Fred Streefland, IT-Security Manager at LeaseWeb and Dave Maasland, CEO Eset Netherlands.
A version of this article originally appeared on Computable.
Recently we’ve had the opportunity (a quite fun and interesting opportunity), to visit a number of Information Security and Cyber Security congresses. During these congresses we were flooded with relatively ‘new’ developments such as Next-Generation, IoT (Internet of Things), IoT DDoS, Security Intelligence Platform, et cetera. The fact that some these terms have become ‘hype’ is not in itself a problem, but we did begin to wonder whether the security world may be looking at things in the wrong way and thereby missing the demands that need to be addressed.
In this article we will suggest a new way of looking at cybersecurity that stops viewing it as a goal in itself and instead as something that is directly connected to business needs. As it stands now, it seems that too many security-organizations are missing the mark.
Security can be quite complex, but its essence is quite simple. Security is nothing more than reducing or taking away risks, and making them visible so that the business can accept them and continue doing its work – nothing more, nothing less. To do this as effectively and efficiently as possible, we, as security-people, have to understand the business and not see it solely from an IT-Perspective but form the broader perspective of the business itself.
When starting from the business, we first have to identify, map, and categorize the risks for the specific business. Second, we have to determine, together with the business itself, which risks need to be dealt with in which order. When that’s done, the person responsible for security within the company has to set-up a security-plan that depicts how these changes are executed. When doing so, there should always be clear goals and deadlines. Ideally, this should be done in a ‘smart’ way, one step at a time, so as to not engage in too many projects at once.
Lesson 1: Start with the business (and its risks)
We are currently getting ready for some interesting sessions at Cloud Expo Europe and Cloud Security Expo. This will take place in Paris on 29 – 30 November. If you are attending the conference, it will be great if you can stop by the LeaseWeb stand (D40). Our engineers will be happy to discuss with you about migration to the cloud or how hybrid cloud fits your business needs.
We are also hosting the following two sessions:
Date and Time: Tuesday, 29 November 2016, 10:40 A.M.– 11:05 A.M.
Presenter: Julien Lehmann, Product Manager at LeaseWeb will address critical technical issues in combatting DDoS attacks. This session will take place at the Cloud Security Service Providers Theatre/Risk Compliance and Governance Theatre.
Date and Time: Wednesday, 30 November 2016, 10:10 A.M. – 10:35 A.M.
Presenter: Robert van der Meulen, Technical Evangelist at LeaseWeb, will discuss about Hybrid Clouds combine various types of infrastructure, allowing you to optimize them for specific workloads. This session will take place at the International Theatre.
If you do not have a ticket yet, you can get your free ticket here to access the Cloud Expo Europe and Cloud Security Expo locations. Hope to meet you there.
Data privacy is one of the hottest topics in all industries globally. Understanding the critical due diligence from a data privacy and sovereignty perspective will help mitigate risk.
Privacy is not a security issue
Today, we face other and more complicated challenges than ever before regarding data privacy. Privacy is not a matter of security. Privacy concerns the contents of data -personal data- and its storage, transfer, access and processing methodologies. Under EU law, personal data can only be gathered legally under strict conditions, for a legitimate purpose.
In this day and age tech-disruption causes new business models requiring even profounder use of data; leading to increased transfer of vast amounts of personal information across borders. GDPR and other data protections laws are being implemented to protect data from misuse, respecting the rights of the data owners. The rules are strict but data-privacy shows itself to be a wheel with many spokes.
The new currency
Data is currency, and the sense of urgency surrounding this is obvious; worldwide regulations develop fast and data leaks easily get in the eye of the (social) media storm causing heightened concern about privacy risk. The sanctions of the GDPR (4% of global annual revenue) will even hurt giants like Google, Apple and Microsoft. Times will change in benefit of privacy for the individual but conflict in data protection rules per country cause a bottleneck for business.
Challenges are plenty Read the rest of this entry »
We are currently setting up for Cloud Expo Asia and Cloud Security Expo that will take place in Singapore, on October 12-13. If you’re attending the conference, we hope you’ll stop by our stand (K7) and talk to our engineers about migration to the cloud or the use of hybrid hosting. Furthermore, we will also be hosting the following two sessions:
DDoS mitigation: A LeaseWLetechnical deep-dive (Weds 12th October 2016, 10:40 – 11:05)
Bastiaan Spandaw, Technical Director at LeaseWeb, will address critical technical issues in combatting DDoS attacks. This session will take place at the Cloud Security Service Providers Theatre/Risk Compliance and Governance Theatre.
How to secure a ‘cloud company’ on a global scale (Thurs 13th October 2016, 10:30 – 10:55)
Fred Streefland, Chief Information Security Officer at LeaseWeb, will talk about how to secure a cloud company on a global scale. This session will take place at Cloud Security Expo Keynote Theatre.
