FutureProof Takes Home Top Honors for EMEA Emerging Partner of the Year

London, December 10th, 2018.

FutureProof has been selected as one of ten CloudHealth Partner of the Year award winners, which were recognized at AWS re:Invent 2018.

Selected for technical ability, business performance, and growth, Partner of the Year winners were chosen from among hundreds of service providers worldwide. CloudHealth CEO Tom Axbey described them as “standouts, even among a group of high performers” and reflective of how fundamental partners are to the DNA of CloudHealth.

FutureProof was awarded top honors in the EMEA Emerging Partner of the Year category.

“This award recognizes companies that deliver significant value – both to their own customers as well as to the CloudHealth partner program,” said Bob Kilbride, Senior Director of Channel Sales at CloudHealth. “FutureProof has demonstrated a commitment to service excellence and cloud innovation that puts them in the top tier of service providers.”

Through its partnership with CloudHealth, FutureProof is able to deliver a highly effective cost management and governance service enabling enterprise cloud users to control costs and ensure they run optimised and well-purchased cloud environments.

“For enterprise organizations managing cloud spend across multiple accounts and multi-cloud is challenging. Our highly valued partnership with CloudHealth enables us to support customers in managing their cloud spend and governing their cloud environments,” said Geoff Davies, Co-founder and Director of FutureProof.

About FutureProof

FutureProof are a technology consulting company that works with large organisations to deliver effective change programmes in complex environments. The company has a wide range of experience across many sectors and a track record of delivering strategic initiatives.

FutureProof executes highly successful cloud adoptions using its unique in-house developed “AppScore” platform for large scale migrations and datacenter exits.

Through its CloudControl offering the company enables cloud users to manage their cloud spend and govern their environments.

Mining cryptocurrencies such as Bitcoin, Ethereum and Ripple is one way to make money – quite literally. But to get rich you need a vast amount of powerful and costly computing resources at your disposal.

That explains the phenomenon of browser-based cryptojacking: hackers running mining software on victims’ computers without their knowledge or consent to generate Bitcoin or other currencies, while the victims pick up the tab.

The problem for hackers is that this type of cryptojacking is rarely lucrative: a recent research paper from a German university suggests that malicious websites which execute mining code on visitors’ systems generate an average of less than $6 a day.

To make serious money the bad guys need serious computing resources at their disposal, and there’s one obvious place to find them: public cloud providers.

And that explains a disturbing new trend: hackers (or the bots they control) hunt down vulnerable cloud admin accounts, spin up virtual machines or deploy containers (often via unsecured Kubernetes consoles) and put them to work mining cryptocurrencies for themselves without the account holders knowing. According to research by security firm, RedLock, victims of these types of attacks include high profile companies such as Tesla, Aviva, and Gemalto.

The first inkling that the account owner may have that something is amiss is at the end of the month when they discover that their cloud bill has gone through the roof. Even then it may not be easy to work out exactly what has been going on. Anton Gurov, CloudHealth Technologies’ Director of Technical Operations, recently provided a fascinating insight into these attacks.

Just this year we’ve seen multiple attacks happen with our clients. Typically, it manifests itself as a sharp and unexpected jump in spend and a number of large instance types running at high utilisation.

And it’s not small numbers – all the attacks we’ve seen have run up cloud bills in excess of $50,000.

The hacker could be a criminal or part of an organized crime gang, or they might be an agent of a nation state like North Korea looking to generate much needed cash reserves. This begs the question of what else could they do? If they can compromise a cloud account and spin up servers, they could also snapshot any interesting virtual machines or containers and exfiltrate them to examine at their leisure, or simply extract any interesting data. Once they have got what they want they could then leave a mining operation running to make some money while they move on to the next victim.

Or it may not be a hacker at all who is responsible for the unauthorized usage: a disgruntled ex-employee could have set up a Bitcoin mining operation before leaving to earn some extra cash at the company’s expense, or an opportunist current employee may have set one up on the sly with the expectation that it is unlikely to be detected.

What’s the solution to this problem?

Understanding exactly what cloud resources are being consumed, and what they are doing, is key to detecting any unauthorized usage. But native cost reporting tools in cloud platforms are inadequate, which is where dedicated cost management solutions come in.

Platforms like CloudHealth bring all of your billing data into one location surfacing it via an easy to use web interface enabling you to quickly see abnormal changes in spend in near real time. You can also apply policies, setting an alert if, for example, a monthly bill is forecast to to rise by more than 10%. Policies can also be established to automatically shut down servers that do not confirm to an organisations tagging strategy, another fast reacting process to minimise the cost impact of a hacked cloud account.

This makes it simple to spot any anomalous usage almost immediately, and by drilling down you can identify the source of the extra cost and detect any unauthorized resource usage.

Whilst detecting breaches is a key part of a security strategy, prevention, obviously, is essential. The leading cloud management platforms provide security reviews against best practices enabling you to quickly spot weaknesses that could be exploited and receive recommendations to harden your public cloud accounts.

These include disabling API access to your root account, and enabling multi-factor authentication (MFA) for it. All privileged users and operators should also be required to use MFA. (On AWS, this can be enforced though IAM policy).

