News & Relevant Developments

woensdag, 10 september 2014 00:00

Security at Breakneck Speed in Times of Heartbleed

Written by

Today, an increasing number of companies are abandoning traditional, on-premise software packages for SaaS. And why wouldn't they? Hosting your company software elsewhere enables you to rationalize investments, adapt more smoothly in a quickly evolving IT landscape, and access applications wherever you need them. In addition, software developers receive valuable user data, enabling them to update their solutions to fit their customers' needs. But with that increased flexibility come some major security challenges.

Despite an increasing awareness of security and privacy issues in online applications — hello there, NSA — there is a remarkable online scarcity of information and best practices for software developers looking to step up their security levels. There is (, for example; an open source community dedicated to improving the security of software. As far as I know, however, only a few developers keep this treasure of information close to their chest. Odd, considering the grave consequences security breaches can have, resulting in the leak of sensitive information ranging from financial data and contacts thru' to designs and engineering models. And in every single case, the developer's reputation will be severely damaged.
Striking the right balance

In many aspects, the evolution toward SaaS demands a whole new perspective on IT security, at least for the SaaS providers. First, in the traditional software development model, software updates were rather infrequent. This allowed time for thorough security audits with every new version. Today's SaaS applications, however, have a far higher release frequency — up to ten updates per day. For developers and providers, the challenge consists in finding a balance between adapting quickly to outsmart the competition and meet your clients' needs, and offering the best possible protection. On top of that, most SaaS applications are built on top of numerous (open source) building blocks offered by third parties. They too have their release schedules, security issues, etc. Just last week, the discovery of the Heartbleed OpenSSL bug forced virtually all SaaS builders to update their servers as quickly as possible.
Shielding floods of data

Second, the amount of data floating around nowadays is simply staggering. Successful SaaS providers—think SalesForce, Google AdWords, and many, many others—have millions and millions of customers. Their data is often stored in the same database, increasing the risk of undesired data flows. On top of that, most applications today don't stand alone, but are part of an ecosystem where several solutions make use of each other's components. For example, consider a Twitter app combined with a social media monitoring tool and a data visualization app, or CRM software that links to your e-mail app. This interconnectivity, as well as the fact that cloud- and SaaS solutions are globally accessible, makes them particularly vulnerable to threats and attacks.

In the next episode, we'll discover how big data does more than just increase our vulnerability. When put to good use, it can also provide a solution to the challenges mentioned above. In fact, many companies are already doing that today. Keep your eyes peeled!

woensdag, 10 september 2014 00:00

Pay Later Cash Flow Model

Written by

Growing your SaaS business means you'll need to watch your cash flow carefully. Check out these slides for more details.

woensdag, 10 september 2014 00:00

Poetry of the Web

Written by

Nowadays, computer programmers need to learn an increasing number of programming languages to satisfy their clients and/or employers. For newcomers in the world of software development, however, the enormous number of options can be frustrating and confusing. So what is the ideal programming language for aspiring developers to start with?

For those of you expecting an unequivocal answer to that question; let me burst that bubble right away. Asking the same question to ten seasoned developers will get you at least eleven different answers. But while every project has its own specific needs, there are some major distinctions that can be helpful when choosing. Popular languages

Everyone is looking for a programming language that is both easy and powerful. A good thing to consider in advance, however, is how sought-after certain language skills are. As far as I know, the most popular languages are .NET and Java (mainly for banks and corporations). Both languages are object-oriented and widely supported. On top of that, Java is used for Android development and .NET is the language of choice for Windows 8.
Modern slang decoded

For people working on their own (online) start-up, a modern language might be a better starting-point. Having used it for five years myself, Python remains one of my favorites: it's dynamically typed, easy to learn, widely applicable—from web development to data crunching—and opens up tons of possibilities. And Google uses it too.

But don't worry; there are other options too. Here's a short overview:

Ruby is a scripting language similar to Python. The introduction of the Ruby on Rails web framework has significantly increased its popularity, making it a favorite amongst start-ups thanks to its wide support, many libraries and fast development.

PHP remains very popular for web development. While not a favorite of mine, it is a powerful scripting language that offers smooth hosting. The WordPress, Joomla and Drupal frameworks are all PHP-based.

As a core technology of the Internet, HTML5 is a must for anyone who wants to make stuff for the Web. For animation and interactivity, however, it has to be supplemented with CSS and JavaScript. A cross-platform library like jQuery can be very helpful for client-side scripting in HTML. If your goal is to develop interactive web apps or hybrid mobile apps, be sure to take a look at modern open-source JavaScript frameworks like AngularJS, Backbone.js or KnockoutJS.

