Blame it on Cloud Security

It is really an easy one, I suppose … so many business and IT decision makers told me that as the reason of not implementing / migrating their systems to the cloud.

However, truth is that data and systems residing in public or private clouds are as secure as you make them. Typically, cloud-based systems can be more secure than existing internal systems if you do the upfront work required.

For example, I am pretty sure the physical security, patch management and many other security measures are better implemented by Cloud Services Providers than your own IT department.

Check out the Security Guidance from Cloud Security Alliance and COBIT from ISACA for more details and the techniques, and I am sure you can implement a secure cloud system.

Cloud experts, any thoughts ?

linkedin pic 3

Blame it on the ever-changing requirements

Whenever there is a delay in software project delivery, the usual reaction is blaming it on the unclear and ever-changing business requirements.

Edward Berard, author of the Object Oriented Software Engineering, once said “Walking on water and developing software from a specification are easy, if both are frozen.” and clearly it proved that point … or did it ?

We all know in the real world, business changes fast and therefore so are the software requirements. So it’s really no point to insist in freezing requirements before starting the software development, instead we shall consider :

1) How can we cope with changing requirements in our development lifecycle ? (Read : Scrum Development)

2) How can we make our applications more flexible and easier to change without affecting other parts of the system ? (Read : API and Micro-services)

3) How can we migrate / rollback production systems easily ? (Read : DevOps)

4) How can we lower the cost of infrastructure and failure ? (Read : Cloud infrastructure)

So, don’t blame it on the requirement changes, as change is constant. Let’s do a better job in developing the business software.

Development professionals, any thoughts ?

linkedin pic 2

AWS Cloud Security

Going to Vegas for the Amazon Re:Invent event is one of the best ways to learn about Cloud Computing and Cloud security. And the second best of course is to just browsing the slide decks or videos of the event, from your office or home. So here you go, fresh from the Internet, the course 206 of the security track – “Security of the AWS Cloud”.

And don’t forget to follow up with the slide decks of “AWS Cloud Security” and “Security and Compliance”

To cloud or not to cloud ?

If you ask the above question to the various cloud services providers, I am sure their answers are “Definite yes”.

If you ask the same question to end users, their answers may end up like “I really don’t care.”. And for the question again to business owners, their answers will probably are “May-be’s” because seriously no one really reveals all the cloud benefits, implementation pros and cons to them.

To IT professionals, however, we will probably provide a vague answer – “It depends.”. The long form of the answer is – “It depends on the maturity of the cloud market, technology and whether the solution available today can match your budget, quality requirements, and expected service level. More importantly, whether cloud technology and solutions can help your company to improve competitive advantage.”

That’s exactly what Cloud Security Alliance (CSA) and Information Systems Audit and Control Association (ISACA) did in a recent survey to answer part of the question – what is the maturity of the cloud technology and market, now ? A collaborative project by CSA and ISACA , the Cloud Market Maturity study provides business and IT leaders with insight into the maturity of cloud computing.

The study also reveals that cloud users in 50 countries were least confident about the following issues (ranked from least confident to most confident):

  1. Government regulations keeping pace with the market (1.80)
  2. Exit strategies (1.88)
  3. International data privacy (1.90)
  4. Legal issues (2.15)
  5. Contract lock in (2.18)
  6. Data ownership and custodian responsibilities (2.18)
  7. Longevity of suppliers (2.20)
  8. Integration of cloud with internal systems (2.23)
  9. Credibility of suppliers (2.30)
  10. Testing and assurance (2.30)

None of these findings are really a surprise, I suppose, however it is important to conduct such project because it helps us to understand how the cloud market will change over time, and how it advances from infancy to full maturity.

Do check out the press release and the full report to understand more about the findings, or you can check out the following infographics – the whole report in one picture.


4 key questions about your security programme

If you are the CISO of your organization and implementing a security programme, what questions shall you ask yourself to help realizing a successful programme rollout ? No, it is not about what software to use, what hardware to install, what process to put in place or even what vulnerabilities you are going to remediate or mitigate. In fact, they are:

  1. Are we doing the right things ?
  2. Are we doing them the right way ?
  3. Are we getting them done well ?
  4. Are we getting the benefits ?

Four simple questions about your security programme, all about the business results – but not technology, schedule, and resources. Four questions about the reality such that your company can make informed decision. In addition, each of the four questions can be further elaborated, for examples:

Are we doing the right things ?

  1. What technology, processes are proposed ?
  2. For what business outcome ?
  3. How do the deliverables within the programme contribute ?

Are we doing them the right way ?

  1. How will it be done ?
  2. What is being done to ensure that it will fit with other current or future capabilities ? (e.g. Business / Operational / Technical capabilities)

Are we getting them done well ?

  1. What is the plan for doing the work ?
  2. What resources and funds are needed ?

Are we getting the benefits ?

  1. How will the benefits be delivered ?
  2. What is the value of the security programme ?

You shall answer all the questions based on relevant, current accurate business-focussed information. By that time, I am sure, you will find that to have a successful security programme, it is no longer depending on the technology, process and policy only, but also an investment that has an enormous impact on creating and sustain business value.


Organize your files and desktop around Dropbox

Following is a screenshot of my laptop at home (no kidding !!) and as you can see, there are only 5 icons in the Windows 7 desktop. How neat … In fact, my computer at work has the same desktop view.

This post is about how I organize my files to declutter the desktop, but more importantly, how to make it work around the Dropbox service (and any other cloud storage services or your private Internet accessible NAS). That basically makes all your important files accessible from Internet, whenever you want, and whereever you are.

Before we start the work, you need to answer yourself one question, that is “how many ways you want to access your files ?”. In my case, I have computers at work, at home and of course mobile devices like smartphone and tablet. Therefore, I can classify all the files I ever created into the following categories, in terms of access methods:

  1. I want to access files created from my home computer;
  2. I want to access files created from my office computer;
  3. I want to access files created from my mobile devices

If I further elaborate those access methods, I have a combination of:

A) Files and folders created by home computer,

i) access from home computer only;

ii) access from any computers;

B) Files and folders created by office computer,

i) access from office computer only;

ii) access from any computers;

C) Files and folders created by any computer,

i) access only from locally;

ii) access from any computer;

As you can see A (i), B(i) essentially are the same as C(i) in the cases of home and office computer, so in principle the access method of files and folders are:

  1. Files created by any computer but access only locally; (i.e. the computer that created the files)
  2. Files created by home computer and accessible by other computers;
  3. Files created by office computer and accessible by other computers, and;
  4. Files created anywhere, but accessible by other computers.

To make the above works, all I need is to create 4 folders, of which 3 of them are created in Dropbox. And they are:

  1. A folder names – “Desktop – Local“, this is a folder in each computer and stores the local created files / folders and will not share to any other computer and the Dropbox;
  2. A shortcut to a folder names – “Desktop – Home“. The folder is created in Dropbox. Files / folders that created by home computer but like to share with other computer shall store here;
  3. A shortcut to a folder names – “Desktop – Office“. The folder is created in Dropbox. Files / folders that created by office computer but like to share with other computer shall store here;
  4. A shortcut to a folder names – “Desktop – Virtual“. The folder is created in Dropbox. Files / folders that created by any computer but like to share with other computer shall store here.

Lastly, don’t forget to install the Dropbox software to your computer to synchronize all these folders. In summary, with this approach, I minimize all sorts of files and folders in all my computers. In addition, any files and folders that need to be shared are nicely organized and stored in the Cloud storage and I can easily distinguish where the files are created (home computer or work computer – for personal or work files).

Hope you will find it useful !!

All new Kindles – Kindle 4th Generation, Touch, Touch 3G and Fire

Guess you know all about the new Kindles from the search engines, technical blogs etc. But what you probably don’t know are the impacts to you – if you’re a Kindle 2 / 3 owners, iPad owners or not living in USA. OK, here you go:

Your Kindle 3 is now named Kindle Keyboard or Kindle Keyboard 3G. The new prices are US$ 99 and US$ 139 (with sponsored screensavers) … but they are still selling at US$ 139, and US$ 189 for non-USA customers.

The Kindle 4 is now just called Kindle. This is a basically keyboard-less Kindle 3 but with only 2G of RAM (Kindle Keyboard has 4G RAM). It costs only US$ 79, but US$ 109 for non-USA customers. It’s also 30% lighter, 18% smaller and supports WiFi only. It supports six languages now – English (US and UK), German, French, Spanish, Italian, or Brazilian Portuguese. Since the Kindle now doesn’t have a physical keyboard (and the next / previous page buttons are very “low profile”), but at the same time it is not a device with touch screen – you need to use the non-QWERTY virtual keyboard and use direction keys to “type”.


And what about the new Kindle Touch

The Kindle Touch is 8% lighter, 11% smaller than Kindle 3 and of course with a 6″ touch screen to turn pages (it’s called “EasyReach”). There are also one new feature – X-Ray. According to Amazon, this feature “Explores the bones of a book. With a single tap, see all the passages across a book that mention ideas, fictional characters, historical figures, places or topics of interest, as well as more detailed descriptions from Wikipedia and Shelfari.” Yes, don’t really know what it is … I think we have to see it to believe it.

Another significant feature is the new Kindle Touch now support the display of non-Latin characters, including Cyrillic (such as Russian), Japanese, