Rethinking Enterprise Apps

Enterprise IT departments often run 100s, if not 1000s of applications. The range of products deployed in enterprise environments is vast and complex. Enterprise software is collected over the years and is typically a combination of in-house developed, packaged third party or a service in someone else’s data centre. Most people in IT have a story of supporting a server that runs in the darkest corner of the network, no one is sure what it does, no one wants to touch it, and if it breaks, you’re in for a tough few days!

Managing Enterprise workloads is a massive undertaking, it takes time, money and a lot of patience to build an IT function to enable the business and support the user base. Companies continuously grapple with this issue, how can you empower the business while keeping costs under control? It doesn’t take much to blow the budget on an upgrade project; you don’t know what you don’t know, especially when working with antiquated systems.

In my recent post, I suggested the blockchain could be used to help Enterprise standardise their infrastructure, resulting in meaningful transformation. The question is, couldn’t other technologies fulfil this purpose? While I agree there are many other possibilities, several of which are complementary, I believe open source smart contract platforms have an advantage. Take EOSIO as an example; it runs on bare metal x86 servers, cloud instances, containers or a standard mac laptop (for development). The infrastructure is abstracted from application logic. The smart contract is compiled into Web Assembly, then executed, resulting in deterministic outcomes in any environment. Contracts are portable and could run on any EOSIO compatible chain, giving the IT engineer ultimate flexibility.

The other benefit is the smart contract platform is agnostic of its location. The blockchain is built to run on the Internet, meaning latency, jitter, link failures and infrastructure problems don’t impact a well-designed platform. You are not beholden to a single vendors platform services and could utilise any suitable infrastructure, owned or rented.

A smart contract platform could be considered as the Serverless platform of the future. The use case is similar; you execute your contract (functions) on infrastructure which is owned and operated by someone else. You pay for the service with Gas on Ethereum or by holding and staking EOS tokens on EOSIO. The importance of hardware should not be underestimated, however, as a development engineer it is not your direct responsibility. Your job is to minimise the Gas spent on ETH and lower the CPU execution time and bandwidth consumed on EOS.

If enterprise and their partners began rewriting applications using this new paradigm, the toolsets, languages, pipelines, monitoring applications and more exist in the open community and are freely available to use and improve. Adoption of an application delivery platform would standardise tools and create reusability amongst developers. At this point I’m only taking into account the technical advantages, using this model significantly changes the economic model which will lower IT costs for business. However, that’s a topic for another post.

Thanks again for reading.
Until next time.

Disabling the Password

Over the past month, I’ve been holidaying with my family in Germany and Denmark. My wife, Britta, comes from a small farming community in the north of Germany near Hamburg and every couple of years we drop in to visit her family and friends.

Image result for map germany and denmark

I’ve travelled to Germany six times in the last twelve years and each time I offer to clean up her parent’s computer, do updates, install patches and this trip, added additional memory to their iMac. I find it’s the simplest way to keep the Skype communication channels open for weekly calls and serves as a thank you for allowing us to live in their house and eat their food!

It’s fair to say my in-laws are not the most computer savvy and have little interest in using the computer for anything other than Skype. The mac gets used once or twice a week at the absolute most, it’s sole purpose is to be a video phone so by the time we visit, updates are long overdue.

Over the last 12 years, each time I’ve performed an upgrade or installed a new version of Apple OS, we battled with locked accounts or forgotten passwords. This got me thinking… has nothing changed in the last decade? Managing passwords is still tricky, time-consuming and insecure, especially for your day to day end user!

I’m sure most people in technology have experienced this phenomenon when helping out family or friends. You go to your parents place thinking there’ll be an easy fix, only to spend the next two days resetting an account and proving their identity. Attackers have improved their capabilities in the last ten years, stealing passwords with relative ease, taking peoples accounts and credit card numbers. Head to your favourite IT news site, and you’ll find a new article about the latest breach, it’s almost a daily occurrence.

Image result for hacking funny security

I started thinking about my situation. What do I do, what’s my process? It’s certainly not perfect but here it is anyway.

  1. I use a password database and set random passwords for all sites I visit. I rotate my primary password a few times per year.
  2. Use Multi-Factor Authentication for everything that supports it. Easy to set up (in most cases), difficult when buying a new phone.
  3. I store a backup of my database in an encrypted file offline. Just in case, you never know when a software service might stop working or disappear.
  4. I keep database backup codes in a safe location; you can never be too sure
  5. Commit the most critical passwords to memory and never store them digitally

I’m sure you have similar strategies, but I think everyone can agree, managing and storing passwords is a lot of work, and if you’re like my in-laws you don’t have the knowledge or interest. If you’re an enterprise, you spend substantial amounts of money on this problem every day, and it’s a considerable cost to the business.

So is there an answer to the problem? Or are we stuck with passwords forever? In my previous post, I suggested that blockchain and the cryptographic technologies may be used to render passwords obsolete. Numerous startups are looking to solve this problem, for example, Civic and Remme, just to name a couple.

The question here is why use Blockchain or a decentralised system over something centralised like a certificate authority? Certainly, digital certificates can negate the need for passwords; however, it’s still a requirement to trust the authority. What if it gets compromised or sells your credentials? If they are large enough, they will be a target for attack, look at the companies and governments that trusted Equifax with their users’ data.

I like the idea of using a decentralised blockchain solution for just that reason. A single organisation does not control it, compromising a node doesn’t compromise the entire network, and if you control the keys, you control the account.

Anyone who has used or even played with blockchain technology such as Ethereum (ETH) or EOSIO would note the current difficulty and learning curve associated with the technology. I agree, key pairs are not intuitive to use, however, just like email or the browser was foreign in 1996, usability improves over time, allowing anyone to get involved.

Take the EOSIO chain as an example, the network launched in June 2018 with a CLI wallet, no simple user interface or block explorers. In around three months, the ecosystem has developed, the community stepped in to build some incredible solutions for people with low technical literacy or care factor. The pace of change is accelerating and will only keep improving, eventually making the system user-friendly enough for the mainstream.

Today’s blockchain technologies use cryptographic keys which the user must understand and maintain themselves. In the future, blockchains will provide user-friendly account names, automatic key creation and storage with integration into a smartphone. Users will not realise they are using a Blockchain, just as most don’t understand anything about the base layer protocols of the Internet. My in-laws do not know TCP/IP or RTSP. This knowledge is not required to use Skype or WhatsApp. They call by clicking a picture and answer when it rings.

A raft of new applications or “dApps” is currently in development, using the blockchain at the base protocol layer. If you’re an ETH account holder, you can interact with the dApps built on ETH via tools such as MetaMask, a browser plugin. The same is true for EOSIO, create your account then interact with the dApps using Scatter and your account name. For those in Enterprise familiar with single sign-on, the concept is similar, except you don’t own the user. The user comes to your dApp and consumes the product, or in the case of EOSIO you can assist to onboard them to the network, but you never see their new private key as it’s generated by their local device.

At no point is a password exchanged between the user and the dApp. The user interacts by sending transactions, which are messages signed by the users private key by an app such as Scatter or MetaMask. The network is aware of the users public key so can easily distinguish between real or fraudulent transactions, it can then determine if a transaction is valid based on the network rules and it’s consensus mechanism. The security is built into the protocol and is not an afterthought or an add-on! In the case of EOSIO, there are additional options around permissions, time delay and staking available to improve the overall security and enable features such as account recovery.

I look forward to the day where my password database is reduced to handful of keys, secured by a hardware device, most likely my phone with faceID or another form of physical biometric security. The time is approaching, and I hope it comes quick! After all these years, we need to make the password obsolete.

Thanks for reading!

In future posts, I plan to dive into some of the services that are operating on the blockchain and demonstrate how Scatter can be used to access multiple products with a single account.

Until next time.

Blockchain and Crypto

I’m a big fan of cryptocurrencies and blockchain technology. Even though I’d heard about Bitcoin in the early days, I didn’t appreciate or understand the implications of the technology and what it will mean for business in the next two decades. In early 2017, a friend reintroduced me to crypto, and since then I’ve been hooked on the possibilities.

In my day job, I’m a technology strategist. I evaluate new tech and work with senior leaders and executives to integrate, deploy and support new products and services. Over the last 5-6 years, I can honestly say I’ve been relatively successful at picking winning solutions.

For example, I was an early adopter of the Nutanix HCI platform and worked tirelessly to implement the product in my workplace of the day. Our deployment was mostly successful, sure, there were some teething issues, but overall things were smooth and delivered business benefits. Since then the on-premises storage and computing market has exploded with HCI solutions. Major vendors such as HPE, Dell, Cisco and Lenovo all have all moved with the market to deliver HCI products to the masses.

In early 2015 I started investigating and deploying SDWAN technologies. For those who don’t know, SDWAN is a software-defined solution that helps a network engineer control their traffic flows between data centres, branch offices and the cloud using any carriage. SDWAN solutions are designed with smarts, enabling the user to buy Internet bandwidth and run their WAN networks across the public Internet without the hassle of manual and time consuming configuration. SDWAN helps to break the stranglehold of the MPLS carrier on the enterprise. There are now several choices available to the network architect, and if you understand the business requirement, you can engineer a suitable cost-effective solution that provides more bandwidth at a significantly reduced cost. SDWAN is becoming the default WAN solution, most customers now demand these features when assessing solutions, and it’s reshaping the industry.

That brings me back around to cryptocurrencies and blockchain. I believe the technology has the traits and characteristics of a truly transformational technology which will change how we build applications and as a result, will dramatically improve and simplify infrastructure delivery.

So what are these properties? What makes blockchain and crypto transformational for the infrastructure layer? Why do I think it will be useful for the enterprise? I’ll briefly cover some topics here, by no means is the list exhaustive, and in future posts, I plan to expand into the detail.

Hybrid IT

For years the vision of enterprise IT has been the hybrid cloud. Take a look around the industry and count the vendors building a hybrid solution. For anyone in Infrastructure, the thought of choosing the appropriate location for your workload based on characteristics such as cost, performance, resilience etc. has been a long standing goal. Unfortunately, it hasn’t materialised! I believe blockchain with Inter Blockchain Communication (IBC) will one day solve this challenge. As an example, imagine the option to hold public user information on an open chain (usernames, DOB, keys etc.), but interact with private data on a closed chain running in your enterprise network. We may finally see true hybrid IT in action! Picture your business interacting with existing users on a blockchain; you don’t control their accounts, key or information; you use it with their permission, lowering your overall risk and exposure to hacking and data loss.

Standardised Infrastructure

New Blockchains like EOSIO run on standards x86 servers and use consensus protocols that don’t require traditional mining. In my opinion, this is fabulous for the enterprise, as most enterprises desire a simplified infrastructure, and are not prepared to increase costs through the purchase of specialised ASCIs or GPU mining products. Enterprise wants standard building blocks on which to build and deploy applications. Using building blocks addresses data centre complexity and decreased the management overhead. Software such as EOSIO can run anywhere, on-prem using bare metal, cloud, or on a platform as a service solution and is deployed using modern tools and automation. There is much more to discuss in this space, including why I think using a decentralised blockchain is a winner over central databases, but let’s save that topic for another day.

Retiring the Password

Blockchains uses public/private key pairs and cryptography to trust and authenticate users. Coupling blockchain with the secure storage of keys and access via biometrics or technology like Apple’s FaceID will change how enterprise users connect to their business environments. Anyone in tech knows the perils of password management and security threats that relate to weak user passwords or mismanaged passwords. I’m looking forward to the day when the password is obsolete.

Rethinking the Database

Enterprise and business spend substantial amounts of hard earned cash on database systems and vendor support every year! It’s the cost of doing business, right? What if you could redirect that money into a standard application delivery platform that provides distributed storage for your most essential data on a pay for use model? Use the benefits of the open source community to help you achieve your business goals while contributing back to the community. It’s possible in the blockchain and open source community, and in the future, I’ll expand on some of the possibilities.

Network Security

I believe blockchain has the potential to help enterprise and business eliminate the highly centralised network security model. If you’ve worked for any reasonably sized company, you would no doubt have waited anywhere from days to weeks, maybe even months to get a firewall rule to allow someone to connect to your service. Moving to a system that natively builds in security and trust, moves the security to where it should be, in the application. Doing away with passwords as discussed above helps us move the security perimeter from the edge firewall to the edge application. I’m excited about the possibilities here and is something I will cover in future posts.

Decentralising the Internet

There is lots of debate around just how centralised the Internet has become (check out the great article on Medium by @vincetabora). As a long-term goal for blockchain, many believe it will help to redistribute traffic away from the facebook, amazon and googles of the world. Being a fan of blockchain and crypto I hope it will help us here, but I can’t see this change taking place quickly.

Wrap Up

If you got this deep into my post, thanks for reading! I guess some may find it strange an IT guy with an Infrastructure background is writing and singing the praises of blockchain and crypto. After observing the problems for so long, I fundamentally believe this technology will help transform enterprise infrastructure, no matter where it lives, on-premises or cloud.

Until next time!