Tag: Cloud

Cloud security


One of the most common reasons people cite for being concerned (or downright afraid) of putting their information into ‘cloud’ services is security. Interestingly, most of their reasoning is based on hearsay and hysteria. Many in fact simply parrot back what they have read or heard somewhere. What I’d like to do here is provide a little bit of balance to the argument and some alternative points of view that I think many naysayers haven’t considered.

1. Security is a journey not a destination. When human beings are involved, nothing will ever be perfect. There will be oversights, errors and mistakes. That is simply a fact. This means that it can happen whether the information is stored locally or whether it is hosted. I will however point out that the chances of error are reduced (you can never eliminate them) when you have multiple people and processes looking at the systems. This is probably more likely going to be the case for hosted environments in large data centres than on a single server at a customers premises.

2. If you are using email you are already sending information insecurely. Emails are generally sent in plain text with no encryption and with no guarantee of delivery. In most cases you have no idea that the person who is reading your email is the one that you sent it to. Some surveys note that up to 20% of legitimate email never gets delivered to the intended inbox. But does this stop people using email? Certainly doesn’t seem to. So, on the one hand people are worried about saving their information on hosted servers yet they freely send that same information in emails, without security to someone they hope is the right person at the other end. If you were so worried about your information being secure you wouldn’t use email now would you? The reality is that the functionality of email far outweighs, for most people, any risk of insecurity.

3. If you are using a device that has access to the Internet, that can browse web pages and receive emails that device is already connected to the ‘cloud’. Further more, if you can get to the ‘cloud’, the ‘cloud’ can get to you. So how worried are you about that server you have on your premises that is connected to the Internet? How secure is the information stored there? How do you know that someone isn’t stealing that information while you are reading this? Generally, you won’t. Sure you have firewalls and other security protection on your equipment but how do you KNOW it is working? Do you employ someone to monitor it constantly? Probably not but large hosting firms do. They can afford to invest a significant amount of money in security and pay the best people to monitor it. Their challenge is no different from yours but chances are they have significantly more resources on tap that someone running a server as part of their business does.

4. The Patriot Act applies everywhere a US company operates. So many people I hear say they want their data stored locally so that it won’t be subject to the US Patriot Act. The reality is that any US based company is subject to the Patriot Act no matter where they operate. That means that if Microsoft or Google had data centres here in Australia (which they don’t currently) they would still be subject to the US Patriot Act. Aside from that, there are far reaching agreements between international law enforcement agencies to provide access to data outside their jurisdiction upon request. And even further to that, local intelligence agencies, like ASIO in Australia, typically already have the right to access your data without your knowledge. Don’t believe me? See:

ASIO Powershttp://www.pcworld.idg.com.au/article/100781/asio_given_power_hack_systems/
“The legislation allows ASIO operatives to hack into PCs and corporate networks to retrieve data, and add, delete, or alter data in the “target” computer, while being immune from prosecution under the Crimes Act hacking provisions.”

and they have had this power since 1999! (Pre 911!).

5. Why worry about hacking our information when they can tap our phones? Many people are paranoid about their information security but give no thought to the fact that their phone conversations could be tapped. Many readily carry on a conversation on their mobile with the person at the other end and the fifteen people in the immediate vicinity. If they were truly paranoid about all their information they would be more judicious about using the phone wouldn’t they? Again, the convenience far outweighs the risk of a breech but that still doesn’t mean it can’t happen, it still doesn’t mean it won’t. How can you maintain information security if you are going to blab it out next time you receive a call in a public place eh?

6. We use the hole in wall (ATMs) to get money when we need it. We use Internet banking as a convenient way of managing our money. If you were truly concerned about security wouldn’t you squirrel you money under your pillow and not trust the banks? You could but most don’t. Why? Because there are far more benefits with trusting your money to bank. They can centralize it and implement better security, they can make it available to you a more convenient places and locations (read ATMs) and so on. Is there a risk that your money will be stolen? Certainly, but again the convenience outweighs the risk. I understand that money is different from information but in a lot of ways the model we understand and use that is modern banking is very similar to ‘cloud’ computing. That seems to work pretty well for most people despite its flaws.

So there you have it. A few of my thoughts on the whole ‘cloud’ security argument. There will of course be people who reject all these and continue to argue that on premises is the only way to be secure. I hope that you can at least see in some little way that such an argument has less and less validity when you do a like versus like comparison without the emotion that seems to litter so many discussions around today on ‘cloud’ security.

I’m sure back in the day, many people questioned how the automobile could replace the trusty horse. Guess what? We don’t see many horses on our roads these days do we?

Microsoft apps come to iDevices

In the past few days there has been a flood of Microsoft apps making an appearance in the Apple Apps store.
Skydrive
The first of these is SkyDrive. Microsoft will give you 25GB of free ‘cloud’ storage space (limit of 100MB per file though). With the new app you can access all that information directly from your idevice (iPhone and iPad) as well as Windows Phone 7. This makes Skydrive a very compelling offering when compared to other ‘cloud’ storage offerings like Dropbox and box.net.

More information about Skydrive for idevices:
http://windowsteamblog.com/windows_live/b/windowslive/archive/2011/12/13/introducing-skydrive-for-iphone-and-windows-phone.aspx



OneNote
Microsoft has had a OneNote application for the iPhone for a while but it has now released dedicated OneNote app for the iPad. The difference is quite marked and OneNote on the iPad takes full advantage of the additional screen real estate. It is again a free app but at this point in time you can only work with OneNote notebooks saved on Skydrive rather than something like SharePoint. However, the expectation is that this will change in the near future opening OneNote up to access notebooks on any shared medium.

More information about OneNote for the iPad:
http://appscout.pcmag.com/apple-ios-iphone-ipad-ipod/291719-microsoft-onenote-arrives-on-ipad



Lync
Lync is Microsoft’s ‘unified communications’ solution. Basically, it allows people to install client software and then communicate with each other via chat, video and voice. It also provides the ability to share things like desktops, whiteboards, PowerPoint presentations and more.
Microsoft has recently released Lync clients for the Mac as well as for Windows Phone 7. It is also expected that Lync clients will be available for most other mobile platforms by the end of December 2011.

More information on Lync for Mac:
http://www.microsoft.com/mac/enterprise/lync

More information on Lync for Windows Phone 7:
http://lync.microsoft.com/en-us/Product/UserInterfaces/Pages/lync-2010-mobile.aspx



Xbox
Microsoft has recently updated the interface on the Xbox device but it has also released apps for the iPad and Windows Phone 7. The iPad app again makes great use of the medium and allows you to perform a number of control functions on your Xbox (provided it is on). Although in its infancy it isn’t hard to see where this develop is heading. It is not hard to imagine a not too distant future in which you can login to your Xbox remotely and ask it to download movies, save TV shows, etc.

More information on Xbox for iPad:
http://www.pcworld.com/article/245653/microsoft_releases_xbox_live_app_for_iphone_and_ipad.html



Office
There are also very strong rumours that Microsoft will release its Office suite onto the iPad very shortly. There is still apparently a battle going inside Microsoft as to whether delivering Microsoft’s most profitable product to a competitive device like the iPad is such a good idea given that holding it back may drive sales of the ‘proposed’ Windows 8 tablets or whether without Office on the iPad Microsoft Office is losing sales. Personally I’m in the second camp. To me Microsoft is a software company and the more platforms it can makes it software available on the better I say. Time will tell on this score.

More information on Office for the iPad:
http://au.ibtimes.com/articles/260910/20111205/ipad-ms-office.htm

The reason why the lights went out

A number of Microsoft services (Hotmail, MSN, Skydrive, Office 365) recently had an outage. Microsoft is now reporting that the issue was due to a failed DNS update. You can read the details here:

 

http://windowsteamblog.com/windows_live/b/windowslive/archive/2011/09/20/follow-up-on-the-sept-8-service-outage.aspx

 

The first thing to note is that Microsoft has acknowledged and explained what the issue is. This will hopefully silence the critics claiming a “cover-up” of sorts. The second thing that it illustrates is that even on the Internet there are still critical points of failure (DNS being the case in point here).

 

The service being down was inconvenient, sure, but the reality is that problem was rectified fairly quickly. The major issue is the number of people impacted. That certainly makes the issue a higher profile but the reality is these things happen. Not often, but they do happen. We still suffer the occasional power outage, yet we have learned to live with that. Perhaps we need to understand that moving to the cloud will never mean 100% uptime and there will times (few and far between hopefully) that we won’t be able to access our information stored there.

 

Given that people should understand that, the question is what do they do to prepare for the situation. I can tell you that many people have a torch or candles for when the power goes off but what planning have they done for their IT systems? No matter where IT systems are, I’ve found most people never think they’ll have an issue. They get lulled into a false sense of security because the system is generally so reliable.

 

Let’s rule out technology and simply look at risk. Is there risk? If yes, how do you minimize it? Note, I said minimize not eliminate, because generally you can’t totally eliminate. If you don’t take steps to minimize risk in your business then you’ll suffer the consequences sooner or later. No matter where your technology is you need to, as the boy scouts say, “be prepared”.

A tale of two outages

 

Let me tell you something you already know and is bleedingly obvious anyway – Computers fails, IT systems go down. With this in mind I’d like to compare two recent examples.

 

Example 1.

 

Office 365 recent had an outage of a few hours (technically it was DNS not the Office 365 service but unavailable is as good as down). During that time let’s have a look at the impact. I certainly couldn’t receive any emails, I also couldn’t send any emails but I could still compose them and have them queued in my mailbox. I couldn’t have gotten to my SharePoint data and Lync would have also been offline.

 

So it was certainly preventing me from potentially doing some work but I could still access my calendar, contacts and previous emails.

 

Example 2.

 

The server on which this blog runs blew a power supply. So again system down but this time no access to any information on that box. Tools down time.

 

Wanna known the difference? In example 2 with my blog server, I had to pack up the machine. I had to drive it to repair shop. I had to wait until the power supply was changed. I had to drive the machine back. I had to connect it all back up and make sure it was working. I lost over 3 hours from start to finish getting the server back online.

 

In example 1, I kept an eye on Twitter to see when the system was back online for others and until then I went on with OTHER WORK.

 

So in which scenario was I more productive? For me personally it was example 1 as I could get on with other things because I knew someone (a.k.a. Microsoft) was working on the problem. I could still use some of my systems that had local copies (i.e Outlook) and could have with SharePoint if I had chosen to use SharePoint Workspace.

 

With example 2, nothing was going to get fixed until I fixed it.

 

Moral of the story? Computer systems go down, whether they are in the cloud or whether they are machines at the end of your fingers. It therefore follows that no matter where the computer are you use, you need to have some plans for when they fail (just like you need a plan to backup them up).

 

So Office 365 was unavailable. In this case I was more productive than when my own site server failed. I also content that would be a similar experience for most businesses.

 

Computers fail, deal with it. Develop a contingency plan to stay productive. What would I have done if the electricity failed? With Office 365 I would have worked off my laptop battery and wireless Internet connection until the battery ran out and then I would have relocated elsewhere to where the power was working. If I had all on site equipment I’d have no choice but to wait in the dark until the power came on.

 

It would be nice to see people actually discussing solutions to contingency problems rather than playing chicken little and blaming the sky falling on the evils of cloud computing. Come and see me when you are ready to have a BUSINESS conversation rather than a hysterical rant.

 

Computers fail, deal with it. A smart business would.

Windows InTune gets an update

According to:

 

http://www.talkincloud.com/microsoft-announces-official-upgrade-date-for-windows-intune/

is getting an update from October 17.

 

Windows InTune is Microsoft’s PC management and security solution that is run via the cloud and provided via a subscription for $11 per device per month. The new features of this update will include:

  • Software Distribution: With this release, administrators can deploy most Microsoft and third-party updates or applications to PCs nearly anywhere over the Internet.
  • Remote Tasks: IT can remotely perform the following tasks on Windows Intune managed PCs from the administration console: Full scan, Quick scan, Update Malware Definition and Restart.
  • Read-Only Access: IT pros and partners can give select administrators read-only access to the administration console so they can view PC information as needed, but not perform any configuration tasks.
  • Enhanced Reporting: Create hardware reports based on new hardware filters for common hardware characteristics. Additionally, you can now create and save report parameters to make it easy and efficient to run a report again in the future.
  • Considering that Windows InTune currently includes a Windows 7 Enterprise license the ability to now also do software distribution and remote tasks is beginning to make it a real competitor in the market.
  • The update will automatically roll out to Windows InTune users (another benefit of the cloud).

 

It is clear that Microsoft is keen to really start ramping this product up to match its current in house offerings yet make it available to everyone via a subscription.

Office365 goes live

 

Yeah! Office365 is finally here and everyone can enjoy the benefits of upgraded versions of Exchange, SharePoint and online communications using Lync. if you missed it, I recently ran a 60 minute Office365 for SMB webinar (mainly focused on the Australian market) that is available for paid download if anyone is interested at:

http://www.pagebloom.com/content/product/o/92160/p/1103227

In the webinar I speak about the fact that I consider Lync and SharePoint to be the two greatest opportunities for the SMB market. Firstly, neither produce really has much exposure to SMB clients. This means there is a whole raft of business issues that can be addressed by these products.

Lync allows SMB businesses to benefit from remote and teleworking, which not only improves productivity but also employee retention as they work more flexible times and reduce unnecessary travel to name but two benefits. SharePoint now allows the ability to create intelligent forms, thereby reducing paper but also allows viewing and editing of Office document via a web browser using Office Web Apps.

There will obviously still be teething problems with Office365 but I would expect to see the service continue to improve at a very fast clip. Now all I’m waiting for is the next version of Windows InTune.

