Sunday, March 11, 2018

10 Things Solution Providers Need To Know About VMware Cloud On AWS

Now that VMware Cloud on AWS has been on the market, albeit at limited scale, for a half-year, the two enterprise tech giants behind the groundbreaking partnership are taking the next step to advance its capabilities and reach.

VMware and AWS CEOs, channel leaders and engineers shared information about how the hybrid service is being upgraded and expanded in several videos posted online Wednesday morning. Their channel chiefs and several partners also spoke to CRN about the latest milestones.

VMware CEO Pat Gelsinger said the "industry-changing partnership" the companies forged 15 months ago is "now essential to our cloud strategy."

AWS CEO Andy Jassy said the "customer response to the offering has just been amazing."

The companies are now rolling out the product in Europe, and VMware has released a new partner program around the offering while extending recently added private cloud capabilities to the hybrid service.

Sunday, March 4, 2018

Early AWS adoption enabled TechnologyOne's business change

In 2010, the Australian enterprise software provider TechnologyOne identified a change that would change the way businesses use software and services.

As a result, TechnologyOne jumped on a plane and traveled to Seattle to meet with Amazon Web Services (AWS) to see what a cloud future looked like for the Australian publicly traded company.

With 1,200 customers in six countries, TechnologyOne considers Microsoft, SAP and Oracle as its main competitors. therefore, the space in which the Australian based company plays is very competitive.

Speaking with the media at an AWS panel on Wednesday, Edward Chung, long-time CEO of TechnologyOne's COO, detailed the company's transformation.

Chung noted that the speed with which people ask for services was one of the main drivers of business change. He said that TechnologyOne has started to transform all of its business to respond to the "digital revolution".

"We went from a traditional software vendor who was installing on-premise software to full software-as-a-service (SaaS) software and it was a crazy trip," he said. "The only way is to be the cloud-first and a SaaS provider.

"We have rewritten our entire software base to track the different phases of the industry

"A huge transformation for a 30-year-old SaaS on-premise SaaS business is the only way customers get it.

Chung said it would not have been possible without the cloud and AWS in particular, because eight years ago there was no cloud provider to help here in Australia - AWS itself only launched its Sydney area five years ago.

According to Chung, the most difficult thing about transforming the business model into a cloud-based model was that the company was innovating in Australia, this change also necessitating a reengineering of the company's offering.

"Our customers have quickly turned to SaaS," Chung told ZDNet.

"We were very impressed by the speed with which the government sector adopted our SaaS - beyond what we expected, which allowed us to grow our business even more quickly than planned to meet their needs. because all our customers benefit from it. "

Speaking with ZDNet in November, founder, former CEO, and now President of TechnologyOne Adrian Di Marco said that the massive cloud business market in Australia continues to accelerate.

"The cloud is a new paradigm for customers: the market is huge in Australia, there are departments, we have seen a huge demand from the federal government, state departments, local governments, universities, they all want Cloud and they really want everything to be delivered as we offer it, software as a service, not as a hosted thing, "he said.

"The cloud is growing exceptionally fast, it's a business that's on the rise."

Monday, February 26, 2018

Tesla's AWS servers hijacked by cryptominers

The hijacking of the Tesla Amazon Web Server cloud system by means of a dishonest cryptomer is proof that nobody is safe from a misconfigured AWS server or from cryptomining attacks.

The RedLock researchers discovered an unprotected Kubernetes console owned by Tesla that exposed the access credentials to the Tesla Amazon Web Services environment.

"Basically, hackers executed cryptographic extraction scripts in the unsecured instances of Kubernetes of Tesla," the researchers said in their report on cloud security trends in February 2018. "To hide their identities, the scripts they connected to the servers that were behind CloudFlare, a content delivery network. "

The AWS system also contained valuable information, such as vehicle telemetry, and the damaging activity of the network went unnoticed by Tesla due to the techniques of the threat actors used to hide their activities, the researchers said.

Threat agents made it difficult for domain-based threat detection systems to detect their activities by hiding the true IP address of the discovery group to reduce CPU usage and avoid suspicious traffic. that would attract the attention of cryptomutiers.

The dominance of unsecured AWS servers and cryptomining attacks suggests that it was only a matter of time before both were exploited to lead an attack. Despite the inevitability of the attack, researchers say that Amazon and Tesla share responsibility for the attack, although some say that Amazon could do more to avoid these attacks that have become so common.

