Press Releases

IBMs Data Breach Study – Which Industries Have the Highest Cost?

In July, IBM and Ponemon Institute released the 2018 Cost of Data Breach Study: Global Overview in which they conducted interviews with more than 2,200 IT, data protection, and compliance professionals from almost 500 companies that have experienced a data...

Feature Release: 18.6 – Event Driven Harvesting, New Compliance Packs, & More

We are introducing some fantastic new capabilities in this release including event driven harvesting (“EBH”), three new compliance packs, and increased support for Amazon Web Services, Microsoft Azure, and Google Cloud Platform.  Our latest release also...

Ensuring Continuous Security and Compliance in Your Cloud Environments

How do you ensure continuous security and compliance in your cloud and container environments?  Invest in cloud operations. This is the best way to ensure that your organization is consistently and continually mitigating this risk.  Cloud operations, or...

The Headache of Managing Cloud Spend

Many companies are failing to manage their cloud environment effectively, and are dealing with the daily headaches that come as a result. It’s become much easier to purchase new software or services, which means it’s even easier for spending to increase....

Learn how Kroger went from 0-60 with GCP and containers to become a digital leader in retail at Google Cloud Next ’18 | Wednesday, July 25th, 2:00 – 2:20 PM in the South Hall

DivvyCloud is a sponsor of Google Cloud Next '18 and at the event we are hosting a Cloud Talk, featuring Kroger’s Chief Architect Bruce Maxfield.  The session is Wednesday, July 25th, 2:00 - 2:20 PM in the South Hall Cloud Talk space.   Bruce and DivvyCloud COO Peter...

ComputerWorldUK Honors DivvyCloud: One of the Best Cloud Management Tools of 2018!

We are delighted to announce that Computerworld UK has named DivvyCloud one of the “Best Cloud Management Tools” of 2018. ComputerWorld UK compiled a list of cloud computing management tools that aim to help manage costs, usage, and ultimately optimize the...

Choosing Between AWS, GCP, or Azure? How About All of Them? Increasingly Enterprises Choose Multi-Cloud Strategies

Once a company decides to embrace IaaS and PaaS public cloud computing they then face the challenge of deciding on a vendor, typically AWS, Azure or GCP.  Traditionally, companies would select a single public cloud vendor with whom to partner.  However, over the last...

Top 5 Tips for Attending re:Invent 2017

Re:invent is one of the cloud computing world’s biggest events, and it’s just around the corner! Whether this is your first time visiting attending or you’ve been before, with an expected 40,000 attendees, more than 400 exhibitors, more than 1,000 breakout sessions...

What’s New in DivvyCloud?

Simplify how to identify cloud infrastructure risks with “Insights” For organizations managing a public- or hybrid- cloud, visibility and automation are paramount to ensure a secure infrastructure. To be effective, visibility and automation must be easy to achieve,...

Cloud Expo NYC

DivvyCloud is exhibiting its technology at Cloud Expo NYC in Booth #237 June 6-8. Jeremy Snyder, VP of Business Development at DivvyCloud, is speaking for a general session and the Tech Talks during the event. Jeremy will share best practices, industry insights and...

Don’t lose track of your instances, tag them.

Don’t lose track of your instances, tag them.

Bot of the Week: Tagging Audit Bot   This bot inspects cloud resources to validate that they are tagged with appropriate key/value pairs (e.g., “Environment: Production”). The policy can be applied as a global policy, or fine-tuned to accommodate for different...

Instances with Failed Status Checks

Instances with Failed Status Checks

What it does: matches instances that fail the system/reachability status checks This bot identifies compute instances which fail instance/system reachability. When failure occurs this means that the system is not accessible over the Internet and likely is running...

Events

Managing the Kubernetes Security Flaw

News broke earlier this week about the discovery of Kubernetes’ first major security hole.  The flaw provided an invisible way to hack into the popular cloud container orchestration system.

According to Wei Lien Dang, VP of products for StackRox, in a statement provided to CIO Dive, the vulnerability was severe and broadly applicable, affecting every version since v1.0 and potentially every Kubernetes user, making it the first major security hole for the popular container orchestration system.

Red Hat fixed the security hole by releasing patches immediately after the flaw was reported which would have been installed with widely used automatic security updates.  

“Those quick fixes underscore how security teams react to the inevitable vulnerabilities that surface in enterprise distributions of open-source software, especially popular microservices platforms like Kubernetes that are widely used to deliver distributed applications.” – George Leopold, Enterprise Tech

The task of managing these massive, distributed, systems built on open source technologies is complicated. Because of the open source code base, a worldwide team – both white hat and black hat – can examine the code to find flaws. As new vulnerabilities emerge, companies need to be able to respond in real time, potentially building policies on the fly to identify and then deprecate outdated or vulnerable systems. This relies on the organizations have good, central visibility and up-to-date real-time asset inventories in extremely dynamic environments.

The key tenets of managing these environments is the same as the general security best practices anywhere. Start with knowing what you have. You can’t protect if you can’t see it. And with the dynamic nature of cloud, and containerized environments in particular, getting and maintaining this visibility has be done programmatically and repeated on a continuous basis.

After identifying where the enterprise may be vulnerable, the next challenge is to find ways to remediate and replace vulnerable systems as quickly as possible. Thankfully, in software-defined infrastructure, this can actually be much faster than in traditional data centers. But again, it does rely on the organization knowing what it has, and then defining rules that shed light on the vulnerable infrastructure and workloads

Finally, a proven approach for maintaining the inventory, coupled with tools that allow the customer to define desired good-state or blacklists, on the fly, is key to reacting to new developments.

At DivvyCloud, our software simplifies the job of securing Kubernetes clusters and workloads across public clouds including Amazon Web Services, Google Cloud Platform, Microsoft Azure, and Alibaba Cloud. If you’re interested in learning more, get your free trial of DivvyCloud or speak with a DivvyCloud expert today!


DivvyCloud minimizes security and compliance risk by providing virtual guardrails for security, compliance, and governance to customers embracing the dynamic, self-service nature of public cloud, and container infrastructure. Customers like General Electric, Discovery Communications, and Fannie Mae run DivvyCloud’s software to achieve continuous security governance in cloud and container environments (AWS, Azure, GCP, Alibaba, and Kubernetes).  First, our software performs real-time, continuous discovery of infrastructure resources allowing customers to identify risks and threats. Second, customers can implement out-of-the-box or custom cloud-native policy guardrails that identify and alert on violations. Third, we automate the enforcement and remediation of these policies.

 

AWS re:Invent 2018: DivvyCloud’s Key Takeaways

DivvyCloud was proud to be a sponsor of AWS re:Invent 2018 where we shared how we deliver continuous security and compliance for AWS and Kubernetes (along with Azure, GCP, Alibaba Cloud) to customers like Twilio, 3M, Autodesk, General Electric, and Fannie Mae.

One of the high points of re:Invent was when AWS CEO Andy Jassy took the stage and made it very apparent that AWS is moving full steam ahead.  Jassy spoke on the new AWS security tools, AWS Outposts, machine learning strategies, as well as Amazon’s new headquarters, one of which is only a couple of miles away from our office in Arlington, Virginia.

Here are four announcements we wanted to highlight in case you missed them or wanted to learn more:

  • AWS Outposts: AWS made a big push into the hybrid cloud space with Outposts, which brings native AWS services, infrastructure, and operating models to virtually any data center, co-location space, or on-premises facility. This is a fascinating initiative for many reasons. Many companies and projects have tried to bring public cloud functionality into private data centers, from Eucalyptus (now defunct, after being acquired by HPE, and later passed to AppScale) to OpenStack. This only reinforces the simple fact – for real cloud convenience, the hardware and software have to work together. But why would customers embrace Outposts? Despite strong innovation in the security space, going to the point where many people feel that public cloud is more secure than private data centers, there is still a perception amongst many enterprises that core intellectual property (often called the “crown jewels”) belongs on hardware that the enterprise can own and touch. Also, there are situations of data gravity where the transit costs and times to and from public cloud are not practical.
  • AWS re:Inforce:  The first AWS Security Conference: AWS re:Inforce 2019 was announced.  The event is being billed as “a hands-on gathering of like-minded security professionals,” and will take place in Boston, MA on June 25th and 26th, 2019 at the Boston Convention and Exhibition Center. The cost for a full conference pass will be $1,099. Attendees will get a deep dive into the latest approaches to security best practices and risk management utilizing AWS services, features, and tools.  DivvyCloud will be there talking about how our software helps our customers consistently and effectively use AWS security and management tools. During the conference, AWS will offer multiple content tracks designed to meet the needs of security and compliance professionals, from executives to security engineers, and everything in between.
  • AWS Security Hub: Available now in preview, this service allows AWS customers to centrally view and manage security alerts and automate compliance checks within and across AWS accounts. Importantly, it will aggregate security findings from AWS and partner services and present you with built-in and customizable insights that are unique to your environment.  Security Hub will be an excellent tool for customers running in only AWS who want to gain a consolidated view of alerts and checks across their environment and have a base-level of requirements. For advanced and enterprise customers, looking for multi-cloud capabilities, integration with existing systems like Splunk and ServiceNow, and an automated multi-cloud remediation, there is DivvyCloud.
  • AWS Control Tower:  AWS Control Tower is now available in limited preview.  This new service helps you automate the set-up of a well-architected multi-account AWS environment based on best practices, and also guides you through a step-by-step process to customize Control Tower to your organization. It will automate the creation of an AWS Landing Zone with best practice blueprints including:

    Configuring AWS Organizations to create a multi-account environment
    • Federating access using AWS Single Sign-On
    • Centralizing logging using AWS CloudTrail and AWS Config
    • Enabling cross-account security audits using AWS IAM
    • Implementing network design using Amazon VPC
    • Defining workflows for provisioning accounts using AWS Service Catalog

    Guardrails (a term that DivvyCloud has been championing for years), both mandatory and recommended, will be available for high-level, rule-based governance. Customers will also have access to an integrated dashboard where they can review accounts provisioned, the guardrails that are enabled, and compliance status.  This will be a great entry-level tool that will be perfect for many of the customers who today operate only in AWS and have fairly straightforward requirements. 

What does DivvyCloud think about the new AWS security tools?

The security tools are a very positive sign that AWS is taking the enterprise concerns seriously. As customers expand their cloud footprint, often embracing a multi-account strategy to limit blast radius or segregate workloads for chargeback, the complexities of multi-account management come to the front of mind. These tools help to alleviate that experience.

However, what about the modern enterprise that is cloud agnostic, multi-cloud for either workload or strategic reasons? We believe that this reinforces DivvyCloud’s mission – providing a central, unified, policy-driven approach to automated real-time security across all public clouds. We also think that security hub is a great start, but doesn’t address the needs of the most complex organizations, whose security and compliance standards are built not only on best practices like the CIS Benchmarks but also on regulatory standards like HIPAA, NIST, PCI, FedRamp, GDPR; as well as on internal corporate standards. Customers need to leverage a broad library of tools to build their own security policies.

What about outside of the areas of infrastructure and security?

AWS continues to reinforce its position as the most customer-centric company in the world. The additional services, ranging from storage, to compute, to data lakes, machine learning and much, much more are all aligned around new customer use cases and workloads. Admittedly, some services launch with a very narrow set of capabilities, but Amazon has proven its ability to iterate quickly and broaden to meet market demand. Case in point is the expansion of a previous re:Invent highlight, AWS Lambda, to include support for all coding languages.

As the conference progressed, we engaged with many customers to discuss their security requirements, and one other theme that emerged from those conversations was that their needs are real-time and they are often absolute. This means that simply finding problems is often necessary, but not sufficient. They need the ability to leverage an automation library to remain secure and within their guidelines – continuous compliance.

There were many other announcements, and AWS has handily provided a summary of the launches, previews, and pre-announcements from Andy Jassy’s keynote.

So, are you ready to see how DivvyCloud can simplify your cloud environment, optimize your resources, provide new insights, and automate your security policy? Get your free 30-day trial of DivvyCloud, or speak with a DivvyCloud expert to get started today.


DivvyCloud minimizes security and compliance risk by providing virtual guardrails for security, compliance, and governance to customers embracing the dynamic, self-service nature of public cloud, and container infrastructure. Customers like General Electric, Discovery Communications, and Fannie Mae run DivvyCloud’s software to achieve continuous security governance in cloud and container environments (AWS, Azure, GCP, Alibaba, and Kubernetes).  First, our software performs real-time, continuous discovery of infrastructure resources allowing customers to identify risks and threats. Second, customers can implement out-of-the-box or custom cloud-native policy guardrails that identify and alert on violations. Third, we automate the enforcement and remediation of these policies.

Marriott’s Massive Data Breach Exposes 500 Million Accounts

News broke today that hotel group Marriott suffered a massive data breach exposing the records of up to 500 million customers.

What Happened?

The hotel giant received an alert from an internal security tool in September, regarding an attempt to access the Starwood guest reservation database. The ensuing investigation revealed that there had been unauthorized access to the Starwood network since 2014. An unauthorized party had copied and encrypted information, and took steps towards removing it. Marriott was successful in decrypting the information on November 19th, and found that it was from the Starwood guest reservation database.

What Data Was Exposed?

In a statement filed with regulators, Marriott said they believe the duplicated information in the database contains data on up to approximately 500 million guests who made a reservation at a Starwood property. “For approximately 327 million of these guests, the information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences. For some, the information also includes payment card numbers and payment card expiration dates.”

It’s too early to know what missteps led to the breach of data (we will update this article with new information) tied to as many as 500 million guests at hotel giant Marriott International Inc.’s Starwood reservation system, but data leaks such as this one continue to be an issue. Most data leaks are not a failure of technology, but rather a human error. This could be a misconfiguration or even just a failure of standard corporate processes. It is not a matter of if a misconfiguration will occur, but a matter of when it will occur and how quickly it will be discovered and exploited. Without standards and automation, companies are sitting ducks. In either case, we can expect to see more issues like this one until we start holding organizations accountable for data leaks.

More 2018 Data Breaches:

We are living in a world where there are hundreds of thousands of people around the globe continuously (whose job it is even) trying to exploit vulnerabilities. Regardless of how the breach occurs, typically, it’s because of an approach to compliance that is manual and periodic rather than continuous. Inevitably, that creates a cycle of being in and out of compliance.  The problem is that even a brief lapse in compliance opens up a window that can and will be exploited. When you don’t achieve continuous compliance through monitoring and automated remediation, then it’s only a matter of time before you join the growing list of companies mentioned above who have to explain to their customers that their information has been compromised.

In the cloud?  If so, get your free trial of DivvyCloud or speak with a DivvyCloud expert today and explore how we can secure your entire cloud environment.


DivvyCloud minimizes security and compliance risk by providing virtual guardrails for security, compliance, and governance to customers embracing the dynamic, self-service nature of public cloud, and container infrastructure. Customers like General Electric, Discovery Communications, and Fannie Mae run DivvyCloud’s software to achieve continuous security governance in cloud and container environments (AWS, Azure, GCP, Alibaba, and Kubernetes).  First, our software performs real-time, continuous discovery of infrastructure resources allowing customers to identify risks and threats. Second, customers can implement out-of-the-box or custom cloud-native policy guardrails that identify and alert on violations. Third, we automate the enforcement and remediation of these policies.

Deploying Kubernetes Across Multiple Clouds

Kubernetes is essentially a container orchestration platform. It is NOT a container runtime (software that executes containers and manages container images on a node), meaning it doesn’t replace Docker.  Docker is what Kubernetes uses on each node (a worker machine which may be a VM or physical machine depending on the cluster) to run the containers. Kubernetes is in charge of deploying the containers to the specific nodes that have the capacity, or where they need to be based on labels or tagging. It can also handle dealing with the software-defined networking layer that allows the containers to talk to one another, and services like Load balancing all inside the Kubernetes cluster.

What Kubernetes is not, as mentioned before, is a runtime.  You still have Docker underneath the “covers” running a lot of these containers, though that may change in the future as Google begins to bring on more container runtimes like gVisor.  But for now, Docker is still a required component.

Why Cross Cloud?

  • Business – Avoid vendor lock-in and ensure the best price per resource
    A lot of companies don’t want to be locked into a vendor.  We all played the Datacenter game and know how painful it can be when you get locked into a long-term contract.  It doesn’t provide you the flexibility you need as an enterprise. Furthermore, you really can’t engage in optimal pricing negotiating if they know they’ve “got you by the tail.”  They know you can’t leave their environment, so avoiding vendor lock-in is just a good business practice for you to make the best business decisions.
  • Stability – Keep applications online, even during a catastrophic cloud outages
    Cloud outages do happen.  Last year someone took down all of the Amazon east coast by running the wrong rm-rf command on node. These things happen and the reality is technology fails, but people fail way more often. We are likely to see more stability issues as systems become more and more complex. So it’s important to spread yourself across multiple clouds to ensure that your application is still up and running and making money in the event one of the cloud providers goes down.
  • Best in class services – Take advantage of the best service cloud providers have to offer.
    Providers are beginning to commoditize meaning the infrastructure layer is becoming the same across all providers. Servers, load balancers, etc. are all generally the same and operated the same.  The differentiators are Google focusing on AI and machine learning, and Amazon has some excellent database service technologies like their Relational Database Service (RDS) and DynamoDB.
  • Security — protect your data by replicating across multiple data storage systems.
    We are seeing a lot more ransomware out there, and companies being held hostage if their Amazon account is compromised.  You need to make sure you spread yourself out so in the event you are compromised, you can protect yourself and isolate the area that has been compromised. This will allow you to maintain your running applications and deal with the situation in the other cloud provider.

Kubernetes makes all of this possible because it allows for effortless application portability.  You can move applications from one server to the other server, in fact, the Kubernetes cluster is going to be doing it all the time for you as part of the orchestration layer.

How Do You Deploy Across Multiple Clouds?

Kubernetes believes in a multi-cloud environment, if not just because of Amazon and Google, also because there are many enterprises that still run a lot of data center workloads and probably will be for some time to come.  Public cloud is not always cheaper, and not always the best option, so you need to make sure you can create a Kubernetes cluster that works across multiple locations whether it be in public or private clouds. This is very important to Kubernetes.

This is what our application looks like today. We’ve pre-configured an Amazon environment and a Google environment both with a VPC. Amazon has the “.200,” and Google has the “.201.”  They have DNS, internet connectivity, and everything you would need necessary to run. This is what it would look like if you deployed Kubernetes Clusters in each one of those environments: you’d have independent load balancers, independent Kube apps, and Kubernetes clusters, independent databases, etc. However, you want to take the next step of linking these networks together so you can deploy a Kubernetes Cluster across both VPCs simultaneously.  So how do you go about doing that? Find out by watching our videoHow to Architect Kubernetes to Support Multi-Cloud Applications” where our CEO Brian Johnson walks you through best practices for designing Kubernetes to enable multi-cloud.

If interested in a brutal comparison of cloud-hosted Kubernetes providers, check out our article “Kubedex’s Comparison of Google GKE vs Microsoft AKS vs Amazon EKS

At DivvyCloud, our software simplifies the job of securing Kubernetes clusters and workloads across public clouds including Amazon Web Services, Google Cloud Platform, Microsoft Azure, and Alibaba Cloud. If you’re interested in learning more, get your free trial of DivvyCloud or speak with a DivvyCloud expert today!


DivvyCloud minimizes security and compliance risk by providing virtual guardrails for security, compliance, and governance to customers embracing the dynamic, self-service nature of public cloud, and container infrastructure. Customers like General Electric, Discovery Communications, and Fannie Mae run DivvyCloud’s software to achieve continuous security governance in cloud and container environments (AWS, Azure, GCP, Alibaba, and Kubernetes).  First, our software performs real-time, continuous discovery of infrastructure resources allowing customers to identify risks and threats. Second, customers can implement out-of-the-box or custom cloud-native policy guardrails that identify and alert on violations. Third, we automate the enforcement and remediation of these policies.

Visit DivvyCloud at AWS re:Invent at Booth #2937 in The Expo

Are you ready for AWS re:Invent 2018?

DivvyCloud is excited to be a sponsor of re:Invent 2018 and hope you already have your tickets (since the event is now sold out).  If you haven’t already done so, we highly recommend you take advantage of reserved seating for breakout sessions. And we also suggest you come by and visit DivvyCloud at booth 2937 in The Expo.  Members of our executive team, product team, and sales team will all be at the booth. We’d love to hear more about your cloud and container security challenges. We can share how we use automation to help customers like Twilio, Autodesk, 3M, General Electric, and Discovery maintain continuous security and compliance in AWS and Kubernetes (along with Azure, GCP, and Alibaba Cloud).

Last year, 43,000 people attended re:Invent and more are expected this year.   What’s great is that this year, AWS will be repeating their most popular sessions in every venue all across the re:Invent campus.  This should help solve some of the challenges from last year where it could be super hard for attendees being able to get to the sessions important to them.  AWS has made significant investments to make it easier for attendees to move from place to place, while also reducing the need for them to do so!

Improve your security and compliance in AWS
We will be in Vegas, but we don’t recommend gambling with security and compliance in AWS.  If you want to improve your security  immediately please schedule a meeting with our experts at re:Invent. We’d love to learn more about your goals, plans, and challenges and give you a demo of DivvyCloud so you can see our solution in action.

Take Our Survey for a Chance to Win a LEGO Star Wars Millennium Falcon
When you visit us at Booth 2937 in The Expo make sure you ask about taking our 5-minute survey for a chance to win a LEGO Star Wars Ultimate Millennium Falcon.

DivvyCloud Overview
DivvyCloud helps you achieve continuous security, compliance, and governance while embracing the dynamic, software-defined, self-service nature of public cloud and container infrastructure.  Customers like Kroger, Twilio, Autodesk, Discovery, Pizza Hut, Fannie Mae, Turner, and General Electric use DivvyCloud to automate the detection and remediation of cloud and container infrastructure misconfigurations that violate policy. DivvyCloud enables these industry leaders to take full advantage of agility and speed of cloud and container technology, while actually strengthening their security and compliance posture. This is a double win that increases productivity, innovation, and profitability while decreasing risk.

DivvyCloud performs real-time, continuous discovery and monitoring of resources in Amazon Web Services, Microsoft Azure, Google Cloud Platform, Alibaba Cloud, and Kubernetes. This data is distilled into actionable insights and presented through a single-pane-of-glass console that provides an assessment of your holistic security and compliance posture. DivvyCloud offers more than 165 out-of-the-box policies that map to best practices and standards including SOC 2, CSA CCM, PCI DSS, NIST CSF, NIST 800-53, ISO 27001, CIS, FedRAMP CCM, HIPAA, and GDPR. Customers enable these out-of-the-box, or configure custom, cloud-native policy guardrails (“Insights”). Policy violations are flagged in real-time, and customers can automate remediation with out-of-the-box, or custom, workflows (“Bots”) that integrate with 3rd party systems like Splunk and ServiceNow. These workflows are fully configurable and can incorporate a full range of lifecycle actions that are contextually allowed by the resource in violation. For example, the workflow may Modify Security Groups, Disassociate Public IP, or Terminate Instance when remediating a compute instance in violation of policy.

DivvyCloud is designed for security, cloud, infrastructure, compliance, and governance professionals who want to identify risks in real-time and take automatic, user-defined action to fix problems before they’re exploited.

Navigating Your Multi-Cloud Tagging Strategy

Many companies are embracing multi-cloud strategies and in doing so need to be very purposeful in creating global tagging strategies that will work across all clouds.  All cloud providers are not created equal when it comes to tagging and have different limitations. It is important that your global tagging policy does not violate any of the limitations of any of the cloud providers that you use today or will possibly use.  

Whether you’re starting your tagging strategy from scratch or “retrofitting” your current cloud infrastructure, here’s how your organization can tackle the challenge: Design your tagging strategy using the lowest common denominator approach.  In other words, design it to accommodate the various and distinct limitations of each major cloud provider. This lowest common denominator approach will ensure that you don’t end up with a fragmented tagging strategy. Fragmentation of your strategy is a sure fire way to reduce its usefulness and longevity.


DivvyCloud recommends the following tagging strategy design to accommodate all major cloud providers:

  • Maximum Key Length (driven by GCP): 63 Characters
  • Maximum Value Length (driven by GCP): 63 Characters
  • Maximum # of Tags Per Resource (driven by Azure): 15 Tags
  • Case Sensitive
  • Keys and values can only contain lowercase letters, numeric characters, underscores, and dashes. International characters are allowed.
  • Label keys must start with a lowercase letter and international characters are allowed.
  • Label keys cannot be empty
  • Tag names can’t contain these characters: <, >, %, &, \, ?, /, @
  • AWS-generated tag names and values are automatically assigned the aws: prefix, which you cannot assign. User-defined tag names have the prefix user: in the Cost Allocation Report.
  • Use each key only once for each resource. If you attempt to use the same key twice on the same resource, your request will be rejected.
  • You cannot tag a resource at the same time you create it. Tagging requires a separate action after the resource is created.
  • You cannot backdate the application of a tag. This means that tags only start appearing on your cost allocation report after you apply them, and do not appear on earlier reports.
  • Tags applied to the resource group are not inherited by the resources in that resource group.
  • Tags can’t be applied to classic resources such as Cloud Services.

 

Keep in mind, all of the providers are regularly expanding their tagging support, but best to plan for today and expand later when able to.

Now on to a few different strategies based on where you are today in your global tagging strategy journey.

How to Create and Deploy an Effective Tag Strategy

Starting from scratch: When launching your tagging strategy as part of the provisioning process, ensure that your tags represent all the needs of your organization. This will take planning and collaboration across several departments – from finance to operations to each of the business units that use the cloud as part of their workflow – and it’s best to put in a lot of effort before deployment. If your organization doesn’t address all the tags needed at launch, it means a lot of work will be needed after deployment. In general, more tags are better than fewer tags, just as long as the tags are standardized and well-documented to eliminate input mistakes and redundancy. Once your strategy is fully fleshed out, it’s best to implement it with as much automation as possible to eliminate human error and potential gaps.

Retrofitting your existing cloud infrastructure: When dealing with a messier implementation scenario, such as adding tags to an existing cloud infrastructure, there is no easy button.  Take a phased approach. Establish your policy and begin to implement it first within the IT departments. Once you have full compliance here then move on to developers and engineers in business units or who sit outside of central IT.  Start in all cases on applying this policy to all net new resources and build this muscle memory. Establish the value of tagging with all the parties involved. Demonstrate the benefits to everyone in the organization – up and down the company hierarchy.  Once you have buy-in then begin to move through legacy environments and update tags. Do so on some type of incremental basis that limits the period and frequency of disruption to the people who will have to inform or execute this effort.

Developing and implementing a strong tagging strategy works best when your organization is starting with a clean slate. That way, tags can be implemented, standardized, and enforced as part of the provisioning process. Starting from scratch also lets administrators fine-tune the tagging process moving forward: New and updated tags can be added cleanly and seamlessly as new code bases are deployed.

Unfortunately, few organizations have the luxury of starting their efforts with a blank canvas. Instead, most tagging strategies are implemented as a “uh oh, we need to address this” measure — a necessary reaction to an increasingly complex and diverse cloud infrastructure. Perhaps the company has grown quickly or moved more critical resources to the cloud over the years. Maybe the cloud provider has made additional resources available for tagging. In other scenarios, organizations may have implemented effective tagging strategies already, but a merger or acquisition requires getting an inherited infrastructure up to speed.

With an effective tagging strategy, any organization can achieve a greater sense of clarity and structure within a multi-cloud infrastructure. Your tagging strategy can start simply and seamlessly and over time, it can mature and grow in complexity as your business evolves and scales. All you need is a solid tagging foundation, an understanding of best practices, and an inspired first step.

If you’re interested in learning more about effective tagging strategies, download our new white paper – Take Control: Multi-Cloud Tagging Strategies for the Win.

IBMs Data Breach Study – Which Industries Have the Highest Cost?

In July, IBM and Ponemon Institute released the 2018 Cost of Data Breach Study: Global Overview in which they conducted interviews with more than 2,200 IT, data protection, and compliance professionals from almost 500 companies that have experienced a data breach in the last year.  Their report shows an increase in stolen data records and in cost of data breaches year over year.

 .                                                                                                  Source: 2018 Cost of Data Breach Study

Year Over Year Comparison:

  • The average total cost rose from $3.62 to $3.86 million an increase of 6.4 percent
  • The average cost for each lost record rose from $141 to $148, an increase of 4.8 percent
  • The average size of the data breaches in this research increased by 2.2 percent

Data Breach Costs Per Industry:

                                                                                                                  Source: 2018 Cost of Data Breach Study

As shown in the above chart, heavily regulated industries such as healthcare and financial organizations have the highest per capita data breach cost. According to Healthcare Informatics, for the eighth year in a row, healthcare organizations had the highest costs associated with data breaches – costing them $408 per lost or stolen record – nearly three times higher than the cross-industry average ($148). The next highest industry was financial services with an average of $206 per lost or stolen record.

Here’s the challenge: how does an enterprise decentralize control across a large organization and still simultaneously enforce standards that allow them to mitigate risk avoiding data breaches? If they open Pandora’s Box to innovate, can they maintain integrity across a large infrastructure to properly operate?

The answer:  Automation.

  • The average cost of a breach for organizations that fully deploy security automation is $2.88 million
  • Without automation, estimated cost is $4.43 million, a $1.55 million net cost difference

How can DivvyCloud help? DivvyCloud provides the automation essential to enforce policy, thus reducing risk, provide governance, impose compliance, and increase security across large-scale multi-cloud infrastructure. By utilizing our platform, companies like Discovery, Twilio, General Electric, Kroger, Fannie Mae, Turner, and Autodesk stay agile and innovate, while maintaining the integrity of their technology stack and apply the policy they deem necessary to operate their business.

Core to DivvyCloud’s platform is an easy-to-use interface from which clients can deploy more than 125 standard bots or create their own for specific use cases to manage their existing cloud infrastructure. At scale, policy enforcement cannot and should not be performed manually. DivvyCloud customers can discover and automatically take action to address policy infringements or security issues. Automation allows for simultaneous offense and defense, resulting in increased innovation and a reduction of risk.

Within enterprises, the pace of migration from data centers to a public cloud or hybrid cloud infrastructure has ramped significantly over the last couple of years. Gartner predicts as enterprises become “cloud-first”, spend for cloud management and security services are estimated to grow to $14B by 2020.

Recent news cycles and reports (like Ponemon’s 2018 Cost of Data Breach Study: Global Overview) about the cost of compliance violations and security breaches only buoy the case and support the need for automation at enterprises to operate cloud infrastructure at scale. Rather than single-vendor source, enterprise customers are implementing a multi-cloud approach that requires third-party tools to optimize environments.

DivvyCloud has built a flexible, extensible platform that helps manage compliance, cost, and security. The solution builds an infrastructure map then detects abnormalities in real time based on client specific rules. Bots warn of violations of policy and automate the remediation.

To learn more about how DivvyCloud is helping its clients unlock innovation through cloud automation, speak with a DivvyCloud expert or install DivvyCloud with a  free 30-day trial today.

By utilizing platforms like DivvyCloud and exercising the power of automation, enterprises can be agile enough to delight their customers, while still being able to sleep at night.

Another S3 Bucket Leak – PocketiNet’s Data Exposed!

And the data leak trend continues … TechCrunch broke the news this week that PocketiNet, an internet provider based in Washington State, left an Amazon S3 bucket open for at least six months!  “Worse, it took the company a week to shut off the leak, despite several phone calls and emails warning of the exposure.”

Very popular on the west coast, PoketiNet provides high-speed internet access to thousands of homes, local multi-national corporations, and hospitals across Washington state.  Nonetheless, it’s time to add this company to the list of S3 bucket leaks that have exposed sensitive, personal information for hundreds of millions of people from around the world this year.

 

According to MotherBoard:

PockiNet left 73 gigabytes of essential operational data publicly exposed in a misconfigured Amazon S3 storage bucket for six months.

Said bucket, named “pinapp2,” contained the “keys to the kingdom,” according to the security firm UpGuard, including internal network diagramming, network hardware configuration photos, details and inventory lists—as well as lists of plain text passwords and AWS secret keys for Pocket iNet employees.

How did these S3 Buckets get exposed?
We don’t know for sure, but often times the S3 Bucket configuration is incorrect. The created container permissions may have been too broad which allows anyone to access the data (as may be the case with PocketiNet). Again, their S3 Buckets may have been serviced by people who aren’t familiar with security, thus the developer who created the container was unaware of how to properly secure it, or it was something as simple as an oversight.  For example, in PocketiNet’s case, they may have had a developer who was troubleshooting an issue that was causing an application to fail and suspected the S3 Bucket access was to blame. The developer may have tweaked the S3 configuration leaving it open to the public, and as the application began working again, moved on to another project. Now they have an exposed S3 Bucket. It may not have even been the developer’s fault as someone else may have altered the bucket’s configurations at a later date for any number of reasons. The point is, so many organizations are made vulnerable because a lot of them don’t have processes that prevent insecure software deployments.

How do organizations avoid S3 bucket leaks?
For starters, PocketiNet could have done nothing. Amazon S3 buckets are private by default and can only be accessed by users that have been explicitly given access. Again, by default, the account owner and the resource creator are the only ones who have access to an S3 bucket and key, so someone has to actively misconfigure an S3 to expose the data.  

Amazon has been actively working to help companies avoid breaches caused by misconfiguration.  In November 2017 AWS added number of new Amazon S3 features to augment data protection and simplify compliance.  For example, they made it easier to ensure encryption of all new objects and monitor and report on their encryption status.  They have also provided guidance on approaches to combat this issue, like the use of AWS Config to monitor for and respond to S3 buckets allowing public access.

As a most basic first step to avoiding S3 bucket leaks, take advantage of the native AWS capabilities.  Ensure that you are always purposefully using AWS S3 access policies to define who can access the objects stored within. Ensure your team is well trained to never open access to the public, unless absolutely necessary, as doing so can result in the exposure of PII and other sensitive data. And help prevent unauthorized access to your data by taking advantage of capabilities like AWS Config.  

The challenge is that many organizations struggle to adopt and enforce best practices consistently, and only 100% consistency can ensure protection against a breach.  This is why an investment in cloud operations is a vital additional step.

Invest in Cloud Operations:
Cloud operations, or CloudOps, is the combination of people, processes, and tools that allow for organizations to consistently manage and govern cloud services at scale. Key to this is hiring and developing the right people, identifying processes that address the unique operational challenges of cloud services, and the automation of these processes with the right tools.  One vital tool in your CloudOps toolkit should be software like DivvyCloud, that monitors and remediates cloud misconfigurations allowing you to achieve continuous security and compliance at scale.

In about 15 minutes, you can install DivvyCloud, connect your cloud (AWS, Azure, and GCP) accounts, quickly see S3 buckets that are misconfigured, and then turn on real-time continuous automated remediation of misconfigured buckets.

For example, using DivvyCloud, an organization will be able to leverage automation to remove the public permissions from the access control list where necessary.  Users can also leverage bucket policies in place of access control lists for the finer-grained access control. This automation prevents data breaches by finding, alerting, and remediating misconfigured storage containers way before vulnerabilities are exposed.

It’s important to highlight that DivvyCloud not only flags the problem in real-time but gives the user an exact pointer to where the problem is. If somebody were to tell you “there is an open S3 bucket” but didn’t narrow down to a granular level, where would you start?  This is why DivvyCloud alerts that there is an open S3 Bucket, then takes action and informs the user to exactly which bucket in which account.

In the end, the way to avoid exposing data in S3 buckets is really common sense: Don’t ever configure the S3 buckets to be exposed to the public. Organizations need to learn about security configurations while evaluating their public cloud options or pay someone else to do it for them. Otherwise, it’s only a matter of time before they join the 14 aforementioned organizations in the growing list of those who have to explain to their customers that their information has been compromised.

Make S3 bucket leaks a thing of the past (now and forever). Install DivvyCloud with a  free 30-day trial or speak with a DivvyCloud expert today!


DivvyCloud mitigates security and compliance risk by providing virtual guardrails for security, compliance, and governance to customers embracing the dynamic, self-service nature of public cloud, and container infrastructure. Customers like General Electric, Discovery Communications, and Fannie Mae run DivvyCloud’s software to achieve continuous security governance in cloud and container environments (AWS, Azure, GCP, Alibaba, and Kubernetes). First, our software performs real-time, continuous discovery of infrastructure resources allowing customers to identify risks and threats. Second, customers can implement out-of-the-box or custom cloud-native policy guardrails that identify and alert on violations. Third, we automate the enforcement and remediation of these policies.

How Anthem’s Massive Data Breach Could Have Been Avoided

As initially reported by Bank Info Security editor, Marianne McGee, Anthem, one of the world’s largest health insurers, recently suffered the largest-ever HIPAA fine at $16 million due to a 2015 data breach which affected nearly 79 million customers.

“The largest health data breach in U.S. history fully merits the largest HIPAA settlement in history,” says OCR Director Roger Severino.

“Unfortunately, Anthem failed to implement appropriate measures for detecting hackers who had gained access to their system to harvest passwords and steal people’s private information. We know that large healthcare entities are attractive targets for hackers, which is why they are expected to have strong password policies and to monitor and respond to security incidents in a timely fashion or risk enforcement by OCR.”

Identity and Access Management

According to Gartner, Identity and Access Management (IAM) is the security discipline that enables the right individuals to access the right resources at the right times for the right reasons. IAM is particularly important in the increasingly complex and heterogeneous technology environments of companies operating multiple clouds and cloud accounts.  The discipline includes the organizational policies for managing digital identity as well as the technologies needed to support identity management.

IAM is an area where many developers and engineers lack expertise and as a result, many are extremely hesitant about making configuration choices and often can inadvertently make poor choices.  There is an enormous risk for an organization when IAM is handled incorrectly as seen with Anthem.

Anthem’s IAM policies didn’t meet industry or regulatory standards and this was evident by their lack of adequate minimum access controls. Further illustrated by their lack of an enterprise-wide security risk assessment, their insufficient procedures to regularly review information system activity, and failure to identify and respond to suspected or known security incidents. These critical areas of security weakness led to a massive data breach of customer data, a $16 million HIPAA settlement, and several other legal actions and investigations that concluded with a record $115 million consolidated settlement.

That’s a lot of trouble DivvyCloud could have helped Anthem avoid.  DivvyCloud helps customers adhere to industry and regulatory standards including in areas like IAM.  For example, ensuring robust password policies including multi-factor authentication. Our out-of-the-box HIPAA compliance pack has mapped the entire framework to the major cloud service providers to keep your cloud infrastructure in compliance.

 

The Golden Rule

Going back to how it is easy for people to make poor choices, this often occurs by over granting privileges to cloud resources.  For good security, the golden rule is that when you create IAM policies you should only grant the least privilege—that is, grant only the permissions required to perform a task.  

Of course, to do this, you need to first determine what users need to do and then craft policies for them that let the users perform only those tasks.  Another approach is to start with a minimum set of permissions and grant additional permissions as necessary. This sounds great, but in practice, this is actually hard to do and time-consuming.  

What actually happens is that a developer will start with permissions that are too lenient.  Sometimes this is due to a lack of understanding or sometimes they intend this to be temporary but then get distracted and forget to later return and tighten the permissions.  In either case, they might write a policy that looks like this:

While this policy may certainly solve any access issues a user or application may be facing, they expose the account to an extraordinary amount of unnecessary risk. Additionally, policies like this are difficult to find and remove later, quickly becoming lost in the console among hundreds of other policies, nested in tabs that may never be visited again.

This is an example of why DivvyCloud has a big IAM focus. DivvyCloud’s real-time alerting enables customers to open a ticket using their ticketing system (Jira, ServiceNow, PagerDuty, etc.) based on any problems inside of the platform. Tickets are automatically created when problems are identified by Bots. This sends the issue directly to your IT team’s ticketing queue for remediation.  Anthem would have benefited from our automated reporting and remediation tools by being ensured they had minimum access controls, automated enterprise-wide security risk assessments, regular reports of information system activity, and the ability to continuously identify and remediate suspected or known security incidents.

Interested in learning more? Get your free trial of DivvyCloud or speak with a DivvyCloud expert today!


DivvyCloud mitigates security and compliance risk by providing virtual guardrails for security, compliance, and governance to customers embracing the dynamic, self-service nature of public cloud, and container infrastructure. Customers like General Electric, Discovery Communications, and Fannie Mae run DivvyCloud’s software to achieve continuous security governance in cloud and container environments (AWS, Azure, GCP, Alibaba, and Kubernetes).  First, our software performs real-time, continuous discovery of infrastructure resources allowing customers to identify risks and threats. Second, customers can implement out-of-the-box or custom cloud-native policy guardrails that identify and alert on violations. Third, we automate the enforcement and remediation of these policies.

Feature Release: 18.6 – Event Driven Harvesting, New Compliance Packs, & More

 

We are introducing some fantastic new capabilities in this release including event driven harvesting (“EBH”), three new compliance packs, and increased support for Amazon Web Services, Microsoft Azure, and Google Cloud Platform.  Our latest release also includes more than 130 new filters, actions, and general enhancements. Event Driven Harvesting is really exciting as it improves detection and remediation times, as well as provides additional auditable data and context for lifecycle actions and changes to cloud resource and security confirmations.

Twice a quarter DivvyCloud releases a new version of our software, and we are excited to announce our sixth release of 2018! Collaboration with our customers and the broader “cloud” community help shape these releases with improvements to core capabilities around discovery, analysis and automated remediation of cloud infrastructure as well as new features and support for the ever-expanding portfolio of services from the major cloud providers.

Highlights:


 

1. EVENT DRIVEN HARVESTING (BETA)
In this release, we introduce event driven harvesting for AWS resources.  Before this release we exclusively used an API driven polling based approach to discover resources and monitor their configuration relative to policies.  With the addition of event driven harvesting, we now offer a best in class dual layer approach for discovering and monitoring resources. Harvesting can now be triggered based upon events in your cloud as opposed to solely relying on a polling based approach. This dual layer approach provides the best of both worlds – the full immutable discoverability of API harvesting with the speed and richness of event driven harvesting.    At present, this capability is only available for AWS accounts through the use of AWS CloudWatch, but we will be expanding event driven harvesting to Azure, GCP, and Kubernetes in the coming releases. For AWS customers using CloudWatch we help them get the most out of this great service — DivvyCloud now makes CloudWatch events more accessible and actionable — especially in complex environments with a large number of AWS accounts.   Currently, event driven harvesting supports the following AWS resources:

Three Main Benefits of Event Driven Harvesting:

  • Fast Identification & Remediation of Issues with Key Resources – Faster identification, and reaction/remediation to change. In AWS, CloudWatch will identify changes within 90 seconds for key resources  allowing DivvyCloud to collect the information from this event stream. This approach speeds up the ability for us to identify a change, evaluate it against policy, and then take action to remediate policy violations.

  • Specific Data About Any Changes – Event driven harvesting provides rich contextual information and full visibility into who did what, where, and when.  For example, in the image above, in row 4 under “Action” you can see someone created an S3 Bucket. In row 5 you can see someone added tags to a bucket. In row 6 someone put an access control list on a bucket.  You can also see the time under “Date,” as well as the IP address under “Source IP.” This gives you the ability to see that John Smith created an S3 bucket at 11:19 am at a coffee shop in Asheville.

           If you click on the box all the way on the left, you get the exact change that happened with Amazon.

You can view the action, if it was an API change or if it was the console.  You get the user, so if you look at the highlighted word, you’ll see someone was using “root” which is a big “no no.” If root wasn’t being used, you might see “User/ Employee name.” Again, you get all of the exact information about the change.

  • Audit Global Changes Via Event Stream – Consider the above Cloud Event View and imagine you have 300+ accounts.  Using DivvyCloud badges you could say “show me all production changes,” and then across all 75 accounts that are badge production, you get your full, uniform feed of all production changes. Or you can filter the event stream using DivvyCloud Badges to cut the data by project, severity, owner, compliance requirements, etc.  With Native Amazon capabilities, you have to view this data account to account, region by region, vs. DivvyCloud’s new global view of all changes. Our badges give users that layer of fidelity that is vitally important when managing your cloud accounts.

 

2. New Compliance Packs

  • CSA CCM
    The Cloud Security Alliance maintains an industry standard matrix known as the Cloud Compliance Matrix (CCM). This framework contains controls to harden and secure cloud technology and aligns them against other security regimes such as NIST‐800.53, HIPAA and ISO 27001. With 18.6, this compliance standard is now supported within the product.
  • CIS Benchmarks for GCP
    In early September, the Center for Internet Security (CIS) published a new benchmark for security cloud workloads on Google Cloud Platform (GCP). This benchmark contains dozens of security recommendations across Identity & Access Management, Logging/Monitoring, Networking, Storage, Compute and Kubernetes.
  • CIS Benchmarks for Azure
    With release 18.5, we first introduced support for the CIS Benchmarks for Azure, and with 18.6 we’ve added over 25 new Insights and checks against this compliance framework.

 

3. Cloud Compliance (Cloud Account Health Check)
The *New* Cloud Compliance view enables users to get quick visibility into how each cloud account stands relative to one or more compliance frameworks. It provides a top-level view into the number of failed checks based on the selected compliance pack criteria. Badges can be leveraged to tailor the view to specific risk profiles, environments, owners and more.   

This compliance module, in the context of HIPAA for AWS, shows that you are failing 13 of 25 checks.  Why this is great, for example, is you can see how you are doing in your production accounts or the accounts owned by Jay. You can also take badges, and compare Jun Park’s account to Jay’s clouds.  This spread out over hundreds of cloud accounts is going to make it quick and easy to see how you’re trending for this compliance pack. If you put DivvyCloud in place and your risk is terrible across your production clouds, what you want to see over time because you’ve been using insights and bots, is your risk going down and making everything more secure.  

 

4. Filters Library
Filters are one of the key ingredients in how we manage insights and bots. With the 18.6 release, users will now have access to an exhaustive list of all (~600) filters employed in our system. This will be the one-stop location to check when a filter was created, modified, or deprecated. For those who want to see how the filter functions, this page will also let users open and see the source code of the filter definition.

 

5. Additional Cloud Support/Enhancements

    • Amazon Web Services
      • Support for Simple Notification Service (SNS)
      • Support for Simple Email
      • Service (SES) Support for CloudFront
      • Support for visibility into GuardDuty
      • Support for visibility into Lambda account limits
      • Store the boolean property for automatic minor upgrades for RDS instances Store and surface the VPC ID that’s associated with an
      • ElastiCache cluster
      • Support for harvesting of IAM SAML providers
      • Ability to view and modify IAM Role assume role policies
      • Visibility into cross-account private images
    • Google Cloud Platform
      • Support for Pub/Sub
      • Support for Service Account Keys
      • Support for tracking VPC flow logging and Google Private Access at the subnet level
      • Support for identifying legacy networks
      • Enhanced GKE visibility and configuration checks
      • Enhanced visibility into GCP Storage buckets
    • Microsoft Azure
      • Support for Azure Kubernetes Service (AKS)
      • Support for Cosmos DB
      • Support for Graph RBAC
      • Support for Databases
      • Support for Network Peers
      • Visibility into network limits/usage

Interested in learning more? View the full release notes associated with our 18.6 release, or get your free trial and see our features in action.



DivvyCloud mitigates security and compliance risk by providing virtual guardrails for security, compliance, and governance to customers embracing the dynamic, self-service nature of public cloud, and container infrastructure. Customers like General Electric, Discovery Communications, and Fannie Mae run DivvyCloud’s software to achieve continuous security governance in cloud and container environments (AWS, Azure, GCP, Alibaba, and Kubernetes).  First, our software performs real-time, continuous discovery of infrastructure resources allowing customers to identify risks and threats. Second, customers can implement out-of-the-box or custom cloud-native policy guardrails that identify and alert on violations. Third, we automate the enforcement and remediation of these policies.

 

FitMetrix Leaks Customer Data

Much like death and taxes, the inevitable has happened, another company has exposed its customer data.  Who’s the culprit this week? FitMetrix, a fitness technology and performance tracking company owned by gym booking giant Mindbody.

According to TechCrunch, last week, three FitMetrix servers were found by a security researcher to be leaking customer data. How long the servers remained exposed is unknown, but in September, the servers were indexed by Shodan, a search engine for open ports and databases.

The servers included two of the same ElasticSearch instances and a storage server — all hosted on Amazon Web Service — yet none were protected by a password, allowing anyone who knew where to look to access the data on millions of users.

What data was exposed?

More than 113.5 million records (though it remains unclear how many users were affected). “Each record contained a user’s name, gender, email address, phone numbers, profile photos, their primary workout location, emergency contacts and more.”

Out of the box, DivvyCloud’s software would have detected this misconfigured instance and automated the remediation to close this vulnerability in real-time.

Like so many AWS, GCP, Azure, and Alibaba cloud services, AWS ElasticSearch Service is an incredibly powerful and useful service. It is also very challenging for IT professionals, developers, and engineers to consistently configure these powerful services in a way that mitigates security and compliance risk.

First, it is a daunting task to learn about how to configure ever-evolving cloud services correctly — it is like drinking from a firehose. Second, it is even more daunting to know how to do this relative to the security standards (e.g., CIS Benchmark or NIST CSF) and regulatory frameworks (e.g., PCI DSS or HIPAA) that a company chooses to or must comply with. And lastly, it is difficult for any one person or group of people to achieve 100% consistency in applying these standards at the speed and throughput that we ask our tech teams to operate.

DivvyCloud solves these challenges for customers like General Electric, Discovery Communications, and Fannie Mae using cloud and container environments (AWS, Azure, GCP, Alibaba, and Kubernetes). First, our software performs real-time, continuous discovery of cloud and container infrastructure allowing customers to identify risks and threats. Second, customers can implement out-of-the-box or custom policy guardrails that identify and alert on violations. Third, we automate the enforcement and remediation of these policies.

In a nutshell, we mitigate security and compliance risk by providing virtual guardrails for security, compliance, and governance to customers embracing the dynamic, self-service nature of public cloud and container infrastructure.

Interested in learning more? Get your free trial of DivvyCloud or speak with a DivvyCloud expert today!

Kubedex’s Comparison of Google GKE vs Microsoft AKS vs Amazon EKS

Kubedex, a top destination to discover, compare and share Kubernetes Applications, recently shared an interesting, and self-described “brutal” article comparing cloud-hosted Kubernetes providers.

A screenshot of the Google sheet comparing GKE, AKS, and EKS.

True to his promise of a “brutal comparison,” the author was unsparing in his criticism of Microsoft AKS – “if the company I’m working for decided to migrate to Azure I’d find a new job.”

Kubedex’s final recommendation?  “Go with Google GKE whenever possible. If you’re already on AWS then trial EKS but it doesn’t really give you that much currently. You may be better off looking at Kops or some other cloud installer until they add managed workers and other integrations.”

We found this particularly interesting because in July Google introduced commercial Kubernetes applications in their GCP Marketplace and DivvyCloud was proud to be included as a launch partner.

That made it even easier for customers to deploy DivvyCloud to mitigate security and compliance risk while embracing the dynamic, self-service nature of Kubernetes. Now our customers can govern their container environments running on AWS Elastic Kubernetes Service (EKS), Google Kubernetes Engine (GKE), and Microsoft Azure Kubernetes Service (AKS).  They use DivvyCloud to monitor, apply policy, and take action on six resource types: Containers, Pods, Ingress, Node, Deployments, and Services. For the first time, customers can gain a holistic view of their cloud container infrastructure and apply policies across all the related and support elements (e.g., IAM and underlying or related cloud infrastructure).

Whether you agree with the author’s opinions or not, DivvyCloud’s software covers all three cloud-hosted Kubernetes providers and enables organizations to achieve continuous security governance of their container infrastructure.  Interested in learning more? Get your free trial of DivvyCloud or speak with a DivvyCloud expert today!

If interested in learning about deploying Kubernetes, check out our article “Deploying Kubernetes Across Multiple Clouds.


DivvyCloud mitigates security and compliance risk by providing virtual guardrails for security, compliance, and governance to customers embracing the dynamic, self-service nature of public cloud, and container infrastructure. Customers like General Electric, Discovery Communications, and Fannie Mae run DivvyCloud’s software to achieve continuous security governance in cloud and container environments (AWS, Azure, GCP, Alibaba, and Kubernetes).  First, our software performs real-time, continuous discovery of infrastructure resources allowing customers to identify risks and threats. Second, customers can implement out-of-the-box or custom cloud-native policy guardrails that identify and alert on violations. Third, we automate the enforcement and remediation of these policies.

Ensuring Continuous Security and Compliance in Your Cloud Environments

How do you ensure continuous security and compliance in your cloud and container environments?  Invest in cloud operations. This is the best way to ensure that your organization is consistently and continually mitigating this risk.  Cloud operations, or “CloudOps”, is the combination of people, processes, and tools that allow for organizations to consistently manage and govern cloud services at scale. Key to this is hiring and developing the right people, identifying processes that address the unique operational challenges of cloud services, and the automation of these processes with the right tools.  

One vital tool in your CloudOps toolkit should be software that provides centralized visibility of configuration choices, real-time evaluation of these choices against security policies, and automated remediation when a policy is violated.  DivvyCloud is exactly this kind of tool and our software is used by customers such as Discovery, Twilio, General Electric, Kroger, Fannie Mae, Turner, and Autodesk to achieve continuous security for their public cloud and container environments. We are natively multi-cloud, extensible, automate remediation to protect and mitigate real-time risks, and provide over 165 out-of-the-box policies for a quick start to fully secure your cloud.  

Below are 5 examples of these out-of-the-box policies, why they’re important, and which standards and directives they map to:

  • Storage Container Exposing Access To World
    Global API Accounting Config records API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the specific cloud service. Global API Accounting provides a history of API calls for each account, including API calls made via the management console, SDKs, command line tools, and other cloud services. Maps to Security Standards:
    • NIST Cyber Security Framework (CSF): ID.RA-1
    • NIST 800-53: SC-7
  • Instance With a Public IP Exposing SSH
    Security groups provide stateful filtering of ingress/egress network traffic to cloud resources. It is recommended that no security group allows unrestricted ingress access to port 22. Maps to Security Standards:
    • Center for Internet Security (CIS): Networking 4.1
    • NIST Cyber Security Framework (CSF): ID.RA-1
    • NIST 800-53: CM-7
  • Cloud Account Without Root Account MFA Protection
    The root account is the most privileged user in a cloud account. MFA adds an extra layer of protection on top of a username and password. With MFA enabled, when a user signs in to the cloud account, (s)he will be prompted for username and password as well as for an authentication code from an AWS MFA device. Note: When virtual MFA is used for root accounts, it is recommended that the device used is NOT a personal device, but rather a dedicated mobile device (tablet or phone) that is managed to be kept charged and secured independently of any individual personal devices. (“non-personal virtual MFA”) This lessens the risks of losing access to the MFA due to device loss, device trade-in or if the individual owning the device is no longer employed at the company Maps to Security Standards:
    • Center for Internet Security (CIS): Identity & Access Management 1.13
    • NIST Cyber Security Framework (CSF): DE.CM-3
    • NIST 800-53: PM-11
  • Access List Exposes SSH to World (Security Group)
    Access Lists (Security Groups) provide stateful filtering of ingress/egress network traffic to cloud resources. It is recommended that no security group allows unrestricted ingress access to port 22. Maps to Security Standards:
    • Center for Internet Security (CIS): Networking 4.1
    • NIST Cyber Security Framework (CSF): ID.RA-1
    • NIST 800-53: AC-17
    • CSA Cloud Controls Matrix (CCM): GRM-01
  • Access List Exposes Windows RDP to World (Security Group)
    Access Lists (Security Groups) provide stateful filtering of ingress/egress network traffic to cloud resources. It is recommended that no security group allows unrestricted ingress access to port 3389. Maps to Security Standards:
    • Center for Internet Security (CIS): Networking 4.2
    • NIST Cyber Security Framework (CSF): ID.RA-1
    • NIST 800-53: AC-17
    • CSA Cloud Controls Matrix (CCM): GRM-01

These are just some of the many multi-cloud policies that we can help you monitor and remediate.  Click here, if you’re interested in learning about others, as well as the top security risks that DivvyCloud protects you from. Or if you’d like us to explain, contact us and let’s have a conversation.


DivvyCloud mitigates security and compliance risk by providing virtual guardrails for security, compliance, and governance to customers embracing the dynamic, self-service nature of public cloud, and container infrastructure. Customers like General Electric, Discovery Communications, and Fannie Mae run DivvyCloud’s software to achieve continuous security governance in cloud and container environments (AWS, Azure, GCP, Alibaba, and Kubernetes).  First, our software performs real-time, continuous discovery of infrastructure resources allowing customers to identify risks and threats. Second, customers can implement out-of-the-box or custom cloud-native policy guardrails that identify and alert on violations. Third, we automate the enforcement and remediation of these policies.