If you do not have a ticket yet, you can get your free ticket here to access the Cloud Expo Asia and Cloud Security Expo locations.
In today’s age of livestreaming events and concerts, the numerous and diverse amounts of mobile devices, desktops and TV’s pose a challenge for any content distribution creator. Julien Lehmann, Product Manager for CDN and Cybersecurity at LeaseWeb previews the new service of live transcoding, a service that simplifies your workflow, that will be launched during IBC 2016 in Amsterdam.
LeaseWeb kicked off its sixth quarterly Hackathon on Thursday, July 21st. The Hackathons are a chance for employees to step outside the usual routine and allow them to get creative, work together in new ways, and have fun. Participants are given two full days and nights to work on any kind of project whether it’s to solve a work problem, learn a new skill, or try out a personal project they’ve had in mind. Whatever it is, they have the complete freedom to try something new with the goal being to present a functional demo at the end of the second day.
Hackathons begin with a presentation where all of the participants gather to kick things off. Everyone receives a Hackathon t-shirt designed specifically for the event and then they hunker down to start work on their projects. Hackathon isn’t just for the engineering department and individuals from all parts of the company are encouraged to participate.
Perhaps someone in marketing has been thinking about a new tool that could help them do their job better. They might team up with an engineer to try and create that tool. New ideas and collaborations that might not have otherwise fit into the usual busy schedule are given the opportunity to be developed and tested. Several projects and tools that have been created during Hackathons have been integrated into day to day operations.
After working hard all day Thursday, participants took a break to have dinner and some fun. A barbecue spread was set out and there was plenty of chicken, burgers, salad, and beer to go around. A 45 meter inflatable obstacle course was set up in the parking lot and participants competed with each other to see who could get the best time. The winner completed the course in just over 30 seconds. After a bit more relaxation everyone was ready to get back to working on their projects. Some stayed late into the night and crashed at the office, others went home to grab some sleep before coming back in the next morning to finish up before the afternoon presentations.
VR is hot hot hot! As the technology is becoming widely available, we see more and more customers picking it up. For example, LeaseWeb recently teamed up with Hardwell – the world’s #1 DJ – and technology partners Littlstar and VBR to pull off the first 360-degree, VR live stream of an EDM performance.
Using our private cloud, CDN, and datacenters in Europe, the U.S. and Asia, the world’s #1 DJ was able to broadcast his show to thousands of viewers in more than 25 countries. LeaseWeb served over 20 Terabytes of total traffic and accommodated 12 gigabit bandwidth spikes.
So we sent a camera team was on-site at the Miami Beach stop of Hardwell’s Revealed tour. Check out the video below to see how it all came together! And afterwards, check our 360-degree tour of one of our data centers!
LeaseWeb’s annual Amsterdam TechSummit took place on June 2 at the Pakhuis de Zwijger, an old warehouse converted to a high-tech multimedia event center. The summit was sold out with over 315 attendees who came to hear a variety of presentations from professionals focusing on this year’s theme: Designing for Scalability.
Those who attended were a diverse assortment of software developers, operations engineers, and managers from companies both large and small. Many of the attendees were local but a good percentage of them had traveled from other countries including Germany, Spain, and even as far as Liberia. All of them were looking to learn about ways to help them grow not only from a technology perspective but how to scale up their engineering teams and how to anticipate and deal with the issues that result from that growth. The summit also provided a good opportunity to network with peers and learn about the challenges they face and what they’ve learned from past mistakes.
Last year, we merged our existing operations and development departments into one Product Engineering department. Since then we have been focusing a lot on coaching all 13 teams and improving their effectiveness
In october last year, we attended an excellent talk by Bol.com at Velocity Amsterdam. In this talk they explained their ongoing transition towards DevOps. One of the concepts they introduced, was a maturity model to measure and incentivise continuous improvements within a team.
Inspired by the Bol.com talk, we have since developed and implemented a maturity model within our Product Engineering organization which consists of a matrix of four levels in four categories.
Throughout my career I’ve had the opportunity to work at a variety of different companies both large and small. They each had their own set of unique challenges regarding growth but one thing I noticed with time and experience was that the solutions to the problems they faced were not specific to the company itself. The approaches that were taken and the lessons that were learned could be extrapolated and applied to many of the situations facing a company looking to expand and grow technically.
There is a concept in some religions that before you save a sinner you have to tell them how they have sinned. In other words, if someone doesn’t know what the problem is they won’t be able to change. For a company just starting out, there are no wrong ways to build and deploy your app or product. Once you begin to grow however, you realize there are things you didn’t know and that some or all of the decisions that you made at the beginning were mistakes. This is the point where you need to decide how to address these issues. New companies are started all the time so I decided to draw from my experience to put together what I call the Seven Deadly Sins of Web Scale using seven real world examples from my career.