Connect with us

Expert Speak

The Next Phase of Kubernetes Education will Drive Simplification of Deployment

Published

on

Written by Claude Schuck, Regional Director, Middle East at Veeam Software

Kubernetes is still in its early educational phase as a technology. On Gartner’s Hype Cycle, container management currently sits on top of the peak of inflated expectations. If Kubernetes and other technologies within this category follow the expected trajectory, they will enter the Trough of Disillusionment in the next 12 months – before climbing the Slope of Enlightenment.

This aligns fairly well with where Kubernetes currently is in terms of business deployment. In the Middle East, organizations are waking up to its potential and developing an understanding of where it can deliver real competitive advantage, in the light of the increasing rate of adoption of containers. According to Veeam’s Data Protection Report 2022 69% of organizations in the UAE and 76% of organizations in Saudi are already running containers in production, while 29% and 22% respectively plan to do so in the next 12 months. However, there is a lot of education to be done before IT teams have fully got to grips with how best to deploy Kubernetes.

Over the next 12 months we will see two things happen that will shift perceptions around Kubernetes. The first is that those deploying the technology will start to understand it more, gain confidence in building the business case, and start to demonstrate real ROI. The second is that cloud providers will find simpler ways to serve Kubernetes to organizations, reducing the need for deep technical understanding to deploy it effectively.

Education and Enlightenment
Much of the appetite for learning about how to successfully deploy Kubernetes and the benefits of doing so comes from within the Cloud Native Computing Foundation (CNCF) community. The technical barriers to entry are still relatively high, which is why one of the top challenges identified by organizations looking to deploy Kubernetes is that they lack the necessary in-house skills.

It is often the case that relatively new technologies which experience unprecedented spurts of adoption outpace the market in terms of the skills and infrastructure required to support growth. However, when it comes to Kubernetes, we’re talking about one of the fastest-growing open-source technologies of all time in terms of early adoption. It’s important, therefore, that this process of educating the technical community gathers pace.

Over the next 12 months, we will see the number of learning opportunities increase as the industry looks to address the emerging skills gap. An example of such an initiative is Learning.kasten.io, a Kubernetes learning platform from Kasten by Veeam. The programme aims to equip technical professionals looking to upskill the next generation of tech talent with at least a basic understanding of Kubernetes. This will shorten the learning curve for both experienced and entry-level technologists – burnishing enterprises with a pool of talent that understands Kubernetes and how to get the best out of it.

Making Kubernetes Easy
As well as building a solid pipeline of people who understand and can capably consult businesses on Kubernetes, cloud providers are working on ways to make it easier for IT teams to consume and deploy them without in-house technical proficiency. This will ultimately be one of the major driving forces that takes Kubernetes from being an emerging technology in its experimental stages to established enterprise technology. The success of Anything-as-a-Service (XaaS) proves that organizations are demanding simpler ways to consume and deploy IT through the cloud. Kubernetes will be no exception to this rule.

Currently, Kubernetes is acting as a management platform for containers and among the earliest adopters are established and regulated industries such as banking and financial services. Businesses from other industries are currently evaluating the pros and cons of Kubernetes, looking at whether they can incorporate it into their networks. To accelerate the growing interest of the broader market, major cloud service providers are beginning to offer Kubernetes-as-a-Service (KaaS) – making it possible to operate Kubernetes as a managed service. KaaS is commonly provided via the public cloud, but as its penetration grows organizations will be able to consume similar services through local managed service providers (MSPs) or deploy them on-premises.

The move towards KaaS will significantly drive-up Kubernetes adoption, taking away some of the initial pain and investment required to deploy Kubernetes and enjoy the benefits of delivering applications faster, at a greater scale, and with greater accuracy. No matter how Kubernetes is consumed, organizations looking to take advantage of the opportunity it offers must be aware of the data protection requirements which accompany it. Kubernetes does not significantly change the threat landscape or bridge any cybersecurity gaps. It requires the same Modern Data Protection capabilities as any other type of data on any other type of platform.

Fundamentally, the infrastructure is now closer to the applications with the help of containers, and data backup must be carried out differently to align with this. The number of workloads using stateful data in container environments is increasing alongside data services being deployed within the Kubernetes cluster. Other public cloud tools can be connected to applications running within Kubernetes, which changes the way data is protected. Simply put, backup works differently for Kubernetes than virtualized environments. This is where specialized data protection solutions for backup and recovery of Kubernetes environments such as Kasten by Veeam come into play.