Join DivvyCloud at the Microsoft Ignite | September 24-28 [Booth #240]

Join DivvyCloud at Microsoft Ignite 2018 and answer the question we are asking all attendees: “Where do you need guardrails?”

DivvyCloud mitigates risk by providing virtual guardrails for security, compliance, and governance to customers embracing the self-service nature of public cloud, and container infrastructure. Customers like General Electric, Discovery Communications, and Fannie Mae run DivvyCloud’s software to achieve continuous security governance in cloud and container environments (Azure, AWS, GCP, Alibaba, and Kubernetes).  

Microsoft Ignite is a great place for us to meet interesting people like you who are doing amazing things with Microsoft Azure.  We’d love to learn more about your Azure goals, plans, and challenges, and share our vision of how automation can make it a lot easier to securely operate Azure environments.  

Have questions about security and compliance in Azure?  Schedule a time to speak with our Azure experts at booth #240 on September 24th-28th to get the answers.  

If you haven’t attended before, Microsoft Ignite is designed to bring together the cloud computing community to connect, collaborate, and learn about Azure. Check out the sessions we recommend to further your Azure security and compliance knowledge:

  1. Azure Kubernetes Service and containers with Brendan Burns
  2. Microsoft security: How the cloud helps us all be more secure
  3. Secure your resources in Azure with Azure Security Center

The DivvyCloud Azure Advantage: Customers with Microsoft Azure (and other cloud technologies) can leverage a single management platform for event-driven, self-healing cloud infrastructure.

Consistent Policy Enforcement: DivvyCloud automation Bot’s work within our unified data model and therefore can enforce security, cost, and performance policies consistently across different Azure deployments (as well as other clouds).

Multi-Cloud Taxonomy: Organize assets in new ways by leveraging DivvyCloud resource groups with auto-curation capabilities. Resource groups are a many-to-many relationship that can contain resources from multiple Azure subscriptions and any other supported cloud technology such as AWS, VMware or OpenStack. They enable IT and stakeholders to better organize and delegate permissions to cloud and application resources.

Unified Experience: Reduce the complexities and barriers to entry when switching users between Microsoft Azure and other popular cloud technologies such as Amazon Web Services and Google Compute Engine. Our unified experience does the heavy lifting for stakeholders. With DivvyCloud all clouds look and feel the same making it easier for end-users to focus the compute, storage and networking resources they require.

Scheduled Instances: There’s a great deal of waste with resources running on a 24x7x365 basis. Oftentimes, development, QA, and staging compute instances are required only during business hours and/or can be suspended entirely during the weekend/holidays. Using DivvyCloud’s Scheduled Instances Bot, customers can define custom stop/start schedules that can cut dramatically down their monthly bills. By coupling the feature with resource groups, we can easily define different schedules for production, development, or specific project teams as needed.

Provisioning Templates: Reduce the steps required for users to provision the compute power they need for their day-to-day tasks. Provisioning templates provide point-and-click access to compute instances and can be shared amongst users in the organization. Template authors can define optional overrides as well, allowing the user to personalize a standard template while remaining in compliance.

Instance Auditing: Identify and even prevent end-users from spinning up excess compute capacity by defining blacklisted instance types. Custom policies can be enforced per Azure subscription making it easy for administrators to keep a handle on cloud cost across their cloud environments.

Disparate Resource Notification: Too often end-users mistakenly provision in regions that aren’t used for your product/service. You can now easily prevent this resulting not only in cost reduction but bolstering corporate security posture by eliminating unknown entry points into the cloud.

Secure Cloud Storage with Proper Configuration

An organization that has transitioned to a cloud provider such as Amazon Web Services, Microsoft Azure, Google Cloud Platform, or any combination thereof should immediately be thinking about the configuration of cloud services as a key element to security.

Many IT leaders and professionals make the mistake of approaching security in the cloud the same way they approached security in a traditional data center. However, in the software-defined world of public cloud, there is an added wrinkle.  Without a holistic approach to security which includes a view of configuration, you can easily open yourself up to undue risk. Configuration is an additional challenge when dealing with software-defined infrastructure in the public cloud. This is especially of concern when empowering developers and engineers with self-service for provisioning and configuration, who may not be familiar with security and having to deal with the rate of change in the cloud.  Because cloud technology is always changing, it’s vitally important that we understand the configuration choices being made. Validating those configuration choices against security standards becomes far more important for most companies now than in the past because failing to do so, for example, in storage containers, can lead to the company data breaches that we continuously hear about in the news.

Storing remotely versus locally offers huge advantages to both consumers and businesses, however, storage container breaches are a constant in the news these days. Too many companies (Fed Ex, Alteryx, National Credit Federation, Verizon, Australian Broadcasting Corporation, Dow Jones, Deep Root Analytics, Robocent, Macy’s, Adidas, GoDaddy, SpyFone, etc.) in the last year alone, have exposed sensitive, personal information for hundreds of millions of people from around the world. This epidemic has seen the theft or loss of more than 9 billion data records in the last five years.   

How are these attackers able to breach company storage containers?
Often times the storage container configuration is incorrect. The created container permissions may have been too broad which allows anyone to access the data. Again, these containers may have been serviced by people who aren’t familiar with security, thus the developer who created the container was unaware of how to properly secure it, or it was something as simple as an oversight.  For example, let’s say a developer was troubleshooting an issue that was causing an application to fail and suspected the storage container access was to blame. The developer may have tweaked the storage container configuration leaving it open to the public, and as the application began working again, moved on to another project. Now that company has an exposed storage container. It may not have even been the developer’s fault as someone else may have altered the container’s configurations at a later date for any number of reasons. So many organizations are made vulnerable because a lot of them don’t have processes that prevent insecure software deployments.

How do organizations avoid exposing their storage containers?
For starters, you could do nothing. Amazon S3 buckets, for example, are private by default and can only be accessed by users that have been explicitly given access. Again, by default, the account owner and the resource creator are the only ones who have access to an S3 bucket and key, so someone has to actively misconfigure an S3 to expose the data.  

Image Source

Amazon has been actively working to help companies avoid breaches caused by misconfiguration.  In November 2017 AWS added number of new Amazon S3 features to augment data protection and simplify compliance.  For example, they made it easier to ensure encryption of all new objects and monitor and report on their encryption status.  They have also provided guidance on approaches to combat this issue, like the use of AWS Config to monitor for and respond to S3 buckets allowing public access.

As a most basic first step to avoiding S3 bucket leaks, take advantage of the native AWS capabilities.  Ensure that you are always purposefully using AWS S3 access policies to define who can access the objects stored within. Ensure your team is well trained to never open access to the public, unless absolutely necessary, as doing so can result in the exposure of PII and other sensitive data. And help prevent unauthorized access to your data by taking advantage of capabilities like AWS Config.  

The challenge is that many organizations struggle to adopt and enforce best practices consistently, and only 100% consistency can ensure protection against a breach.  This is why an investment in cloud operations is a vital additional step.

How does DivvyCloud help customers fix the problem?
DivvyCloud’s customers leverage bot automation to remove the public permissions from the access control list where necessary.  Customers can also leverage bucket policies in place of access control lists for the finer-grained access control. DivvyCloud’s bot automation prevents data breaches by finding, alerting, and remediating misconfigured storage containers way before vulnerabilities are exposed.

It’s important to highlight one of the things DivvyCloud does well, is not only to flag the problem in real-time but to give customers an exact pointer to where the problem is. If somebody were to tell you “there is an open S3 bucket” but didn’t narrow down to a granular level, where would you start?  This is why DivvyCloud doesn’t simply alert that there is an open S3 Bucket, we take action and inform the customer to exactly which bucket in which account.

In the end, the way to avoid exposing data in cloud storage containers is really common sense: Don’t ever configure the storage containers to be exposed to the public. Organizations need to learn about security configurations while evaluating their public cloud options or pay someone else like DivvyCloud, to do it for them. Otherwise, it’s only a matter of time before they join the 12 aforementioned organizations in the growing list of those who have to explain to their customers that their information has been compromised.

Install DivvyCloud today with a  free 30-day trial and make these storage container misconfigurations a thing of the past (now and forever).



DivvyCloud mitigates security and compliance risk by providing virtual guardrails for security, compliance, and governance to customers embracing the dynamic, self-service nature of public cloud, and container infrastructure. Customers like General Electric, Discovery Communications, and Fannie Mae run DivvyCloud’s software to achieve continuous security governance in cloud and container environments (AWS, Azure, GCP, Alibaba, and Kubernetes).  First, our software performs real-time, continuous discovery of infrastructure resources allowing customers to identify risks and threats. Second, customers can implement out-of-the-box or custom cloud-native policy guardrails that identify and alert on violations. Third, we automate the enforcement and remediation of these policies.

 

DivvyCloud’s CSA Cloud Controls Matrix (CCM) Insight Pack

DivvyCloud is proud to announce that we have just released the Cloud Security Alliance Cloud Controls Matrix (CSA CCM) as a new insights pack.

What is CSA CCM?
Cloud native frameworks such as the CSA CCM allow companies to embrace the many benefits of the public cloud without opening up a Pandora’s box of risk. The CSA CCM provides organizations with the needed structure, detail, and clarity relating to information security tailored to the cloud industry, and has become the generally agreed upon standard of US-based financial services companies on how they will govern their use of the cloud.   Many financial institutions use the CSA CCM because it encompasses multiple security frameworks across multiple organizations and allows them to look at their legacy frameworks and determine which portions are covered.

DivvyCloud has taken this framework of cloud-specific controls and implemented it as one of our Insight Packs.  This operationalizes the controls, allowing DivvyCloud customers immediate, and continued visibility into policy violations and automated remediation of those violations.

The CSA CCM strengthens existing information security control environments in a number of ways:

  • It emphasizes business information security control requirements;
  • It reduces and identifies consistent security threats and vulnerabilities in the cloud;
  • It provides standardized security and operational risk management;
  • It seeks to normalize security expectations, cloud taxonomy and terminology, and security measures implemented in the cloud.

Dive Into DivvyCloud’s CSA CCM Insight
CSA CCM has directives AIS-04, BCR-07, BCR-10, BCR-11, IAM-01, IAM-12, IVS-01, and IVS-03.  All of these require that you have Global API Accounting Configured so that it records API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the specific cloud service. Global API Accounting provides a history of API calls for each account, including API calls made via the management console, SDKs, command line tools, and other cloud services.  Without this, you are in violation of CSA CCM. With DivvyCloud our “Cloud Account Without Global API Accounting Config” Insight will identify when this is violated and customers can build an automation to remediate. For example, in AWS, this would mean DivvyCloud would use the API write credentials to turn on AWS CloudTrail for the resource in question.

Interested in learning more? Get your free trial of DivvyCloud and see the CSA CCM Insight Pack in action.



DivvyCloud mitigates security and compliance risk by providing virtual guardrails for security, compliance, and governance to customers embracing the dynamic, self-service nature of public cloud and container infrastructure. Customers like General Electric, Discovery Communications, and Fannie Mae run DivvyCloud’s software to achieve continuous security governance in cloud and container environments (AWS, Azure, GCP, Alibaba, and Kubernetes).  First, our software performs real-time, continuous discovery of infrastructure resources allowing customers to identify risks and threats. Second, customers can implement out-of-the-box or custom cloud-native policy guardrails that identify and alert on violations. Third, we automate the enforcement and remediation of these policies.

Yet Another S3 Bucket Leak … SpyFone’s Data Exposed!

News broke last week that sensitive data was exposed yet again. I hope you haven’t forgotten our running analogy, “we are living in the cybersecurity version of the movie Groundhog Day.”  It seems like every day we are reliving the same problem, the same leak over and over again. If you are reading this thinking “yes, you’ve used that analogy way too many times,” then I hope you understand that’s kind of the point.

Nevertheless, it’s time to add another company to the list of S3 bucket leaks that have exposed sensitive, personal information for hundreds of millions of people from around the world.

So what happened this time?

SpyFone, whose website hero header reads “Monitor Your Children with World’s #1 Parental Monitoring Software – Trusted by Parents Worldwide” left the data of thousands of its customers—and the information of the children they were monitoring—exposed in an unprotected Amazon S3 bucket.

According to Motherboard:

The data exposed included selfies, text messages, audio recordings, contacts, location, hashed passwords and logins, Facebook messages, and more.

 

A security researcher found the data on an Amazon S3 bucket owned by SpyFone, and Motherboard was able to verify that the researcher had access to SpyFone’s monitored devices’ data by creating a trial account, installing the spyware on a phone, and taking some pictures. Hours later, the researcher sent back one of those pictures.

 

The researcher said that the exposed data contained several terabytes of “unencrypted camera photos.

SpyFone’s tagline in the features section of their website reads: “Get peace of mind while monitoring your children’s activity online.”  If not for the security researcher finding the exposed data first, it may not have been only the parents who were monitoring their children’s selfies, text messages, calls, location, etc. The risk of companies exposing personal data is very high, and at times, even dangerous.

What could SpyFone have done differently?

For starters, SpyFone could have done nothing. Amazon S3 buckets are private by default and can only be accessed by users that have been explicitly given access. Again, by default, the account owner and the resource creator are the only ones who have access to an S3 bucket and key.

SpyFone could have also installed DivvyCloud.

In about 15 minutes, you can install DivvyCloud, connect your cloud (AWS, Azure, and GCP) accounts, quickly see S3 buckets that are misconfigured, and then turn on real-time continuous automated remediation of misconfigured buckets.

Make S3 bucket leaks a thing of the past (now and forever). Install DivvyCloud today with a  free 30-day trial and make sure your company never makes the news for an S3 bucket leak.


DivvyCloud mitigates security and compliance risk by providing virtual guardrails for security, compliance, and governance to customers embracing the dynamic, self-service nature of public cloud, and container infrastructure. Customers like General Electric, Discovery Communications, and Fannie Mae run DivvyCloud’s software to achieve continuous security governance in cloud and container environments (AWS, Azure, GCP, Alibaba, and Kubernetes).  First, our software performs real-time, continuous discovery of infrastructure resources allowing customers to identify risks and threats. Second, customers can implement out-of-the-box or custom cloud-native policy guardrails that identify and alert on violations. Third, we automate the enforcement and remediation of these policies.

 

Why is Cloud Computing a Top Risk for Enterprise Executives?

As of Q2 in 2018, cloud computing remains the top risk concern for enterprise executives surveyed by Gartner.  Every quarter, Gartner surveys risk, audit, and compliance executives for information about impending threats to their enterprises.  Here are the survey results:

According to Gartner’s survey, it seems data breaches in the cloud are the number one concern of enterprise executives.

Why do executives feel the risk is so high? The Cultural change. This new self-service access to a broader set of individuals that comes along with cloud computing is what drives the risk. In general, that the speed of change means people haven’t had time to update their skill sets and don’t know what they are doing.  These are problems that are minimized in an old-school data center environment, yet old-school data centers don’t provide the flexibility, scalability, agility, rapid innovation, etc. that cloud does.

But is cloud computing really any less secure than maintaining your own hardware? The simple answer is that cloud computing is generally more secure if and when managed properly. Risks exist whether IT is managed in-house or virtually. As long as IT departments use a high-security standard at the forefront of their cloud strategy, just as they would for applications, platforms, and infrastructure deployed in-house, then the utilization of shared services in the cloud will successfully yield those major management benefits that old-school data centers don’t.

Another Day, Another S3 Bucket Leak … GoDaddy’s Data Exposed!

News broke this week that sensitive data was exposed yet again. Remember our running analogy, “we are living in the cybersecurity version of the movie Groundhog Day?”  It feels like the same day, the same problem, the same leak over and over again. Too often now we hear about S3 bucket leaks (Fed Ex, Alteryx, National Credit Federation, Verizon, Australian Broadcasting Corporation, Dow Jones, Deep Root Analytics, Robocent, Macy’s, Adidas, etc.)  that have exposed sensitive, personal information for hundreds of millions of people from around the world. This epidemic has seen the theft or loss of more than 9 billion data records in the last five years.  

So what happened this time?

GoDaddy, one of the world’s top domain name registrars with over 18 million customers, was discovered to have files containing detailed server information, stored in an unsecured S3 bucket. According to the report from cybersecurity firm Upguard, the exposed documents include high-level configuration information for tens of thousands of systems and pricing options for running those systems in Amazon AWS, including the discounts offered under different scenarios.  

Mallory Locklear, Engadget, reported that UpGuard notified GoDaddy of the discovery shortly after uncovering the exposed storage bucket, but GoDaddy didn’t secure the information for over five weeks. In that time, when checking up on the progress of his report, it was said that it’s typical for there to be a delay following security reports such as this one.

It seems in this instance that Amazon itself was the cause of the exposure. “The bucket in question was created by an AWS salesperson to store prospective AWS pricing scenarios while working with a customer,” an AWS spokesperson told Engadget. “No GoDaddy customer information was in the bucket that was exposed. While Amazon S3 is secure by default and bucket access is locked down to just the account owner and root administrator under default configurations, the salesperson did not follow AWS best practices with this particular bucket.”

Even though GoDaddy’s publicly exposed S3 bucket seems to be the fault of their cloud provider, there are still potential risks, for example, did anyone else access their information outside of UpGuard in the five+ weeks their S3 bucket remained exposed?

“One could arguably say that GoDaddy hosts a fifth of the internet,” UpGuard reported. “And a successful attack on its systems could potentially disrupt global internet traffic.”

In the movie Groundhog Day, Bill Murray is trapped in a time loop, where escape is only possible after accumulating knowledge through multiple passes.  Companies should have plenty of knowledge on S3 bucket leaks now, so instead of waiting 34 years (estimated amount of time Murray spent in the Groundhog Day time loop), organizations should invest in learning from their peer’s mistakes and immediately put cloud security into the forefront of development plans.

You can stop S3 bucket leaks today with one easy step: install DivvyCloud.

In about 15 minutes, you can install DivvyCloud, connect your cloud (AWS, Azure, and GCP) accounts, quickly see S3 buckets that are misconfigured, and then turn on real-time continuous automated remediation of misconfigured buckets.

Make S3 bucket leaks a thing of the past (now and forever). Install DivvyCloud today with a  free 30-day trial and make sure your company never makes the news for an S3 bucket leak.

DivvyCloud mitigates security and compliance risk by providing virtual guardrails for security, compliance, and governance to customers embracing the dynamic, self-service nature of public cloud, and container infrastructure. Customers like General Electric, Discovery Communications, and Fannie Mae run DivvyCloud’s software to achieve continuous security governance in cloud and container environments (AWS, Azure, GCP, Alibaba, and Kubernetes).  First, our software performs real-time, continuous discovery of infrastructure resources allowing customers to identify risks and threats. Second, customers can implement out-of-the-box or custom cloud-native policy guardrails that identify and alert on violations. Third, we automate the enforcement and remediation of these policies.

Feature Release: 18.5 – Kubernetes, Cost Visibility, GCP, & More

 

Twice a quarter DivvyCloud releases new product features, and we are excited to announce our fifth feature release of 2018! Collaboration with our customers and the community help shape these releases across all the pillars of our product: discovery, analysis, and automated action.

With this release, we now deliver continuous security and compliance to container environments in addition to public clouds. We also expanded support to include more services in AWS and GCP, and to increase the ability to apply policy to Identity & Access Management with a particular focus on GCP.   Some highlights include:

  • Support for Kubernetes:  DivvyCloud now supports AWS Elastic Kubernetes Service (EKS), Google Kubernetes Engine (GKE), Microsoft Azure Kubernetes Service (AKS).  You can now monitor, apply policy and take action on six resource types: Containers, Pods, Ingress, Node, Deployments, and Services.
  • Support for AWS Kinesis Firehose: DivvyCloud now helps you secure this real-time streaming data service in Amazon Web Services. Data security is top of mind for many customers and we help ensure that no matter where your data resides inside of AWS we can help you ensure that misconfigurations don’t create a risk of breach.  
  • Root Account Information: Securing your root credentials is a vital piece of cloud security and compliance.
  • Cloud Service Cost Coverage: You can now build insights that identify risk of runaway spending and allow you to take action to prevent it.  

Below we dive more deeply into these five highlights from our latest release:


 

  • Support for Kuberenetes DivvyCloud has expanded support to containers, and specifically Kubernetes.  With the latest version of DivvyCloud, you can now govern container environments running on AWS Elastic Kubernetes Service (EKS), Google Kubernetes Engine (GKE), Microsoft Azure Kubernetes Service (AKS).  You can use DivvyCloud to monitor, apply policy, and take action on six resource types: Containers, Pods, Ingress, Node, Deployments, and Services. For the first time, customers can gain a holistic view of their cloud container infrastructure and apply policies across all the related and support elements (e.g., IAM and underlying or related cloud infrastructure.)

 

  • Support for Kinesis Firehose – Amazon Kinesis Firehose is a fully managed, elastic service that can capture streaming data, transform the data, and then send the data to Amazon Elasticsearch Service.  DivvyCloud monitors the configuration of two resource typesKinesis data stream and Firehose delivery stream.). We then provide the ability to compare configurations and configuration changes against the policies you have defined.  When we identify a policy violation you can automate the remediation of this violation. To apply granular controls, DivvyCloud users can locate specific data streams via filtering by numbers of shards, data retention period, and encryption status. Users can also filter delivery streams by their delivery type. Data security is top of mind for many customers and we help ensure that no matter where your data resides inside of AWS we can help you ensure that misconfigurations don’t create risk of breach.

 

  • Root Account Information:  DivvyCloud can gain visibility into customers’ credential report to figure out if the root account is actually being used.  Use of the root account in AWS is the biggest “no-no.” You’re never supposed to use it because it can effectively do everything in your account, and there is no attribution.  For example, say I give four team members root account access, and a day later I see in my logs that root just deleted 50 instances. Who deleted the instances and why? I don’t know, and now there’s a problem.  Now with the addition of the root account, administrators can quickly get visibility across all of their root accounts including the last time that the account was used, if it has two-factor and the count of active/inactive API credentials.  

 

  • Cloud Service Cost Coverage: DivvyCloud has added the ability to ingest your billing information from cloud providers.   This makes it easy to analyze your historical spend on one or more cloud services. But more importantly you can now use this data to drive action inside the DivvyCloud platform.  For example, you can then configure policies around cost and service tracking that alert when spending exceeds thresholds you have set. For example, many customers are concerned about developers experimenting with a new cloud service that may be extremely expensive. All too often, a well-intentioned person starts up a service to experiment, gets distracted, forgets about the service, and a month later a massive bill comes due.  These types of cost overruns are a nightmare scenario that we can now prevent. For example, you might configure a policy to alert if anyone in your organization spends more than $100 in a given period on Amazon Athena. This way you can proactively have visibility when developers start experimenting with new and novel cloud services that might run up the bill.

 

Interested in learning more? Click here to view the full release notes associated with our 18.5 release, or get your free trial and see our features in action.

DivvyCloud delivers comprehensive policy-driven security, compliance, and governance for cloud infrastructure (AWS, Azure, GCP, Alibaba Cloud, VMware, and OpenStack).  Our software performs real-time discovery of connected clouds, distills this data into actionable insights, and then makes it easy to configure policies that are automatically enforced across all clouds.  In essence, we provide virtual guardrails for security, compliance, and governance that help customers like GE, Discovery, and Fannie Mae go big and go fast in the public cloud, but still stay secure and compliant.

The Headache of Managing Cloud Spend

Many companies are failing to manage their cloud environment effectively, and are dealing with the daily headaches that come as a result. It’s become much easier to purchase new software or services, which means it’s even easier for spending to increase. Not effectively managing those expenditures can spin quickly into headache #1 – overspending.

A cloud fundamental is that you pay only for the computing power you use. If a company can plan usage or reserved instances then that will yield significant cost savings. However, most organizations lack the visibility to prepare for future needs accurately. Furthermore, companies are becoming more agile in the cloud. Development teams and business units can now gain immediate access to the resources they need through the push of a button. IT Directors live with a general fear that a developer will provision an expensive service that will create a $30,000 bill in a week and that they’ll only find out about it when it is too late.

In Azure, one of our developers was prototyping adding support for a service called Data Warehouse. He clicked a few buttons and launched it, went to lunch, came back and completely forgot about it. About a month later, our CFO looked at our bill and Slacked the team “who spent $5,000 last month on Microsoft Azure?” This happens to companies ALL the time. If DivvyCloud had the Cloud Service Cost Coverage feature when this incident occurred, we would have gotten an alert, and even though we don’t support Data Warehouse we would have seen the Data Warehouse charge. That charge may have gone from $0 to $100, but we would have identified the anomalous spend before it got out of control.

DivvyCloud gives you the right kind of data, to be able to make the right kind of decisions to take actions that protect you from cost overruns and waste.

DivvyCloud has added the ability to link a cloud account to your master so we can get the bill. When you look at your AWS, GCP, and Microsoft Azure bill, you’ll notice: 1) these bills are enormous—even the non-line item bills are 200 megabytes; and 2) they take all of these hourly and second charges then they bubble them up to a service: things like AWS Elastic Compute Cloud and AWS Support. DivvyCloud historically tracks that data and pulls it down once a day. Now you can quickly analyze your historical spend on one or more cloud services. You can then configure policies around cost and service tracking that alert when spending exceeds thresholds you have set. For example, “Alert me when EC2 spend exceeds $300 in the period, across all of my development accounts.”

This feature helps mitigate the risk mentioned above, that a developer will provision an expensive service that will create a $30,000 bill in a week, and that you’ll only find out about it when it is too late.

Interested in learning more? Get your free trial and see how our features will protect you from cost overruns and much more.

DivvyCloud delivers comprehensive policy-driven security, compliance, and governance for cloud infrastructure (AWS, Azure, GCP, Alibaba Cloud, VMware, and OpenStack). Our software performs real-time discovery of connected clouds, distills this data into actionable insights, and then makes it easy to configure policies that are automatically enforced across all clouds. In essence, we provide virtual guardrails for security, compliance, and governance that help customers like GE, Discovery, and Fannie Mae go big and go fast in the public cloud, but still stay secure and compliant.

Robocaller’s Leaky S3 Bucket Exposes Voter Information

News broke last week that sensitive data was yet again leaked… yeah, this is the same song we sing almost every week, but that’s kind of the point.  Our running analogy, “sometimes it feels like we are living in the cybersecurity version of the movie Groundhog Day,” becomes more apt with every passing day.

So what happened this time?

As reported by Zack Day, Security Editor for ZD Net, Robocent, a Virginia-based political campaign and robocalling company, left a massive batch of files containing hundreds of thousands of voter records on a public and exposed Amazon S3 bucket that anyone could access without a password.

Another misconfigured S3 bucket …

According to statistics from Bitdefender, as many as 7% of all S3 servers are entirely publicly accessible without any authentication, and 35% are unencrypted. If you dig through some of the recent leaks caused by poorly configured Amazon S3 resources, “these aren’t low-value data stores.”

Recent leaks caused by leaky S3 buckets:

These are just a few of the companies that have exposed sensitive, personal information for hundreds of millions of people from around the world.

This can change. You can stop S3 bucket leaks today with one easy step: install DivvyCloud.

In about 15 minutes, you can install DivvyCloud, connect your cloud (AWS, Azure, and GCP) accounts, quickly see S3 buckets that are misconfigured, and then turn on real-time continuous automated remediation of misconfigured buckets.

Make S3 bucket leaks a thing of the past (now and forever). Install DivvyCloud today with a  free 30-day trial and make sure your company never makes the news for an S3 bucket leak.


DivvyCloud mitigates security and compliance risk by providing virtual guardrails for security, compliance, and governance to customers embracing the dynamic, self-service nature of public cloud, and container infrastructure. Customers like General Electric, Discovery Communications, and Fannie Mae run DivvyCloud’s software to achieve continuous security governance in cloud and container environments (AWS, Azure, GCP, Alibaba, and Kubernetes).  First, our software performs real-time, continuous discovery of infrastructure resources allowing customers to identify risks and threats. Second, customers can implement out-of-the-box or custom cloud-native policy guardrails that identify and alert on violations. Third, we automate the enforcement and remediation of these policies.