CloudHealth’s Gurov provides detailed instructions for protection in his presentation. And it’s not just your production accounts that are at risk, we’ve seen successful attacks against sandbox or dev accounts where typically security controls are weaker.

By using a cloud management platform like CloudHealth and taking some relatively simple but effective steps, you can ensure that your cloud resources are working for you, not mining cryptocurrencies for somebody else.

One of the great challenges experienced by larger enterprises is getting the right people to work on their cloud adoption programmes and run or maintain corporate systems on cloud platforms.

There are plenty of people with AWS, Azure or Google Cloud skills and there are even more people highly experienced in enterprise technology who know how to operate in large enterprises, which typically requires a unique blend of technical and political skills.

But people who’re skilled in both of these areas are limited in number and, as would be expected, are in great demand.

In this series of blogs I look at a number of different roles – solution architect, developer and project manager – and talk to people who’ve successfully made the jump from being enterprise specialists and reskilled onto cloud. And in doing so have positioned themselves as ‘highly sought after’ by large organisations.

Solutions architects have always had to have a breadth of knowledge and in cloud that knowledge requirement is even broader. “Taking apps into the cloud needs a different mindset and a wider technical skillset,” says FutureProof Chief Architect and co-Founder Andrew Queen-Smith, who has a 25-year career in IT, 10 of them as a technical architect.

Becoming a solutions architect for Cloud doesn’t happen by accident, he adds. “Cloud moves fast, requiring you to decide on where you want to specialise and build a strategy around that.”

Having said this, experienced folk with a strong track record in large enterprise IT can be well suited to the role in terms of their core skills, experience and aptitudes and there is a rapidly growing need for such talent and experience.

With the right approach and attitude the leap into cloud can be made, says Nik Bartlett. “There are a lot of people out there with valuable experience doing projects that have a lot of synergies with public cloud who are more than capable of learning what they need to.”

With a background working as a solutions architect carrying out data centre migrations for large organisations ranging from IBM and Deutsche Bank to TfL and the NHS, over the last few years Bartlett has developed the skills, experience and knowledge necessary to become a solutions architect in cloud.

The evolution of the enterprise cloud market

“Demand for people with comparable backgrounds will only grow”, Bartlett believes. “Public cloud is evolving. Amazon and Azure are really going after the enterprise market in a big way and both are evolving at quite a rate.

“Many roles that are advertised these days are a bit of wish list. Any organisation would be hard pushed to find anyone with good experience of all those services. Many of them value experience working with large enterprise customers, people who have led teams, know how to find out an organisation’s pain points, where it wants to go and how to help it get there.”

Being open to and holding out for the right roles and making the most of what they offer is important in developing the right mix of knowledge as is devoting time to learning away from the job. For Bartlett this has included watching webinars, doing online training courses to broaden his cloud knowledge, such as AWS associate solution architect certifications provided by A Cloud Guru. “I had used Azure before and I was used to Microsoft products. I wanted to learn something alien that I had never touched before.”

Queen-Smith also believes in the value of cultivating knowledge of and certifications with more than one cloud provider. “Core skills and certifications are not too difficult to get, and I believe you need a base level foundation in all three of the main cloud platforms. Even if you specialise in one main cloud provider it is useful to be aware and mindful of what the other providers offer.”

Some familiarity with all the cloud providers will only become more important in an increasingly multi-platform cloud world. At some point growth won’t just be about migrations to the cloud, but migrations between the main providers.

Training costs are no barrier

One of the great benefits of learning about cloud is how affordable and accessible such training is compared to legacy on-premise training, says Queen-Smith. “The cost is affordable. Self-certification via the likes of Udemy costs around £500 for all three and requires 40-50 hours of study on each.

Accreditations are not enough, however. Architecting for cloud, especially for large organisations, requires a breadth of knowledge and a list of hard and soft skill sets, that most professionals will find they have gaps in.

Perform a gap analysis of your skills and strengths and develop a plan to build on them. Buy a book, do a course so that in a few months you will be able to talk knowledgeably on topics you knew nothing about before.

Networking by attending conferences and additional training courses and seminars is useful. Put yourself in positions where you are slightly outside your comfort zone or go to networking events and get a feel for talking to different people from different parts of the IT world.

A plethora of IT events in the Meetup calendar will offer a chance to broaden your knowledge of a range of topics from software development testing, agile coaching and so on. You will learn a lot and there is a networking element to it as well.

The need for a holistic approach

Gaining familiarity with native tools from niche providers serving different functions such as cost management or security can also gain you an edge by broadening your knowledge and your skillset, says Queen-Smith. “When you are working in and promoting cloud solutions you have to think at a holistic level.”

Softer skills matter too. “As a solutions architect you will need to support cultural change in an organisation so you will need to collaborate and be an advocate for change. Good communication skills matter. As an architect I’ve dealt with the guy who is installing a piece of software in a server in a comms room right up to presenting in France to 40 global IT directors.

“Having the ability to speak with that range of people was so important in my role. In this role there is no doubt you will have to meet and present with senior people and be able to challenge these people as well. You need to be an influencer.”

And the learning doesn’t stop once you have made the move into your coveted role. When you have a technical problem searching online for use cases in white papers can provide many of the answers you are looking for. These notes from the field will show you the experience of the engineers who use it.

“Public cloud is changing fast so being open to continued learning to adjacent areas such as robotics, process automation, AI, analytics or IoT may be vital in future”, says Bartlett.

Yet it will also be impossible to attain expertise in every area, so specialising in order to keep up with the pace of innovation will be necessary. Pick an area you are good at, interested in and that you know well, understand where it is going and how customers will require that service in the future. The days of being an IT generalist are gone.

London, July 12th 2018.

FutureProof, a leading technology consulting company, today announced it has achieved recognition as Standard Consulting Partner within the Amazon Web Services (AWS) Partner Network (APN). APN Consulting Partners are professional services firms that help customers design, architect, build, migrate and manage cloud solutions built on AWS.

To qualify for the APN Standard Consulting Partner tier, partners must meet thorough requirements that demonstrate their AWS expertise, capabilities and engagement in the AWS Ecosystem.

“We’re very proud to be recognised as Standard Consulting Partner within the AWS Partner Network. This reflects our dedication to assisting our clients with not only successful cloud adoption but also effective cost optimisation and governance once on AWS.” says Geoff Davies, Co-Founder and Director of FutureProof.

“Over the last twelve months we’ve designed and implemented solutions using a wide range of services on the AWS platforms from EC2 compute, through storage, RDS databases and a global VDI-in-the-cloud solution using Amazon Workspaces.”, Davies added.

About FutureProof

FutureProof are a technology consulting company who work with large organisations to deliver effective change programmes in complex environments. The company has a wide range of experience across many sectors and a track record of delivering strategic initiatives.

FutureProof executes highly successful cloud adoptions using its unique in-house developed “AppScore” tool for large scale migrations and datacenter exits.

Through its CloudControl offering the company enables cloud users to manage their cloud spend and govern their environments. FutureProof CloudControl consistenly delivers 20% cost savings on mature cloud environments.

If you’re not already backing up onto the cloud, why not? It’s easy, incredibly cost effective and offers a range of other potential benefits.

One of the most welcome features of cloud backup is that it takes away many day-to-day IT chores, leaving your people to get on with more productive work. No need to back up onto tape, store the files in a fire vault or use an off-premises provider such as Iron Mountain, with all the time consuming process that goes with it.

It is likely to cost less than these old methods too, and there’s less risk of accidentally deleting the wrong information while carrying out a backup.

Cloud fundamentally changes the way backups get done in entirely good ways.

With the infinite storage cloud offers, you can stream all your backup and site data to the cloud, you don’t need to plan the amount of space required and you have none of the integrity problems that come with tapes. Cloud backups also happen faster than manual tape backups.

Backups in the cloud mean you can implement longer term storage solutions at lower costs, helping you stay on the right side of data compliance rules with greater ease.

Cloud backup options

While migrating applications to cloud typically takes some planning, there are some amazingly simple options when it comes to backups. For example, we helped one of our smaller clients with a network attached storage device to perform automatic backups to the cloud.

Here are some other examples of the options available to businesses looking to adopt cloud-based backups:

  1. Carry on using your existing backup software and use it for storage on the cloud via a “virtualized tape library”. Using the existing software licence you have already invested in entails minimal change and minimal cost.
  2. Use AWS and or Microsoft tools to manage backups and restore using cloud storage for your on-premise servers into the cloud. This entails no cost for using those services. You are simply paying for storage.
  3. For advanced backup solutions, third party products such as Commvault can be deployed providing a single consistent platform for protecting data and applications across on-premise and cloud.
  4. In addition to a protecting data using cloud backup you can provide DR capability by taking copies of your servers and streaming them onto the cloud. Microsoft Azure site recovery is such a tool, replicating near instantaneously into the cloud. This option essentially offers you sophisticated disaster recovery into the bargain because if you do have a failure of either data centre or servers you can restore that service into operation running in the cloud in a short space of time, it could be within minutes. In a worst case scenario where your premises are wiped out, you will not have to worry about losing your data stores as they are all off site. It also means that there is far less for your people to do in the event of a DR invocation.

In summary

As we’ve said before here, cloud blurs the lines between DR and backup and now enables organisations that could not afford more than basic backups to build holistic data and application  protection solutions, affording them far greater resilience.

When we founded FutureProof our aim was to help large organisations adopt cloud computing because we saw that the business case for cloud then, and as it still is now, was immense. Read more

One of the greatest emerging benefits of the cloud is the possibilities it offers in disaster recovery (DR). Some are even calling it cloud’s killer app. Read more

One of the greatest benefits of cloud is the immediacy of it all. Being able to provision servers in minutes has done away with so many of the old constraints on application migration programmes. Read more

Our clients often say to us: “We want to get all our key applications onto the cloud.” Our response to this is always: “Why would you want to be just ‘on’ the cloud?” Read more

DALLAS– May 30, 2017 – As an increasing number of organizations migrate to public clouds, the concept of shared security responsibility which dictates the need for Read more