Over the next 12 months, more businesses will get to grips with the many benefits of deploying Kubernetes, while cloud providers find more consumable ways of serving up Kubernetes including KaaS. As well as investing in the skills required to maximize ROI, businesses must seek the advice of data protection experts when deploying Kubernetes to ensure that they are not becoming exposed to new risks. Organisations in the Middle East must be equipped with Modern Data Protection solutions to ensure their data is protected across physical, virtual, cloud, SaaS, and Kubernetes environments at all times.

Cloud

Preparing a Secure Cloud Environment in the Digital New Norm

Published

on

Written by Daniel Jiang, General Manager of the Middle East and Africa, Alibaba Cloud Intelligence

As hybrid or remote working is being adopted by many companies globally and becoming the ‘new norm’ for millions of workers, cyberattacks meanwhile continue unabated. Building a secure and reliable IT environment has therefore become an increasingly important priority for many businesses who are exploring opportunities in the global digital economy. While moving to the cloud and using cloud-based security features is a good way to challenge cyber risks, it’s important to delve deeper into how best to construct a secure and reliable cloud environment that can fend off even the most determined attacker.

In today’s digital environment, discussions about cyber security’s best practices have never been more important. The UAE in particular established the Cybersecurity Council to develop a cybersecurity strategy and build a secure cyber infrastructure by creating related regulations. Following this move, the nation ranked 5th place on the International Telecommunications Union’s Global Cybersecurity Index 2020, jumping 33 places and it continues to prioritize cyber security and awareness. Creating a secure cloud environment – from building the architecture to adopting cutting-edge security technologies and putting in place important security management practices – will inspire more thorough conversations on this subject.

A resilient and robust security architecture is essential for creating a cloud environment capable of assuring an organisation about the availability, confidentiality and integrity of its systems and data. From the bottom up, the architecture should include security modules of different layers, so that companies can build trustworthy data security solutions on the cloud layer by layer – from the infrastructure security, data security, and application security to business security layers.

In addition to the security modules of all of the layers, there are a variety of automated data protection tools that enable companies to perform data encryption, visualisation, leakage prevention, operation log management and access control in a secure computing environment. Enterprises can also leverage cloud-based IT governance solutions for custom designs of cloud security systems to meet compliance requirements from network security and data security to operation auditing and configuration auditing. This ensures full-lifecycle data security on the cloud, with controllable and compliant data security solutions in place.

Another consideration is to build a multi-tenant environment, abiding by the principle of least privilege and adopting consistent management and control standards to protect user data from unauthorised access. In addition, establishing strict rules for data ownership and operations on data, such as data access, retention and deletion, is also pivotal in creating a safe environment.

Moreover, enterprises can embrace the zero-trust security architecture and build a zero-trust practice by design to protect the most sensitive systems. The architecture requires everything (including users, devices and nodes) requesting access to internal systems to be authenticated and authorised using identity access protocols. As such, the zero-trust security architecture cuts down on automatic trust, or trust without continuous verification, addressing modern challenges in securing remote working environments, hybrid cloud settings and increasingly aggressive cyber threats.

Cutting-edge security technologies such as comprehensive data encryption, confidential computing and many more emerging tech solutions, can be leveraged to ensure we stay on top of the trends in cybersecurity. Comprehensive data encryption provides advanced data encryption capabilities on transmission links (such as data-in-motion), compute nodes (such as data-in-use), and storage nodes (such as data-at-rest). Key Management Service and Data Encryption Service help users securely manage their keys and use a variety of encryption algorithms to perform encryption operations.

Another emerging technology to safeguard the cloud environment is confidential computing. Confidential computing is dedicated to securing data in use while it is being processed, protecting users’ most sensitive workloads. Confidential computing based on trusted execution environments (TEEs), ensures data security, integrity and confidentiality while simplifying the development and delivery of trusted or confidential applications at lower costs.

It is equally important to adopt proper security management practices and mechanisms to maximise the security protection of one’s critical system and important data. One essential mechanism to protect the cloud environment is to develop a comprehensive disaster recovery system, which enables businesses to configure emergency plans for data centres based on factors such as power, temperature and disasters, and establish redundant systems for basic services such as cloud computing, network and storage. It helps companies to deploy their business across regions and zones and build disaster recovery systems that support multiple recovery models.

Setting the effective reviewing and response mechanism for your cloud security issues is imperative. First, having vulnerability scanning and testing in place is important to assess the security status of systems; second, it is vital to use cloud-native monitoring tools to detect any anomalous behaviour or insider threats; furthermore, establishing proper procedures and responsibility models to quickly and accurately assess where vulnerabilities exist and their severity, will help ensure that quick remedy actions can be taken when security problems emerge.

