Cloud Musings: 2014

Monday, December 29, 2014

Cloud Computing Promises: Fact or Fiction

Cloud computing is currently making information technology headlines, and vendors are aggressively promoting the many benefits it can provide organizations. This White Paper addresses the claims and questions that are often raised in relation to cloud computing and provides a clear view of what the cloud can—and can’t—deliver in reality.

( This content is being syndicated through multiple channels. The opinions expressed are solely those of the author and do not represent the views of GovCloud Network, GovCloud Network Partners or any other corporation or organization.)

↑ Grab this Headline Animator

( Thank you. If you enjoyed this article, get free updates by email or RSS - © Copyright Kevin L. Jackson 2012)

Wednesday, December 24, 2014

Super Smart Person's Guide to Cloud Computing - San Diego

We are offering a fun and educational event just about the cloud. This session will help CEOs, Directors, Managers, and Dilberts learn what the heck the cloud is all about. Don’t get left out of the conversation. Learn how your business / organization can benefit from this technology. The cloud is all around you and you need to know what it is.

When: January 29, 2015
Time: 4:00 – 7:00 (ish)
Location: San Diego – Specific Location TBD – trust us we’ll pick a cool place.
Cost: $50 donation payable to Veterans 360

This event is hosted by Veterans 360 and GovCloud Network.

During this “event” hors d’oeuvres will be served / beer / cocktails are available (cash bar) with a live auction & networking event for you to chat with freshly minted Cloud Experts.

( This content is being syndicated through multiple channels. The opinions expressed are solely those of the author and do not represent the views of GovCloud Network, GovCloud Network Partners or any other corporation or organization.)

↑ Grab this Headline Animator

( Thank you. If you enjoyed this article, get free updates by email or RSS - © Copyright Kevin L. Jackson 2012)

Monday, December 22, 2014

A Managed Services Business Owners Lament: A talk with Joe D.

by Kevin L. Jackson

A few days ago I received a call from a small business owner asking if I would meet him for coffee. He wanted to run some ideas past me on how he could enhance his current business with cloud computing. This is the sort of request that I can never turn down so we quickly made an appointment for the next day. After exchanging pleasantries and settling down with our lattes, he started to give me an overview of his current business.

Joe D. had been a fairly successful manage service provider for about 10 years but for about the last three, his customers all seem to be wondering about “this cloud computing thing”. He was actually selling a “cloud computing offering” by hosting some of his customer’s legacy applications and selling access back to them as “Software-as-a-Service” through a subscription. Most of the customers really liked the idea of exchanging unpredictable maintenance and personnel cost for his consistent monthly charge. They didn’t even have issues with the three-year minimum term on the contracts. Joe liked it as well because the long-term lock-in gave him a pretty stable business with decent margins. Everything seemed to be going well until some of his first contracts came up for renewal. That was when cloud computing seemed to change for some reason.

As I stated earlier, cloud computing wasn’t new for Joe D., but he had always looked at it as just another marketing term for IT hosting or managed services. His company had a single datacenter, but he was always able to meet his customer’s operational requirements by having appropriate hot and cold back-ups in place. Service Level Agreement were never an issue either. His strategy was to basically replicate the customer’s architecture and operational processes. Even if they weren’t the best, he was always able to explicitly meet the RFP requirements and deliver service better than the client could themselves. Recently, however, the cloud computing RFPs have been requiring at least two geographically separated datacenter and an ability to elastically scale based on demand. The worst part, however, was that the customers all seem to want these improved services without signing the usual multi-year contract. He had actually lost some of his long-term customer to some of the regional Cloud Service Providers. With many of his most lucrative contracts coming up for renewal in 2015, Joe D. felt that he was now forced to become a “Cloud Service Provider” himself, and wanted me to help him develop and launch an appropriate rebranding and marketing campaign.

To start off, I really had to set Joe D. straight regarding his view on cloud computing as just another marketing term. As a business solution, cloud computing is radically different that hosting or traditional managed services in some very fundamental ways:

True Cloud Service Providers build and offer scalable, redundant and elastic resources to the marketplace. In other words, you build it before they come;
Cloud services aren’t built to specification based on a RFP. A CSP provides standardized offerings with standardized SLA built on an infrastructure the CSP designs;
The cloud computing economic model is built on over-subscription of the CSP’s available services across a large marketplace, not on individual long-term contracts.

I explained the differences by introducing him to the essential characteristics of cloud, namely:

On-demand self-service: A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider.
Broad network access: Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, tablets, laptops and workstations).
Resource pooling: The provider's computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state or datacenter). Examples of resources include storage, processing, memory and network bandwidth.
Rapid elasticity: Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be appropriated in any quantity at any time.
Measured service: Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth and active user accounts). Resource usage can be monitored, controlled and reported, providing transparency for the provider and consumer.

And finally I broke the bad news that unless Joe D. was in the position to make a significant capital investment in multiple geographically separated datacenters and a multi-year transition plan to an entirely new business model, he would never be able to become a cloud service provider.

So now let me come clean with you. I actually didn’t have coffee with Joe Datacenter (Joe D.) and the entire story is fictitious. What is real, however, is that many traditional managed services and hosting companies are having similar conversations internally, looking for a way forward in this cloud computing marketplace. Unless you already have a significant number of geographically distributed datacenters and a large established customer set using it, you will probably never become an independent cloud service provider. There is, however, an excellent way out of this dilemma. Major cloud service providers like Dell, Amazon, and Cloud Forge have built cloud service marketplaces. These marketplaces not only provide an opportunity to resell new services, but they also represent great partnering opportunities for traditional hosting or managed services companies. So if you are a Joe D. or know of one don’t suffer in despair. Take heed of my advice and seek out a marketplace partner and be an active participant in the rapidly expanding cloud computing market!

(This post was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. To learn more about tech news and analysis visit Tech Page One. Dell sponsored this article, but the opinions are our own and don’t necessarily represent Dell’s positions or strategies.)

↑ Grab this Headline Animator

( Thank you. If you enjoyed this article, get free updates by email or RSS - © Copyright Kevin L. Jackson 2012)

Wednesday, December 17, 2014

Technology and the Evolving Workforce

Melvin Greer

Managing Director

Greer Institute for Leadership and Innovation

According to a Greer Institute Workforce and Talent study, the 2020 workforce is both “the most educated and culturally diverse of any generation” and “notorious job-hoppers who dislike bureaucracy and distrust traditional hierarchies.” Given this, it is crucial for leaders to understand how best to motivate and engage this 2020 workforce and win the war for top talent.

To prepare for the globally distributed, highly collaborative, always on-the-go 2020 workforce, leaders need to start building the kind of workplace that can harness all this new technology. One of the most impactful places to start changing the way your company plans for, hires, and engages its talent is by understanding what is already possible with today’s cloud, mobile, and social technologies. The new workforce has a relentless consumer-grade expectation for mobile, social, and globally accessible tools with ubiquitous access to work. These expectations are challenging HR and IT leaders to deploy technology solutions to attract, retain, and manage their workforce while creating a collaborative, engaging employee experience.

Dell and Intel in their Global Evolving Workforce Study, identifies and explores current and future trends pertaining to the workplace and the role that technology plays in their evolution. The trends that emerged from both the Greer Institute and Dell research centered on where and how employees work and the impact technology has on personal and work lives.

Mobility equals increased productivity - Wherever and whenever they are working, employees are using multiple devices, rather than just one to get their jobs done. While employees are switching to more mobile forms of technology like laptop, tablet and 2-in-1 devices, performance is the top priority for what employees want in their work device with 81 percent stating it as either the first or second most important attribute.
Blur of work and personal life - As innovations in technology continue to advance, people have increasing flexibility to choose when and where they meet their professional obligations. Sixty-four percent of employees globally conduct at least some business at home after business hours. More than half of employees globally currently use personal devices for work purposes or expect to do so in the future, while 43 percent of employees globally are secretly using personal devices for work without the company knowing, with smart phones and laptops being those most frequently used.
Tech influences job selection - One out of four employees globally report they are influenced by the technology provided to them at work and would consider taking a new position if provided better technology that helps them be more productive. Employees in the media and entertainment sector are most likely to quit over poor technology. Those in management roles and employees in emerging markets, in particular, expect the best technology in order to stay with their current employer or consider a new one.

These trends provide important insights for IT managers, human resource professionals and business decision makers to better attract, retain, support and motivate the global workforce now and in the future. Business leaders, IT managers and human resource professionals should focus on them to better understand their employees’ diverse needs and provide the right environments and technology to enable them to do their best work.

↑ Grab this Headline Animator

( Thank you. If you enjoyed this article, get free updates by email or RSS - © Copyright Kevin L. Jackson 2012)

Sunday, December 14, 2014

Security attacks and countermeasures

by Sandra K. Johnson

Cyber security is rapidly becoming a significant issue in the C-suite as well as the population at large. The results of Dell’s Global Technology Adoption Index(GTAI) [1] show that security is a top concern for most of the 2000 global small and medium businesses surveyed. The outcomes further noted that such concerns create barriers to the adoption of critical technologies that drive value and growth: mobility, cloud and big data. In fact, many businesses are unprepared to address their potential security issues.

In addition, several large data breaches have raised the awareness of cyber security in the consciousness of the general population. For example, the Target security breach in December, 2013 resulted in hackers accessing 40 million credit card records of customers from every store [2]. The Open Security Foundation’s (OSF) data loss database [3] contains information on data security breaches, including recent and large incidents. For example, recent breaches include 3.65 million records stolen from the United States Postal Service on November 10th and 2.7 million stolen from HSBC Bank A.S. on November 12^th, both of this year.

Cyber attacks are on the increase, with six of the top 10 largest incidents occurring in 2013 (402M) and 2014 (469M to date) [1]. A diverse set of industries is targeted. A mid-year breach report from Risk Based Security and the OSF [4] cited that 59% of reported attacks were in the business sector, followed by 16.1% from the government. Other reports show a data breach focus on the Finance & Insurance and Manufacturing industries (IBM [5]), and the Electronics Manufacturing and Agriculture and Mining industries (Cisco [6]).

The majority of these attacks are due to hacking, fraud and social engineering. For example, in the first half of 2014, 84.6% of cyber security incidents were due to external hacking, with an increased percentage of events exposing passwords, user names and email [4]. The resulting breaches occur primarily through malware, including Trojan horses, adware, worms, viruses and downloaders [6]. Moreover, the overwhelming majority (95%) of security events evaluated by IBM include human error as a contributing factor [5].

DATA BREACH SOURCES

Let’s examine these primary sources of data breaches and high-level methodologies for minimizing such events. Malware is malicious software created for egregious objectives. It is designed to disrupt IT and other computer operational environments and to gain access to sensitive data, such as personal records. Access is precipitated through various communication methodologies, such as email and instant message (IM) attachments, endpoints in an IT environment, applications and other vulnerabilities within such infrastructures as discovered by the attacker. Malware is intended to be quiet and hidden as it enters environments and is executed. There is a plethora of various types of existing malware; however, Presented in Table 1 is a summary of the most active and effective malware [6] today.

MALWARE	DESCRIPTION
Trojan	Deceptive code hidden inside software that appears to be safe
Adware	Advertising-supported software that can collect user information when executed (also known as spyware)
Worm	Standalone software that replicates functional copies by exploiting vulnerabilities in targeted systems
Virus	Code that can corrupt or remove files, spread to other computers (e.g., via email) and attaches itself into files and other programs
Downloader	Software that downloads executable malicious code without the users knowledge or consent

Figure 1. Most Active Malware Today.

Social engineering is a methodology that enables a perpetrator to persuade or induce an individual to provide sensitive information or access to the unauthorized perpetrator. The attacker is typically able to do this by exploiting the fact that most people want to be helpful and avoid confrontation. By leveraging social media, face-to-face contact, telecommunications and other communication mechanisms, attackers are able to obtain information and access, either piecemeal or holistically, that permits their access to data, networks and other infrastructure.

MINIMIZING OR AVERTING ATTACKS

The best protection against malware includes anti-malware and Internet security software. Such software can find and remove the overwhelming majority of the known malware prevalent today. Lists of the best antivirus and Internet security software, according to PCMag.org [7][8], are included in Table1 and Table 2, respectively, below:

ANTIVIRUS SOFTWARE

Webroot Secure Anywhere Antivirus (2015)

Norton AntiVirus (2014)

Kaspersky AntiVirus (2015)

Bitdefender Antivirus Plus (2015)

F-Secure Anti-Virus 2014

Table 2. Top Antivirus Software [7].

INTERNET SECURITY SOFTWARE

Bitdefender Total Security (2014)

Norton Internet Security (2014)

Webroot SecureAnywhere Internet Security (2014)

Kaspersky Internet Security (2014)

McAfee Internet Security (2014)

Table 2. Top Internet Security Software [8].

It is important that you keep your anti-malware and Internet security current, as new malware is introduced on a regular basis.

In addition, regular education is crucial for minimizing the impact of social engineering related attacks. The knowledge of how attackers can aggregate bits of information into a comprehensive collection of sensitive information is important in preventing individuals from sharing such information or providing access to friendly people.

Finally, it is paramount that users remain diligent regarding their passwords. The data shows that the majority of information obtained by attacks relates to sensitive personal information, including passwords. Also, programs that crack passwords or obtain them from other sources are readily available. Various lists of what to do, and not do, regarding passwords are readily available and is not included here. However, while it is difficult to remember all passwords for all of the authentication and access entry points used by an individual, one rule of thumb can be helpful. Make your passwords long, include digits and symbols, and use the first letter of a phrase you are most likely to remember. For example, from a line in the poem “Phenomenal Women” by Maya Angelou, who died this year, “I’m a woman Phenomenally, Phenomenal woman, That’s me”, one can create the password, “Iawp,pwtmMA14”. This includes the first letter of the words in this line, the poet’s initials and the year of death.

Moving forward, cyber attacks will be more prevalent, even as infrastructure growth, including network bandwidth, applications, mobile devices and other endpoints become more prolific. It is important to always be mindful of your activities, and know that education, due diligence and the relevant anti-malware and Internet security software can address the majority of security threats.

1. Global Technology Adoption Index, Dell, November 4, 2014

2. Riley, Michal, et.al., “Missed Alarms and 40 Million Credit Card Numbers: How Target Blew It”, Bloomberg Business Week, www.businessweek.com, March 13, 2014.

3. Open Security Foundation, DataLossDB , www.datalossdb.org

4. Risk Based Security, OSF, Data Breach QuickView: Data Breach Trends during the First Half of 2014, July, 2014

5. IBM Security Services 2014 Cyber Security Intelligence Index, June, 2014

6. The Cisco 2014 Annual Security Report, Cisco, 2014

7. Rubenking, Neil J., “The Best Antivirus for 2014”, www.pcmag.com, October 14, 2014

8. Rubenking, Neil J., “Best Security Suites for 2014”, www.pcmag.com, April 23, 2014

↑ Grab this Headline Animator