Node.js is certainly worth looking at too. Using one language for both front-end and back-end, this software platform for scalable server-side and networking applications offers a lot of possibilities when it comes to interactivity. Node.js is used by, for example, LinkedIn, and is recommended when you're planning to build highly interactive web applications with lots of real-time updates and integrations to Twitter and Facebook. While not widely used yet in Belgium, I consider myself to be a firm believer of the platform.

At the end of the day, everything depends on what you're aiming at. So consider your options carefully and pick the one(s) that best suit(s) your particular project. A good place to start learning some of the programming languages mentioned above—free of charge—is Coursera. What are you waiting for?

Frederik Denkens – Skyscrapers: "Anyone who does their homework thoroughly and starts off with the right attitude can save a lot."

These past months we drummed up major international names in cloud computing for a series of workshops. The starting point of the sessions: Focus on your business, leave your IT infrastructure to the cloud. After meet & greets with Amazon, Rackspace, IBM and CSC, you could also hear six Belgian cloud specialists speak during our final meeting on 11 February in Brussels. They gave a bunch of valuable tips to take into account for people who want to set up a powerful cloud infrastructure. In a previous post you got a recap of Daniel Bartz' presentation, and here below you can read what Frederik Denkens had to say.

How can you select the best cloud provider to develop, build and manage your applications? There is no such thing as 'one size fits all', but Frederik Denkens does have a few tips...

Before you do business with a cloud service company, it is important to list all your needs and wishes when it comes to security, availability, synchronisation, etc.
Look at your own business model: do you follow a classic 'waterfall' (with new software versions at specific intervals) or do you strive to continuously roll out new versions of your software? In the case of the latter, a cloud could be a good option.
Next step: go through SLAs and research what kind of architecture providers offer: just the building blocks or does the service go further? What are the functionalities, performance, availability, backup, disaster recovery, etc., like?
You are not stuck with contracts since the biggest advantage of the cloud is its enormous flexibility.
Don't reinvent the wheel: look for solutions that are already successful. For example, don't build your own messaging service, but use existing and proven technology, which cloud providers often offer 'as a service'.
Maybe out of the box solutions could be something for you, as they can help you get started quickly and cost you less on maintenance.
What about legislation? Does your data have to remain within certain country borders? The closer you stay to your client with your infrastructure, the better ...
Do your homework: compare providers, make sure that you understand their cost model; calculate and recalculate. This is how to save.
Look for a good match with your current technology.
Make an action plan: start small with a non-critical application and adapt your development process gradually.

An important point that Frederik makes is that many companies only order a couple of servers at a known provider such as Amazon, and then think that's enough. In fact, they just continue to work like they did before, without changing their DevOps or finding out more about the possibilities of IaaS. First and foremost IaaS requires a change of mentality, and the key is finding the right match with the right mindset.

Daniel Bartz – ComodIT: "Scrutinise the entire IT solution of an IaaS provider, not just the infrastructure."

These past months we drummed up major international names in cloud computing for a series of workshops. The starting point of the sessions: Focus on your business, leave your IT infrastructure to the cloud. After meet & greets with Amazon, Rackspace, IBM and CSC, you could also hear six Belgian cloud specialists speak during our final meeting on 11 February in Brussels. They gave a bunch of valuable tips to take into account for people who want to set up a powerful cloud infrastructure. For anyone who was not able to attend, here are a few virtual giveaways, starting with one from Daniel Bartz.

What typifies international cloud computing providers according to Daniel Bartz, besides their worldwide presence and enormous infrastructure with often more than 100,000 servers, is their focus on business strategy, security and support, flexibility, and offering advantageous standard packages as well as dedicated servers and secure clouds. Just like with local providers it is a good idea to read their SLAs thoroughly: do they only offer a 'basic' or a more extensive support (i.e. with data storage)? What do they emphasise and what technology do they use?

The comparison Daniel made with the first electric clock struck. In that example, electricity was first merely used to swing the pendulum. Only later came the idea of using electricity to drive the clock. The same can be seen with cloud computing. In the first place companies want to be able to use cloud solutions easily. However, for a cost-efficient solution it is important to go a step further and scrutinise the entire IT infrastructure, including operations and any interesting applications in the cloud.

Pagina 2 van 2

@Saasifisecured on twitter