"Even with this model, I think AWS could play a bigger role by offering their services as Guard Duty to customers for free so they can take advantage of AWS visibility on their platform," said David Cook. , responsible for the distribution in Databricks. "You can quickly identify things like malicious services like Bitcoin miners."

Although they offered, Cook said that customers should always follow best practices, such as change management, key management, regular service analysis, monitoring and scanning. Some researchers believe that failure is not always in black and white in these scenarios.

"Every time there is a compromise or a data breach, there is a tendency to point fingers, but the reality is not so clear: security has no on / off switch, and it is important to superimpose multiple security measures to protect, "said Ken Spinner, vice president of Varonis, a specialist in field technology, for SC Media." AWS provides a series of basic controls, such as bidirectional authentication, virtual private clouds and factors (VPC) to help protect accounts, monitor systems and prevent data leakage, but it's not a quick fix. "

Spinner said that if the credentials are revealed, it is almost impossible for AWS to determine whether the intended use is legitimate, adding that, ultimately, it is up to the user to guarantee security. of your information. Given the value of the servers both for the information they contain and for their computing power, it was only a matter of time before the cybercriminals tried to compromise them.

"Accounts that provide access to cloud resources are a very lucrative asset for minors because criminals can extract coins to the detriment of the owner of the account," said Giovanni Vigna, director of the Cybersecurity Center, to SC Media. UC Santa Barbara. "Kubernetes allows the deployment and operation of Dockerized instances on a large scale, providing the ideal environment for large-scale parts extraction.

Vigna added that in this case, access control mechanisms should be especially well designed because access could generate thousands of dollars in time invoices in the cloud.

The experts agree on the responsibility of the AWS customer to protect the data and follow the best practices. Prevoty's chief technology officer, Kunal Anand, told Amazon's SC Media that he is already doing a great job when it comes to allowing organizations to see authorizations and policies related to their services.

"Unfortunately, the security of applications and data is a last-minute idea for organizations that allow their teams to move quickly through DevOps," Anand said. "I think the main

Sunday, February 18, 2018

When it absolutely, positively needs to be leaked overnight: 120k FedEx customer files spill from AWS S3 silo

Another day, another unsecured Amazon Web Services S3 storage bunker spreading secrets on the public Internet.

This time, it's an unconfigured FedEx AWS cloud silo, which openly displays an archive of more than 119,000 scanned documents - including passports and driver's licenses - plus customer records, including postal addresses.

The leaky data store, which was discovered online by Apple's Kromtech security store, was built by Bongo International, an international e-commerce delivery service, which FedEx bought in 2014 and closed three years later. The data is old but not too old and would still be very useful for identity thieves.

"Technically, anyone who has used Bongo International's services in 2009-2012 runs the risk that their documents will be scanned and made available online for many years," says Bob Diachenko, head of communications at Kromtech Security Center.

"It seems that the bucket has been available for public access for many years." The apps are dated in the 2009-2012 range, and it's unclear whether FedEx knew this "legacy" when it bought Bongo International. "

The files came from customers in Europe, Mexico, Canada, Saudi Arabia, Kuwait, Japan, Malaysia, China and Australia. Bucket S3 has been locked since.

Nowadays, there are many people who are looking for open cloud folders online, and there is a huge amount of data around what everyone can find. Amazon has been trying to help its customers secure their bus silos, but no one seems to be paying attention.

Meanwhile, software tools and search engines are automating the process of finding sensitive and embarrassing information in an improperly configured AWS S3 storage. These cloud compartments are closed to the public by default. Administrators must open it accidentally.

"After a preliminary investigation, we can confirm that certain Bongo International account information archived on a server hosted by a third-party public cloud provider is secure," said a spokesman for FedEx, famous for its slogan "When does it happen?" is absolutely positive. at night are "- says The Register today.

"The data was part of a service that was discontinued after our Bongo acquisition, we found no evidence that the information was misused and will continue our investigation."

Sunday, February 11, 2018

Amazon cloud revenue jumps 45 percent in fourth quarter

Amazon Web Services CEO Andy Jassy speaks at the AWS re: Invent 2017 conference in Las Vegas.

Amazon's cloud business generated more revenue than expected in the fourth quarter, with sales up 45 percent.

The financial results reinforce the fact that Amazon Web Services has become an ATM for its parent company, while Alibaba, Google, IBM, Microsoft and Oracle are all trying to catch up.

AWS had sales of $ 5.11 billion in the quarter and $ 17.46 billion in 2017, Amazon said in its quarterly results on Thursday. Analysts expect an average of $ 4.97 billion, according to FactSet.

AWS now has more than $ 20 billion in revenue, Financial Director Brian Olsavsky told Amazon's conference call with analysts after the release of the results.

Operating profit at AWS increased to $ 1.35 billion for the quarter, in addition to FactSet's estimate of $ 1.27 billion.

Nearly a dozen years after becoming available, AWS has made a significant contribution to the parent company. In the fourth quarter of 2014, nearly 5% of Amazon's sales came from AWS. In the fourth quarter of 2017, this figure was approximately 8.5%. Throughout 2017, approximately 10% of Amazon's sales come from AWS.

"There are few corporate franchises that operate with an annual execution rate of $ 20 billion and yet generate a high growth rate of more than 40%," KeyBanc analysts Edward Yruma wrote in a statement. commentary of January 28th.

But in addition to expanding its sales capacity, AWS has also been progressively providing more and more business revenue to Amazon, which provides capital for additional investments, particularly outside of North America. In the fourth quarter, AWS operating profit was more than 60% of operating profit for the entire Amazon.

During the quarter, AWS launched translation and transcription services, unveiled a camera for developers capable of performing artificial intelligence calculations, and announced data centers for US intelligence only. In November, AWS CEO Andy Jassy boasted that public cloud customers now offer more than 100 services.

Monday, February 5, 2018

Amazon's cloud is big enough to be the fifth-largest business software company in the world

Amazon's cloud sector has grown so fast over the last decade that it is now the fifth largest enterprise software provider in the world.

Amazon Web Services revenue grew 43 percent to $ 17.5 billion in 2017, about one-tenth of Amazon's total revenue, the company said this week. The only company software companies listed before AWS are Microsoft, IBM, Oracle and SAP, according to FactSet data.

AWS is by far the leading provider of cloud infrastructure technology and has proven that Amazon can diversify alongside e-commerce. Microsoft, Google, IBM and others are pursuing AWS in the cloud.

Assuming that AWS continues to grow like last year, it could be large by the end of 2019. SAP's revenue of $ 26.5 billion was 6% higher and the company was 'expects the same growth in 2018. Analysts are currently according to FactSet this year with a 38% growth at AWS.

With its range of cloud databases, data analytics, productivity applications, and gross IT capacity, AWS is nearly twice as large as Salesforce, which generated $ 9.9 billion in revenue from during the last four quarters.

Sunday, January 28, 2018

AWS beefs up threat detection with Sqrrl acquisition

AWS has purchased Sqrrl, a security company in Cambridge, Massachusetts, which has its roots in the NSA. The company helps analyze different sources to quickly track and understand security threats with machine learning.

The announcement appeared on the Sqrrl homepage in the note from the CEO of Mark Terenzoni. "We are pleased to announce that Sqrrl has been acquired by Amazon, we will join the Amazon Web Services family and we look forward to working together on future customer offers," he writes.

The question with this type of purchase is what happens to customers. The statement suggests that Sqrrl will, at least for the time being, continue to cooperate with existing customers.

According to a Computerworld 2016 review, the solution collects data from different sources and presents the threat results in a dashboard for security analysts, which can visualize a visual representation of potential vulnerabilities.

Security is definitely at the forefront of just about everyone these days with major violations emerging. From the hacking of Equifax at the end of last year to the vulnerabilities of the Specter and Meltdown chip discovered earlier this month, security threats are clearly on the rise. This has not escaped AWS, the cloud branch of Amazon, which tries to keep up to date with all technological trends.

Sqrrl was co-founded in 2012 by former US security officers with training in computer security from the NSA and the White House. The company has raised more than $ 26 million. His most recent round was $ 12.3 million in June 2017, led by Spring Lake Equity partners.

The announcement confirmed a December report from Axios that the company was negotiating with Amazon for an announced retail price of $ 40 million. We have been unable to confirm a purchase price at this time.

We have asked for a response from Amazon, but we had not heard from them when we published this article. If we answer them, we update the message.