Reality check

I heard a number of people recently say that they wouldn’t store their data in data centres because it is more likely to be hacked and stolen. Ah, …say what…? Rather than get into the technicalities of cloud security let me draw an analogy here.

If you really wanted to you could stick all your money under you mattress at home. Does that make in immune from theft? Nope. Most people elect to trust their money to a bank. You’ll pay a fee for this but you gain a certain amount of increased security and convenience. Given that banks are holding the assets of many people they can spread the cost of improved security across all the customers as well as given them the convenience of accessing their money just about everywhere.

Does this mean you won’t maintain some money at home and in your wallet? Nope. It just means you don’t have to maintain all your savings with you all the time. Does this mean that a bank isn’t subject to theft? Certainly not. But generally you’d have to agree that it is less likely to be subject to theft even though it looks after a lots of people’s money.

Security is never perfect, security is journey not a destination, security is about human beings and human beings are far from perfect and finally it is about risk and return. Sure you could keep all your money under your mattress but is it really more secure? And what price do you pay in convenience over trusting it to a bank? Seems to me that most people see the rewards of being with a bank much greater than the risk. Banks are also commercial entities, which means they need to abide by legislation on how they deal with people’s money. They are also private enterprises whose reputation (and stock price) will suffer if theft occurs. These is just two powerful incentives for banks to ensure they keep people’s money secure.

So how is it that people seem to think their data is more secure if it is saved on a server in their office? Chances are that server is connected to the Internet full time. This makes it its own data centre. Why is it people believe their own little in house data centre is less subject to attack that a large commercial data centre? It really just doesn’t make any sense.

Of course there is the argument that if you money gets stolen while in a bank it will generally get refunded by the bank but what happens in the case of your information being stolen? Once your information has been stolen there is generally not a lot a way to ‘replace’ it. However, let’s look at the fact that people are happy to send emails full of that same information to people they have never met, unencrypted and unsecured across the public Internet without a moments thought. Even given this hugely insecure process it still remain wildly popular doesn’t it? Why? Because the convenience trumps the security issues. Risk and reward at work again.

There are certainly challenges with cloud computing including the storage and security of data. Yes by all means lets have a debate about the issue, but lets have a debate about the reality of the world we live in not some hysterical emotional response to a perception of the truth.

Humming to the tune


I attending a hands on training course for Windows Intune this week. Firstly, what is Windows Intune? Well, according to the marketing blurb:

The Windows Intune cloud service delivers management and security capabilities through a single Web-based console so you can keep your computers and users operating at peak performance from anywhere. Give your users the best Windows experience with Windows 7 Enterprise or standardize your PCs on the Windows version of your choice.

It is basically a cloud based security and management subscription service from Microsoft that also includes a Windows 7 Enterprise license. This allows you to manage the security updates for a desktop, maintain anti-virus/malware, as well provide remote support. This is all done via a subscription of about $13 per PC per month.

One of the benefits that Windows Intune provides is the ability to aggregate a number of different PC’s into a single console. This would allow an IT Service provide to manage and maintain a number of clients PC’s all from a single web console without the need to invest in their own infrastructure.

There has been plenty of noise from IT Service providers who already have these features via other third part suppliers that Windows Intune is not worth their time and effort (as evidenced in the low turn out for my course). On that score I beg to differ.

Firstly, Windows Intune allows customers to nominate a partner or record. This means that any business so nominated receives a small ongoing commission. Secondly, no other third party management software I know of comes with a Windows 7 Enterprise license. This license allows the user (provided they maintain their subscription) to always upgrade to the latest version of Windows. This is an excellent method to ensure that customers are up to date with their operating system as well as generating migration and upgrade revenue for the service providers.

Windows Intune is certainly not as feature rich as other third party applications already in the market but remember that this is only a version one product from Microsoft. If you want to understand the potential of this product then you only have to look at the onsite monitoring Microsoft already has with the likes of System Center. If Microsoft can deliver this type of solution via a hosted cloud subscription, including a Windows OS license, then it will certainly be a strong player in the market in my opinion.

At this stage I have rolled out Windows Intune to my families PC’s and it is working quite well. I can easily see the machines, their status, security level and what software they have installed. I am interested to see when the next patch Tuesday rolls around how easily I can deploy updates to the machines but it looks very straight forward.

I like what I’m seeing in Windows Intune so far and I am very hopeful for the quick enhancement of this product. Hopefully at the next release they can integrate it with on site Windows Update Services to allow patches to be delivered from a central on site repository. However, as long as the product keep improving I am confident that it is great solution to add to my arsenal.