The Smile-IT Blog » June 2013

Monthly Archives: June 2013

Why not Cloud?

Edward Snowdon is causing us another headache about privacy and data protection. Even though he didn’t even narrate disruptive stuff. Those pretending surprise about the NSA investigating our utmost private data (which we share in the internet) have probably ceased to think about the US’s proclaimed intention to reveal and chase all terrorism in the world (by whatever means it takes). Folks – one thing upfront: The Patriot Act isn’t new!

What obviously really hits us here is the fact, that so far nobody really thought that the capabilities and technical resources to do that investigation efficiently are available (i.e. Big Data Analytics is not slideware anymore – trend followers out there: face it!)

And what’s the consequence? A new wave of discussion whether moving data into “the cloud” is really wise? The wisest thing to meet this discussion is to clear up with a few facts.

So, spend a few minutes and think about the following questions, if you will:

Do you send email?

If you’re in a company (or if you are a company), you may claim now that you send your email from an on-premise mailserver. Good. Whom do you send mail? Only to parties on other on-premise mailservers? Encrypted? End-to-end? I don’t want to argue to move your mail server into the cloud; this wouldn’t make a difference for the question discussed. What I’m emphasizing is the fact, that every attachment that is sent unencrypted through an unencrypted channel could be listened to and caught by any party interested. Without any cloud provider being involved. 10 years ago already.

Now, what is the real problem here?

The real problem is that the vast majority of email senders don’t give a shit on which channels their information traverses. In 90% of the cases this isn’t even a problem, as nobody really cares about the 127th slide deck proposing a better life when shared with 10 friends. Even not the NSA. The remaining 10% cause a problem if compromised. No matter if sent through a cloud provider or your server in your own cellar.

Do you use a social network?

No? Then forget about this question!

If yes, whom do you communicate with in it? And what? Personally, I don’t know any relevant social network owned by a provider outside the US (or not co-located within US boundaries). I.e.: you’re trapped if you use it. Except – well — except we’re talking about a company social network hosted behind your employer’s firewall. You might be trapped in another way here, but that’s a different story. Hence, it is applicable to say that sharing information within a social network which could use its (your!) data for analysis or open its data to be transferred and analysed by anybody else means opening trackable information about yourself and what you do.

But what is really the problem here?

It’s again the information you share, the information others share about you and the information others share with you without your permission or control; be it your home address and holiday absence or your latest invention you talked about with your friends over a beer. In other words: The real problem is not the cloud as such but what you share with it and how you (can) control openness and transparency (this could – by the way – be a problem with your company social media tool as well).

Do you exchange documents apart from mailing them around?

A company will for sure have already introduced a mature, secured and company compliant private dropbox service (what if not, is subject to another post; well, actually it’s rather boring to repeat what happens when employees need a dropbox and find dropbox.com blocked). But what if you intend to leverage x-company collaboration? Without blowing mailboxes or having the documents lying around in public unsecured mailservers? Rent a cloud collaboration service supposed to be more secure and reliable than any employees uncontrolled dropbox account. Or get your IT to setup an extranet service to collaborate with your external partners (including a lengthy process to add more collaborators to it).

Is this the real problem here?

In a way, yes. It is the move into x-company collaboration that causes headaches for your IT. You could solve this by simply avoiding any open service supporting such collaboration, in which case you can easily skip cloud (and the collaboration itself, too; congratulations; case closed). Or by accepting the duration for adding collaborators to your extranet. Or by using eMail (see above ;)).

Do you use a mobile phone or tablet PC?

If not, forget this paragraph, too?

If yes, you may probably use apps which go beyond email, facebook or the weather forecast. A photo app e.g.; to share a quick scan of some doc page or some instant messaging tool (whatsapp?). I reckon you do know the vendor of your instant messaging app on your mobile phone and he transparently explained to you where your communication threads are stored and which investigation means he offers international homeland security. And of course these means are in line with your privacy expectations. Are not? Well …

So, what’s the real problem here?

Flexibility. This is what poses the challenges. Fewer people are willing to exchange mobilitiy and work-life flexibility against lock-downs for the benefit of security. Which again essentially results into thinking about what to share, controlling the apps respectively and managing the mobile devices to lock them down or wipe them in case of compromising.

So, face it:

Cloud is not black or white.

Moving data into the cloud isn’t a question of “like” or “dislike”. When servers, networks, the Internet, … evolved from mainframe computers (some time ago), IT bent into a path of openness. Today, something has not become less secure just because of the 3rd Industrial Revolution we are facing.

To claim that moving company data into the hands of a cloud provider means to make it open to anybody is equally stubborn as stating that an email sent from (a) to (b) means to make its content available to the whole internet. It is true for certain ways of transporting that mail. And for these ways it was true already some decades ago. Not only now.

Hence, a mature cloud provider would make its service secure, confidential and (most of all) transparent. With that in mind there’s no real way of stopping the move.

P.S.:

Here’s a nice one about transport security and about it being compromised and how: http://news.cnet.com/8301-13578_3-57590389-38/how-web-mail-providers-leave-door-open-for-nsa-surveillance/

Published by:

3rd Annual Cloud Survey Results of NorthBridge+GigaOM

The following “slideshare”-shared slides provide the result of the “2013 Future of Cloud Computing Survey” by Northbridge and GigaOM.

Why resharing here?

Because I believe that this is one of the best condensed presentation of a trend survey since long. Easily perceivable and free of boring prosa (just some context fitting statements).

Recommended read!

We are still at the beginning!

http://de.slideshare.net/mjskok/2013-future-of-cloud-computing-3rd-annual-survey-results

Published by:

5 reasons for me being only 1

Just recently I heard that quote again: “No, I don’t connect with my colleagues on facebook. facebook is for my private endeavours.”

Vice versa is heard as well sometimes, when people complain about my fb-feed being mingled with boring IT posts from twitter (“I don’t understand that, I just scroll over it.”).

Appreciated and respected, folks.

Why then am I still convinced that maintaining just 1 single profile is the better way of making myself seen online. I could well split up the fully automated fb-twitter connect. I could make dedicated use of the #fb tag in twitter to specifically decide what to push over to fb. I’m online enough to even post completely seperatly in the various medias (and the apps supporting it are convenient enough to do so).

So, here’s my 5 reasons why I don’t:

  1. My employer/customer may (should) get the full picture. Be it whilst looking for a new job or within an existing employment, I am convinced that it is beneficial for the company’s culture if people offer their complete “self”, if they do offer any such information on the net. If you intend to create a true colleagueship culture in your enterprise you’re doing better in encouraging your people to just show what they are (baring in mind that showing off in the net means of course always to consider carefully what you show anyway). But hiding certain aspects from your fellow colleagues that you show  – well – the NSA (in a way) just doesn’t make sense to me. The same – BTW – applies for your customers in case you’re running the company: why shouldn’t your customers know whom they’re engaging with?
  2. I wanna know what my friends do for a living.
    Consider going out with your friends: Is talking about what you do for a living a tabu? Wouldn’t you chat about your latest achievements, your most beautiful line of code, your latest plenary presentation received with awe by the audience. Why shouldn’t my friends know that I like what I do?
  3. Splitting posts causes too much time.
    I’m a lazy guy. Tasks I can avoid, I will avoid. Considering whether some nice piece that I wanna share may go to one or the other account (to the private or to the open, to the technical or to the musical, e.g., …) is just too cumbersome and effort consuming to do it. As simple as that.
  4. I disbelieve that literally everything within or coming from a person’s employing company is great (even if it’s my own).
    I got in touch with companies which put up a social media policy employees have to adher to. These policies normally prohibit employees from posting other than company praises to their online profiles (well, I might exagerate a bit here). However, reading about the big awesomeness of a product, company, service, etc. is something I may expect from a company’s marketing account but not from a human being capable of using her/his grey cells. Hence, don’t expect it from me!
  5. I am 1 person.
    Not 2, 3 or more. What you find about me in the net, will always show you the whole “me”. No hidden agenda, no false illusions about me seeming a technical nerd or not at all interested in my job. It’s just WYSIWYG.

Of course, living virtually according these 5 reasons involves a little bit of care about what people do with your profile with regards to tagging, linking, mentioning, etc. … but being online with just a single profile allows you doing that on the go anyway – more or less …

Lawnmowerman

Published by:
Uncategorized

Arse First

@etherealmind says: “Get angry about something. That’s where you find your inspiration for a blog post.” (more about @etherealmind’s book here)

I’ll pick that, turn it a bit and rather state: “Get LoL about something …”.

… that’s what I said in the primary edition of the Smile-IT blog; but as there’s more to discover, more to laugh about, more to think about, … and more to write about – here’s the second edition: Another collection of smiley thoughts about Life, the Universe and Everything …

Published by:
%d bloggers like this: