Friday, January 29, 2016

When, Where and How to Go to the Cloud


Joe Kinsella, Founder and CTO of CloudHealth Technologies led a discussion of When, Where, and How to Go to the Cloud on January 26th at Constant Contact. Here are 5 quick takeaways. Scroll down for a video of his presentation and his slides:
  1. The Cloud reached its peak adoption in 2014-15  
  2. It’s adoption was driven by shadow IT, employees using expense accounts to sign up for web hosting and SaaS products
  3. The complexity of the Cloud is spiraling out of control which will make future transition or adoption more complex
  4. Being in the Cloud means shared ownership and large governance issues over data
  5. Security in a public cloud is easier and better than on prem or private clouds because there are many more engineers dedicated to making sure it’s secure





Tuesday, January 19, 2016

Moving to the Cloud? This MassTLC Event is for You...

By: Joe Kinsella, Founder & CTO, CloudHealth Technologies


As we start 2016, cloud computing is becoming increasingly critical to the success of our Massachusetts innovation economy. Whether you are moving infrastructure from a co-location facility to Amazon, migrating to Office 365, or operating a hybrid cloud, cloud computing has certainly become strategic to the success of you and your organization. The reasons driving the cloud are generally well understood today: increased agility, consumption-based pricing, access to global infrastructure, outsourced management, and the ability to reduce operational costs. However, I believe the single greatest benefit of the cloud is the innovation it has enabled.

As the founder of the Boston-based, fast-growing SaaS startup, CloudHealth Technologies, I started my business with nothing more than a laptop and the cloud. While today our SaaS service is backed by highly-complex and globally-distributed infrastructure, this system was built incrementally as I grew my business. During my first month, I spent $11 with Amazon Web Services (AWS). At month six, I was spending $63 to operate my service, which by then had several large-paying customers. The ability to free myself from the undifferentiated heavy lifting of managing low-level infrastructure allowed me to focus on the single most important activity to an entrepreneur: innovating on behalf of my customers.

Today, there are still many challenges to be confronted in the cloud. Some of these include:

  • Complexity - The cloud today is moving at an incredibly fast pace. Each year, quarter and month, it continues to evolve at a rate rarely seen in any other industry. We must find ways to contain the “cloud sprawl” and harness its power for our businesses.
  • Governance - We must identify new process models and technologies to provide the agility we demand of the cloud while maintaining proper governance required by our organizations.
  • Security - While the cloud is generally acknowledged to be more secure than private data centers, it has introduced new risks and complexities that must be carefully understood and managed.
  • Costs - While the highly efficient use of the cloud can enable smart growth, controlling costs as you grow requires continuous vigilance. The most common cause of “cloud dropouts” is uncontrolled costs.
  • Vendor lock-in - We are becoming increasingly dependent on the IaaS, PaaS and SaaS services we adopt. Businesses need to chart smart strategies for where they need vendor independence, and where they are willing to accept lock in.
  • Hybrid cloud - Unless you are a cloud-native business, you will likely have to live with a messy hybrid future that includes multiple clouds, data centers and supporting products / technologies. While the available options for managing this are improving, it requires a carefully defined strategy.


As the Massachusetts Technology Council (MassTLC) pulls us together next week for When, Where and How to Go to the Cloud: Sharing Best Practices amongst Peers, it is a great time for us to do what we do best: grow our innovation economy through open collaboration and sharing. I look forward to hearing from our great guests, including Dave Krupinski, CTO & co-founder of Care.com, Stefan Piesche, CTO at Constant Contact, Cathy Bilotta, Strategic Director at Raytheon, and Jeff Lamoreaux, CIO at Global Partners.

See you all on the 26th!

About Joe Kinsella
Joe is CTO and Founder of CloudHealth Technologies, one of the fastest growing companies in the emerging Cloud Service Management field. Joe is focused on helping organizations realize the full potential of the cloud, without having to sacrifice cost, performance, availability, or service level. With 20+ years of experience delivering software for companies of all sizes, Joe sees CloudHealth bringing the cloud to the enterprise by enabling the next generation of IT service management for the cloud.


The History of Encryption

By: Richard Allen, VP, Security Solutions, Ipswitch


The History of Encryption – Part I


Introduction

In my role as VP, Security Solutions at Ipswitch, I think about all things related to security. This week, I took a look way back in history to better understand the history of encryption. This is a topic that is making a lot of news today, be it for securing business information such as files and emails or other types of communication.

Modern computer software from email to managed file transfer leverages encryption in order to protect data from prying eyes, a practice that has been employed from the earliest days of mankind, especially in times of war.