DivvyCloud Partners with Google to Help Launch Commercial Kubernetes Marketplace

On Wednesday, July 18th, Google introduced commercial Kubernetes applications in their GCP Marketplace and DivvyCloud was proud to be included as a launch partner.  For the first time, commercial Kubernetes applications are available to deploy with one click to Google Kubernetes Engine with a usage-based pricing model. Commercial Kubernetes applications can be deployed on-premise or even on other public clouds through the Google Cloud Platform Marketplace.

GCP Marketplace is based on a multi-cloud and hybrid-first philosophy, focused on giving Google Cloud partners and enterprise customers flexibility without lock-in. It also helps customers innovate by easily adopting new technologies from ISV partners, such as commercial Kubernetes applications, and allows companies to oversee the full lifecycle of a solution, from discovery through management.

As part of Google’s launch, we launched our commercial Kubernetes application, available to all users through the Google Cloud Platform Marketplace. This makes it even easier for GCP customers to deploy DivvyCloud to mitigate security and compliance risk while embracing the dynamic, self-service nature of Google Cloud Platform, Google Kubernetes Engine, and Kubernetes.

Commercial Kubernetes applications available now


“To remain competitive and deliver on user demands, organizations adopting cloud need ready access to trusted, tested and portable applications that can run across their entire infrastructure. At Google Cloud we strive to make it as easy as possible for customers of all sizes to deploy, purchase and manage leading solutions in the cloud,” said Jennifer Lin, Director of Product Management Google Cloud. “The availability of commercial Kubernetes applications from providers like DivvyCloud is a critical part of extending enterprise investments and can simplify adoption of container-based infrastructure no matter what environment they operate in, either on-premise or in the public cloud.”

Customers exploring or using Kubernetes can easily access DivvyCloud on the marketplace, with rapid, same-day deployment. The Google Cloud Platform Marketplace makes it simple for customers to quickly deploy and manage the DivvyCloud solution, and to know when updates are available.  

Interested in learning more? Get your free trial of DivvyCloud or speak with a DivvyCloud expert today!

DivvyCloud software enables organizations to achieve their cloud and container goals by simplifying and automating security, compliance, and governance of infrastructure. Customers like General Electric, Discovery Communications, and Fannie Mae run DivvyCloud’s software to achieve continuous security governance in cloud and container environments (AWS, Azure, GCP, Alibaba, and Kubernetes). DivvyCloud was founded by seasoned technologists who understand firsthand what is necessary to succeed in today’s fast-changing, multi-cloud world.

Hack In Business: Macy’s & Adidas Data Breach

Another week, another data breach.  In the last two weeks, news broke that both Adidas and Macy’s suffered data breaches.   

In a letter leaked to DataBreaches.net, Macy’s wrote to affected customers that “the attacker used valid user credentials (usernames and passwords) to login to some online profiles … we believe valid login credentials were stolen from another company and/or sourced from the dark web.”

Adidas came clean to its customers about their data breach, and although details at this time are scarce, what is known is that “an unauthorized party” breached Adidas’ server; managing to steal the contact details, usernames, and encrypted passwords of “a few million consumers.”

Back in February, I believe we said it best. “Sometimes it feels like we are living in the cybersecurity version of the movie Groundhog Day. Day after day, week after week, we hear about data breaches that have exposed sensitive, personal information for hundreds of millions of people from around the world.”

Let’s take a look at eight other retailers who have suffered data breaches in 2018:

  1. Sears – April
  2. Kmart – April
  3. Delta – April
  4. Saks 5th Avenue – April
  5. Best Buy – April
  6. Lord & Taylor – April
  7. Under Armour – March
  8. Panera Bread – April

We are living in a world where there are hundreds of thousands of people around the globe continuously (whose job it is even) trying to exploit vulnerabilities. Regardless of how the breach occurs, typically, it’s because of an approach to compliance that is manual and periodic rather than continuous. Inevitably, that creates a cycle of being in and out of compliance.  The problem is that even a brief lapse in compliance opens up a window that can and will be exploited. When you don’t achieve continuous compliance through monitoring and automated remediation, then it’s only a matter of time before you join the 10 retailers mentioned above in the growing list of companies who have to explain to their customers that their information has been compromised.

DivvyCloud wants to help!

In the cloud?  If so, get your free trial of DivvyCloud and explore how we can secure your entire cloud environment.

DivvyCloud mitigates security and compliance risk by providing virtual guardrails for security, compliance, and governance to customers embracing the dynamic, self-service nature of public cloud, and container infrastructure. Customers like General Electric, Discovery Communications, and Fannie Mae run DivvyCloud’s software to achieve continuous security governance in cloud and container environments (AWS, Azure, GCP, Alibaba, and Kubernetes).  First, our software performs real-time, continuous discovery of infrastructure resources allowing customers to identify risks and threats. Second, customers can implement out-of-the-box or custom cloud-native policy guardrails that identify and alert on violations. Third, we automate the enforcement and remediation of these policies.

DivvyCloud’s Microsoft Azure CIS Insight Pack

In March 2018, Microsoft published the CIS Microsoft Azure Foundations Security Benchmark. CIS Benchmarks are the recognized industry-standard for securely configuring traditional IT components.

DivvyCloud has taken this prescriptive guidance for establishing a secure baseline configuration for Microsoft Azure and implemented it as one of our Insight Packs.  DivvyCloud customers now have immediate, and continued visibility into the posture of their Azure environments against the Azure CIS benchmark, and can use Bots to automate the remediation of policy violations.

The Azure CIS benchmark’s purpose is to establish the foundation level of security for anyone adopting Microsoft Azure Cloud. Microsoft operates Azure using a shared responsibility model, similar to all public cloud providers. Per Microsoft, “shared responsibility in public cloud is related to the fact that you have a partner when you host resources on a public cloud service provider’s infrastructure. Who is responsible for what (regarding security) depends on the cloud service model you use (IaaS/PaaS/SaaS). With IaaS, the cloud service provider is responsible for the core infrastructure security, which includes storage, networking and compute (at least at the fabric level – the physical level).”  Microsoft has published the graphic below to illustrate how shared responsibility works across the cloud service models.

For a deeper dive into the shared responsibility model, check out Microsoft’s Shared Responsibilities for Cloud Computing paper.  This paper helps clarify to potential Azure customers where Azure’s implementation of security controls ends and begins, and where the customer’s responsibilities also begin and end (and this is where DivvyCloud’s Azure CIS Insight Pack comes in real handy).  

Interested in learning more? Get your free trial of DivvyCloud and see the Azure CIS Insight Pack in action.

DivvyCloud mitigates security and compliance risk by providing virtual guardrails for security, compliance, and governance to customers embracing the dynamic, self-service nature of public cloud and container infrastructure. Customers like General Electric, Discovery Communications, and Fannie Mae run DivvyCloud’s software to achieve continuous security governance in cloud and container environments (AWS, Azure, GCP, Alibaba, and Kubernetes).  First, our software performs real-time, continuous discovery of infrastructure resources allowing customers to identify risks and threats. Second, customers can implement out-of-the-box or custom cloud-native policy guardrails that identify and alert on violations. Third, we automate the enforcement and remediation of these policies.

Learn how Kroger went from 0-60 with GCP and containers to become a digital leader in retail at Google Cloud Next ’18 | Wednesday, July 25th, 2:00 – 2:20 PM in the South Hall

DivvyCloud is a sponsor of Google Cloud Next ’18 and at the event we are hosting a Cloud Talk, featuring Kroger’s Chief Architect Bruce Maxfield.  The session is Wednesday, July 25th, 2:00 – 2:20 PM in the South Hall Cloud Talk space.  

Bruce and DivvyCloud COO Peter Scott will discuss how Kroger, America’s largest supermarket chain, is using GCP to revolutionize the customer experience. Kroger is using the cloud to create improved shopping experiences in the store and online. Bruce will discuss how GCP provides the flexibility and capabilities required by the Kroger application development teams, how Kroger has securely gone from 0-60 in its use of cloud with containerized applications, and where he sees Kroger heading next with GCP.  Sign up today for the talk.

After the talk, or anytime, make sure to visit us at booth #1606 in West Hall!   Schedule a time to speak with our GCP and Kubernetes security and compliance experts at our booth and get answers to your questions.  

We look forward to seeing you July 24–26, 2018 at the Moscone Center in San Francisco!  You can learn more about Google Cloud Next ’18 or register now.

Join DivvyCloud at the AWS Summit New York | July 16-17 [Booth #809 at The Expo]

DivvyCloud is a sponsor of AWS Summit New York 2018 and the question we are asking all attendees is “Where do you need guardrails?”

DivvyCloud mitigates risk by providing virtual guardrails for security, compliance, and governance to customers embracing the dynamic, self-service nature of public cloud and container infrastructure. Customers like General Electric, Discovery Communications, and Fannie Mae run DivvyCloud’s software to achieve continuous security governance in cloud and container environments (AWS, Azure, GCP, Alibaba, and Kubernetes).  

The AWS Summit is a great place for us to meet interesting people like you who are doing amazing things with AWS.  We’d love to learn more about your AWS goals, plans, and challenges and share our vision of how automation can make it a lot easier to securely operate AWS environments.  

Make sure to visit The Expo and see us at booth 809!   Schedule a time to speak with our AWS security and compliance experts at our booth on July 17th and get answers to your questions.  

If you haven’t attended before, the AWS Summits are free events designed to bring together the cloud computing community to connect, collaborate, and learn about AWS.  Probably the biggest session of the two-day event is the 9:30 am – 11:30 am Keynote featuring Dr. Werner Vogels and Dr. Matt Wood on July 17th. Outside of the keynote, you can also attend technical sessions, workshops, chalk talks, participate in team challenges, and of course visit us at booth 809 in The Expo. We look forward to seeing you at the Javits Center!  You can learn more about AWS Summit New York 2018 or register for free.

Join DivvyCloud at Google Cloud Next ’18 | July 24–26 San Francisco [Booth #1606 in West Hall]

DivvyCloud is a sponsor of Google Cloud Next ’18 and the question we are asking all attendees is “Where do you need guardrails?”

DivvyCloud mitigates risk by providing virtual guardrails for security, compliance and governance to customers embracing the dynamic, self-service nature of public cloud and container infrastructure. Customers like General Electric, Discovery Communications, and Fannie Mae run DivvyCloud’s software to achieve continuous security governance in cloud and container environments (GCP, Kubernetes, AWS, Azure, and Alibaba).  

Google Cloud Next is a great place for us to meet interesting people, like you, who are doing amazing things with GCP and Kubernetes.  We’d love to learn more about your goals, plans, and challenges and share our vision of how automation can make it a lot easier to securely operate GCP and Kubernetes environments.  

Attend our Cloud Talk, featuring Kroger’s Chief Architect Bruce Maxfield as he discusses how Kroger, America’s largest supermarket chain, is using GCP to revolutionize the customer experience in the store and online. The session is Wednesday, July 25th, 2:00 – 2:20 PM in the South Hall Cloud Talk space.  

After the talk, or anytime, make sure to visit us at booth #1606 in West Hall!   Schedule a time to speak with our GCP and Kubernetes security and compliance experts at our booth and get answers to your questions.  

If you haven’t attended before, Next is a three day exhibition of inspiration, innovation, and education that brings together the entire community to learn from one another how the cloud can transform how we work and power everyone’s successes.  We are particularly excited for the 9:00am – 10:30am “Building a Cloud for Everyone” keynote on July 24th featuring Diane Greene, Urs Hölzle, Fei-Fei Li, and Prabhakar Raghavan. Outside of the keynote, you can also attend super sessions, breakout sessions, hands-ons labs, and of course visit us at booth booth #1606 in West Hall!

We look forward to seeing you July 24–26, 2018 at the Moscone Center in San Francisco!  You can learn more about Google Cloud Next ’18 or register now.

DivvyCloud CEO Interviewed on Federal News Radio

DivvyCloud CEO, Brian Johnson, was interviewed by Heather Quinn, Executive Leaders Radio, about how he came to be the executive leader he is today. The interview covers Johnson’s life between the ages of 9-14 and how that impacted his career later, with a deeper dive on his struggles with formal education and his belief that passion is a driving force for overcoming adversity.

While it’s not a panel discussion, there will be three other guests (listed below) alongside Brian telling their stories as well.

Other Guests:

  • Jodie Hughes, Regional President of BB&T Bank
  • Bruce McNamer, President, and CEO of Greater Washington Community Foundation www.cfncr.org
  • Kathleen Cannon, Managing Partner of Kelly Drye & Warren www.kellydrye.com

The segment will air locally on Sunday, July 8th, from 9-10am on WFED/1500AM and is simulcast on WWFD/820AM (www.federalnewsradio.com). It will also broadcast nationally on Saturday, July 15th, from 7-8am (EST) on Biz Talk Radio: www.biztalkradio.com and www.tunein.com (“Best of Executive Leaders Radio” is also broadcast on Sundays).

Exactis Exposed 340 Million Individual Consumer Records – DivvyCloud Would Have Prevented It

In early June, security researcher Vinny Troia discovered that Exactis, a data broker based in the United States, had inadvertently misconfigured an AWS ElasticSearch Service instance and in doing so had exposed approximately 340 million consumer records to the public. Out of the box, DivvyCloud’s software would have detected this misconfigured instance and automated the remediation to close this vulnerability in real-time.

Like so many AWS, GCP, Azure, and Alibaba cloud services, AWS ElasticSearch Service is an incredibly powerful and useful service. It is also very challenging for IT professionals, developers, and engineers to consistently configure these powerful services in a way that mitigates security and compliance risk.

First, it is a daunting task to learn about how to configure ever-evolving cloud services correctly — it is like drinking from a firehose. Second, it is even more daunting to know how to do this relative to the security standards (e.g., CIS Benchmark or NIST CSF) and regulatory frameworks (e.g., PCI DSS or HIPAA) that a company chooses to or must comply with. And lastly, it is difficult for any one person or group of people to achieve 100% consistency in applying these standards at the speed and throughput that we ask our tech teams to operate.

DivvyCloud solves these challenges for customers like General Electric, Discovery Communications, and Fannie Mae using cloud and container environments (AWS, Azure, GCP, Alibaba, and Kubernetes). First, our software performs real-time, continuous discovery of cloud and container infrastructure allowing customers to identify risks and threats. Second, customers can implement out-of-the-box or custom policy guardrails that identify and alert on violations. Third, we automate the enforcement and remediation of these policies.

In a nutshell, we mitigate security and compliance risk by providing virtual guardrails for security, compliance, and governance to customers embracing the dynamic, self-service nature of public cloud and container infrastructure.

Cost-Effective Cybersecurity Tips for Mid-Sized Enterprises

“Significantly more than half of all cyber attacks are directed at SMEs, and that number is steadily increasing.” – Chubb

Why don’t mid-sized enterprises protect themselves better?
The majority of cyber attacks we hear about, focus on big companies. Surveys have shown that many mid-sized enterprises believe they are too small to be “noticed.” However, as the quote from Chubb indicates, this stance does not jive with reality. Mid-sized organizations often don’t want to believe that it will take massive investments of capital and people to improve their cybersecurity posture. But here’s the thing, according to Jason Compton’s (Forbes Contributor) article, 5 Cybersecurity Measures Mid-Sized Businesses Need To Take Today you don’t need to “write a big check” to increase your organization’s security.

Compton suggests you put these five ideas to work:

  1. Be direct with employees about their responsibilities. “Employee education and awareness are some of the best investments in protection,” said Tyler Leet, director of risk and compliance services at CSI, developers of financial services infrastructure. “And you don’t have to invest tens of thousands of dollars in equipment to minimize employee mistakes.”
  2. Assess risk in a mature, priority-driven way. Instead of aiming for the impossible, focus your protection efforts on the assets that matter most to you — and those with the greatest appeal for attackers.
  3. Systematically tighten access controls. Coordinate your approach to authentication, so it makes sense and is consistent with modern cybersecurity theory.
  4. Stay informed of legal developments at the federal and state levels.
  5. Appoint a business-minded cybersecurity czar. It’s essential to have a leader who can translate cybersecurity strategy into the language of business risk and opportunity.

DivvyCloud aligns nicely with points 1-3 above and makes these points more accessible relative to security when running in AWS, Azure, GCP, or Alibaba Cloud. The self-service and dynamic nature of cloud infrastructure creates challenges for risk and compliance professionals who protect their organization with security and governance controls. Tools and controls that worked well for security and compliance in the traditional datacenter do not translate to the public cloud. Customers like General Electric, Discovery Communications, and Fannie Mae run DivvyCloud’s software to achieve continuous security governance in cloud and container environments (AWS, Azure, GCP, Alibaba, and Kubernetes).

First, our software performs real-time, continuous discovery of infrastructure resources allowing customers to identify risks and threats. Second, customers can implement out-of-the-box or custom cloud-native policy guardrails that identify and alert on violations. Third, we automate the enforcement and remediation of these policies.

If interested in learning about how DivvyCloud can help you improve your security and compliance in the cloud, click here.

DivvyCloud Featured in Forbes Leadership Blog for “Beating the Odds”

Andrew Goldsmith’s (Forbes Contributor) article “3 Leadership Insights From A High-Tech Startup That Beat The Odds,” begins with the results of a study from the Information Technology and Innovation Foundation: “The Information Technology and Innovation Foundation found roughly 60% of tech firms die within 5 years.”

DivvyCloud, now in its 6th year has beaten the odds and shows no signs of slowing down. “It has developed software that lets businesses create “bot armies” to protect and optimize their IT cloud network infrastructure. Its base of corporate customers includes Discovery Communications, Fannie Mae, and GE, and is in expansion mode.”

Goldsmith interviewed the founders of DivvyCloud and came away with three significant insights for leaders facing similarly challenging environments:

1. Hire People Who Can Succeed In A Startup – And At A Fortune 100
“DivvyCloud needed people who could bridge both types of organizational cultures. For any leader trying to steer a company in a tough market the lesson is clear: you need people with high levels of passion and flexibility, not just relevant experience.”

2. Connect One-On-One
“What the founders learned was that as important as great technology is, it won’t tell your story. A big part of DivvyCloud’s success has been its ability to capture customers’ imagination in person when its leadership team meets with potential customers one-on-one.”

3. Listen And Pivot
“A single piece of negative feedback – and how leaders respond to it – can affect an organization’s success trajectory. DivvyCloud experienced this firsthand when a promising meeting, held when the company was just getting started, started to go south.” The COO politely let the DivvyCloud team know multiple companies were offering similar solutions, some 12-18 months ahead of DivvyCloud from an enterprise capabilities perspective. “This happens when you are an early-stage business. And many entrepreneurs would have said “thank you,” and called it a day. But the DivvyCloud team didn’t do that.” Instead, it shifted gears and eventually landed the deal.

Our Story
The year was 2009 and Electronic Arts (Nasdaq: EA), the $3.8B gaming company, was making a huge strategic bet by moving some of its products “into the Cloud.” The infrastructure team (including DivvyCloud founders Brian, Chris, and Andrew) were tasked with making this cloud vision a reality. They quickly found managing over 5,000 servers, in five different countries, with millions of paying subscribers in a hybrid-cloud environment to be an incredibly complex, time-consuming, and risky proposition. At the time, there were simply no tools to provide a consolidated view and automation framework for resources spread across different public and private clouds. Ultimately, in 2012 the team left EA and poured their experiences and expertise into building DivvyCloud.

Six years later, we are honored to be featured in the Forbes Leadership Blog and to be given a chance to share our experience and insights with leaders in similar challenging environments.

Mitigating the Risk of Operating Workloads in Cloud and Container Services

The self-service and dynamic nature of cloud and container infrastructure creates challenges for risk and compliance professionals who protect their organization with security and governance controls.   It is far too common and too easy for a developer or engineer to misconfigure AWS or Kubernetes and create a vulnerability. Take for example the recent security incident at Weight Watchers where an unsecured Kubernetes console was left exposed.  Luckily this vulnerability was discovered by security researchers who alerted the company rather than exploit it. These misconfigurations are just a further continuation of the same old stories we have seen repeated weekly in the media about AWS S3 bucket leaks.  

So why does this happen so often?  

1. When you have dozens or hundreds of engineers and developers provisioning and configuring cloud and container services, this creates risk by itself.  Not all of these people will know how to configure these services correctly, they won’t necessarily know what security and compliance standards they need to adhere to, and even further they may not know how to apply those standards to these diverse services.  On top of all that, even the best person can miss a step in a SOP or flat out make a mistake.

2. The security teams are often overwhelmed by the rate of change that occurs in cloud and container environments.  Added to that, the tools and controls that worked well for security and compliance in the traditional datacenter do not translate to the public cloud.  This lack of translation means that security and operations teams are unable to get visibility into the security and compliance posture of these environments, and are often left doing the best they can do manually triaging issues when they come to their attention.  Manually having to sort and solve these problems is a frustrating approach and leaves companies open to substantial security and compliance risk.

At DivvyCloud we offer a better way.  Customers like General Electric, Discovery Communications, and Fannie Mae run DivvyCloud’s software to achieve continuous security governance in cloud and container environments (AWS, Azure, GCP, Alibaba, and Kubernetes).  

First, our software performs real-time, continuous discovery of infrastructure running in cloud and container environments allowing customers to identify risks and threats.  Second, customers can implement out-of-the-box or custom native policy guardrails for cloud and container services that identify and alert on violations. Third, we automate the enforcement and remediation of these policies.

Request a demo of DivvyCloud today if you are looking to mitigate the risk of operating workloads and applications in cloud and container services.

How CTO John Honeycutt Has Moved Discovery to the Cutting Edge of Media Ingest and Distribution

Glen Dickson at TVNewsCheck conducted an in-depth interview with Discovery Chief Technology Officer John Honeycutt.  In the interview, Glen dives in deep with John on how he has moved Discovery to the cutting edge of media ingest and distribution by blending traditional supply-chain architecture with the latest in IP and cloud technologies.  He also discusses how through this strategy Discovery has disrupted and revolutionized the media and entertainment industry to the benefit of Discovery and consumers. You can read the full interview with John Honeycutt here.

DivvyCloud is proud to have been core to Discovery’s cloud strategy.  DivvyCloud’s importance to this strategy was recognized in 2016 when Discovery Communications Ventures invested in DivvyCloud.  Discovery decided to invest in DivvyCloud after being an enterprise customer for over a year. At the time of the investment, John Honeycutt said, “Given the value that DivvyCloud has delivered to Discovery in our adoption of the cloud, we see a real potential for growth that we’re excited to be a part of.”

The self-service and dynamic nature of cloud infrastructure creates challenges for risk and compliance professionals who protect their organization with security and governance controls.  Tools and controls that worked well for security and compliance in the traditional datacenter do not translate to the public cloud. Customers like Discovery run DivvyCloud’s software to achieve continuous security governance in cloud environments (AWS, Azure, GCP, and Alibaba).  

First, our software performs real-time, continuous discovery of infrastructure resources allowing customers to identify risks and threats.  Second, customers can implement out-of-the-box or custom cloud-native policy guardrails that identify and alert on violations. Third, we automate the enforcement and remediation of these policies.

We mitigate risk by providing virtual guardrails for customers embracing the dynamic, self-service nature of public cloud infrastructure. In doing so, DivvyCloud empowers our customers, like Discovery, to fully embrace the corporate innovation that use of cloud technologies can drive.  

ComputerWorldUK Honors DivvyCloud: One of the Best Cloud Management Tools of 2018!

ComputerWorldUKWe are delighted to announce that Computerworld UK has named DivvyCloud one of the “Best Cloud Management Tools” of 2018.

ComputerWorld UK compiled a list of cloud computing management tools that aim to help manage costs, usage, and ultimately optimize the cloud. DivvyCloud made #2 on their list!

In ComputerWorld UK’s words:

DivvyCloud offers a three-pronged approach to cloud management, focusing on cloud security, compliance, and governance.

 

Able to work with all major cloud providers including AWS, Azure, and Google, this cloud management service will manage cloud costs by ‘enforcing your global tagging policy’, as well as providing analysis of your bills so you can keep your cloud spending under control.

 

It will also reduce the worry associated with complying with these regulations and standards PCI DSS, HIPAA, and GDPR, as well as many others.

We are honored by ComputerWorld UK’s recognition of DivvyCloud being one of the best cloud management tools.

Interested in learning more about how DivvyCloud’s software can help improve your security, cost management, and compliance in the cloud? Sign up for a demo or check us out on your own with a free trial.

What’s New with DivvyCloud? 18.4 – Fourth Feature Release of the Year

 

Twice a quarter DivvyCloud releases new product features, and we are excited to announce our fourth feature release of 2018!  Collaboration with our customers and the community help shape these releases across all the pillars of our product: discovery, analysis, and automated action. 18.4 is jam-packed with goodness — more data, more orchestration, and greater accessibility, including:

  • Support for Alibaba Cloud. We’ve added support across the entire DivvyCloud platform, including insights, bots, and compliance packs, for Alibaba Cloud.
  • A new Azure specific compliance pack that maps to the recently released CIS Microsoft Azure Foundations Security Benchmark.
  • Support for AWS Trusted Advisor which broadens and deepens our ability to provide insights and actions for security, fault tolerance, and cost optimization in Amazon Web Services.
  • Jira integration.  DivvyCloud allows customers to automate remediation of policy violations, and DivvyCloud Bots can now open Jira tickets. Jira is a service management tool from Atlassian.  

Below we dive more deeply into these four highlights from our latest release:

_____________________________________________

  • More cloud support: Alibaba Cloud – Doing business in China?  A lot of our customers are, and they have embraced Alibaba Cloud.  In response, our latest release also welcomes Alibaba Cloud creating parity within our platform with other primary public cloud providers.  DivvyCloud now supports Alibaba Cloud across the entire platform allowing customers to perform real-time, continuous discovery, identify policy violations with Insights, and automate remediation of violations with Bots. Never heard of Alibaba Cloud?  It is the $2B cloud computing arm of Alibaba Group (NYSE: BABA), Alibaba Cloud provides a comprehensive suite of global cloud computing services to power both our international customers’ online businesses and Alibaba Group’s e-commerce ecosystem. In 2017, Alibaba Cloud was placed in the Visionaries’ quadrant of Gartner’s Magic Quadrant for Cloud Infrastructure as a Service, Worldwide. With their world-class infrastructure and ever-expanding global presence, Alibaba Cloud is dedicated to becoming a leading global cloud services provider.

 

  • Improved security and compliance: Azure CIS Insight Pack – In March 2018, Microsoft published the CIS Microsoft Azure Foundations Security Benchmark. DivvyCloud has taken the prescriptive guidance for establishing a secure baseline configuration for Microsoft Azure and implemented it as one of our Insight Packs.  This means that customers can now gain immediate and continued visibility into the posture of their Azure environments against this benchmark, and then use Bots to remediate policy violations.

 

  • Take action:  Trusted Advisor Checks – Trusted Advisor is an online resource to help you reduce cost, increase performance, and improve security by optimizing your AWS environment. DivvyCloud is making Trusted Advisor better by making it more frequent, more accessible, and centralized across your account.  Normally Trusted Advisor refreshes its data once per week unless you manually trigger a refresh. To improve the frequency of this data so that we can use it to drive automation, we automate the refresh of Trusted Advisor every two hours. Teh two-hour refresh means that we can gain identify security risks quickly and take action to remediate these risks.  For example, if a developer puts an API access key inside of GitHub, this will be flagged by Trusted Advisor, DivvyCloud will identify this policy violation, and alert you or take actions that you have specified.

 

  • Integrations: Jira – The basic use of Jira is to track issues, and bugs related to your software and Mobile apps. DivvyCloud’s integration with Jira makes it easy for our bots to open Jira cases and send information about the resources.  Jira is a service management tool from Atlassian.

_____________________________________________

Interested in learning more? Click here to view the full release notes associated with our 18.4 release, or get your free trial and see our features in action.

DivvyCloud delivers comprehensive policy-driven security, compliance, and governance for cloud infrastructure (AWS, Azure, GCP, Alibaba Cloud, VMware, and OpenStack).  Our software performs real-time discovery of connected clouds, distills this data into actionable insights, and then makes it easy to configure policies that are automatically enforced across all clouds.  In essence, we provide virtual guardrails for security, compliance, and governance that help customers like GE, Discovery, and Fannie Mae go big and go fast in the public cloud, but still stay secure and compliant.

The GDPR Impact on U.S. Businesses

On May 25, 2018, the General Data Privacy Regulation (GDPR) went into effect. This new European legislation is changing the way organizations worldwide process and store user, employee, and client data, and there are significant consequences for noncompliance.

GDPR was created to ensure consumer privacy better. Businesses who collect information from consumers in Europe are subject to stricter data protection policies. Organizations now need consumer consent to not only obtain their information but also to use it for any marketing or business purposes. The language of consent must be clear as well as easy to find, read, and understand. Company privacy policies must also be easy to find by consumers.

How are U.S. Companies Affected by GDPR?

U.S. companies that handle data on EU consumers are affected by GDPR. In his article “The Affects of GDPR on North American Companies,” Jonathan Dyble writes two critical points to note: “Firstly if the EU consumer (or subject) is not in the EU when you collect your data, the GDPR does not apply. Secondly, your prospects do not need to purchase from your site for the GDPR to apply to your business. Even if you happen to be collecting data as part of a marketing survey, those EU consumers are protected under the terms of the GDPR.” If a company sends out a marketing survey not directly targeting EU consumers, yet a consumer from England happens to fill out the survey, he/she is not protected by GDPR. However, if the company’s survey references EU consumers in any fashion, those consumers will be protected by GDPR.

Marianne Chrisos, in her article “What Companies are Affected by GDPR?” listed a few questions U.S. based business can ask to find out if they are affected or not:

  • Does the business market to customers in the EU? (Generic marketing – like a Google ad found by an EU customer – wouldn’t count, but targeted marketing, like a Facebook ad for European customers, would.
  • Does the company have a current customer base in the EU?
  • Does the company have any employees that work in the EU?

Answering “yes” to any of these questions means your business will likely be affected by the GDPR regulations. Additionally, these regulations will likely guide companies that accept payment in Euros.

Ultimately, the GDPR means significant changes for personal data, but it can benefit your business in the long-term if you comply with the rules. Full transparency shouldn’t be thought of as a strike from the reaper’s scythe, but instead as a way to build trust, engagement, relationships, and subsequently, revenue with your consumer.

“The GDPR has extensive compliance regulations for many businesses in the United States. It’s important that businesses that are not yet affected begin thinking about data safety and security protocols now, as the GDPR may be indicative of more regulations to come regarding consumer data. The work to ensure compliance with GDPR is extensive, but a commitment to customer data safety and protection is a worthwhile pursuit in this digital age.”

DivvyCloud can help customers stay GDPR compliant by providing guardrails for compliance across Amazon Web Services, Microsoft Azure, Google Compute Platform, Alibaba Cloud, VMware, and OpenStack. Try DivvyCloud for free to see our features in action and how they can help your company become and stay GDPR compliant.

Are European Enterprises Ready for Multi-Cloud?

Enterprises both in the U.S. and across Europe are facing growing pressure to embrace multi-cloud infrastructure. Though IDC research suggests multi-cloud environments will soon be the norm for European enterprises, we look for answers into why the current multi-cloud adoption rate is so low.

In her article “Enterprise readiness for multi-cloud adoption is low across Europe, suggests IDC research” on ComputerWeekly.com, Caroline Donnelly uses IDC research to suggest there is a disparity between the UK and their European counterparts in readiness shifting applications and workloads across multiple cloud providers. IDC surveyed over 600 business executives and IT leaders across Europe (including the UK) on their “readiness to adopt a multi-cloud IT consumption model” and just over a third of respondents said they have no plans to move their applications and workloads from their current cloud provider. UK respondents, however, revealed 29% are plotting such a move.

So what’s the worry amongst European enterprises?

The IDC’s research seems to suggest “a high level of uncertainty within enterprises about how best to pursue a mix and match strategy to sourcing and consuming cloud services from multiple providers.” Even with their concerns, Giorgio Nebuloni, research director for European multi-cloud Infrastructure at IDC, said “virtually all European enterprises will soon use multiple cloud services. The smart ones are already actively planning for those services to be benchmarked, price-compared and selected against each other based on the workload need.”

The IDC’s research also foreshadows a need for enterprises to manage and operate a mix of infrastructure, platform, and software as a service models across private and multiple public clouds. It seems (at least in the present) failure to create a strategy that enables this will be bad for business.

One of the major risks of not transitioning to a multi-cloud environment, both across Europe and the United States, is vendor lock-in. As Microsoft, Google, and Amazon are increasingly entering new markets, companies should be wary about being reliant on a single cloud provider and possibly being put in the position of delivering financial support to a vendor that could be taking business from them.

Implementing a multi-cloud strategy allows for more advantageous contract negotiating and access to best-of-class cloud technologies and services available from every and any cloud technology provider. Access to multi-cloud services creates an opportunity to innovate in ways and with speeds that have previously been impossible, and this is vitally important to company success.

At DivvyCloud, we help customers embrace multi-cloud by providing guardrails for security, compliance, and governance across AWS, Azure, GCP, VMware, and OpenStack. With our multi-cloud platform, developers have the freedom to choose which clouds are best suited to their company’s needs without IT having to develop policy automation and compliance solutions for each cloud.

Schedule a demo to see our features in action and how they can help your company.

Read Caroline Donnelly’s article: “Enterprise readiness for multi-cloud adoption is low across Europe, suggests IDC research.”

What’s New with DivvyCloud? 18.3 – Third Feature Release of the Year

We are thrilled to announce that the new version of DivvyCloud has been released! Twice a quarter, DivvyCloud releases new product features and 18.3 is our third release of 2018.  

We’ve made our Insights and Insight Packs more powerful through expanded security and compliance standards support, especially with NIST 800-53 and NIST CSF, and with additional visualizations.  

We have highlighted just a few of the features that we are excited about (or you can jump right to our full release notes):

_____________________________________________

Release Highlights:

  • Insight Packs map our Insights against the controls found in security and compliance standards, including HIPAA, PCI DSS, CIS, GDPR, SOC 2, NIST CSF, NIST 800-53, ISO 270001, and FedRAMP CCM 3.0.1.  Customers can use these packs to quickly ascertain how their cloud infrastructure scores against these standards. With 18.3, we’ve expanded several Insight Packs, including NIST 800-53 and NIST CSF, adding more than a dozen Insights based on new cloud services added in this release. These additional checks will accelerate customers’ ability to ensure continuous compliance with these standards as they go forward in the cloud.  

 

 

  • Our Insights have become even more powerful with the new ability to visualize the trailing 90 days of historical data points. This is especially useful to establish a benchmark to measure your organization’s improvement against security and compliance standard over time. Many DivvyCloud customers implement our software in “brownfield” cloud environments and this feature helps them report on the impact of the automated actions they have configured in DivvyCloud to enforce these standards.

 

  • AWS Enhancements:  AWS is a rapidly evolving platform. As customers continue to adopt new AWS services, DivvyCloud works to provide additional security Insights and automated remediation capabilities for these services. With this release, DivvyCloud introduces support for DynamoDB, WorkSpaces, and Simple Queue Service (SQS). This brings DivvyCloud’s AWS support to over 40 AWS services.

_____________________________________________

 

Interested in learning more? Click here to view the full release notes associated with our 18.3 release, or schedule a demo to see our features in action.

DivvyCloud delivers comprehensive policy-driven security, compliance, and governance for cloud infrastructure (AWS, Azure, GCP, VMware, OpenStack, etc).  Our software performs real-time discovery of connected clouds, distills this data into actionable insights, and then makes it easy to configure policies that are automatically enforced across all clouds and accounts/subscriptions.  In essence, we provide virtual guardrails for security, compliance, and governance that help customers like GE, Discovery, and Fannie Mae go big and go fast in the public cloud, but still stay secure and compliant.

 

State of Identity Podcast: Policy Automation for the Cloud | DivvyCloud

State of Identity” is the leading podcast for the identity industry. Each week, Cameron D’Ambrosi hosts conversations about the technologies, companies, and paradigms that are defining the world today.

This week, DivvyCloud CEO/Co-Founder Brian Johnson joins Cameron D’Ambrosi as they discuss the security and compliance challenges facing organizations leveraging cloud computing solutions, and how policy automation can help solve them.  

If interested in learning more about DivvyCloud or about how our software can help you improve your security and compliance in the cloud, click here.

Hybrid Cloud & Multi-Cloud: Understanding the Differences

Rapid innovation and the ability to create software faster is the dream of all companies, and this is why the cloud is a game-changer. Cloud solutions eliminate the need for procuring extra hardware and software, enabling organizations to focus on developing their business instead of implementing and maintaining their own IT infrastructure. According to a study by Microsoft, nearly a third of organizations are working with four or more cloud vendors. It would seem that the future of IT isn’t just cloud computing – it’s multi-cloud. However, no large enterprise can fully transition to the cloud in one fell swoop, and that’s where the hybrid cloud strategy comes into play.

In his article “Hybrid Cloud vs. Multi-cloud: What’s the Difference, and Why Does It Matter?,” Neal Matthews, Principal Architect at Cloud Technology Partners, takes an in-depth look at hybrid cloud and multi-cloud strategies. He notes “the two terms are often confused, yet are likely to be the most important over the next few years.”

Hybrid Cloud

For every enterprise whose goal is to migrate entirely to a public cloud provider such as AWS, Google Cloud Platform, or Microsoft Azure, “there is going to be a necessary transition period.”  During the transition period, “the enterprise will have some resources, systems, and workload capabilities that have been migrated to public cloud, while others remain in the enterprise data centers or colo hosting centers.  This interoperability is a common example of a hybrid cloud.”

Multi-Cloud

“This term seems relatively self-explanatory: deploy cloud infrastructure on more than one public cloud provider, with or without an existing private cloud. However, the motivation for WHY companies might consider multi-cloud approaches and architectures is where things get interesting” (Click here to learn why many companies have adopted a multi-cloud strategy).

Traditionally, companies would select a single public cloud vendor with whom to partner.  However, recent trends are showing companies have (or will) rapidly moved to adopting multi-cloud strategies, choosing to work with more than one public cloud provider.

At DivvyCloud, we help customers manage AWS, Azure, GCP, VMware, and OpenStack, and this provides us a unique position to identify and understand trends in cloud computing.  With our multi-cloud platform, developers have the freedom to choose which clouds are best suited for their company’s needs without IT having to develop policy automation and compliance solutions for each cloud.

Schedule a demo to see our features in action and how they can help your company.

Read Neal Matthews’ article, “Hybrid Cloud vs. Multi-cloud: What’s the Difference, and Why Does It Matter?

DivvyCloud Honored as One of Ten “Best Tech Startups” in Arlington, Virginia

We are delighted to announce that The Tech Tribune has named DivvyCloud one of the “Best Tech Startups in Arlington, Virginia.”

In doing their research, The Tech Tribune considered several factors including but not limited to:

  • Revenue potential
  • Leadership team
  • Brand/product traction
  • Competitive landscape
  • Additionally, all companies must be independent (un-acquired), privately owned, at most ten years old, and have received at least one round of funding to qualify.

In The Tech Tribune’s words:

DivvyCloud is a leading developer of innovative technology to automate and optimize cloud infrastructure. We deliver multi-cloud infrastructure visibility and automation to improve security, compliance and cost governance. Our software supports all major cloud providers including Amazon, Microsoft, Google, OpenStack, VMware, Rackspace, IBM Softlayer and DigitalOcean.

The value of DivvyCloud software has been proven with enterprise customers like General Electric, Discovery Communications, and Fannie Mae, among others. DivvyCloud is differentiated in the market with its native multi-cloud policy automation; its patent-pending data harvesting technology; and its platform-first strategy that allows customers and partners to leverage the DivvyCloud platform to develop their own cloud management solutions and products.”

We are honored by The Tech Tribune’s recognition of DivvyCloud being one of the most successful tech startups in Arlington, Virginia.  


If interested in learning more about DivvyCloud or about how our software can help you improve your security and compliance in the cloud, click here

 

Success Stories and Advice From IT Leaders Who Have Migrated to Public Cloud

Organizations are increasingly moving to the cloud – not just for cost-cutting purposes but for business agility as well. There is no shortage of opinions on best practices regarding transitioning to the public cloud, but we can learn from the IT leaders who have seen strategic success as a result of migrating to the cloud.

Clint Boulton, a Senior Writer for CIO, spoke with several of those IT leaders about their business drivers, experiences, and lessons learned in moving to the public cloud.  Many of the IT leaders also offered practical advice for CIO’s looking to strategically transition to the cloud.

Liberty Mutual, CIO, Mojgan Lefebvre:

Experience: When employees complained that downloading large documents from a legacy file system was a chore, Lefebvre adopted a cloud-based content management system running on Amazon Web Services.

 

“Teams spread across 46 offices in 18 countries now download and share roughly 500,000 digital files anywhere in the world by accessing the content from cloud document management system Alfresco, which runs on AWS regional data centers. Such localization serves up the documents with little to no latency while saving Liberty Mutual roughly $21 million in paper, printing and storage costs,” Lefebvre said.

 

Advice:Inform employees about the change in advance and provide training as needed. Also be sure to provide a consistent message to end users and set expectations, and have the processes in place to support end users.”

Live Nation, VP of Cloud Services, Jake Burns:

Experience: The CEO ordered the company to move 100 percent to a public cloud. “He wanted us to be this modern, agile company,” Burns said.

 

“Going all in on the cloud in a cost-effective way can be done, and we’re the proof.”

 

Advice:  “Consider hiring someone with technical and business chops who can understand the costs associated with consuming cloud technologies. That will save you from bill shock. You need to have somebody who understands the technology and who is accountable for costs.”

MetLife, Chief Technology Architect, Alex Seidita:

Experience: MetLife uses Microsoft Azure to power its microservices, including call center capabilities and Infinity, application customers use to store photos, documents, and other content. As a result, MetLife has reduced the time to deploy new virtual machines by an average of 83 percent. The company also consumes IBM Softlayer to operate disaster recovery-as-a-service.

 

“We’ve been able to leverage the same kinds of capabilities internally and externally for automation, which drives speed and agility,” Seidita said.

 

Advice: “CIOs, particularly those working in regulated industries, should seriously weigh what software services are appropriate to move to the cloud. MetLife created a “cloud-fit assessment,” in which application inventory is scrutinized to determine which apps can be moved to the cloud, and which new apps should be developed in the cloud, based on security and governance requirements.”

Many enterprises are well into the adoption phase of cloud migration, and the cloud is a game-changer when it comes to innovation and the ability to create software faster. This is the dream of all companies, and we’ve seen this trend among our customer base as well.

However, there are risks associated with turning up access to the cloud to a large population. For example, with hundreds of developers able to access Amazon Web Services (AWS), ensuring security, compliance and governance can be a challenge for IT managers.

DivvyCloud enables an agentless platform that delivers policy-driven automation for public and private cloud infrastructure. DivvyCloud empowers developers and engineers to innovate and simultaneously protects the corporate IT directive to provide security and compliance. With our multi-cloud platform, developers have the freedom to choose which clouds are best suited for their company’s needs without IT having to develop policy automation and compliance solutions for each cloud. Schedule a demo to see our features in action and how they can help your company.

Read Clint Boulton’s article, “Public cloud: Real-world lessons of strategic success.”

DivvyCloud Hosts Discussion on Media Adoption of the Cloud at NAB Show 2018

DivvyCloud helps media and entertainment companies control and secure their content in their digital supply chain running in the cloud.  Our software provides virtual guardrails for security, compliance, and governance that help customers, like Discovery, Mediacorp, Sky Network Television Limited, and Turner, go big and go fast in the cloud, but still stay secure and compliant.  

At NAB Show 2018, we will be hosting the panel discussion, “Cloud WINS GOLD at the Winter Olympics – how cloud is impacting business strategies in media and entertainment.” Hear industry leaders share insights from the front lines, including Dave Duvall SVP Discovery, Thomas Martin former CIO GE, and Stavros Hilaris CTO Mediavision Cloud.  You can register for the session through the NAB Show website.

You can also visit us at booth # 3432 in the SPROCKIT Hub area in the North Hall, or schedule a time to meet.  The SPROCKIT Hub features the most promising, market-ready media and entertainment entities from around the world – the Best of the Best. These “By Invitation Only” companies, like DivvyCloud, have proven products, customers, services and are ready to scale.

DivvyCloud has been helping to reshape how the media industry adopts cloud computing.   In fact, our impact has been so substantial that in 2016, Discovery invested in DivvyCloud, through Discovery Communications Ventures, after being an enterprise customer for over a year. “Given the value that DivvyCloud has delivered to Discovery in our adoption of the cloud, we see a real potential for growth that we’re excited to be a part of,” said John Honeycutt, Discovery Communications Chief Technology Officer.

Visit our NAB Show page for video and written content from customers Don Browning of Turner and Dave Duvall of Discovery Communications on how they have embraced cloud computing and helped their companies become digital leaders.

We hope to see you at NAB Show 2018!

What’s New with DivvyCloud? 18.2 – Second Feature Release of the Year

DivvyCloud delivers comprehensive policy-driven security, compliance, and governance for cloud infrastructure (AWS, Azure, GCP, VMware, OpenStack, etc).  Our software performs real-time discovery of connected clouds, distills this data into actionable insights, and then makes it easy to configure policies that are automatically enforced across all clouds and accounts/subscriptions.  In essence, we provide virtual guardrails for security, compliance, and governance that help customers like GE, Discovery, and Fannie Mae go big and go fast in the public cloud, but still stay secure and compliant.

We are thrilled to announce that the new version of DivvyCloud has been released! Twice a quarter, DivvyCloud releases new product features and 18.2 is our second release of 2018.  We have highlighted a few features that we are excited about (or you can jump right to our full release notes):

___________________________________________________________

Release Highlights:

  • We have added to our Insight Packs (security and compliance standards.) New to the packs are FedRAMP. The Federal Risk and Authorization Management Program, or FedRAMP, is a government-wide program that provides a standardized approach to security assessment. We offer these Insight Packs as a starting point for our customers to accelerate their ability to meet security and compliance requirements.  

Featured Insight Packs

  • Clouds are always changing, and we are always growing with them.  This release adds greater support across all clouds, but there was a special focus on supporting a larger number of Microsoft Azure (ARM), Google Cloud Platform, VMware services, and AWS.
  • DivvyCloud Insights, a collection of filters or how you ask questions about your data, now suggest actions to enforce or remediate best practices, show how related bots have taken action, and can flag issues as resolved.
  • We have enhanced our Badge functionality.
    • What are Badges?  Badges are a DivvyCloud feature that allows you to ‘badge’ your cloud accounts with key/value pairs and use global metadata to manage your cloud infrastructure. These are similar to AWS Tags or GCP Labels, but specific to DivvyCloud functionality. Badges help our customers with dozens or hundreds of cloud accounts and subscriptions to efficiently manage highly complex cloud environments.  
    • Why is this important? You can now dynamically scope Bots using and/or logic, add Badges to new or existing cloud accounts and leverage them to simplify role-based access at scale.  

Interested in learning more? Click here to view the full highlights associated with our 18.2 release, or schedule a demo to see our features in action.

I am pleased to introduce the Intel Compute Card, the future of private cloud.

During my time as an ”Ops Guy” at Electronic Arts, I became very interested in the future of private cloud. For many companies, the future of cloud is a confusing one. While public cloud can provide great benefits such as speed and flexibility, anyone with a pen and paper (or spreadsheet) can quickly see that it is not always the most cost-effective option. As a result, more and more Enterprises are turning to private cloud for some of their applications.  

Before going hog wild and building our own private cloud, it’s worth taking a look at what we have learned from many years of leveraging public cloud. If public cloud has taught engineers anything, it is how to build and deploy applications on commodity hardware. Developers moved applications into the cloud fully aware that the server they are running code on might disappear at any moment. Software development of today has made leaps in bounds towards the idea that an application must be able to deal with server failure without freaking out. The days of yesterday where IT professionals cared for their servers in a way akin to a mother raising her young are gone. Servers today are viewed as ephemeral, being stood up and torn down through standard CI/CD processes. As someone recently said to me, “Server hugging is so 2000’s”

With this knowledge, the question becomes: Can we deploy an internal cloud using some of the same principles of public cloud, namely reduced cost through commodity hardware? Enter the Intel Compute Card. The Intel Compute Card was first seen at CES 2017 and was originally developed to power the next generation of appliances (TVs, Refrigerators, etc..) But for many reasons, Intel may have accidentally built the perfect cloud server.  

Coming in at 94.5m x 55mm x 5mm  the intel compute card is small in stature but not in capabilities. Sporting a dual-core i5 vPro Intel processor, dual-channel  DDR3 4Gb memory, 128Gb SSD storage, integrated ethernet, and graphics this machine has more than enough power to handle most micro-services that are the trademark of today’s distributed architectures. Things get very interesting when one looks at the power consumption of this tiny beast. At ~20 watts, you can get almost 17x the number of cores and memory when compared to a standard 1U server (300 Watts). Furthermore, The Intel Compute Card comes in at just under $200.00 and has a unified form factor for easy replacement. Current docking devices come with an actual eject button, making swapping out a dead node very easy (Seriously – 3 ½” disk style).  

One can quickly imagine a world where your application nodes are powered by disposable, unified, compute cards. No need to worry about “hardware refresh”,  simply pull out the card and slide a new one in. Now obviously, this technology might not be your first option when choosing where to put your database, but as a K8s node?  Interesting….

ABC Tech Zone Interviews DivvyCloud CEO, Brian Johnson

Brian Johnson, DivvyCloud co-founder and CEO, was interviewed by Paul Amadeus Lane of ABC Tech Zone regarding the growing trend of businesses shifting to multi-cloud strategies.

Lane began the interview by asking Johnson why companies were transitioning from single cloud to multi-cloud strategies. Brian responded by stating that cloud providers themselves spent an incredible amount of money and time trying to convince us only one cloud provider was all we ever needed.

Brian continued by explaining how the threat of vendor lock-ins and M&As were among the top reasons contemporary businesses were moving to multi-cloud strategies and how DivvyCloud is helping companies make this change strategically.

(There is also a considerable amount of time spent between Lane and Johnson nerding out over video games.)

To learn more about growing trend of multi-cloud strategies (and video games), watch the interview here.

DivvyCloud Featured on Android Headlines

DivvyCloud was featured on Android Headlines in an article titled “Vendor Lock-Ins, M&As Pushing Firms To Multi-Cloud: DivvyCloud,” written by Dominik Bosnjak.

Brian Johnson, DivvyCloud’s co-founder and CEO, was asked to give his thoughts on why companies are choosing to adopt two or more cloud computing services.

“The threat of vendor lock-ins and M&As are among the top reasons that are pushing contemporary businesses to multi-cloud strategies,” said Johnson.

According to Johnson, the industry shift to multi-cloud solutions currently taking place is unlikely to stop soon. In fact, more and more organizations are transitioning from using a single vendor such as Microsoft Azure, Google Cloud or Amazon Web Services and instead opting for numerous public cloud service providers.

To learn more about the growing trend of multi-cloud strategies, read the article here.

 

DCA Live Honors DivvyCloud as a 2018 Red Hot Cyber Company

We are delighted to announce that DCA Live has named DivvyCloud one of their “2018 Red Hot Cyber Companies.”

This award recognizes us as one of the fastest growing and most successful cybersecurity companies in DC.  DivvyCloud software enables organizations to achieve their cloud computing goals by simplifying and automating security, compliance, and cost optimization of public and private cloud infrastructure. Our software performs real-time discovery of connected clouds, distills this data into actionable insights, and then makes it easy to configure policies that are automatically enforced across all clouds.  In essence, we provide virtual guardrails that help customers like GE, Discovery, and Fannie Mae go big and go fast in the cloud, but still stay secure and compliant.

If interested in identifying security risks and fixing problems before they are exploited, read more on how DivvyCloud’s software can help you improve your security and compliance in the cloud.

Cloud Security is Rapidly Becoming a Forethought

In his article for Forbes titled “With DevSecOps, Security Is No Longer An Afterthought,” Dr. Rao Papolu makes a fantastic comparison between the resistance of organizations needing to put cloud security into the forefront of development plans today and the initial skepticism of the agile movement in years past.  

Developers who “usurped” the waterfall development process and embraced the agile approach were able to deploy up to 46 times more frequently than competitors.

“No one is debating the effectiveness of [the agile approach] anymore, and yet many organizations continue to treat security as an afterthought.” says Dr. Papolu.  He goes on to say, “We’ve been here before.”

The article’s point is plain and clear: As more software and data moves to the web, organizations need to “build proper security from the start.”  

At least once a month we hear about S3 bucket leaks (Fed Ex, Alteryx, National Credit Federation, Verizon, Australian Broadcasting Corporation, Dow Jones, Deep Root Analytics, etc) that have exposed sensitive, personal information for hundreds of millions of people from around the world. This epidemic has seen the theft or loss of more than 9 billion data records in the last five years.

Here’s the problem: Cloud security remains a critical barrier to initial and ongoing adoption of public cloud technologies.

As Dr. Papolu wrote, “The software development landscape is constantly evolving. Developers are under pressure to realize concepts faster than ever before without compromising on quality, all while keeping a keen eye on the overall cost. It can be a tricky balancing act.”

The solution?  DivvyCloud.  

  • Audit and close non-compliant ports open to unauthorized networks (e.g. non-compliant security rules.)
  • Identify API Root Access accounts and ensure two factor authentication is enabled
  • Report and terminate instances running unauthorized images or password policies

This is just the tip of the iceberg on how we can help customers stay secure and compliant in AWS, Azure, and GCP.

If interested in identifying security risks and fixing problems before they are exploited, read more on how DivvyCloud’s software can help you solve your cloud security problems.

Choosing Between AWS, GCP, or Azure? How About All of Them? Increasingly Enterprises Choose Multi-Cloud Strategies

Once a company decides to embrace IaaS and PaaS public cloud computing they then face the challenge of deciding on a vendor, typically AWS, Azure or GCP.  Traditionally, companies would select a single public cloud vendor with whom to partner.  However, over the last 12 months, companies have rapidly moved to adopting multi-cloud strategies, choosing to work with more than one public cloud provider.

At DivvyCloud, we help customers manage AWS, Azure, GCP, VMware, and OpenStack, and this provides us a unique position to identify and understand trends in cloud computing.  In speaking with customers we have identified several drivers that have led to the adoption of multi-cloud strategy as the default for leading companies:

 

  1. Mergers & Acquisitions.  Deloitte reports that “Corporate and private equity executives foresee an acceleration of merger and acquisition (M&A) activity in 2018, both in the number of deals and the size of the transactions. Technology acquisition is the new No. 1 driver of M&A pursuits…”  Increased M&A means that companies are more likely to acquire a new cloud.  Leading IT organizations are being proactive to put in place the people, processes, and tools that will allow them to support all major cloud providers so they aren’t caught flat-footed when a merger or acquisition is announced and they are expected to integrate and operate a new cloud tech stack.
  2. Best of Class. Developers want to build great products, and to do so they want access to the latest, best-of-class cloud technologies and services available from every and any cloud technology provider.  Access to multi-cloud services creates an opportunity to innovate in ways and with speeds that would have previously been impossible, and this is vitally important to company success. According to IDC, “By 2021, at least 50 percent of global GDP will be digitized, with growth driven by digitally-enhanced offerings, operations and relationships. By 2020, investors will use platform/ecosystem, data value, and customer engagement metrics as valuation factors for all enterprises.”  IT leadership at innovative companies are embracing multi-cloud proactively to deliver on the promise of self-service, dynamic, and software-defined infrastructure for developers while upholding the IT organization’s mandate for security and compliance governance.
  3. High Availability / Redundancy. IT leaders recognize that even hyper-scale cloud providers AWS, Azure, and GCP will not be free of service disruptions.  They are building multi-cloud strategies that allow them to ensure that business-critical applications and systems are not reliant on a single cloud.
  4. Vendor Lock-in.  As Forbes points out, companies are increasingly concerned about vendor lock-in and are proactively implementing a multi-cloud strategy.  This allows them maximum flexibility when negotiating pricing and terms.  This multi-cloud strategy also provides a modicum of protection against companies like Microsoft, Google or Amazon, who are increasingly entering new markets, competing against them.  Companies don’t want to be reliant on a single cloud provider and be put in the position of delivering financial support to a vendor that is now taking business from them.
  5. Containers (and really Kubernetes). Developers love containers and DevOps love Kubernetes.  Kubernetes is cloud-agnostic, and you can run your cluster on AWS, GCP, Azure, or any other cloud.  The rise of containers, and especially the popularity and accessibility of Kubernetes creates a new opportunity for companies to now be cloud agnostic, and frankly makes it much easier to be multi-cloud and provides an easier hedge against vendor lock-in.  451 Research analyst Jay Lyman discussed this when he wrote that Kubernetes can “create a consistent developer deployment model across on-premises and hybrid clouds.” As Matt Asay writes, “Kubernetes potentially up-ends the idea of running everything in one particular cloud.”

