Interesting read: What makes a quality Cloud hosting provider? Part 1

Over at Compare the Cloud a interesting read and, as always, a great discussion takes place. It's the post
What makes a quality Cloud hosting provider? Part 1 by Richard May.

Short break out:

"How is the supplier operating the platform? Do you have to compete with other users for resources? How does the platform deal with that contention? Different platforms handle this better than others and as many home broadband providers will notice, services can be slow during school holidays. Fine, but can you afford for your applications to be slow due to similar events occurring which are out of your control? I have heard of instances where providers are contending memory by 4 – 8 times on a server.

Security – in, from and with the Cloud

My post Security – in, from and with the Cloud on ITBusinessCloud

----------

Security – in, from and with the Cloud

Security is one of the hottest topics when it comes to obstacles of adopting cloud services. Maybe we theatrically should “tear this wall down”, de-dramatize it, without tearing the importance of good security down – because it is important!

One type?

No, there are several different types of security services related to cloud. Examples:

1. Security within a cloud service which has another purpose than delivering security, for instance an email service. The security in this type of services is to protect your data from other people or systems, not being harmed by malware, backed up and the ability to be restored etc.
2. Security as a Service delivered as a cloud service which you can adopt to your existing on-premise solution. Examples:
• Encryption
• SPAM and Malware protection
• Firewalls
3. Audit tools/services who will audit the vulnerability within, to and around your cloud service (No. 1 & 2 above).
4. Consulting audit services. Pretty much like No. 3 but performed by humans and normally gives you a report how to act on a problem given by No. 3. 

This is on a high level what security in the cloud is about. No. 2, 3 and 4 normally works fine. People don’t fear security in services delivered from well-known security services providers. No. 2 might be a bit problematic to adapt to services delivered from other vendors but API’s, integration services and true co-op between CSP’s (Cloud Service Provider) will solve this better in the future. No. 1 is the wall needed to be de-dramatized and torn down…

Fear = out of your control

The highest obstacle to pass is

A collection of comments

This is a collection of the comments I've posted today on a couple of sites. Most important one is No. 3. It's time we put pressure and demand true professionalism. New business opportunity in No. 2 - go ahead, time for action.

Comment 1: Commented: Employees Engage in Rogue Cloud Use Regardless of Security Policies

Comment 2: David Linthicums 'Cloud computing: The semi-secret economic equalizer' 

Comment 3: My long comment to: CIOs Say Corporate Directors Are Clueless About IT

Enjoy!

Commented: Employees Engage in Rogue Cloud Use Regardless of Security Policies

I posted a comment to the post Employees Engage in Rogue Cloud Use Regardless of Security Policies by Thor Olavsrud on CIO.

Short breakout:

"Employees are increasingly turning to the cloud to get their work done, whether IT has a policy about cloud use or not, according to research studies by Symantec and cloud backup provider

Cloud Compliance: Part 2 - Top 10 Tips

My latest post Cloud Compliance: Part 2 - Top 10 Tips is out on Newvem. This time I got great support from Ron Peled (@Ron1Pel), Security Specialist at LivePerson, the team at LivePerson (@LivePerson) and Ofir Nachmani (@IAmOnDemand) at Newvem (@Newvem). I salute their support.

Short break out from the post:

Here are Ron’s top ten tips for CSPs, whether you’re already a cloud player or plan to become one: 

1. SaaS = TRUST. If you can’t provide a trustworthy environment, don’t provide it at all.
2. Invest in security and compliance. Don’t skimp—it is fundamental to your business and its future.
3. Customers will always have concerns and ask questions.

Cloud Compliance: Part 1 - The Basics

My first part about Cloud Compliance is now available on KnowYourCloud.

Short break out:

"Just for fun; a tricky question: What happens if an SaaS provider from Country A put its service on a PaaS provided from Country B? And, scary, the PaaS from Country B resides on an IaaS from Country C in Continent D? Is your organization cloud compliant in this scenario? Will any of the XaaS providers guarantee you’re cloud compliant? Let’s hope these scenarios won’t be frequent in the market in the future"

Please share if you like it.

Response to a Twitter Q from @opendatacenter

My response to a twitter Q from @opendatacenter about Info Security’s post Security is driving Cloud adoption.

Here are a couple of reasons SMB’s might trust cloud more than Ent (no specific order):

1. SMB’s has shorter way to decision and policy changes.
2. SMB’s hasn’t same expensive and heavy solutions to drop (kill darlings)

A comment to: Don't be so trigger-happy for a remote wipe

Commented the post Don't be so trigger-happy for a remote wipe on InfoWorld by Galen Gruman (@MobileGalan).

Short break out:

"But too many in IT are overly eager to pull the remote-wipe trigger. It's a serious weapon, the equivalent of a neutron bomb being set off in an iPad, iPhone, Android device, Mac, or -- with third-party tools today and a new OS this fall -- Windows PC. Like any tool with such overwhelming capabilities, it should be used with caution.

My a bit frustrated ;) comment:

Sorry but isn't the point that you can use a MDM system to do backups (scheduled or not), lock before wipe, set special policies etc?! Not to discuss whether or not it was stupid of the guy to let his daughter use the phone or if it was a poor example?! 

The purpose with the article is good. Of course you need to do wipe sometimes but not always. I agree with Mike Carmack; it is an InfoSec issue. The company policy rules and it should be well informed in the organization. But policies can as everything else evolve so - no, maybe it doesn't have to be that way. 

Problem do exist with MDM systems, or rather the devices and OS's: all different ifs and buts on different devices and OS's. I'm also looking forward to a MDM system which for real can handle phones, tablets and PC's. Today there's a gap. Next SCCM?

 

My friend Mikael, the carpenter...

I’ve talked about Mikael before. I’ve known him since I was six and he’s still one of my best friends. He works as a carpenter and I think he’s really good. I know this because I met a lot of carpenters and seen some really bad ones on TV, so I know what I’m talking about. He helps me building and always gives me good advice when I need them…and I need them. He’s effective, productive and solves problems during projects. He propose solutions and propose other solutions if my ideas are bad or doesn’t work. Yes, I’m more of an esthete than him so sometimes I reject his proposals… Mikael shakes his head… but he always makes my dream come true as long as it doesn’t risk anything.

Yesterday I talked to Mikael about a building two walls in the garden. I asked him: “Do you think one bag of concrete (20-25 kg mix) is good enough for each pole?” Mikael: “Nooo…. You know, when the wind starts to blow… its quite powerful… you should dig quite deep and use quite a lot of concrete. But, don’t you have something to fasten and secure it to, like…the house?”

Would you bet on your security?

Read the post 'Most IT professionals wouldn't bet on security of own networks: report' by Rachel King, @zdnetrachel, on ZDNet.

Short break out from the end of the post:

So, if IT security professionals are this skeptical about the security of corporate networks, how much trust can the rest of us reasonably place when accessing these networks — whether it be with personal or work devices?

2012. How about my predictions?!

On Sunday morning 2012 hits us. A lot of lists and posts prevail about predictions in and about IT, cloud, Internet and more. I will give you some of my thoughts. They are based on my experience, things I read and hear off. The text itself is based on my trend notes written in TeleComputing’s Q4 newsletter and is now translated and in some places modified. I’m focusing more on some short basic to think about’s and reminders more than specifics like cloud, Big Data, Eco systems, BYO or social networking. Mine last longer than 2012 and point especially to service providers and the C-series.

A lot of things happening on the IT-market; what’s present, will increase and evolve in the future? Service provider’s needs to better listen and understand its customers core business and the C-series needs to better understand IT and how it can support the companies’ core business. We all have to be better prepared and plan for the future in time.

It’s very important that techniques to deliver IT as a service is secure, reliable and available because the service should be ditto. It also has to be modular, scalable and flexible to be able to support services from different ISV and sources, also through different techniques to different type of devices because of the consumerization trend BYO (Bring Your Own). Though; techniques are ”secondary”, don’t misunderstand me. Techniques are very important for the IT-department, the service provider (Cloud or not). To the customer it is the support to core business, functionality and availability that is important. This creates demand on the actors on the service provider market and IT departments; simple, functional and reasonable invoicing processes have to exist, and most important; the soft services like Service Desk, change management, perceptiveness, coordination and governance have to be excellent. The Orchestrator role is so important. It’s in these areas the settlement of being an actor on the service providing market or not.

Bullets;

The actor is either a service provider or an IT manager/-department. As a CxO; use it like a check list.

• The actor must be able to describe how a service brings benefits for the customer and how it kills the customers’ pains. Customer: “What’s in it for us?”
• The actor must be able to describe and motivate why underlying old techniques need to be upgraded or replaced to meet the future.
• The CIO role is more business- than technique oriented. The technique is the actors pleasant ”concern”, and it should be transformed to the CIO as business.
• The actor should be the customers’ market listener and whisperer. The actor should be a part of and contribute to increase the customers’ efficiency and productivity.
• CxO, not only CIO; you have to understand what IT can do for your business. You have to understand; availability and service hours are not for free.
• The actor should support the customer to be an attractive employer. People, especially young people, now a days looks of what the employer can do for them to succeed. Without good employees you as an employer won’t succeed in the future. Providing an attractive IT environment and policy is an important ingredient to attract the best.
• The actor should be the trusted adviser. Some might say it’s a buzz word but partnership between the customer and the actor is a very important key to successful IT as a Service. But never forget, it happens to often and the service provider wakes up with a horse head in the bed; it really takes two to tango!
• Standard becomes customized, customized becomes standard.
  My prediction is that standard services will increase and customized decrease. Because of economic and integration reasons this change will come, it is too expensive and complex to customize. Companies will customize their organization to the service opposite to the reverse, it’s a change but it has to be done. At the same time the standardized services become more customizable with standardized interface to integrate two or more systems /services.

This is my last post 2011 and I will be back 2012.

May your service provider be good to you next year too.

 

Happy New Year!

"2012 Threat Predictions: An Industry Roundup" by Infosecurity

Read a great article from Infosecurity. A must read for CIO's, IT guys and all others. You should be informed and up to date with this. Read the full article: "2012 Threat Predictions: An Industry Roundup"

Breakout:
"We asked more than 20 security companies and security experts for their threat predictions for 2012. The intent? To find what the security industry in general expects to see next year. The results are not scientific, but certainly indicative of what business can expect in 2012.

We should start with a caveat: Many of these threats should be combined. For example, social engineering threats will often be focused on social media; the ‘bring your own device’ (BYOD) threat is closely linked to the mobile threat; infrastructure attacks will likely use APTs, and so on. Nevertheless, the overall picture is a pretty good overview of the evolving threat landscape for 2012.
|
1: Mobile Malware

|
2: The APT
|
3: Social Engineering
|
Finally...
One last comment. Despite all the threats and warnings and predictions you’ll come across over the next month, remember this: it will be the threat that you didn’t expect that gets you."

Overview:

















All from Infosecurity