The Importance of ISO 27701 for European SaaS Companies

This post discusses the importance of adding ISO 27701 to ISO 27001 certification for European SaaS companies. ISO 27701 is a privacy extension that provides guidelines for implementing a Privacy Information Management System (PIMS) to manage privacy risks and comply with privacy regulations such as the GDPR. Obtaining ISO 27701 certification can help companies demonstrate their commitment to protecting customer privacy, meet regulatory requirements, and reduce the risk of fines and legal action.

Introduction

As the world becomes increasingly digital, the management and protection of sensitive data becomes more critical. Data breaches and cyber attacks are becoming more prevalent, and companies must take appropriate measures to ensure the privacy and security of their customers’ data. The International Organization for Standardization (ISO) has developed a series of standards to help organizations manage information security. One of these standards is ISO 27001, which outlines best practices for information security management. However, for European SaaS companies, adding ISO 27701 to their ISO 27001 certification is becoming increasingly important.

What is ISO 27701?

ISO 27701 is a privacy extension to ISO 27001. It provides guidelines for implementing, maintaining, and continually improving a Privacy Information Management System (PIMS). The PIMS is designed to help organizations manage their privacy risks and meet the requirements of privacy regulations, such as the General Data Protection Regulation (GDPR) in Europe.

Why is ISO 27701 important for European SaaS companies?

SaaS companies often handle large amounts of personal data, such as customer names, addresses, and payment information. With the GDPR in effect, it is crucial for companies to protect this data and comply with the regulation’s requirements. Failure to do so can result in significant fines and damage to a company’s reputation.

By implementing ISO 27701, SaaS companies can demonstrate their commitment to protecting their customers’ privacy and complying with privacy regulations. The standard provides a framework for managing privacy risks and ensuring that personal data is processed in a secure and compliant manner.

Benefits of ISO 27701 certification

There are several benefits to obtaining ISO 27701 certification. Firstly, it demonstrates that a company takes privacy seriously and is committed to protecting its customers’ data. This can help build trust and confidence with customers, which can lead to increased business and revenue. Secondly, the certification can help companies meet the requirements of privacy regulations, such as the GDPR. This can help mitigate the risk of fines and legal action. Finally, implementing ISO 27701 can help streamline privacy management processes and reduce the risk of data breaches.

Conclusion

In today’s digital age, protecting personal data is more critical than ever. For European SaaS companies, adding ISO 27701 to their ISO 27001 certification is becoming increasingly important. The standard provides guidelines for managing privacy risks and complying with privacy regulations such as the GDPR. By obtaining ISO 27701 certification, companies can demonstrate their commitment to protecting customers’ privacy, build trust and confidence, and mitigate the risk of fines and legal action.

Posted in General | Leave a comment

Docker and Kubernetes on MacOS in 2023

Prerequisite: install brew

/bin/bash -c “$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)”

Docker with brew

brew install docker docker-compose colima
colima start
docker ps

Kubernetes too?

brew install k3d kubectl
k3d cluster create default –servers 1 –agents 3 –image rancher/k3s:latest
kubectl get nodes

PS. Works on Intel based MacBook Pro

Posted in Mac OS X, Technical | Leave a comment

Initial Nvidia Jetson Nano performance numbers

Here are some numbers illustrating the performance I have seen for the Nvidia Jetson Nano so far.

Deep learning 

Training this PyTorch Image Classifier with the flower data set, took just under 10 hours for the full 30 epochs.  Not at all bad, and really quite nice if you consider the average power consumption of less than 8 watts.

Numbers from two different workstations have been included for comparison, of course, these spent more than 500 watts on average.

Nvidia Jetson Nano:
– GPU (Nvidia Maxwell): < 10 hours

Dell Precision T7500 Workstation:
– CPU (Dual Intel Xeon E5620): < 30 hours
– GPU (Nvidia GeForce GTX 1060): < 40 minutes

Dell Precision 7920 Rack Workstation:
– CPU (Dual Intel Xeon Silver 4112): <  9 hours
– GPU (Nvidia Quadro RTX 5000): < 17 minutes

Network performance 

The Jetson Nano clocked in at 857 Mbps as measured with iperf to a Dell Precision T7500 workstation, interconnected with a Netgear ProSAFE GS108T switch. I believe the workstation would do close to 950 Mbps when connected to a proper Cisco Catalyst like the 2960-X.

As one might expect, compared to a Raspberry Pi the Jetson Nano did absolutely beautifully.

Nvidia Jetson Nano: 857 Mbps
Raspberry Pi 3 B+: 292 Mbps
Broadcom NetXtreme BCM5761: 878 Mbps (between two T7500 workstations)

Posted in Technical | Tagged | Leave a comment

Tips and tricks for the Nvidia Jetson Nano

I have just received my Nvidia Jetson Nano development kit, and over time this post should turn into a collection of tips and tricks for this very interesting almost single-board-computer.

1. Getting started

There is a pretty good tutorial available on pyimagesearch.com covering base installation as well as how to configure your Python environment and get Keras and TensorFlow going.

If you want PyTorch there is something about it on the Nvidia developer forums, although I have not tried it out yet.

Of course, there is also the official documentation, a user guide, a wiki and support forums on the Jetson Nano’s official site.

2. Undo embedded system minimization

The provided OS has been minimized to save disk space, meaning that things like man pages and documentation files have been removed. If you intend to use the board for development or as a general desktop this may not be what you want. To undo the minimization you may use the following pre-installed script:

sudo /usr/local/sbin/unminimize

Note that you may want to do this immediately after installation, as there could be issues with any non-default software packages you may have installed.

3. Add more power by using the 4 amp barrel power plug

If you want to run the board at full speed and power (10 watts) with peripheral devices attached the micro USB power will not be enough. You can either switch to 5 watt mode or use the 4 amp barrel plug for 20 watts of power. The first results in reduced performance while the latter involves  adding a power selection jumper to the Jetson Nano and connecting a 5 volt 4 amp power supply.

There is a wonderful video by JetsonHacks on YouTube. They have other Jetson Nano goodies too, might want to check out their channel or website.

 4. You can  run PyCharm on your Jetson Nano!

PyCharm is a wonderful IDE for all your Python development, but at first glance there is no arm64 package available. The good news is that it does not matter, as it runs on Java. Just install the Java 8 Development Kit, download and unpack the latest PyCharm for Linux and run it like you would on any other Linux distribution:

sudo apt-get install openjdk-8-jdk
wget https://download.jetbrains.com/python/pycharm-community-2019.1.2.tar.gz
tar xvzf pycharm-community-2019.1.2.tar.gz
pycharm-community-2019.1.2/bin/pycharm.sh

PyCharm runs fairly well on the Jetson Nano, however, you may not want to try running it alongside the memory hungry Chromium web browser.

Posted in Technical | Tagged , | 1 Comment

Workaround: Mac OS X High Sierra 10.13.2 – SSH tries to connect via HTTP proxy

With Mac OS X release 10.13.2 Apple introduced a new bug where OpenSSH will attempt to use any web proxy configured from a DAC file.

As SSH is not HTTP this will typically not work, resulting in connection timeouts or other connection errors.

You are likely to encounter this problem if you are using a VPN solution such as Cisco AnyConnect with a web proxy in the group policy.

Thankfully, netcat (nc) is not affected by the bug, so until Apple comes with a fix you can work around the issue by telling SSH to use netcat as a proxy channel.

This alias will take care of it:

alias ssh="ssh -o ProxyCommand=\"nc %h %p\""

Alternatively you can add the option to your ssh config file, for a more permanent effect:

echo "ProxyCommand nc %h %p" >> ~/.ssh/config

 

 

Posted in Mac OS X | Tagged , , , , | Leave a comment

Fast track: Installing Ansible 2.1 stable on Oracle Linux 6.7

Ansible can certainly be installed using prebuilt packages from the EPEL repository, but while convenient, their offering is limited to Ansible 1.9.x – that is to say only versions prior to the major 2.0 release that includes a number of significant improvements, that were seen further polished in 2.1.

You will, more than likely, want to run 2.1.2, the latest stable release, for any production use, or perhaps the penultimate 2.0.1 release, if you are of a slightly more conservative origin.

That being said, I’ve always been told that DBAs like myself are about as conservative as they come, and I surprisingly experience no additional anxiety doing mission critical work with Ansible 2.1.2, which in truth, appear to be a solid release of the project’s most mature code yet. I should say these feelings are in strong contrast to those that come attached with Enterprise Linux 7 and Oracle Database 12c, products which are still years away from prime time in my twisted paradigm of the world.

These few commands should take care of dependencies required to build an RPM, pull Ansible code from their official repository on GitHub and do a checkout of the 2.1 stable release before building an RPM package on and for your system – which you can then install locally on your machine or distribute in your environment as you see fit. On a side note, I like to maintain local/internal repositories with custom built packages and approved updates, which lets me stay in control while keeping yum in position to deal with the tedious bits.

I’m using Oracle Linux 6.7 and have not tested this elsewhere, but the commands and package names should be identical on any 6 or 7 release of Oracle Linux, CentOS or RHEL and you should consequently be able to install without any modifications other than variations to the name of the generated RPM file.

sudo yum -y install git python2-devel rpm-build asciidoc
cd /usr/src ; sudo git clone git://github.com/ansible/ansible.git -b stable-2.1 --recursive
cd ansible ; sudo make rpm

You should now be presented with the name of the ready to install RPM package, you do need to grab said name and customize the final yum command:

#############################################
Ansible RPM is built:
 rpm-build/ansible-2.1.2.0-100.git201608311757.e83840c.HEAD.el6.noarch.rpm
#############################################
[roy@kayna ansible]$ sudo yum -y install rpm-build/ansible-2.1.2.0-100.git201608311757.e83840c.HEAD.el6.noarch.rpm
Loaded plugins: fastestmirror, refresh-packagekit, rhnplugin, security, ulninfo
This system is receiving updates from ULN.
Setting up Install Process
....
....

In my case I had the Ansible 1.9.4-1 package from EPEL already installed on my system, yum smoothly replaced the existing RPM installation and upgraded to Ansible 2.1.2 without any fuzz.

[roy@kayna ansible]$ ansible --version
ansible 2.1.2.0
 config file = /etc/ansible/ansible.cfg
 configured module search path = Default w/o overrides
Posted in Ansible, CentOS, Enterprise Linux, Oracle Linux, Red Hat Enterprise Linux, Technical | Tagged , , , , | 2 Comments

Adding Oracle Database Appliance to ULN

At some point you may want to register an Oracle Database Appliance with the Oracle Unbreakable Linux Network so you can get a critical security update, without running a complete ODA update bundle.

However, if you happen to be running ODA Virtual Platform (that supports running virtual machines), rather than the bare metal version (that does not) – you may be up for a surprise.

“This system profile has already been registered”

Your ODA appears to already exist on ULN!
But wait, no, there is no sign of it on your account. What is going on here?

At least in the early versions of the ODA software, Oracle forgot to update the UUID for registration on the ODA_BASE image after installation. This means that ALL database appliances (with virtual support, anyway) would try to register with the same UUID.

Well, now that we know what the fuzz is all about, it’s easy enough to fix:

First generate a new UUID

[root@oda1-base ~]# uuidgen -t
abf436a8-0b33-11e6-9210-00163e76eec2

Then edit /etc/sysconfig/rhn/up2date-uuid and change the entry for rhnuuid to the freshly generated value

uuid[comment]=Universally Unique ID for this server
rhnuuid=abf436a8-0b33-11e6-9210-00163e76eec2

All set, just run rhn_register (or up2date-nox –register) and complete the registration.

Posted in ODA, Oracle, Technical | Leave a comment

Make Oracle VM 3.2.x console work on OL6

How to make Oracle VM 3.2.x RAS proxy work on OL6

1) Install Iced Tea
sudo yum install icedtea-web
2) locate java.security
sudo vi /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.95.x86_64/jre/lib/security/java.security
3) comment out the line starting with:
jdk.tls.disabledAlgorithms=

Additional tip:

If the browser can’t connect to Oracle VM Manager due to obsolete protocol stack, use Firefox 44 or newer, and make your way through the obsolete protocol warnings and queries.
Posted in Oracle, Oracle VM | Leave a comment

Fast track: Deploy EM 13c agent on Oracle Linux 6

Key steps to do an initial deploy of the Enterprise Manager 13c agent on Oracle Linux 6

Please note that my fast track posts are intended for lab use only.

  • Install OL6 or deploy VM template from Oracle
  • disable iptables
  • adduser oem
  • Give sudo access with nopasswd – requiretty  must be disabled (visudo)
  • mkdir /opt/agentHome
  • chown oem:oem /opt/agentHome
  • yum install make binutils gcc libaio sysstat glibc-common libstdc++
    • EM will tell you if anything is missing when you push the agent
  • ensure oem host can be reached by it’s default FQDN
  • push agent from EM web console:
    • setup.. add target .. add targets manually
    • enter FQDN of target
    • specify /opt/agentHome as the agent home directory
    • specify credentials for oem user (with sudo root)
Posted in Enterprise Manager, Oracle, Technical | Leave a comment

Workaround for OVMM database restore BUG – OVCA 2.0.2 – OVM3.2.8.x

If you ever have to restore the Oracle Virtual Machine Manager database using the provided RestoreDatabase.sh, chances are that you will end up with a bunch of corrupted or missing tables in the back-end MySQL database schema. Specifically, all tables with 0 rows will be dysfunctional after successful restore. In turn this prevents management of compute-nodes, virtual machines and other resources.

I don’t know which other versions of OVM might be affected, but the latest 2.0.2 software release for the Virtual Compute Appliance certainly is.

I wrote a workaround that will identify, drop and re-create the corrupted tables. No guarantees, but it did the trick here. Perhaps it can save someone a bit of a headache.

===== CUSTOMER BUG REPORT =====

Description
———–

Assorted errors related to missing tables after restoring OVMM database using provided tools.

Example:

While trying to stop a VM server:

OVMAPI_6000E Internal Error: Caught during commit: com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Table ‘ovs.Mgr_ServerStoppingEvent’ doesn’t exist

Affected Versions
—————–
Oracle Virtual Compute Appliance Software Release 2.0.2
Oracle VM Manager Software Release 3.2.8.x

Working Theory
————–

All ovs tables with 0 rows are corrupted during restore.

Steps to repdroduce
——————-

1. Restore OVMM database using /u01/app/oracle/ovm-manager-3/ovm_shell/tools/RestoreDatabase.sh

2. Query all tables in ovs schema

3. Look for ERROR 1146

Workaround
———-

1)
service ovmm stop ; service ovmm_mysql stop

2)

sudo -u oracle /bin/bash /u01/app/oracle/ovm-manager-3/ovm_shell/tools/RestoreDatabase.sh AutoFullBackup-20150510_0100

3)

service ovmm_mysql start

4)

This should identify, drop and re-create affected tables:

/usr/bin/mysql -D ovs -b -f -s -u root -pWelcome1 -S /u01/app/oracle/mysql/data/mysqld.sock -e “show tables;” | awk ‘{print “select count(*) from ” $1 “;” }’ | /usr/bin/mysql -D ovs -b -f -s -u root -pWelcome1 -S /u01/app/oracle/mysql/data/mysqld.sock 2>&1 >/dev/null | grep “ERROR 1146” | awk –field-separator=\’ ‘{print “drop table ” $2 “;\ncreate table ” $2″(m_id bigint,m_data longblob,primary key (m_id));”}’ | /usr/bin/mysql -D ovs -b -f -s -u root -pWelcome1 -S /u01/app/oracle/mysql/data/mysqld.sock

5)

service ovmm start

Posted in Oracle | Leave a comment