Automate IAM Security Best Practices in AWS – DivvyCloud

In his article “Easy IAM Security Best Practices for a Secure AWS Cloud,” Anderson Patricio provides an excellent resource that explains several tasks that will bolster IAM security in AWS:
  • Removing the root access key
  • Using users and groups
  • Defining a password policy
  • Managing multifactor authentication
  • Checking IAM user utilization
These are fantastic best practices, but when a company is running at scale in public cloud with tens if not hundreds of accounts in AWS to try to implement and maintain IAM best practices manually is incredibly hard.
DivvyCloud understands this pain, and our solution provides customers with an accessible way to understand your IAM security posture across all your AWS accounts.  In addition, we provide an easy-to-use automation platform that allows you to use our GUI to configure one or more IAM security best practice policies to detect violations and to automatically take actions that you define in the case of said violation.   With DivvyCloud you can automate and enforce all of the best practices documented by Anderson, For example, you can detect and take action on the following checks:
  • Audit if root keys exist
  • Identify that users and groups exist and that users are not getting direct permissions
  • Compliance with company password policy
  • Users who do not have MFA enabled
  • Validate IAM user utilization and disable/remove inactive accounts
This just scrapes the surface of how we can help customers go big and go fast in AWS, Azure, and GCP, but stay secure and compliant.  In essence, DivvyCloud provides virtual guardrails for all of your public clouds and cloud accounts.  Providing a single place to write a single policy and automate its enforcement across all your cloud accounts.  You can read more about the hundreds out-of-the-box best practices related to security, compliance (e.g., NIST CSF and HIPAA), and governance (e.g., tagging).

Stop the Madness – Another Day, Another S3 Bucket Leak Exposing Personally Identifiable Information

News broke today that a “Mountain of sensitive FedEx customer data exposed, possibly for years.”   Sometimes it feels like we are living in the cybersecurity version of the movie Groundhog Day.  Day after day, week after week, we hear about S3 bucket leaks (Alteryx, National Credit Federation, Verizon, Australian Broadcasting Corporation, Dow Jones, Deep Root Analytics, etc) that have exposed sensitive, personal information for hundreds of millions of people from around the world.  It feels like the same day, and the same leak, repeating over and over again.

It doesn’t have to be this way.  You can stop S3 bucket leaks today with one easy step: install DivvyCloud.

In about 15 minutes, you can install DivvyCloud, connect your cloud (AWS, Azure, and GCP) accounts, quickly see S3 buckets that are misconfigured, and then turn on real-time continuous automated remediation of misconfigured buckets.

Make S3 bucket leaks a thing of the past (now and forever). Install DivvyCloud today with a  free 30-day trial and make sure your company never makes the news for an S3 bucket leak.

Are you protecting payment card data well enough in the public cloud?

The 2017 Verizon Payment Security Report asks, “Your payment security might be compliant for the assessment, but how long will it stay that way?” According to the report, 55.4% of businesses achieve full compliance with their annual Payment Card Industry Data Security Standard (PCI DSS) review, but nearly half of these companies then fall out of compliance within a year.

This is incredibly important because 100% of companies that suffered a payment card breach were found to lack compliance with PCI-DSS.  The report elaborates on this point, “Many of the security controls that were not in place cover fundamental security principles that have broad applicability. Their absence could be material to the likelihood of an organization suffering a data breach. Indeed, no organization affected by payment card data breaches was found to be in full compliance with the PCI DSS during a subsequent Verizon PCI forensic investigator (PFI) inquiry.”

So why don’t more companies achieve and maintain compliance?  For many, the challenge is that they simply don’t have the right staffing levels or the right tools to consistently achieve good outcomes when approaching compliance as a manual task.  Automating policy enforcement is a key element to achieving and maintaining compliance.  The report backs this up, “Measure, report and act. Enhance data and security monitoring, detection and response competency through automation, training and performance measurement.”

DivvyCloud helps customers achieve and maintain PCI DSS compliance through the pre-built PCI DSS compliance pack.  This pack provides dozens of prebuilt policies that are mapped back to PCI-DSS directives.  After connecting their public cloud accounts (AWS, Azure or GCP) to DivvyCloud a customer can quickly see if their public cloud environment measures up to these prebuilt policies, and configure Bots (our automated workflows) to enforce or remediate violations of these policies.  This allows companies to quickly move towards achieving compliance, and importantly to stay in compliance.

DivvyCloud continuously monitors cloud infrastructure in AWS, Azure and GCP in real time.  This means that compliance with PCI DSS no longer is a once a quarter exercise where companies lapse in and out of compliance.  DivvyCloud also provides the customer with historical benchmark performance and helps solve the challenge of “control performance vs effectiveness” that the report discusses.

“The performance of security controls should be measured to determine achievement against an established standard benchmark…  Its measurement is based on the amount of time a control meets its intent while in operation, and the amount of time it remains in operation without disruption. It assumes that past achievement is a good indicator of future success.”

The report concludes by saying, “Most companies initiated their PCI Security compliance programs many years ago. By now, they certainly should have processes in place to support their program; making daily management and ongoing control maintenance relatively effortless. Sadly, that’s not always the case.”

DivvyCloud’s policy automation for AWS, Azure, and GCP is here to help if you want to improve your PCI security compliance program and achieve maturity.

In the News: “Security vs. Speed: The Risk of Rushing to the Cloud”

Kelly Sheridan at Dark Reading published a story titled “Security vs. Speed: The Risk of Rushing to the Cloud.”  She summarized the post by saying, “Businesses deploying cloud-based applications and services often overlook critical security steps as they scramble to keep up with the latest technology, and the rush is putting them at risk.”

DivvyCloud sees this as a common challenge among customers who are moving to the public cloud.  A paradigm shift has occurred whereby corporate IT is moving aggressively to deliver self-service access to multiple clouds (AWS, Azure, and GCP primarily) to engineers and developers.  This shift has been driven by the incredible boost that this self-service model to best-of-class cloud services delivers relative to corporate innovation, business agility and competitive advantage.

Kelly describes this shift as such, “‘There’s a lot of customers who have this cloud-first mandate,’ says JK Lialias, senior director of cloud access at Forcepoint. ‘They’ve been told, ‘thou shalt move to the cloud as much infrastructure as you possibly can.'”

She goes on to say, “A lot of pressure is on line-of-business employees to adopt cloud applications and infrastructure, he continues. IT departments are essential in delivering these services and often neglect to understand how on-premises data and processes translate to the cloud.”

This rings true in our experience, we see an increasing number of customers seek out DivvyCloud after first trying to address security challenges using the legacy process and tools that have been used to manage traditional infrastructure.  What they realize is that they need a solution that has been purpose-built to deliver robust security, compliance, and governance for multi-cloud environments operating at scale.  DivvyCloud is exactly this class of product, built from day one to natively manage all clouds (AWS, Azure, GCP, etc) and to automatically take action to enforce policies and remediate violation of policy.  This automation is a key component to cloud infrastructure management, where the rate of change in a software-defined infrastructure environment that is driven by self-service provisioning simply outstrips the ability for teams to manually enforce policy.

We also partially agree with Kelly’s conclusion that, “Experts ‘hope’ to see a slowdown in incidents like AWS bucket leaks and see companies marry caution with speed. However, many will need a wake-up call before adopting best practices.”  We see an increasing number of customers (like GE, Fannie Mae, and Discovery Communications) adopting DivvyCloud software to put in guardrails that enable them to go big and go fast and stay in control, in the public cloud.  However, we see these organizations and many others not waiting for a wake-up call, but instead adopting a proactive, strategic approach to managing cloud infrastructure.

The upcoming Executive Summit on Enterprise Cloud Adoption being co-hosted by DivvyCloud and Discovery Communications on March 19th, at the Discovery HQ in Silver Spring, MD will highlight strategies and tactics by leading experts and organizations. This invite-only summit provides a relaxed environment in which IT executive attendees can build relationships with peers through meaningful conversations and generate new ideas.  You can request an invitation by visiting the event registration page.

Seven out of ten organizations fail the cyber readiness test.

The “Hiscox Cyber Readiness Report 2018,” has been published and one of the major findings is that seven out of ten organizations fail the cyber readiness test. The Hiscox Cyber Readiness Report is compiled from a survey of more than 4,100 executives, departmental heads, IT managers and other key professionals in the USA, UK, Germany, Spain and The Netherlands.

The report amongst other things measures the cyber readiness of respondents using a multi-dimensional model built on best practice in cyber strategy and execution. The report summarizes its findings by saying, “As an end of term report, it might have the words ‘can do better’ scrawled on it in red ink. It highlights the cyber readiness shortcomings of the majority of the organisations in our sample, particularly the smaller ones.”

The report summarizes, “We measured organisations’ cyber security readiness according to the quality of their strategy (broken down into oversight and resourcing) and execution (processes and technology). From this we produced a cyber readiness model that divided respondents into ‘cyber novices’, ‘cyber intermediates’ and ‘cyber experts’. Nearly three-quarters of organisations (73%) fell into the novice category, suggesting they have some way to go before they are cyber-ready. Only 11% qualified as experts.”

The report goes on to say, “Last year was the moment when major international cyber attacks hit the headlines and affected individuals and companies simultaneously in dozens of countries. High profile victims suffered severe reputational and financial damage, sometimes because they had not taken the threat seriously and done the basics, and sometimes because their handling of the breach revealed deeper corporate failings.”

Public cloud adoption and the more recent move to multi-cloud strategies (i.e., using AWS, Azure and GCP, or some combination thereof) has exacerbated the challenge that companies face when trying to address security, compliance and governance challenges.  It seems that the barrage of public stories about misconfigured cloud storage containers leaking sensitive information is weekly.  For example, “Misconfigured Amazon Web Services bucket exposes 12,000 social media influencers,” “Alteryx S3 leak leaves 123m American households exposed,” “Verizon Hit by Another Amazon S3 Leak,” and “Massive Amazon S3 leaks highlight user blind spots in enterprise race to the cloud.”

Cyber security isn’t simple, but the report does point out that companies that are more expert at addressing challenges share one common trait, they are proactive.  “What sets the cyber experts apart from the cyber novices? Nine out of ten (89%) have a clearly defined cyber strategy, most (72%) are prepared to make changes after a breach and 97% incorporate security training and awareness throughout the workforce,” the report states.

DivvyCloud’s customers all share this same trait.  They are proactive, and they use DivvyCloud as part of a clearly defined, policy-driven cyber strategy.  For example, using the DivvyCloud software they define and deploy policies that are enforced in real-time across all of their cloud environments. For example, they have deployed DivvyCloud to proactively (and permanently) solve the storage container leaks that have created so many headlines in the last year.

 

A Look Into the Future of Cloud Innovation

It’s that time of year when IT industry analysts and experts dust off their crystal balls and peer into the future to see what lies ahead for the technology industry. Cloud computing continues to be a sizzling hot topic as enterprises are increasingly moving to the cloud, and there is no shortage of outlooks or opinions on how the cloud will continue to evolve next year.

For example, last week Forrester Research released a new report, Predictions 2018: Cloud Computing Accelerates Enterprise Transformation Everywhere, which takes a look at the top 10 factors that will impact the cloud computing landscape in 2018. According to the report, “In 2018, we’ll cross the significant 50% adoption milestone, and cloud applications, platforms, and services will continue to radically change the way enterprises compete for customers.”

In this InformationWeek article, columnist James Connolly talks to Forrester analyst Dave Bartoletti, one of the authors of the report, about his views on the cloud market. Here are a few of the trends outlined in the article that Bartoletti says to watch for in 2018:

  • A focus on developers breathes new life into private cloud.
  • Cloud applications and development platforms drive culture transformation.
  • Cloud security will become integrated with, and integral to, cloud platforms.

Bartoletti also states that “The cloud is no longer about cheap servers and cheap storage. Cloud today is about innovation.”

We couldn’t agree more. Many enterprises are well into the adoption phase and the cloud truly is a game-changer when it comes to innovation and the ability to create software faster. This is the dream of all companies and we’ve seen this trend among our own customer base as well.

However, there are risks associated with turning up access to the cloud to a large population. For example, with hundreds of developers able to access Amazon Web Services (AWS), ensuring security, compliance and governance can be a challenge for IT managers.

Many enterprises already have a suite of tools that they have used to manage traditional infrastructure. These tools can play an important role in securing cloud infrastructure, but often leave gaps that frustrate IT pros and leave companies open to security and compliance risks. Provisioning systems, like Ansible, combined with infrastructure as code software, like Terraform, help solve some of these challenges but often still fall short of provided comprehensive and universal compliance and security governance. These gaps often lead companies to pull back from the dream of delivering full self-service access to public cloud services.

So, what does all of this mean for the future of innovation?

There has to be a balance between giving developers the freedom and convenience of spinning up their own servers and services, while also maintaining the security and governance of this cloud infrastructure.

DivvyCloud enables an agentless platform that delivers policy-driven automation for public and private cloud infrastructure. DivvyCloud empowers developers and engineers to innovate and simultaneously protects the corporate IT directive to deliver security and compliance. With our multi-cloud platform, developers have the freedom to choose which clouds are best suited for their company’s needs without IT having to develop policy automation and compliance solutions for each cloud.

Our cloud automation tools take the burden off of the IT department by automatically monitoring cloud infrastructure and automating the enforcement and remediation of issues in real time. These virtual “guard rails” provide a pervasive set of security, compliance and cost governance that complements and integrates with existing systems, like Ansible and Terraform, to ensure that cloud infrastructure is well governed.

As we head into 2018, DivvyCloud is well poised to help our customers embrace the cloud computing trends identified by Forrester. If your company wants to be at the forefront of this innovation, contact us by clicking here. Or, you can also find us in Booth #1502 at AWS re:Invent, November 27 – December 1, 2017 in Las Vegas, where we’ll be demonstrating the latest version of the DivvyCloud platform.

Top 5 Tips for Attending re:Invent 2017

Re:invent is one of the cloud computing world’s biggest events, and it’s just around the corner! Whether this is your first time visiting attending or you’ve been before, with an expected 40,000 attendees, more than 400 exhibitors, more than 1,000 breakout sessions and plenty of late night activities this event can be a little challenging to navigate. Here are our top five tips on how to make the most out of your re:invent experience in 2017.

1. Pick the breakout sessions you want to attend and pre-register for them ASAP– Get the most out of the event by signing up for some of the 1000+ breakout sessions and bootcamps ahead of time. There were many disappointed attendees last year when they couldn’t get into sessions they were looking forward to attending. It may take a little time to get your schedule figured out in advance, but something we strongly recommend doing so you don’t miss out!

2. Pack accordingly to get your game on — re:Invent is THE MUST ATTEND cloud event of the year and AWS doesn’t take the cake for their education sessions alone. One of the best parts of this event is the AWSome line up of activities throughout the week. Take advantage of them to avoid mid-week brain burnout! Some of these activities are: 4K Fun Run, re:Play Party, the Broomball Tournament, the Lego Pinewood Derby, the Chicken Wing Eating Contest, and the Pub Crawl…just to name a few! You can check out the full list of activities here. You can register for these events with your event log-in. Be sure to pack clothing suitable for the ones you want to participate in. Blazers won’t really work for the ball pit!

3. Wear comfy shoes — Everyone who has EVER been to a Las Vegas trade show knows the pain your feet are in by day 3. Vegas = walking. Lots of walking. While there are plenty of transportation options; rail, Uber, Lyft, and rental cars to get you around town, those only cover the outdoors. Once you’re inside the massive hotels and convention center, you’ll be walking quite a ways to your destination. Bottom line; if you don’t have a pair of comfy sneakers for the week, order a pair on Amazon before you run out of time. There are some things you can go without in Vegas. However, a good pair of shoes is NOT one of them.

4. Download this year’s re:Invent mobile app – Download the re:Invent mobile app for all the latest event updates, assistance in planning your schedule beforehand, and especially to help you navigate around town during the event. The app is your go-to source for everything pertaining to the event this year. There are some cool interactive features to take advantage of so be sure to check it out!

5. Leave extra space in your suitcase for swag — With more than 400 exhibitors, you’ll inevitably collect lots of swag throughout the week. As you’re strolling through the Exhibit Hall in between sessions, you’ll pick up everything from tee shirts, stickers, fidget spinners, water bottles, drones, tech toys, and more. You’re going to end up with way more than you started with at the beginning of the week. Leave extra space in your suitcase or pack an extra duffle bag so you can lug all those goodies home on Friday! While strolling through the Exhibit Hall, play DivvyCloud’s arcade game and don’t forget to pick-up THE sticker of the day! We’re booth #1502. You can’t miss us this year!

Want to snag a meeting slot with us ahead of time? Great. Click here so we can coordinate with you.

DivvyCloud and How Bots Will Transform Enterprise Infrastructure

DivvyCloud and How Bots Will Transform Enterprise Infrastructure

With the rise of on-demand computing, the pace of potential innovation in an enterprise has increased dramatically. Employees are no longer subject to long lag times to order a new server or limited by the constraints of existing compute power.  The age of cloud computing for the enterprise has arrived, and with it the promise of agility, scalability, and greater business execution.

But there is another side of the coin.  Along with the nimbleness, there is an increase in potential risk. Globally, CIOs, CTOs, CISOs, and heads of infrastructure take a deep breath each time they read headlines about the latest hack or loss of business due to improper management of customer data. If companies do not properly set up guardrails enforce policies, public or hybrid cloud infrastructure quickly become an unwieldy structure that loses the efficiencies it promises and puts the entire enterprise at greater risk.

To properly manage this paradigm shift, enterprises will increasingly require a more robust and effective means to police and protect their cloud infrastructure. They need processes and administration to ensure that they remain secure, compliant, and efficient.

But here’s the challenge: how does an enterprise decentralize control across a large organization and still simultaneously enforce standards that allow them to mitigate risk? If they open Pandora’s Box to innovate, can they maintain integrity across a large infrastructure to properly operate?

Enter automation. Enter bots.

MissionOG invested in DivvyCloud because the company’s platform provides the automation essential to enforce policy, thus reducing risk, provide governance, impose compliance, and increase security across large-scale hybrid cloud infrastructure. By utilizing their platform, companies like GE, Discovery, and Fannie Mae stay agile and innovate, while maintaining the integrity of their technology stack and apply the policy they deem necessary to operate their business.

Core to DivvyCloud’s platform is BotFactory, an easy-to-use interface from which clients can deploy more than 125 standard bots or create their own for specific use cases to manage their existing cloud infrastructure. At scale, policy enforcement cannot and should not be performed manually. With BotFactory, DivvyCloud customers can discover and automatically take action to address policy infringements or security issues. Automation allows for simultaneous offense and defense, resulting in increased innovation and a reduction of risk.

We believe DivvyCloud offers the right solution for this massive market opportunity:

  • Within enterprises, the pace of migration from data centers to a public cloud or hybrid cloud infrastructure has ramped significantly over the last couple of years. Gartner predicts as enterprises become “cloud-first”, spend for cloud management and security services are estimated to grow from $7B today to $14B by 2020.
  • Recent news cycles about the cost of compliance violations and security breaches only buoy the case and support the need for automation at enterprises to operate cloud infrastructure at scale.
  • Rather than single-vendor source, enterprise customers are implementing a hybrid cloud, multi-cloud approach that requires third-party tools to optimize environments.
  • DivvyCloud has built a flexible, extensible platform that helps manage compliance, cost, and security.
  • The solution builds an infrastructure map then detects abnormalities in near-real time based on client specific rules. Bots warn of violations of policy and automate the remediation.

To learn more about how DivvyCloud is helping its clients unlock innovation through cloud automation, please view a select group of their case studies.

By utilizing platforms like DivvyCloud and exercising the power of automation, enterprises can be agile enough to delight their customers, while still being able to sleep at night.

###
George Krautzel
Managing Partner at MissionOG
LinkedIn Profile

DivvyCloud Announces Major Software Upgrade with Version 17.06 Release

DivvyCloud Announces Major Software Upgrade with Version 17.06 Release

DivvyCloud software enables enterprise cloud adoption with multi-cloud policy automation to identify and autonomously fix security, cost and compliance issues

Arlington, Virginia (October 31, 2017) – DivvyCloud, a leading developer of innovative technology to automate and optimize cloud infrastructure, today announced the latest version of the DivvyCloud platform; simplifying how users view, identify, and automatically fix cloud infrastructure problems for good — all in just one click. The version 17.06 release launches ‘Insights’, making it easier to identify resources, and monitor and automate security, compliance, and cost governance. 17.06 key features include Insight Templates, Insight Store, One-Click Bot Creation to Take Action, and Complete Visibility of All Resource Types.

See It: Complete Visibility of All Resource Types
One of the most valuable improvements in 17.06 is resource visibility. DivvyCloud understands the importance of creating a true “single-pane of glass” for our customers managing large amounts of resources. The updated Resource section achieves this single-pane of glass view by organizing and presenting all resources in an intuitive and familiar Compute-Storage-Network-Management framework. Within that framework, Resources can filtered by a combination of cloud accounts, Resource Groups, or any of hundreds of filters designed to help understand and interact with infrastructure to speed resource discovery and problem resolution.

Identify It: Insights and Insight Store
Insights are a powerful new tool within the DivvyCloud platform that provides customers with a clearer view of their hybrid-cloud infrastructure. With more than 90 pre-packaged Insights to choose from, the newly released Insight Store has customizable templates that give cross-account visibility to the most important issues in the cloud. Each template addresses a common problem in the cloud by showing which of your resources is at risk for that vulnerability. Customers can see potential security and compliance issues, enable best practices, and optimize their infrastructure with the use of these Insights.

Fix It: One-Click Bot Creation to Take Action
After customers have selected an Insight, they can automate remediation actions quickly and simply with the new one-click Bot Template Creator. Designed to respond directly to Insights, customers now can simply click one button to deploy a Bot to take user-defined action when non-compliant resources are detected. Paired with the Insights feature, customers are now empowered to make quick and effective decisions on how to deal with risky resources, while DivvyCloud’s Bots automatically enforce those decisions.

Brian Johnson, CEO of DivvyCloud, said, “Consistent with DivvyCloud’s development process, many of the improvements were driven by conversations and guidance from our enterprise customers. The demand for Insights and the associated enhancements is significant. Customers need the real time ability to discover risks, and with one-click take action to solve them not only on a one-time basis, but too guard against recurrence in perpetuity. Insights are a continuation of our mission to create and deliver value for our enterprise customers as they adopt and rapidly scale in the public cloud.”

Next month, DivvyCloud will showcase the version 17.06 release’s newest capabilities at AWS re:Invent, November 27 – December 1, 2017 in Las Vegas (Booth #1502). Those interested in meeting the DivvyCloud executive team for a product demonstration can do so by clicking here.

About DivvyCloud
DivvyCloud software enables organizations to achieve their cloud computing goals by simplifying and automating compliance and optimization of public and private cloud infrastructure. Using DivvyCloud, customers can leverage programmatic Bots to identify and remediate security, cost and compliance problems in real time. DivvyCloud was founded by seasoned cloud technologists who understand first hand what is necessary to succeed in today’s fast-changing, multi-cloud world.

###
Media Contact
Meredith Bagnulo
PR for DivvyCloud
meredith@bagnulocomm.com
(303) 513-7494

What’s New in DivvyCloud?

Simplify how to identify cloud infrastructure risks with “Insights”

For organizations managing a public- or hybrid- cloud, visibility and automation are paramount to ensure a secure infrastructure. To be effective, visibility and automation must be easy to achieve, especially when managing countless resources across multiple clouds and work environments. IT needs to be able to quickly see and understand what resources exist and if any of them are at risk without a complicated process. In response to the growing complexity of our customer needs and concerns, we introduced significant improvements to our platform in the latest 17.06 release. Launched in early October, 17.06 simplifies the user experience by making resource discovery, monitoring, and automation possible in just one-click. Here’s what you can expect from 17.06.

Insight Templates & Insight Store

Insights are a powerful new tool within the DivvyCloud platform that provides users with a clearer view of their cloud infrastructure. With more than 90 pre-packaged Insights to choose from, our Insight Store has customizable templates that give cross-account visibility to the most important issues in the cloud. Each template addresses a common problem in the cloud by showing which of your resources is at risk for that vulnerability. Users can see potential security and compliance issues, enable best practices, and optimize their infrastructure with the use of these Insights. Our customers have questions about the state of their clouds and want to get answers without worrying about creating custom filters or Bots for every use case that interests them. We want that experience to take less time for the user while keeping the process approachable and accessible.

One-Click Bot Creation to Take Action

After you have chosen your Insights, you can automate remediation actions quickly and simply with our one-click Bot Template Creator. Designed to respond directly to your Insights, users can simply click one button to deploy a Bot to take user-defined action when non-compliant resources are detected. Paired with the Insights feature, customers are now empowered to make quick and effective decisions on how to deal with risky resources, while our Bots automatically enforce those decisions.

Complete Visibility of All Resource Types

One of the most valuable improvements in 17.06 is resource visibility. We understand the importance of creating a true “single-pane of glass” for our users managing large amounts of resources. The updated Resource section achieves this single-pane of glass view by organizing and presenting all resources in an intuitive and familiar Compute-Storage-Network-Management  framework. . Within that framework, Resources can filtered by a combination of cloud accounts, Resource Groups, or any of hundreds of filters designed to help you understand and interact with your infrastructure to speed resource discovery and problem resolution.

To learn more about the 17.06 release watch this video. You can learn more about DivvyCloud by visiting our website at www.divvycloud.com.

Former GE CIO Thomas Martin Joins DivvyCloud as Advisor, Presenting at AWS re:Invent 2017

Former GE CIO Thomas Martin Joins DivvyCloud as Advisor, Presenting at AWS re:Invent 2017

DivvyCloud software enables enterprise cloud adoption with multi-cloud policy automation to identify and autonomously fix security, cost and compliance issues

Arlington, Virginia (October 29, 2017) – DivvyCloud, a leading developer of innovative technology to automate and optimize cloud infrastructure, today announced that Thomas Martin has joined as an advisor.  He will be presenting with DivvyCloud at booth (#1502) on ‘Cloud Vulnerabilities and Security.’

Brian Johnson, CEO of DivvyCloud, said, “I am very pleased that Thomas has chosen to work with us. As we continue to add feature functionality to our platform, his industry expertise and background in cloud operations at massive scale will undoubtedly help us to navigate the infrastructure security needs of the enterprise-level, multi-org business structure. We are excited to have him on-board during this critical growth phase of DivvyCloud.”

Martin joins DivvyCloud as a former CIO, and technology leader at the General Electric Company. Prior to leaving GE, Thomas was the Executive Vice President of Application Transformation tasked with moving 9,000 legacy workloads to public and private cloud infrastructure. He has been a leading evaluator, adopter, and advocate of innovative tools and emerging technology that drive effective operation of cloud infrastructure at scale.

Next month, Thomas will be joining DivvyCloud as they showcase their platform’s newest capability; ‘Divvy Insights’ at AWS re:Invent, November 27 – December 1, 2017 in Las Vegas. If you are interested in how DivvyCloud can help your business, meet-up with the team for a product demonstration by clicking here.

About DivvyCloud

DivvyCloud software enables organizations to achieve their cloud computing goals by simplifying and automating compliance and optimization of public and private cloud infrastructure. Using DivvyCloud, customers can leverage programmatic Bots to identify and remediate security, cost and compliance problems in real time. DivvyCloud was founded by seasoned cloud technologists who understand first hand what is necessary to succeed in today’s fast-changing, multi-cloud world.  

###
Media Contact
Meredith Bagnulo
PR for DivvyCloud
meredith@bagnulocomm.com
(303) 513-7494

SprockIT and NAB Show Welcome Nine New Media, Entertainment and Technology Startups to Partnership Program

Originally from SprockITglory.com

POSTED ON OCTOBER 17, 2017

The new startups cap off a banner quarter for current SPROCKIT startup and corporate members, who raised more than $37 million in funding and made significant partnership announcements since August 2017

NEW YORK–(BUSINESS WIRE)–SPROCKIT, the global community that curates, connects and fosters collaboration between market-ready startups and media, entertainment and tech companies to drive innovation in collaboration with NAB Show, today announced nine new startups selected to participate in the year-long program.

“Now in our fifth year of bringing solutions to the biggest challenges in the media, entertainment and technology industries, SPROCKIT’s proven success in curating, connecting and fostering collaboration between startups and corporate members continues to garner a very strong pool of applicants,” said Harry Glazer, founder and CEO, SPROCKIT. “SPROCKIT is pleased to welcome elite startups including Apptimize, Data+Math, Limbik, Seek, Social Flow, Trint,Vizbee, Wibbitz and Wochit into our SPROCKIT class of 2017.”

The companies cap off a banner quarter for current SPROCKIT members and partners. Highlights include:

  • Current SPROCKIT startups raised more than $37 million in funding this quarter, including DivvyCloud ($6M led by RTP Ventures); ICX Media ($6.6M led by Grotech Ventures with participation from NRV, PJC and Avonlea Capital); Streamroot($3.2M from Partech Ventures, Techstars Venture Capital Fund, Verizon Ventures and R/GA); and VideoAmp ($21.9M led by Mediaocean with participation from RTL Group, GoAhead Ventures, StartUp Capital Ventures, Anthem Venture Partners, Wavemaker Partners, and Simon Equity Partners)
  • Elastic Media announced a partnership with Channel 2 News, Israel’s leading news broadcaster, to deliver news broadcasts to mobile devices via Elastic Media’s platform.
  • Pixability won the Video Innovation Award from SPROCKIT corporate member Google and its Premier Partner program.
  • Streamroot was selected as one of eight participants in the inaugural Verizon Media Tech Venture Studio program, led by SPROCKIT corporate member Verizon Digital Media in partnership with R/GA, alongside SPROCKIT alumnus Scorestream.

SPROCKIT will convene the full 2017 class of industry-vetted emerging companies with its world-class corporate partners, including Google, Fox Networks Group, Hearst Television, Samsung NEXT, TEGNA Inc., Univision Communications Inc. and Verizon Digital Media Services, at its exclusive SPROCKIT Sync forum, being held October 17, 2017 at Samsung NEXT in New York prior to NAB Show New York. Attendees will meet to tackle cross-sector challenges, forecast trends and bring innovative solutions to market.

“Our customers expect us to utilize the most cutting-edge solutions and products available, and SPROCKIT has a proven track record of curating and connecting us to startups at the forefront of innovation,” said Gus Warren, managing director, Samsung NEXT. “We are pleased to be partner with SPROCKIT to host this year’s SPROCKIT Sync NYC and meet with some of the most compelling innovators in the industry.”

Startups interested in participating in the SPROCKIT program are invited to apply here. Applications will be reviewed on a rolling basis, with accepted startups invited to participate in future SPROCKIT Syncs as well as the SPROCKIT Hub at the annual NAB Show in Las Vegas and other key industry events, to foster communication and collaboration.

ABOUT SPROCKIT

SPROCKIT is a global community that curates, connects and fosters collaboration among leading media, entertainment and technology companies and market-ready startups to bring innovative products, services and revenue models to market. Since its launch in 2013, more than 100 emerging companies have participated in SPROCKIT, many of which have experienced successful funding rounds, partnerships and acquisitions with companies including SPROCKIT’s corporate sponsors. Learn more at sprockitglory.

ABOUT NAB SHOW

NAB Show, held April 7-12, 2018 in Las Vegas, is the world’s largest convention encompassing The M.E.T. Effect, the convergence of media, entertainment and technology. With 103,000 attendees from 161 countries and 1,800+ exhibitors, NAB Show is the ultimate marketplace for solutions that transcend traditional broadcasting and embrace content delivery to new screens in new ways. From creation to consumption, across multiple platforms and countless nationalities, NAB Show is where global visionaries convene to bring content to life in new and exciting ways. For complete details, visit nabshow.

CONTACTS

SPROCKIT
Elyssa Rae, 804-338-3102
elyssa@sprockitglory.comor
NAB Show
Ann Marie Cumming, 202-429-5350
amcumming@nab.org

Jumpstarting Enterprise Hybrid-Cloud with VMware Cloud on AWS

Enterprise customers with VMware installations in their datacenters can now quickly shift workloads into AWS using VMware Cloud. Almost a year after the initial announcement, this long-anticipated offering is now a reality and ready for mainstream consumption.

Based on VMware vSphere, with optimized access to AWS services, the offering is delivered, sold, and supported by VMware as an on-demand service with all the hardware scalability benefits of AWS bare metal infrastructure beneath it.

So, what’s cool about the offering?

  • As a SaaS offering, VMware Cloud runs as its own stack including NSX, vSAN, and vSphere. Unless accessing other AWS services, customers won’t even realize they are running on AWS as a virtual extension of their own data center.
  • Full access to all AWS native services through the public API endpoints, without additional networking charges.
  • Flexibility to shift workloads between the data center and AWS cloud.
  • The ability to leverage existing VMware licenses to secure pricing discounts (maximum 25% off list depending on license type.)

What stinks about it?

  • The minimum host configuration requirement is 4 hosts per cluster. On demand pricing of $8.3681 per hour per host would require a minimum consolidation ratio of 3.9 to reach potential native cloud pricing of $0.06 per comparable instance (bandwidth charges not included.)
  • 50% savings over the above host pricing can be obtained by committing to 3 years of reserved hosts. Unfortunately, just like reserved native cloud instances, you are charged for every hour of the commitment regardless of whether the instances are running or not.
  • Workload mobility is currently limited to only cold migration to transfer workloads to the cloud Software Defined Data Center, SDDC. (Cross-cloud vSphere vMotion migration is on the product roadmap, but no date commitments have been provided.)
  • To use vCenter Hybrid Linked Mode you will need to be running vSphere 6.5d or later; You can however do cold migrations of the VMs without it.

Key Take-Aways…

Don’t expect public cloud instance pricing, but VMware has eliminated any excuses for most enterprise customers to start the public cloud transition, if only for Dev/Test workloads. Taking advantage this PaaS/SaaS offering will help reduce the internal IT team’s workload to support these VMs.

With full access to native AWS services, using VMware Cloud as a foundation, your Application teams can begin to leverage cloud services such as Lambda, RDS, DynamoDB and Redshift without having to do cloud transformation migration of the core application.

It’s clear that the VMware Cloud offering can jumpstart your enterprise hybrid cloud efforts, but just like with native cloud services, the tendency to overprovision, misconfigure, and abandon running resources is real and you must manage these actions to ensure a secure cloud environment as well as managing runaway cost. This starts with a well implemented tagging strategy, in combination with continuous monitoring, and an action driven compliance engine.

Key areas to consider and control are:

  • Policy automation to ensure compliance with security policy controls and asset configurations
  • Operational automation tied to storage, CPU and memory allocation of virtual instances.
  • Resource cost management through downsizing over-provisioned instances, stopping dev/test instances off-cycle, and eliminating stranded resources such as orphaned or underutilized hypervisors

Whether your enterprise cloud efforts are focused on the native consumption of public resources, establishing a hybrid cloud footprint both on premise and off, or you are just starting out by migrating workloads to the new VMware Cloud on AWS platform, having third party governance and automation platform is a cornerstone feature to drive consistent policy adoption, ensure security compliance, and optimize efficient consumption of resources.


Thomas Martin is a former CIO, and technology leader of the General Electric Company.  Prior to leaving GE,  Thomas was the Executive Vice President of Application Transformation tasked with moving 9000 legacy workloads to public and private cloud infrastructure.  He has been a leading evaluator, adopter, and advocate of innovative tools and emerging technology that drive effective operation of cloud infrastructure at scale.

DivvyCloud Appoints Christopher Hertz as Chief Marketing Officer

DivvyCloud Appoints Christopher Hertz as Chief Marketing Officer

DivvyCloud software enables enterprise cloud adoption with multi-cloud policy automation to identify and autonomously fix security, cost and compliance issues

Arlington, VA (October 5, 2017) – DivvyCloud, a leading developer of technology to automate and manage cloud infrastructure, today announced the expansion of its executive team with the appointment of Christopher Hertz as Chief Marketing Officer.  Hertz will lead DivvyCloud’s sales and marketing teams to help drive growth and customer success.

Hertz’s hire comes on the heels of DivvyCloud’s announcement that it received $6,000,000 in equity funding led by RTP Ventures. DivvyCloud will use the funds to scale its sales and marketing operations, under Hertz’s leadership, as well as accelerate development of its cloud infrastructure governance and security platform.

“It is an exciting time to join the DivvyCloud team.  Long-term customers such as General Electric, Discovery Communications and Fannie Mae, use DivvyCloud to enable their multi- and hybrid- cloud strategies,” said Hertz. “We empower our customers to have their cake and eat it too when it comes to taking advantage of all the benefits of cloud infrastructure while automating compliance and remediation of common risks associated with operating in the cloud at scale.  Any enterprise scaling its use of public and hybrid cloud can achieve the same success by deploying DivvyCloud to reduce cost, improve security and ensure compliance. I am excited to help accelerate growth for DivvyCloud and unlock value for our customers.”

Hertz brings 20 years of strategic business, sales and marketing experience in enterprise software, cloud technologies, and IT services.  Prior to joining DivvyCloud, Hertz was founder and president of New Signature, the IT consulting firm that helped hundreds of customers migrate to the cloud.  Under Hertz’s leadership, New Signature achieved 12 years of consecutive double-digit revenue growth and was named Microsoft’s United States Partner of the Year in 2014 and 2015.  Hertz exited the company after selling to BSI Partners, LLC as part $35M Series A investment from Columbia Capital. Hertz holds a Master of Business Administration from the MIT Sloan School of Management and a Bachelor of Science with a double major in Information Management and Technology and Anthropology from Syracuse University.

“We’re thrilled to welcome Chris aboard during this exciting period of growth,” said Brian Johnson, DivvyCloud CEO. “He is a visionary, results-oriented, leader with deep experience helping customers adopt cloud and accelerate the maturity of their cloud operations.  His passion for delivering amazing experiences and unlocking shared value for our customers fits perfectly with our culture and philosophy.”

About DivvyCloud
DivvyCloud software enables organizations to achieve their cloud computing goals by simplifying and automating security, compliance and cost optimization of public and private cloud infrastructure. Using DivvyCloud, customers can leverage programmatic Bots to identify and remediate common cloud problems in real time. DivvyCloud was founded by seasoned technologists who understand firsthand what is necessary to succeed in today’s fast-changing, multi-cloud world. For more information, visit: https://divvycloud.com.

###
Media Contact
Meredith Bagnulo
PR for DivvyCloud
meredith@bagnulocomm.com
(303) 513-7494

DivvyCloud Secures $6M in Series A Funding Led by RTP Ventures

DivvyCloud Secures $6M in Series A Funding Led by RTP Ventures

DivvyCloud software enables enterprise cloud adoption with multi-cloud policy automation to identify and autonomously fix security, cost and compliance issues

Arlington, VA (September 6, 2017) — DivvyCloud, a leading developer of innovative technology to automate and manage cloud infrastructure, today announced that it has received $6,000,000 in equity funding led by RTP Ventures. DivvyCloud will use the funds to scale its sales and marketing operations as well as accelerate development of its cloud infrastructure governance and security platform.

“Large IT organizations embracing the agility and cost-effectiveness of a devops-driven cloud strategy face a dilemma: how can we keep our developer teams agile and productive while maintaining controls our business requires?,” said Kirill Sheynkman, Managing Director of RTP Ventures. “Only a team that experienced these challenges firsthand can come up with a solution. And Divvy nailed it — a flexible, extensible, open framework for creating a policy enforcement mechanism for modern hybrid cloud deployment. DivvyCloud builds complex, technical products led by an experienced team targeting businesses in large, “high need” verticals — that’s RTP’s investment theme and Divvy fits it to a T.”

The value of DivvyCloud software has been proven with enterprise customers like General Electric, Discovery Communications and Fannie Mae, among others. DivvyCloud is differentiated in the market with its native multi-cloud policy automation; its patent-pending data harvesting technology; and its platform-first strategy that allows customers and partners to leverage the DivvyCloud platform to develop their own cloud management solutions and products.

“For two years, DivvyCloud’s automation platform has been a foundational component of our enterprise cloud adoption strategy. DivvyCloud helps to ensure our fast-growing cloud footprint remains secure and cost optimized while helping to integrate cloud into our existing IT operations,” said Dave Duvall, SVP of Infrastructure at Discovery Communications. “The speed at which DivvyCloud innovates and introduces new capabilities helps us stay ahead of problems.”

Product investments will include the expansion of industry specific policy automation, and incorporating new innovative cloud services from AWS, Azure, Google and other leading cloud technologies. DivvyCloud also plans to launch support for container technologies such as Docker later this year allowing automated enforcement of security, cost and compliance across the increasingly complex landscape of virtual cloud infrastructure.

“Cloud computing is a dynamic and fast-changing space and this new funding enables us to expand our reach in serving the needs of enterprises large and small struggling to manage their cloud infrastructures,” said Brian Johnson, CEO of DivvyCloud. “With RTP Ventures’ deep experience in the SaaS space, their expertise will be invaluable as we take DivvyCloud to the next level.”

About DivvyCloud

DivvyCloud software enables organizations to achieve their cloud computing goals by simplifying and automating security, compliance and cost optimization of public and private cloud infrastructure. Using DivvyCloud, customers can leverage programmatic Bots to identify and remediate common cloud problems in real time. DivvyCloud was founded by seasoned technologists who understand firsthand what is necessary to succeed in today’s fast-changing, multi-cloud world. For more information, visit: www.divvycloud.com.

Media Contact
Meredith Bagnulo
PR for DivvyCloud
meredith@bagnulocomm.com
(303) 513-7494

DivvyCloud responds to latest AWS feature with new security rule description bot

On August 31, AWS announced its new ability to add descriptions to security group rules. Previously, descriptive text was only available for identifying security groups. The challenge with this limitation was being able to quickly recognize the purpose of the security group rule without any context.

Security group rules are categorized by type, protocol, port range and source. For example, you could be looking at a rule that is known as SSH, TCP, 22, 93.12.35.32/32, but it’s very hard to tell where it came from, who created it, or what it is for. This is like looking for someone in a crowd but only having their social security number, blood type and date of birth. How would you be able to identify who they were if you were only looking for them? As it turns out, this particular rule shows someone opened SSH from a public WiFi access point at a Starbucks in Chicago! 

In response to this latest feature, DivvyCloud created a new audit bot that quickly locates security group rules that do not have descriptions. Maintaining and cleaning up these rules is big concern for organizations, and having an automated method to address these issues can save a great deal of time and more efficiently protect the cloud infrastructure.

When the time comes to auditing these resources, it can be almost impossible to tell if it is still needed, what it was for, or if it provides a risk for the organization. This can be problematic for organizations that are juggling thousands or tens of thousands of security group rules. This addition to AWS services is intended to greatly reduce operator error during the auditing and security management process.

To learn more about this and other features DivvyCloud offers visit www.divvycloud.com.

DivvyCloud Announces DivvyCloud Platform for VMWare Clouds on AWS

DivvyCloud Platform now for VMWare Clouds on AWS

DivvyCloud software provides customers with hybrid-cloud visibility and policy automation to identify and remediate security, cost and compliance issues.

August 28, 2017 — DivvyCloud, a leading developer of innovative software to automate and manage multi-cloud infrastructure at scale, today announced that DivvyCloud Platform is available to customers of VMware Cloud™ on AWS. Launched today with initial availability in AWS US West (Oregon) region, VMware Cloud on AWS brings together VMware’s enterprise-class Software-Defined Data Center (SDDC) software and elastic, bare-metal infrastructure from Amazon Web Services (AWS) to give organizations consistent operating model and application mobility for private and public cloud. DivvyCloud Platform enables consistent policy enforcement and automation of cloud best practices to customers of VMware Cloud on AWS.

DivvyCloud’s software is unique in the marketplace with its ability to track real-time changes across clouds and take customer-defined, autonomous action to fix problems and ensure policy compliance. Customers can leverage standard automation bots to proactively address a wide range of security, cost and compliance challenges commonly faced by any organization adopting or expanding their cloud infrastructure.

“As an ISV focused on compliance automation, we are proud to support customers of VMware Cloud on AWS. DivvyCloud has collaborated with VMware and AWS since our inception and believe this new offering will simplify and accelerate cloud adoption by enterprise customers,” said Brian Johnson, CEO, DivvyCloud.

VMware Cloud on AWS technology partners enable customers to deploy the same proven solutions seamlessly in both the public and private cloud. VMware simplifies the deployment and eliminates the need for partners to refactor solutions for VMware Cloud on AWS. If a partner solution works on-premises in a VMware vSphere® environment, it will easily support VMware Cloud on AWS. VMware technology partners complement and enhance native VMware Cloud on AWS service and enable customers to realize new capabilities.

“VMware Cloud on AWS provides customers a seamlessly integrated hybrid cloud offering that gives customers the SDDC experience from the leader in private cloud, running on the leading public cloud provider, AWS,” said Mark Lohmeyer, vice president, products, Cloud Platforms Business Unit, VMware. “Solutions such as the DivvyCloud Platform enable IT teams to reduce cost, increase efficiency, and create operational consistency across cloud environments. We’re excited to work with partners such as DivvyCloud to enhance native VMware Cloud on AWS capabilities and empower customers with flexibility and choice in solutions that can drive business value.”

About VMware Cloud on AWS
Delivered, sold and supported by VMware as an on-demand service, and running on elastic, bare-metal AWS infrastructure, VMware Cloud on AWS is powered by VMware Cloud Foundation™, the unified SDDC platform that integrates vSphere, VMware vSAN™ and VMware NSX® virtualization technologies. With the same architecture and operational experience on-premises and in the cloud, IT teams can quickly derive business value from use
of the AWS and VMware hybrid cloud experience. For more information on the VMware Cloud on AWS partner ecosystem, visit: http://cloud.vmware.com

About DivvyCloud
DivvyCloud software enables organizations to achieve their cloud computing goals by simplifying and automating security, compliance and cost optimization of public and private cloud infrastructure. Using DivvyCloud, customers can leverage programmatic Bots to identify and remediate common cloud problems in real time. DivvyCloud was founded by seasoned technologists who understand first hand what is necessary to succeed in today’s fast-changing, multi-cloud world. For more information, visit: www.divvycloud.com.

VMware, VMware Cloud, vSphere, Cloud Foundation, vSAN, and NSX are registered trademarks or trademarks of VMware, Inc. in the United States and other jurisdictions.

Media Contact(s):
Meredith Bagnulo
PR for DivvyCloud
meredith@bagnulocomm.com
(303) 513-7494

VMware

VMware has been the virtualization engine of the enterprise for more than a decade. DivvyCloud allows customer to define operating policies and standards for their VMware environments.

AWS Re:invent 2017

DivvyCloud is sponsoring and will have a booth this event.

Booth: #1502
Dates: Nov 27-Dec 1, 2017
Location: Sands Expo Hall, Las Vegas, NV

DivvyCloud Executive Speaker Summit

DivvyCloud is hosting and speaking at this event.

*Invitation only*
Date: Oct 23, 2017
Location: Discovery Communications Headquarters

 

BrightTalk Webinar

DivvyCloud is speaking at this event.

Dates: Oct 18, 2017, 2PM EST
Location: Virtual, www.brighttalk.com

AWS Meetup Montreal

DivvyCloud is speaking at this event.

Dates: October 12, 2017
Location: Montreal, Quebec, Canada

AWS Meetup Toronto

DivvyCloud is speaking at this event.

Dates: September 28, 2017
Location: Toronto, ON, Canada

VMWorld 2017

DivvyCloud is sponsoring this event.

 

Booth: #700-G
Dates: August 27-31, 2017
Location: Mandalay Bay, Las Vegas, NV

AWS Summit NYC

DivvyCloud sponsored this event.

Booth: #541
Dates: August 14
Location: Jacob K. Javits Center, New York, NY

Black Hat

DivvyCloud sponsored this event.

Dates: July 26-27, 2017
Location: Mandalay Bay, Las Vegas, NV

AWS Seattle Meetup

DivvyCloud spoke at this event.

Dates: July 20, 2017
Location: SURF Incubator, Seattle, WA

The Time Has Come: Multi-Cloud is a Smart Approach for IT Modernization

In this recent Cloud Technology Partners podcast, The Next 5 Years Will Have More Digital Innovation Than the Last 50, cloud computing expert David Linthicum talks to Mike Bainbridge, former Chief Technologist of Rackspace about the role of the cloud in IT modernization.

As one of the cloud industry’s thought leaders, David Linthicum is well-known for his pioneering work in cloud computing. In their podcast, both David and Mike offer terrific insights around how enterprises are transforming themselves via the cloud.  Well worth the listen.

Towards the end of the discussion they touch on the topic of multi-cloud. This is one area where I disagree with their advice for enterprises. Multi-cloud refers to using more than one cloud vendor such as ASW, Azure or Google for your applications and workloads. Some companies opt for this approach to ensure that they don’t get locked into one particular platform.

David and Mike advocate enterprises choose a single provider for all their cloud needs. They talk about the risk of vendor lock-in being overblown, and advocate for strategic commitment to a single cloud platform with benefits like gaining in-depth knowledge and expertise, laying down standard deployment and management processes, etc.  My interpretation of their advice was…just make a decision Mr. CIO, stick with it, and force your organization to use the cloud of choice. 

I didn’t like this approach.  The idea that IT command and control rules the roost is no longer valid in today’s business and technology world. Enterprises must embrace the cultural changes of DevOps, self-service and the democratization of technology that is happening all around us.  Today’s best CIOs don’t look for innovation and technical solutions in a Gartner report or executive forum, and then lay down marching orders for the enterprise.  They tap into their technical teams and ask “What do you like?”  “What tech are you using in your personal projects?” “Show me proof of concept for something that might solve this problem.”

In an ideal world enterprises could simplify on a single cloud platform, but I don’t see that as reasonable option with independent business units/product teams and different innovative services being offered by the different cloud providers. In addition, enterprises need to consider the strategic impact of vendor lock-in in terms of cost, security and innovation. For example, will GCP’s strong focus on containerization change the fundamentals of IaaS economics and leap-frog AWS in three years?

A multi-cloud approach can offer not only many benefits including the flexibility to integrate best of breed technologies and services, but also enable basic vendor management of pitting one cloud provider against the others to drive value. And, multi-cloud environments CAN BE MANAGED with cloud agnostic automation technologies like DivvyCloud.  With pervasive data harvesting to identify problems or opportunities, and Bot automation to remediate issues without the need for human involvement many of the biggest risks and inefficiencies of multi-cloud management can be addressed.

Today’s cloud services are easily accessible and today’s employees are increasingly technologically sophisticated. The better path is to allow product and technology teams to use the clouds that best fit their needs and stay out of the way. Don’t try to force all your technologists, engineers, and developers through an old-school CMP, broker services, or service catalog approach.  It won’t work. 

They will go around you, setting up applications and services that will ultimately grow your shadow IT.  Instead, it’s better to have enterprise accounts across different cloud providers knowing your baseline cost, security and governance policies will run in the background and be ready to take action when someone wanders outside the lines.  Maybe in multi-cloud you can have your cake and eat it too!

Get Started with an Enterprise Trial

Deploy an enterprise version of BotFactory

Delete Exposed Snapshots Before Sensitive Data Loss…and Media Headlines Ensue!

Bot of the Week: Exposed Public Snapshots

[To learn more about this Bot, read this blog post by Thomas Martin]

Automatically delete any snapshot exposed to the public as soon as it’s detected. Any time a new snapshot is identified or an existing snapshot is modified, it will be inspected to identify if it is marked for public access and take appropriate automated action to remediate.

Why do I care:

Imagine for a moment that your company has an EBS volume with customer credit card data, or Personally Identifiable Information (PII) about your customers and/or employees. An administrator wants to share this snapshot with another account for backup purposes, but instead of adding the secondary AWS account for sharing, the admin marks the snapshot as public. This is a gold mine for malicious actors, and could be a catastrophic and embarrassingly legal/PR disaster for the company.

In a recent article by The Next Web it was identified that droves of AWS users are carelessly leaking sensitive data via this feature.  In a response to the article, AWS quickly released a new Trusted Advisor check, which when enabled will alert administrators of the account of the issue. It’s a good move by AWS, and honestly is something which likely should have been made available to the public long ago and it doesn’t take action to fix the problem in real time.

Background on Cloud Storage:

Storage has always been a challenge. AWS pioneered scalable storage solutions in the cloud, both for object storage (S3) and block storage (EBS). EBS volumes are network attached volumes which can be attached to an instance. These allow data to be persisted through instance lifecycle controls including stop, start and resizing. They come in a variety of flavors including general purpose SSD, magnetic and even provisioned IOPS for those I/O intensive workloads. They can even be encrypted using Amazon’s Key Management Service, providing improved security and data protection.

AWS provides the ability to create snapshots (backups) of data on these EBS volumes, and persists them into S3 at a fraction of the cost (~90% cheaper than the volume). This data can be retrieved at anytime, is only charged for the incremental difference between snapshots and can be even be shared with other AWS accounts and/or the public. This last piece is extremely important and should not be overlooked. With just a few clicks in the AWS console you can mark your snapshot as Public which in essence allows any AWS customer around the World to make a copy of the snapshot and begin using it.

There are very few circumstances where an organization would want to make their data available to the public. One of the only legitimate scenarios where this features is used is with AMIs (Amazon Machine Images). AMIs enable the quick provisioning and deployment of an Operating System to EC2  instances. For companies such as RedHat, Microsoft and Canonical who routinely create offerings of their OS for the public to use, it makes sense to have these OS snapshots available to every AWS customer.

How DivvyCloud Bots Address Public Snapshots and Other Compliance Issues:

DivvyCloud has responded to this security risk by providing automatic checks via our BotFactory automation platform. A new automation Bot was put in place to routinely check for this security gaff, and it does it globally across your entire cloud footprint. Unlike AWS Trusted Advisor which can be painful to track across multiple cloud accounts, the DivvyCloud check gives you a single pane of glass view across all connected public/private cloud accounts, and surfaces the issue immediately upon login. The image below illustrates what a user would see upon logging into the tool.  This list shows all the compliance and security issues you want to track including Exposed Public Snapshots (5th one down).

BotFactory goes a step further though, and additional actions beyond simple visibility can be configured to eradicate these security issues, and more importantly keep them from occurring moving forward. As you can see in the example Bot’s configuration below, the Exposed Public Snapshot will automatically delete the bad snapshot as soon as it’s detected (hours = 0). Any time a new snapshot is identified or an existing snapshot is modified, it will be inspected to identify if it is marked for public.

Fine Control and Flexibility in Defining Policy and Automated Actions:

As with all Bot’s, this policy can be fine tuned. Additional actions/exclusions can be put in place if there’s a valid reason why a handful of public snapshots must exist across the organization’s cloud footprint. Another example of an action would be to not delete the snapshot, but to automatically revert the permissions to a private snapshot and send notification to the IT team for further analysis/triage.

Effective and autonomous management of AWS S3 snapshots is possible, and ensuring that organizational cloud footprints aren’t exposing themselves to leaking sensitive data requires but a little help from Divvy’s automation Bots.

Get Started with an Enterprise Trial

Deploy an enterprise version of BotFactory

Your Amazon EBS Snapshots and RDS Data may be leaking sensitive data to the public… And that’s just the tip of the iceberg. Fix it permanently!

A recently published article outlined the careless behaviors of users that is allowing sensitive company data contained in EBS snapshots and RDS services to be leaked into public domain.  AWS has released new functionality to “see” and be notified about these risks via Trusted Advisor.  But, as an experienced technologist working with Fortune 100 companies to deploy enterprise applications to cloud infrastructure, I can tell you first hand that the misconfiguration of RDS and EBS Snapshots are only the tip of the iceberg of how careless set-ups, and a lack of an action based configuration control platform can put your data and infrastructure at grave risk.  S3 buckets, misconfigured firewall ports, improper security groups… This list goes on and on.

The potential financial and reputation losses to companies that don’t proactively manage public access to Cloud infrastructure can be catastrophic. But rest assured, these pitfalls are not the result of an insecure or faulty product from AWS or other public cloud provider. In fact each of these services are specifically designed to enable public exposure when desired. The idiocy in all of these events is that they were completely preventable had a cornerstone tagging and monitoring/action system been put in place.

Don’t watch user mistakes in the rear-view mirror through Trusted Advisor alone… Let’s dig in and let me take you through the foundations of how to pro-actively set-up, monitor, and action your cloud to ensure risky behavior is caught and actioned so that your company doesn’t become the subject of media headlines.

Across clients, I have seen tens of millions of dollars spent annually on ITIL processes and ISO27001 compliance within traditional company data centers.  Each IT asset ID’d, every attribute and detail meticulously tracked and logged. But it never ceases to amaze me that once infrastructure becomes ephemeral (created and destroyed as simply and as quickly as code can allow) that all sense of organization is kicked to the curb and the Wild Wild West ensues.  Exposure to data loss and/or security breach, unbridled growth in costs, and orphaned resources is not a product problem, but an operational problem and one that we as an IT community need address within our organizations.

Managing Cloud resources at scale doesn’t have to come with the traditional organizational bloat, added costs, and process bureaucracy that plagues most organizations in their implementation of ITIL practices. In fact I would argue that those trying to manage ephemeral Cloud infrastructure through traditional practices and CMDB methodologies are outright wrong in their approach and are setting their organizations up to fail… The dynamics of Cloud assets simply change too quickly.

Successful Cloud asset management begins with a strategic asset tagging strategy that is systematically applied and monitored ubiquitously across your Enterprise Cloud(s).  Resources are available by the individual Cloud providers on how to tag and the number of tags allowed by asset.  You can find AWS tagging recommendations here, but to prevent the atrocities of misconfiguration, and bloated costs, an organizational tagging strategy and related use policy must be established.  This document must outline which tags are required by asset, and specific tag formats.  Various articles have been written, but one of the most comprehensive and straightforward white paper on how to establishing a cloud tagging strategy was written by the team at DivvyCloud.

Once a tagging policy is created it must be deployed and enforced.  How your organization orchestrates infrastructure as code will determine how the tags are deployed. Monitored holistically, these tags can be interrogated and systematically used to enforce broader operational policies, with “if-then-this” outcomes.

Let’s assume that we have a policy that states only resources tagged as ENV = PROD + DATACLASS = PUBLIC should be allowed to be associated to a publicly open security group, or configured for public access. We can now continuously monitor for this grouping of tags and take appropriate action when non-compliant assets are discovered, with actions that proactively and immediately quarantine the asset and notify the appropriate team members that the incident has occurred and how to resolve prior to Intellectual Property data loss.

A well implemented tagging strategy, in combination with continuous monitoring, and an action driven compliance engine will cover your entire Enterprise Cloud with real time proactive protection.  In addition to security and peace of mind, it will reduce costs, and drive broader operational efficiencies.  Bottom line, these are table stakes to the Cloud Enterprise at scale, and the cornerstone of effective Cloud Operations.  

————

Thomas Martin is a former CIO, and technology leader of the General Electric Company.  Prior to leaving GE,  Thomas was the Executive Vice President of Application Transformation tasked with moving 9000 legacy workloads to public and private cloud infrastructure.  He has been a leading evaluator, adopter, and advocate of innovative tools and emerging technology that drive effective operation of cloud infrastructure at scale.

CyberTech Fairfax

DivvyCloud sponsored this event.

Dates: June 13, 2017
Location: Capital One Headquarters, McLean, VA

AWS Public Sector Summit

DivvyCloud attended this event.

Dates: June 12-14, 2017
Location: Walter E. Washington Convention Center, Washington, DC

Stop Overspending in the Cloud: Maximizing Cloud Utilization

Cloud spending continues to rise as enterprises increasingly look for ways to optimize their IT infrastructure. According to Gartner Group, more than $1 trillion in IT spending will, directly or indirectly, be affected by the shift to cloud during the next five years.

It’s no surprise that, given the many benefits of shifting to a cloud-based or hybrid cloud model. One of the most touted benefits of moving to the cloud is the cost savings to be had by only using what you need, when you need it. In fact, a recent survey from RightScale found that 53 percent of cloud users cite cost savings as a focus for 2017.

However, despite all the hype around cost savings in the cloud, many enterprises are over provisioned and paying for resources that they don’t use or need. According to RightScale, “on average, the IT pros surveyed said they their organization wastes 30% of its cloud spend. In addition, 39 percent of instance spend is on virtual machines (VMs) that are running at under 40 percent of CPU and memory utilization, with the majority of those running under 20 percent utilization.” This chronic under utilization of the cloud infrastructure is a huge waste of money.

Enterprises often buy more capacity than they need to ensure that they have enough resources to handle their current and future growth (legacy data center thinking). They are also often unaware of what applications are being the most and least utilized which can result in a large amount of unused cloud resources that are constantly running and costing them money.

This is also true as enterprises are increasingly using containers. Containers are meant to be temporary and scope-limited, meaning that they should spin up and spin down as needed. However, the underlying infrastructure that containers run on, is often left to run constantly and therefore destroy the value of the pay as you use cloud business model. This only exacerbates the problem of not fully embracing the utility-based cloud pricing approach.

To avoid this waste, enterprises must be able to start and stop their instances to better utilize computing resources. They also need visibility into their networks and to continuously monitor their cloud spend and utilization to get the most out of their investment.

Cloud utilization continues to be a challenge for enterprises. In fact, some large enterprises are struggling to get 10 percent utilization from their cloud infrastructure. As the cloud matures, cloud business models need to evolve as well. The hope and promise of using only what you need when you need it is not yet a reality for most enterprises and optimizing existing cloud usage needs to be a top priority for all cloud users.

Cloud automation and monitoring tools can help control these extra costs and maximize cloud resource utilization. There are “Bots” that can automatically identify instances that have either been running for a long time or have very low capacity utilization.  Bots can schedule downtime for instances when not in use.  For example, dev/test/qa environments that are not utilized at night.  Or large capacity instances used a few days a month for financial closings, or regular risk assessments.

Enterprises can set up more complex rules for these cloud automation tools to follow. For example, a resize Bot can create a list of all instances less than 5 percent utilized over last 30 days and then resize them to the next smaller level so the enterprise pays for the smaller size, often a 50% savings per instance. The bots will keep doing this until they reach the lowest level available resulting in significant cost savings.

So, does the cloud business model really stand up to its pay-as-you-go claims? Only if you carefully monitor your cloud resources and ensure that under-utilized applications are not running when the don’t need to be.

Eyes are Always Bigger Than Your Stomach in the Cloud: Underutilized Instances Bot

Bot of the Week: Underutilized Instance Bot 

Identifies instances that have either been running for a long time, or have very low capacity utilization…contributing to ever-growing monthly cloud bills.

Why do I care:

The cloud provides nearly infinite resources and computing capacity. In most cases this capacity is offered for pennies per hour. With cheap start up costs and endless space, oftentimes developers, engineers and other users of your cloud infrastructure are buying more cloud capacity than they actually need. While the short-term costs of doing so are low, leaving these resources running unnecessarily or forgetting about them can result in runaway costs in the cloud.  This is a big reason research shows enterprise cloud bills growing 2-3 times over budgeted expectations!

Forgotten Instances Will Come Back to Eat Your Bottom Line

Enterprises in the cloud share a common pain point: virtual instances (that bill out on an hourly basis) are left running when no one is using them. Imagine your utility bill if you left the lights and electronics running all day and all night. Instances are billed in the same way. It’s cheap to spin up instances, but expensive to forget about them.  

Why Test Drive Code on a Kia When You Can Have A Maserati?

More often than not developers want plenty of power to develop and test their code.  With access to the cloud, they can spin up big, beefy servers with little concern for cost.  Meanwhile, product teams and operations folks want to make sure they have plenty of capacity to run their workloads. They most always over-estimate their needs and over-provision capacity. Teams are purchasing 2, 4, or 8 cores of computing power and end up using a very low percentage of that capacity. Consider purchasing a top of the line sports car that can accelerate from 0-100 in just a few seconds. It has incredible horsepower, a sleek design and is made to race. Now imagine driving it in bumper to bumper traffic for 20 miles and never being able to use it’s full potential. The same can be true for over-provisioning in the cloud. You have a whole lot of power and capacity that is going to waste.

Use Insights to Make Better Decisions

Before taking action on these instances, it’s useful to monitor these environments to truly understand how your organization is utilizing the cloud. It may be clear that a test environment requires fewer CPUs or that the resource itself doesn’t have to exist beyond one day, one week or one month. Using insights will allow your organization to make the best choices when adding (or culling) capacity in your public cloud. Data makes it clear whether less cores are better for your environment or if a reserved instance should be considered.

Automate Resizing and Deletion Of Underutilized Instances

For both the case of over-provisioning and forgotten instances, automation is one of the best solutions to reduce cost and waste. By setting policy in an automation platform such as DivvyCloud, users can specify how long an instance should exist before it is automatically stopped and terminated. For example, if an instance in spun up in the dev test environment, it can be set to terminate after 7 days. DivvyCloud’s automation Bots will follow the policy and delete the instance whether or not anyone remembers.

Additionally, resizing can be automated with Bots that identify instances that have run at less than say…10% CPU utilization over the last two weeks, and schedule them to be reduced one size.  If after two more weeks, the instance in question is still under 10% CPU utilization, the Bot will knock it down another size.  And so on, until it the load and capacity reaching a reasonable utilization level (or it ends up at the smallest size instance costing very little). Elasticity is one of the key benefits of the cloud, and having automation that can scale up AND scale down is vital for optimizing cloud usage.

Get Started with an Enterprise Trial

Deploy an enterprise version of BotFactory

The Future Looks Good for Google in a Multi-Cloud World

There is no doubt that the cloud is becoming the technology infrastructure of the future. Market research firm Gartner projects that by 2020, cloud computing will be a $383 billion market (that’s damn big). The highest growth will come from cloud-based, software defined infrastructure  (Infrastructure-as-a-Service – IaaS), which is projected to grow 36.8 percent in 2017 to $34.6 billion, according to Gartner.

However, enterprises need to be smart about how they approach migration to the cloud. They need to decide which applications and data should be moved to the cloud and what should remain on-premise or in private cloud deployments. They also need to decide if they want to move everything to one cloud vendor or to multiple cloud vendors. A lot of enterprises initially take the easy path and commit to Amazon Web Services (AWS). However, relying on only one cloud vendor can leave them vulnerable.

The recent Amazon S3 outage wreaked havoc across the Internet and for many it brought to mind the old adage of not putting all of your eggs into one cloud vendor’s basket. AWS has always been the 800-pound gorilla of the cloud vendors and is still the leader of the pack with 40 percent market share (that’s almost double the combined market share of Google, MS Azure and IBM Softlayer…the next three market leaders). Therefore, any slight error or outage can have a huge impact.

Many enterprises are discovering a multi-cloud strategy is a safer bet and there is a lot of excitement for what Google Cloud Platform (GCP) can bring to the table. Google has evolved from its dominance in search engine/online advertising into a cloud computing powerhouse. It is quickly becoming a formidable competitor to Microsoft and AWS as it continues to expand globally. The company recently widened its global cloud footprint with the addition of three new data centers in California, Montreal and the Netherlands.

In addition, at the Forbes CIO Summit in April, Diane Green, senior vice president of Google, said she believes the Google Cloud Platform could surpass AWS by 2022. This appears to be a real possibility as Google’s most recent earnings report stated that its cloud growth is outpacing the company’s ad business.

Dan Bieler, principal analyst at Forrester Research outlined some of Google Cloud’s strengths in this ZDNet article. He believes that Google has a good chance to take on Microsoft and AWS with its global expansions and technology innovation in machine learning and artificial intelligence which are integrated into its cloud platform.

As enterprises increasingly deploy new applications in the cloud, a multi-cloud approach offers more flexibility and security. It is wise to take a closer look at the various features and benefits that AWS, Microsoft, Google and other cloud vendors offer and then distribute your applications across the clouds that are the best fit.

It is also critically important to find ways to manage the risks of “cloud” effectively across different cloud deployments.  Enterprise need new tools and practices to control costs , enforce compliance to meet industry and operational best practices, and maintain visibility across those clouds.  DivvyCloud’s multi-cloud automation solution can do all of this and more. It continuously scans public and private cloud infrastructure, identifies non-compliant resources and automates remediation to increasingly common cloud problems related to security, cost and compliance.

Integrating cloud automation as part of this multi-cloud strategy gives IT managers peace of mind that their infrastructure is secure and an outage or natural disaster won’t bring their entire network down in one fell swoop.

Get Started with an Enterprise Trial

Deploy an enterprise version of BotFactory

Cloud Expo NYC

DivvyCloud is exhibiting its technology at Cloud Expo NYC in Booth #237 June 6-8. Jeremy Snyder, VP of Business Development at DivvyCloud, is speaking for a general session and the Tech Talks during the event. Jeremy will share best practices, industry insights and cloud infrastructure strategies.

TechTalk: Tagging Strategies for Cloud Resources – How to use Tags for visibility, accountability and automation of cloud infrastructure.

Tagging virtual instances and resources in your cloud infrastructure is a vital step in defining how your public, private or hybrid cloud environments will operate. Because components of cloud infrastructure are software-defined, these “virtual” resources can very easily sprawl out of control resulting in run-away costs, security holes and lack of accountability. Tagging allows resources to be quickly labeled and categorized, creating a standard for organizing your virtual assets across cloud environments. In this talk we will discuss best practices for using tagging in your cloud infrastructure to reduce costs and risks while remain compliant to enterprise standards.

Session:  Best Practices for Enterprise Cloud Adoption – How cloud infrastructure automation delivers the agility, speed and cost benefits while reducing many risks.

This talk centers around how to automate best practices in a multi-/hybrid-cloud world based on our work with customers like GE, Discovery Communications and Fannie Mae. Today’s enterprises are reaping the benefits of cloud computing, but also discovering many risks and challenges. In the age of DevOps and the decentralization of IT, it’s easy to over-provision resources, forget that instances are running, or unintentionally expose vulnerabilities. We will discuss the approaches to take control of your cloud with self-healing infrastructure, while realizing the promised agility, speed and cost benefits of the cloud.

Dates: Jun 6-8, 2017
Location: Javits Center, New York City, NY

Media and Entertainment Companies Flock to the Cloud

Over the past year and a half, there has been widespread cloud adoption among enterprises and many people in the technology industry are claiming that 2017 is the year of the “enterprise cloud.”  According to IDG’s 2016 Enterprise Cloud Computing Survey, “organizations are using multiple cloud models to meet their business needs, including private (62%), public (60%), and hybrid (26%).”

As enterprise cloud adoption grows, best practices and business cases are emerging and other industries like the media and entertainment industry, are jumping on the bandwagon. From virtual reality and smart TVs to live streaming of events, the amount of digital content being created and consumed is abundant. A majority of this massive amount of data is being produced at high resolution and in multiple formats and therefore requires a robust technology infrastructure to support it.

As a result, many media giants are increasingly adopting new cloud technologies to manage the explosive growth of their digital content. As these media companies flock to the cloud to manage and store their digital content, they must be smart about their approach.  For example, some may want to consider a hybrid approach to the cloud. They could use the public cloud for things such as global content distribution and collecting content from providers, but also store some of their more proprietary digital assets in a private cloud or on-premise.

Cloud solutions can create storage efficiencies and allow real-time access to content anytime, anywhere. However, there are also some challenges to be aware of when it comes to migrating to the cloud such as runaway costs and the ability to scale. In addition, the IDG survey identified these top three challenges that enterprises face when adopting public cloud technologies: concerns about where data is stored (43%), cloud security (41%) and vendor lock-in (21%).

Another factor to consider when migrating to the cloud is how to manage the massive amount of digital content being delivered around the world. It is too big to be managed from a human standpoint and there is no room for error.

And, once the transition to the cloud is complete, these companies need to efficiently manage all of their cloud resources to ensure optimal performance. Performance is especially important in the media and entertainment industry. For example, something as little as a six-second delay in the streaming of an advertisement at the beginning of a media company’s hit show could cost them hundreds of thousands of dollars back to the advertiser if the ad is not delivered correctly or at all.

Cloud automation and management technology is increasingly easing this burden and can help media companies more efficiently manage their virtual resources at scale across different public and private cloud technologies. Features such as auto-scaling and workload grooming allow these companies to ensure that their costs are managed and contained. These tools also take the burden off of the IT department by automatically monitoring cloud resources and identifying and fixing issues and security threats as they arise.

Leading media companies like Discovery Communications are using cloud automation technology from DivvyCloud to reduce cost, improve security and ensure compliance across their entire cloud infrastructure. You can visit DivvyCloud at the NAB Show, April 22-27, 2017 where they will be featured as part of SPROCKIT’s 2017 program – an exclusive technology alliance that is helping to accelerate cloud strategies for the hottest companies in media and entertainment.

Get Started with an Enterprise Trial

Deploy an enterprise version of BotFactory

DivvyCloud Accepted Into Exclusive Media and Entertainment Technology Alliance for Innovative Companies

DivvyCloud Accepted Into Exclusive Media and Entertainment Technology Alliance for Innovative Companies

SPROCKIT® Brings Together Hot Startups and Iconic Companies at NAB Show and Throughout the Year

Arlington, Virginia (March 23, 2017) – DivvyCloud, a leading developer of innovative software to automate and manage multi-cloud infrastructure, today announced that it has been accepted into SPROCKIT’s exclusive technology alliance for media and entertainment industry collaboration.

SPROCKIT will showcase up to 30 of the most innovative market-ready startup companies through a year-round program that shines the spotlight on industry game-changers through two channels: NAB Show®, the world’s largest and most important media and entertainment event, and SPROCKIT® Sync, the exclusive community of media and entertainment decision-makers that meets three times a year.

To become part of the SPROCKIT Class of 2017, a company must have market validation and must prove the potential to significantly impact the media and entertainment industry.  

The media and entertainment industry is an early adopter of cloud infrastructure to manage the explosive growth of digital content. Like many other industries moving to the cloud, it is not always a smooth road.  Enterprises frequently experience runaway costs, security problems and the inability to ensure compliance of their cloud operations at scale. DivvyCloud’s automation software, BotFactory, has a proven track-record of delivering cost savings and autonomous remediation of non-compliance cloud resources in near-real time.

“We’re honored that our largest media company customers nominated us to be a part of SPROCKIT,” said Brian Johnson, CEO at DivvyCloud.  “We look forward to helping accelerate cloud strategies for the hottest companies in media and entertainment.”

About SPROCKIT

SPROCKIT is the media, entertainment and technology alliance of corporate executives and industry-vetted emerging companies showcasing and collaborating on products, services and new revenue models. SPROCKIT, in collaboration with and support from NAB Show, shines the spotlight on the industry’s most promising market-ready start-ups from around the world. SPROCKIT start-ups have proven products, customers, and are ready to scale. Learn more at sprockitglory.com.

About DivvyCloud
DivvyCloud software enables organizations to achieve their cloud computing goals by simplifying and automating security, compliance and cost optimization of public and private cloud infrastructure. Using DivvyCloud, customers can leverage programmatic Bots to identify and remediate common cloud problems in real time. DivvyCloud was founded by seasoned technologists who understand first hand what is necessary to succeed in today’s fast-changing, multi-cloud world. For more information, visit: www.divvycloud.com.

Media Contact
Meredith Bagnulo
PR for DivvyCloud
meredith@bagnulocomm.com
(303) 513-7494

DevOps DC Meetup

DivvyCloud spoke and sponsored this event.

Dates: Mar 14, 2017
Location: Online, due to weather

AWS Montreal

DivvyCloud spoke and sponsored this event.

Dates: Mar 9, 2017
Location: La Gare Co-Working Space

AWS Ottawa

DivvyCloud spoke and sponsored this event.

Dates: Mar 8, 2017
Location: Rebel.com

Bad Idea: Leaving the Keys to Your Cloud Castle Lying Around!

Bot of the Week: S3 Bucket Permissions

This bot continuously monitors and identifies storage containers such as AWS S3 buckets which have read, write or delete permissions open to the world.

Why Do I Care?

Amazon Web Services S3 Buckets are storage containers in the cloud that are used to house data, documents and images or they can be used to host static websites. Without specified permissions, anyone can read, modify or delete a bucket. Running buckets with this type of access policy can result in data loss, exposure and potential downtime in the case of static website hosting.

Permissions matter

With S3, you can put access permission controls on your buckets. This governs who can read, write, and delete that bucket. Let’s say you’re hosting a website from S3. You’ll want to provide visitors full access to read the information on the site. You wouldn’t, however, want them to be able to modify or delete your content. On the other hand, if you have a bucket that stores personal information or sensitive information such as customer records, you may want to pull read permissions from your policy. By setting and automating specific permissions you can prevent the viewing or altering of stored data, protecting the organization and its clients.

Guard your buckets

The best way to guard your buckets is to tailor access list control permissions to only the minimum level of access required. Typically only static websites should be open to the world and all other buckets should be locked down to only authorized stakeholders.

Give it a try!

Over 100 out-of-the-box Bots are available on the DivvyCloud Github repo.  Sign up at BotFactory.io for a free test drive.

Get Started with an Enterprise Trial

Deploy an enterprise version of BotFactory

AWS Toronto

DivvyCloud spoke and sponsored this event.

Dates: Feb 23, 2017
Location: theScore

Don’t lose track of your instances, tag them.

Bot of the Week: Tagging Audit Bot

 

This bot inspects cloud resources to validate that they are tagged with appropriate key/value pairs (e.g., “Environment: Production”). The policy can be applied as a global policy, or fine-tuned to accommodate for different strategies per cloud/account/resource-type/etc.. The definition and enforcement of tagging standards to organize your cloud infrastructure can dramatically improve visibility, compliance, charge/show back, and taxonomy across your entire footprint.  Combined with DivvyCloud Bots, tags form the foundation for policy automation and operational compliance at scale.

Why do I care?

Tagging instances and resources in the cloud is a vital step in defining how your public, private or hybrid cloud environments will operate. Because components of cloud infrastructure are software-defined, these “virtual” resources can very easily sprawl out of control, resulting in run-away costs, security holes and lack of accountability. Tagging allows resources to be quickly labeled and categorized, creating a standard for organizing your cloud. Tags can be created to identify the environment, cost center, resource owners, projects, security levels, and almost any other attributes that are important to your operating model.

Our Tagging Audit Bot ensure all resources are tagged appropriately with valid values, ensuring things don’t get lost in dynamic cloud environments. Tagging has become so critical to cloud management that AWS recently increased its maximum number of tags per resource from 10 to 50 to meet customer demands (which is a good thing since their published tagging strategy requires at least 20 tags!).

With new clients, we often run the Tagging Audit Bot first thing to show how much of their infrastructure is “undefined”.  By quickly implementing a basic tagging strategy, the customer can finally get actionable data on their cloud environments.

The cloud is not a datacenter

Unlike the traditional datacenter, the cloud is a dynamic and ever-changing environment that has the ability to morph and transform at will. Cloud self-service provisioning allows users with various positions, departments and skill levels to access and change the cloud environment as they see fit. All this considered, the cloud cannot be treated like a physical datacenter where you can actually attach a physical tag or label.  Overtime the cloud becomes increasingly unorganized and insecure, resulting in wasted resources and vulnerabilities.

Next Level: Tagging Strategy

Once all resources are labelled, creating processes and automation around those tags becomes simple and can make operating in the cloud dramatically more efficient. AWS provides a comprehensive strategy for tagging on their site that describes how tags can be used to categorize resources. With BotFactory, we allow users to create and automate actions according to the tags used. For instance, Scheduled Instances Bot can automate shut down at 5:00 P.M. to 9:00 A.M for resources tagged as “Environment: Dev” or “Schedule: 9-5”. Another set of tags can identify resource that need special compliance standards such as HIPAA or SOX with associated data encryption or data sovereignty requirements.  All of our 100+ Standard Bots, and any user configured Bots can leverage tags used on your cloud resources.

Enterprise adopters

Our team has learned from the cloud’s earliest enterprise adopters. These organizations were tasked with moving thousands of instances to the cloud while keeping their data protected and their costs under control. DivvyCloud customer General Electric uses tags for it’s Reaper Bot to scan the environment to make sure all assets in the cloud are attached to an application (learn more in the video Q&A). Similarly, Discovery Communications has used Tagging Bots during their migration process to the cloud (video Q&A). Bots have helped both companies minimize their costs while maintaining order and compliance in the their infrastructure.

 

Get Started with an Enterprise Trial

Deploy an enterprise version of BotFactory

BotFactory Now Available for Test Drive on Google Cloud Platform Using Orbitera

BotFactory Now Available for Test Drive on Google Cloud Platform Using Orbitera

Cloud Adopters Can Test Drive BotFactory on GCP to Automate Security, Compliance and Cost Optimization

Arlington, Virginia (January 23, 2017) – DivvyCloud, a leading developer of innovative technology to automate and manage cloud infrastructure, today announced availability of the BotFactory Test Drive on Google Cloud Platform (GCP). DivvyCloud has been one of a few partners working with Orbitera as part of their beta program for Test Drives on GCP.

Orbitera Test Drives are fully functioning and interactive software demonstrations offered in the cloud. This is a popular way for businesses to try software before buying it — no software license, credit card or even cloud account required.

“We are excited to make BotFactory available for easy, one-click test drives on GCP”, said Peter Scott, COO of DivvyCloud. “Orbitera’s Test Drive solution lowers the barriers to try out new software solutions and we are happy to be one of the first three software providers to go-live on GCP.”

DivvyCloud’s BotFactory solution is unique in the marketplace with its ability to track real-time changes within cloud infrastructure and take customer-defined, automated actions to fix problems and ensure policy compliance. Customers can leverage over 100 standard automation Bots to address a wide range of security, compliance and cost optimization challenges commonly faced by any organization adopting cloud infrastructure.

About DivvyCloud
DivvyCloud software enables organizations to achieve their cloud computing goals by simplifying and automating security, compliance and cost optimization of public and private cloud infrastructure. Using DivvyCloud, customers can leverage programmatic Bots to identify and remediate common cloud problems in real time. DivvyCloud was founded by seasoned technologists who understand first hand what is necessary to succeed in today’s fast-changing, multi-cloud world. For more information, visit  www.divvywebsite.staging.wpengine.com.

Media Contact
Meredith Bagnulo
PR for DivvyCloud
meredith@bagnulocomm.com
(303) 513-7494

Instances with Failed Status Checks

What it does: matches instances that fail the system/reachability status checks

This bot identifies compute instances which fail instance/system reachability. When failure occurs this means that the system is not accessible over the Internet and likely is running failed hardware. It is strongly encouraged to migrate these failed systems to new hardware.

Why do I care?

Monitoring the lifecycle state and status checks of your cloud instances ensure that your systems are running properly AND that you have access to the compute capacity that you are paying for. Instances that fail status checks can result in downtime for your organization and wasted money.

Failed Instances Bot checks your system every 10 minutes and automatically migrates your data from failed or failing hardware in AWS.

Why do failed instances occur?

Within Amazon there are two states for availability: lifecycle state and status checks. The lifecycle state defines whether an instance is running, stopped or has been deleted. Status checks determines whether the virtual instance your application or data is running on is working properly. Amazon sends periodic heartbeats to the underlying hardware, at the process, hypervisor and network layers to test for status checks and lifecycle. If you fail any one of those checks your instance is unreachable, resulting in unusable data.

Status checks are an important because many people only monitor the lifecycle state of their instances, and do not monitor network accessibility.  Turning on this DivvyCloud “Instance with Failed Status Checks” Bot is very useful, because most monitoring detects lifecycle changes and not status checks. In the situation of a failed status check, organizations typically migrate the system to a different droplet, or need to conduct deeper inspection and remediation.

It’s not uncommon for hardware to fail

Hardware failure can come from a number of reasons. Equipment can get old, moving parts can break, overheating can occur and hard disks can fail. These failures are not uncommon at scale, and knowing this can help your organization better prepare for and react to failures. If you don’t have automation in place to detect system failures, it can be hard to find the affected systems. Cloud providers may email you, but often not fast enough for applications high uptime requirements. It could be an hour or two before you are alerted about the problem. Our Bot will identify failed instances in a maximum of 10 minutes using BotFactory’s continuous API-based data harvesting. This is in much more near real-time than if you wait for the AWS monitoring system to catch the failure.

Give it a try!

Over 100 out-of-the-box Bots are available on the DivvyCloud Github repo.  Sign up at BotFactory.io for a free test drive.

Get Started with an Enterprise Trial

Deploy an enterprise version of BotFactory

Get Started with an Enterprise Trial

Deploy an enterprise version of DivvyCloud