Scytale

As far back as 700 BC, the Spartan military used a device known as a Scytale which relied on a wooden rod that had to be identical in diameter and length at both sender and receiver locations in order to be decrypted (read). This clever concept involved wrapping leather with writing on it around a dowel and then sending it unwrapped so it would appear as gibberish without the “key”. We are Sparta!


Image Source: https://en.wikipedia.org/wiki/Scytale


Substitution

In 1467 Leon Battista Alberti invented the first polyalphabetic substitution cipher, I know doesn’t roll off the tongue that easy. This was based on a system of two concentric disks each containing all the letters of the alphabet. By rotating the disks so the letters didn’t match you could substitute each letter in the alphabet for another based, just like a decoder ring in your cereal box!

Another substitution device was invented by the only man said to have accumulated all knowledge of his time, Thomas Jefferson. His device was called the Jefferson wheel. It had 26 cylindrical pieces mounted on an iron spindle, allowing words to be scrambled.
 


Next time we will move ahead in time and discuss encryption in the 20th century and how hard it really is to break encrypted files and passwords.

Until next time,







The History of Encryption – Part II

Enigma

Continuing on with the history of encryption, one of the most famous wartime encryption machines was the Enigma. This was a mechanical device that was invented by German Engineer, Arthur Scherbius in the 1920’s and used by the Germany Navy to send coded messages leading up to World War II.

The Enigma was essentially a 380 bit machine meaning there were 2 to the 380 power possible combinations required to attempt to break the code. As this was a mechanical device, one could cleverly reduce the number of possibilities to be equivalent to a 76 bit device by examining the internal circuitry, a technique (among others) that helped the allied forces decrypt many encrypted messages during the war.

Image Source: https://en.wikipedia.org/wiki/Enigma_machine


I recently saw a great movie on this topic called the Imitation Game, which I highly recommend!




DES

Moving forward to the modern computer era, a standard known as the Data Encryption Standard (DES) became the federal standard for block symmetric encryption (FIPS 46) in 1977.

DES was based on an algorithm developed by IBM and modified by the National Security Agency (NSA). This was a 56-bit system using 64 bit blocks, so there were 256, or 72,057,594,037,927,936 possibilities. This seems unbreakable, but by the late 1990s modern computers were able to break DES in just a matter of several days due to some loopholes.


Next time we will talk about key types, blocks and the successor to DES, todays’ modern encryption method.



As always,




The History of Encryption – Part III

Encryption Key Types

There are two primary types of key systems or algorithms that are used to encrypt and decrypt information. They are known as symmetric and asymmetric (also known as public key).

Symmetric-key algorithms uses the same single cryptographic key for both encryption and decryption, similar to the mechanical device we discussed last time called the Scytale. This is the faster method, but delivering the key securely to the third party must be managed to ensure safety.
Asymmetric cryptography or public-key encryption requires the use of two keys, one that is private and another that is public. The public key is used to encrypt data, but does not need to be secured, as data cannot be decrypted without the private key.



Internet standards that rely on public keys include Transport Layer Security (TLS)S/MIME, Pretty Good Privacy (PGP), and GnuPG. Note that different algorithms use different key lengths, where the longer the key the more secure the system as it is harder to break.

Blocks

To make things even more secure, data is encrypted in blocks, which are a sequence of bits. Common sizes range from 56, 64, 128, 192 and 256. Using 128-bit block sizes is particularly recommended as a better practice when encrypting files larger than 32 gigabytes (up to 256 Exabytes).


AES

AES which stands for Advanced Encryption Standard was developed by two cryptographers from Belgium. The National Institute of Standards and Technology (NIST) standardized and documented this method by publishing the Federal Information Processing Standard 197 (FIPS 197) in 2001 (effective May 26, 2002). This standard has been adopted worldwide for symmetric encryption for data at rest.

AES is a symmetric block cipher, operating on fixed-size blocks of data. This successor to the DES cipher algorithm increases both the block and key size compared with DES, making it more robust. Where DES used 64-bit blocks, AES uses 128-bit blocks. Doubling the block size increases the number of possible blocks by a factor of 264, making it much more secure than the older DES standard.

In addition, while DES supports relatively short 56-bit keys, AES supports from 128, 192 and 256-bit keys. The length of these keys means that brute-force attacks on AES are not possible at this time. A further advantage of AES is that there are no "weak" or "semi-weak" keys to be avoided, a problem which troubled DES.

In 2001, AES 256-bit encryption was approved to become the US federal government standard and has also been approved by the NSA.

While there are other encryption protocols including open source ones such as TwoFish, BlowFish and 3DES, the advantage of working with an international standard is that the increased visibility leads to more testing and an overall more proven system.

AES has undergone rigorous testing and survived numerous hacking attempts for years and still has never been broken. So, insist on AES 256 bit encryption for all your secure data!

Remember,