Vulnerabilities / Threats // Insider Threats
1/18/2011
09:31 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Verizon To Continue Rapid Cloud Ramp

The firm will rapidly expand its cloud offerings, with platform-based services, customer relationship management, and enterprise resourcThe telecom provider will expand its cloud computing offerings with platform-based services, and upcoming CRM and ERP apps.e planning launching in 2011.

Top 10 Cloud Stories Of 2010
(click image for larger view)
Slideshow: Top 10 Cloud Stories Of 2010

Verizon Business rapidly expanded its cloud capabilities last year, and plans to do the same in 2011. It's not previously been seen as a prominent name in cloud computing, but its enhanced capabilities indicate that may be about to change.

It started out in 2009 offering simple infrastructure as a service, like Amazon's EC2. Later this year, it will move beyond infrastructure into platform-based services and start offering customer relationship management (CRM) and enterprise resource planning (ERP) applications online as software as a service (SaaS). Not only is it bringing increased capabilities, but its customers are bringing increased demands, as they broaden the role Verizon's Computing-as-a-Service (CaaS) plays in their operations.

"We are seeing very broad use-cases," said Patrick Verhoeven, Verizon manager of cloud services, as business workloads become more production-oriented and less dominated by Web site applications or software test and development.

Verhoeven doesn't look under the lid of customers' workloads, but he suspects a few are making use of Verizon's ability to guarantee Payment Card Industry (PCI)-compliant infrastructure to customers. PCI-compliant architectures in the cloud are gaining new credibility as Amazon Web Services announced it had achieved PCI compliance on Dec. 7, which would allow credit card transactions to take place there. Verizon had its own audited and compliant infrastructure in place as of Aug. 18.

"Customers still have to undergo a third-party audit to ensure their systems connected to the cloud are compliant. But knowing the (cloud) infrastructure is already compliant makes that easier," said Verhoeven.

Verizon's CaaS cloud is managed following IT Infrastructure Library guidelines and is audited for SAS 70 compliance. Part of Verizon's approach to cloud users this year will give them not only fast, automated provisioning of servers, but also the ability to conduct secure transactions in an environment managed to established standards. One result is that Verizon moved out of the also-ran category on Dec. 22 into the Gartner "Leaders" so-called magic quadrant. Other leaders include Rackspace, Terremark, Savvis, and AT&T, according to Gartner. Amazon Web Services with EC2 is shown as leading the pack in the "Visionaries" quadrant.

In addition, Verizon is one of a handful of suppliers named a first-tier implementation partner by VMware, which means Verizon had adopted VMware's vCloud compatibility software and can run VMware ESX Server virtual machines. Since VMware is the most widely distributed virtualization software in the enterprise, a VMware-compatible cloud might have a broader market appeal than ones that run only their own brand name.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3580
Published: 2014-12-18
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist.

CVE-2014-4801
Published: 2014-12-18
Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager 2.x through 2.0.1.1, 3.x before 3.0.1.6 iFix 4, 4.x before 4.0.7 iFix 2, and 5.x before 5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

CVE-2014-6076
Published: 2014-12-18
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to conduct clickjacking attacks via a crafted web site.

CVE-2014-6077
Published: 2014-12-18
Cross-site request forgery (CSRF) vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

CVE-2014-6078
Published: 2014-12-18
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not have a lockout period after invalid login attempts, which makes it easier for remote attackers to obtain admin access via a brute-force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.