In the future, developing the security architecture, technologies, management and response mechanism will no longer be perceived as a cost-centre burden for companies, but rather, as critical capabilities to safeguard the performance and security of daily business operations. Crafting a comprehensive cloud security plan, adopting the best industrial practices, and choosing a professional cloud service provider with strong security credentials to work with, should be an imperative subjects in a CXO’s agenda.

Continue Reading

Expert Speak

Why You Should Use a VPN While Traveling

Published

on

According to a survey conducted by NordVPN, 50% of travellers use public Wi-Fi while on the road. However, only 20% of them use a VPN (a virtual private network) to protect themselves while being connected to a public network. “Travelers connect to public Wi-Fi in airports, cafes, parks, and trains. Some even use public computers to print their visa information or flight tickets. A VPN in those cases is crucial if you want to make sure that your vacation will not be ruined by cyber criminals. Nobody wants to lose access to their device or their bank account during a trip to a foreign country,” says Daniel Markuson, a cybersecurity expert at NordVPN.

As International VPN day (August 19th) is just around the corner, Markuson lists all the benefits offered by the service.

Enhanced online security
The main purpose of a VPN is to keep its user’s online connection secure even when they are away from home. Hackers can set up fake hotspots or access unsecured public routers and this way monitor users’ online activity. Once a user is connected, criminals can intercept their internet traffic, infect the device with malware, and steal their victim’s personal information.

When authenticating themselves on public Wi-Fi, users often need to type in their email address or phone number. However, if a user has accidentally connected to a hacker’s hotspot, they could be exposing themselves to real danger.

A VPN hides users’ IP addresses and encrypts their online activity. That means that, even if a user is using a malicious hotspot, the hacker behind it won’t be able to monitor their activity. Therefore, getting a VPN for travelling abroad is essential if you want to stay secure and private online.

Grab the best deals
Depending on the country in which you’re located, the prices for airline tickets, car reservations, and hotels might vary. That’s because businesses know that people in different countries can and will pay higher amounts for certain products and services. If you use a VPN for travel, you can hop between servers in different countries and find the best deals available.

Make the best of additional VPN features
As the industry is evolving, many VPN providers add new features to make their users’ experience even more wholesome. NordVPN, for example, recently added the Meshnet feature that lets travellers connect to other devices directly no matter where in the world they are. This enables users to form a remote connection with their home or office PC from anywhere in the world to share files or for other uses.

However, having said that, please check local laws and regulations about using VPN services on your devices, before you do.

Continue Reading

Expert Speak

API Security Moves Mainstream

Published

on

Written by Cameron Camp, Security Researcher at ESET

As swarms of IoT gear, seek richer data retrieval from their cloud mother ships, the more robust – and more potentially dangerously hackable – API interfaces get a fresh push toward center stage. With Google’s API security initiative Apigee, API security is growing up. And it’s not just IoT. Machine-to-machine data behind super-slick UX designs need seamless interfaces that help move masses of data with less friction, offering more responsive mashups of tech polled from locations far and wide.

But to make this all “just work”, those more robust interfaces bake in more robust attack possibilities to potentially slurp data wholesale to parts unknown and at record speed. Recently, we wrote about the spate of new startups at this year’s RSA Conference that tried to get attendees to wrap their heads around how to make sure an API doesn’t suddenly start misbehaving or does stuff no one knows about until it’s too late. It’s not just us: our friends at DarkReading purport to tally the mounting business losses associated with API hacks.

And now the heavyweights are moving into this space too, cementing API security as “A Thing”. Google’s Apigee Advanced API Security for Google Cloud aims to let organizations identify API misconfigurations and thwart malicious bots, the former being one of the main culprits of API security incidents. Luckily, there are tools from folks like the OWASP API Security Project where you can do a health check on your own APIs, or on those you interface with, which can serve as a baseline. They also have a drill-down about the most common misconfigurations and how to avoid them, so it’s a great place to start.

As we mentioned in our previous post, there was a bevvy of API security startups darkening the halls at RSA, so you may also have some commercial options, with more coming in the future. Expect to continue to see API hacks ramp up as companies wrestle with the prospect of securing yet another interface, this time an industrial one that sits at the heart of the cloud and big data, and – configured wrong – can allow vast troves of data to be siphoned off around the world to parts unknown. Just make sure it’s not your data.

Continue Reading
Advertisement


Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.