What is Happening?
The recent leak of 7 million Dropbox passwords has raised the inevitable blog posts and questions regarding Cloud security. It’s another round of questions including “Can the Cloud be secured?” and “Will advances in security technology protect our data?”
Saugatuck’s take, with apologies to the classic science fiction film “Soylent Green,” is this: ”Cloud security is people!”
While technologically, Cloud-based resources remain more secure than most enterprise data centers, the widespread, boundary-free utilization of Cloud-provided IT and business resources increases the likelihood of human error because it removes traditional boundaries in IT and business. Initiatives such as Cisco’s Intercloud, and similar Cloud aggregation / integration efforts by HP, IBM, Microsoft and others, extend the range and scope of not only Clouds and everything linked to them, but of the number and type of people using, managing, and connecting through them.
When more resources are used by more entities, some of which may be unknown, more of which are removed from any centralized or fixed environment, and many of which are used sometimes in new and innovative ways, the potential risk for security failures increases dramatically because human involvement increases. Technology won’t save us when the people using and managing the technology fail to use and manage it correctly. Continue reading
What is Happening?
Imagine attending a vendor conference where you get just enough exercise, just enough to eat and drink, and learn just what you need for a great blog post. I wrote that line as a tweet, reflecting on the many conferences I’ve attended through the years when you walk miles and miles between sessions, overindulge in food or drink through sheer conviviality and never quite get the core messages the conference sponsors intended, despite very high-gloss keynotes with booming sound tracks. Is this the one, maybe?
It begins well enough with stimulating, but not deafening music, eye-catching and thought-provoking visuals on the theme of innovation, and a video that emphasizes the interconnections that make the information you need immediately available, ah nirvana!
Progress Software CEO Phil Pead kicked off Progress Exchange 14 by commenting on the warm-up video and on the theme of partnership and problem solving through software engineering, and those are the twin uber-themes that wove through the keynotes. The reason behind all of this emphasis on innovation is a business imperative: innovation. Pead’s motif was the unpredictable disruption in the marketplace or the Black Swan that Nassim Taleb made popular in his great business book on the subject. Can you identify your competitor? Or does disruption come from somewhere entirely unexpected? Continue reading
In a recently published Strategic Perspective, Saugatuck offers pragmatic guidance on evaluation, planning and execution of a Cloud adoption. Specific guidance, termed The Right Stuff, is grouped into four sections. Each section contains detailed elements that should be used as a foundation for a thorough assessment and plan to avoid potentially costly missteps. The four sections of The Right Stuff are:
- The Right Questions. In this group we offer a basic list of questions that IT management should ask for every project that may include adoption of a Cloud offering.
- The Right Workload. Here we offer some elements to consider when evaluating a specific workload for potential operation in a Cloud offering
- The Right Infrastructure. Here we offer some elements to consider when evaluating infrastructure alternatives for any specific workload.
- The Right Path. Every company, every workload, every project is unique and requires a unique plan for evaluation and implementation
In a recently published Strategic Perspective, Saugatuck articulates how a Hosted Private Cloud may be the best alternative for workloads involving sensitive data requiring a degree of security. In addition we offer seven additional key factors to consider when evaluating Cloud offerings for specific workloads:
- Optimal Capacity
- Flexible Capacity
- Server Provisioning
- Availability and Disaster Recovery
- Application considerations
- Metered Usage and Chargeback
“Cloud Robotics” as a term is only a few years old, but the idea has been around for some time. If complex sensory tasks can be performed at a distance, then robots will need to have less bulky processing units on board. With expanding connectivity and higher bandwidths, some of the latency issues in this type of arrangement are being removed, and many vendors are looking at this area with renewed interest.
Robotics are essential to modern industry, and will play an ever-increasing role in daily life. Many, such as vehicles, will require some degree of autonomy. They will also require an ever increasing amount of processing and storage. The Cloud makes it possible to virtualize robot components and provide sensory and other solutions that can take advantage of the enormous facilities of Cloud IT. Robotic components can be virtualized and provided for interaction and download as a Robot-as-a-Service parts. Using the Cloud, moreover, provides access to all of the data and programming available on the Internet, and the ability to directly share learning between robots. It also makes it possible to coordinate robot teams for work on complex processes. Continue reading
In a Strategic Perspective recently published for our subscription research clients, Saugatuck explains why – despite seemingly successful Private Cloud implementations – IT organizations are finding their users are not fully satisfied. Saugatuck terms this as a Fulfillment Gap.
Such a gap typically results from inadequate focus on the tools and processes required to manage the Private Cloud. Saugatuck recommends patterning the services and management of Private Clouds after Public Cloud IaaS offerings. This entails incorporating capabilities that support and manage Private Clouds such as: Continue reading
The latest Saugatuck research survey is complete, with the first, topline data results and insights published for our research clients just this week. We’ve also published the first in a series of deeper dives – Strategic Perspectives examining specific survey data sets, developing client-focused insights, and providing summary guidance.
The first Strategic Perspective on this was published simultaneously with the survey report. In it, we look at a series of 10 statements along with the percentages of participants who agreed or disagreed with each. This approach provides simple, fast, and accurate insights into participant thinking and beliefs, helping us to develop and refine real-world trends, constructs and scenarios more quickly and more accurately.
The survey question being considered in this first Strategic Perspective is simple: “Please indicate your level of agreement with the following statements on emerging technology.” Continue reading
As we roll into Friday the 13th, we see that Cloud security is a hot topic again this week. A review of news feeds, blog posts, Twitter feeds and more reveals a plethora of publications and posts generating FUD regarding Cloud security.
The net feeling across all of these is that Cloud is big and scary. The negative quotes cited all seem to be from IT “security experts” and providers of IT security. Hmmm.
The most-cited security breaches include the December 2013 Target breach (not Cloud; failure to develop and manage adequate security within Target), various laptop and memory stick thefts beginning in the 1990s (obviously not Cloud; failures of security management and practice), and the October 2013 MongoHQ breach, which suffered an attack through social media app provider Buffer. Continue reading
The US Federal Communications Commission (FCC) voted 3-2 on May 15, 2014 to proceed with discussions to modify existing Net Neutrality policies, as documented in its Notice of Proposed Rulemaking (NPRM). The FCC is “seeking public comment on how best to protect and promote an open Internet.” Some harsh critics suggest the FCC proposals will end Net Neutrality and slow Cloud adoption. Some consumer advocates suggest these proposed rules unfairly favor ISPs and would mean higher prices and inconsistent service performance. Others argue the ISPs ought to be able to expand their infrastructures and run them however they want to recoup their extensive investments.
There is much confusion about Net Neutrality and the recent FCC actions. FCC Chairman Wheeler wants rules that will prevent improper blocking of and discrimination among Internet traffic, while ensuring genuine transparency in how Internet Service Providers (ISPs) manage traffic. Yet two of the five FCC commissioners question whether the broadband Internet even falls under the FCC’s authority. The FCC’s chairman asserts it is his intention to have enforceable rules by the end of 2014.
The affects of the potential future changes to Net Neutrality on the Cloud business have yet to be fully explored. Much about the Cloud infrastructure and practices has Continue reading
What is Happening?
Verizon’s annual data breach investigations report is out, and Saugatuck’s analysis of the information, gathered from 50 sources cataloguing 63,000 security incidents across 95 countries is this: Despite investing billions in hardware, software, and services, we have learned little to nothing about managing data and system security effectively.
Two things stand out in our review of the report:
- The number and scope of data breaches bears little resemblance to the related hype and resultant market perceptions; and,
- The vast majority of data breaches (and losses) are still, quite simply, preventable by improving and adhering to consistent management practices. Acquiring and implementing security technology does not effectively prevent data loss.
First, let’s look at perceptions and realities regarding frequency of system breaches and resulting losses of data. The pie slices in Figure 1 use Verizon’s published data to illustrate the relative numbers of reported data breach incidents by firms in 21 industry categories, alongside the relative percentages of actual losses reported by the same firms.
Figure 1: Analyzing Verizon’s Data Breach Data
Source: Saugatuck Technology Inc. from Verizon Inc. data published April 2014 Continue reading