Link: Meltdown and Spectre underscore the ongoing need for infrastructure automation

“In the Cloud Foundry scenario, these are embodied by BOSH to automate the infrastructure resource, namely VMs, container clusters, virtual storage and networks, configuration and deployment and Concourse for the development pipeline. Together, these enable organizations to rapidly and consistently patch all applications using the PaaS environment. Together, these enable organizations to rapidly and consistently patch all applications using the PaaS environment.”
Original source: Meltdown and Spectre underscore the ongoing need for infrastructure automation

Link: Who’s using 2FA? Sweet FA. Less than 1 in 10 Gmail users enable two-factor authentication

“less than 10 per cent of active Google accounts use two-step authentication to lock down their services. He also pointed out that a Pew study in 2016 showed only around 12 per cent of web users have a password manager to protect their accounts.”
Original source: Who’s using 2FA? Sweet FA. Less than 1 in 10 Gmail users enable two-factor authentication

How JPMC is making IT more innovative with PaaS, public and private

wocintech (microsoft) - 154

A good, pretty long overview of JPMorgan Chase’s plans for doing cloud with a PaaS focus. Some highlights.

More than just private-IaaS and DIY-platforms:

Like most large U.S. banks, JPMorgan Chase has had some version of a private cloud for years, with virtualized servers, storage and networks that can be shared in a flexible way throughout the organization.

The bank is upgrading its private cloud to “platform as a service” — in other words, the cloud service will manage the infrastructure (servers, storage, and networks), so that developers don’t have to worry about that stuff.

On the multi-/hybrid-cloud thing:

By the second half of 2017, the bank plans to run proprietary applications on the public cloud. At the same time, it’s building a new, modern internal cloud, code-named Gaia.

While “hybrid-cloud” has been tedious vendor-marketing-drivel over the past ten years, pretty much all of the large organizations I work with at Pivotal have exactly this approach. Public, private, whatever: we want to do it all.

Shifting their emphasis innovation:

“We aren’t looking to decrease the amount of money the firm is spending on technology. We’re looking to change the mix between run-the-bank costs versus innovation investment,” he said. “We’ve got to continue to be really aggressive in reducing the run-the bank costs and do it in a very thoughtful way to maintain the existing technology base in the most efficient way possible.” …Dollars saved by using lower-cost cloud infrastructure and platforms will be reinvested in technology, he said.

On appreciating the scale of “large organizations” that drive their very real challenges with adopting new ways of running IT:

The bank has 43,000 employees in IT; almost 19,000 are developers.

Good luck having the “we have no process by design” process with that setup.

On security, there’s a nice, almost syllogistic re-framing of “cloud security here”:

For years, banks have worried about using the public cloud out of security concerns and fears of what their regulators will say. Ever since the 2013 Target data breach, in which hackers stole card information from 40 million customers by breaking into the computers of an air conditioning company Target used, regulators have strongly urged banks to carefully vet and monitor all third parties, with a specific focus on security.

“We’re spending a significant amount of time to ensure that any applications we choose to run on a public cloud will have the same level of security and controls as those run internally,” Deasy said.

Most notable corporate security breeches over the year have involved on-premises IT (like the HVAC example above). The point is not to make sure that “cloud is as secure as [all that on-prem IT that’s been the source of most security problems in the past], but to make sure that all IT has a rigorous approach to security. “Cloud” isn’t the security problem, doing a shitty job at security is the security problem.

Update: or it could be 30,000.

Source: Unexpected Champion of Public Clouds: JPMorgan CIO Dana Deasy, Penny Crosman, American Banker

“Give us your passwords, foreigner” – DHS mulls password collection at borders

Kelly noted that while this was “still a work in progress” and not necessarily “what we’re going to do right now,” he added that President Donald Trump’s freeze on entry to the U.S. by citizens of seven countries, “is giving us an opportunity… to get more serious than we have been about how we look at people coming into the United States.”

“These are the things we’re thinking about,” he said. “We can ask them for this kind of information, and if they truly want to come into America, then they’ll cooperate. If not, you know, next in line.”

It’s be nice to find the exact back and forth, somewhere in this five and half hour Home Security Committee video.

Also, it’s further in the “life becoming more like Black Mirror” vein. Recall that episode where people are required to review all their memories when they cross borders and enter airports.

Source: “DHS mulls password collection at borders.”

Екатерина Хаустова on Twitter: “Everyone seemed to like this representation of DevOps and Security from my talk at #devopsdays Austin http://t.co/PHozMYU4Sy”

Екатерина Хаустова on Twitter: “Everyone seemed to like this representation of DevOps and Security from my talk at #devopsdays Austin http://t.co/PHozMYU4Sy”