last year, everyone is concerned that a Cloud security issue could cause major reputational damage, increase remediation costs and lead to loss of client trust. However, it’s important to remember that a breach in a traditional on-premise system is also not uncommon. I read in a recent BT report (on global IT leaders’ thoughts on the Cloud) that 76% of the IT leaders cited security as their chief concern; but the interesting part is that 50% of them admitted to adopting the ‘far-less-secure’ mass market consumer Cloud services, rather than a more secure hybrid solution, designed specifically for the enterprise!I

Is it all Bluster?

So, could these concerns be overblown due to a lack of awareness about Cloud security developments? I remember reading in Computer Weekly that, at the RSA Security Conference 2014, security experts discussed another survey from Intermap. This survey showed that, although 40% of the people who described themselves as “Cloud-wary” cited security as the main concern, only 15% of “Cloud-wise” respondents felt the same. Therefore, finding the appropriate Cloud service provider, who can help you become more Cloud security-savvy and has the resources to constantly update their security solutions, is clearly the key to success and peace of mind. Also, when it came to government requests for data, the experts rightly pointed out that big companies such as Google or Microsoft are better equipped to fight the legalities than individual businesses.

Are you Cloud Ready?

With 28% of applications already being hosted in the Cloud and an expected rise to 35% in 2017 (alarming or not), we are all headed towards Cloud for sure. So, how do we do it securely? Well, first it’s important to get a full Cloud readiness assessment to determine which apps and projects are suitable for migration. Secondly, it’s important to find a provider that has an innovative, customisable, regularly-updated security strategy and trusted partners in specialist areas, such as Testing.

Here are some top Cloud security considerations:

  • – Data Protection – classify and categorize your data sensitivity and adopt best-in-class encryption to secure the full spectrum of data, including data at rest.
  • – Threat Defence – ensure your provider employs intrusion detection and prevention systems, denial of service attack prevention, penetration testing, antimalware and data analytics to identify and mitigate threats.
  • – Network Security – securely connect multiple on-premises locations, and keep your traffic off the internet with a secure private connection to your provider’s datacenters similar to what Microsoft does with their ExpressRoute for Azure. Give your ITO better network control by getting your network traffic sent back to your on-premise location for policy validation and deploying multiple NICs.
  • – Identity & Access – Controlling who can see and manipulate your Cloud applications, is paramount to your security. Restrict access and permissions for sensitive resources, and ensure your reporting shows suspicious access and incidents like someone logging in from an unknown device, stopping a website or deleting a virtual machine.

Above all, I think that a change in attitude is the best way to approach designing a successful development and testing strategy in the Cloud. We should view this as a prime opportunity to reassess and enhance our security enterprise-wide. As hackers get more and more inventive, it becomes necessary to adopt such strict security measures to give your customers the confidence they deserve.

Related Posts:

  1. Is Cloud a return to the Stone Age?
  2. Our top 10 2014: Is Cloud a return to the Stone Age?
  3. Hybrid Cloud, Hybrid clients…hybrid solutions!
  4. Cloud shadows on corporate IT ( Part 2 )

To read the original post and add comments, please visit the SogetiLabs blog: The Winds of Change in Cloud Security

Kevin Whitehorn AUTHOR:
Kevin is Head of Delivery for all Infrastructural and Developmental engagements with Sogeti clients in the UK. The engagements he looks after range from Desktop Transformation, Hybrid Cloud implementations and Application Portfolio Refreshes, to the introduction of fully Managed Services.

Posted in: Cloud, Microsoft, Security      
Comments: 0
Tags: , , , , , , , , , , , , , , ,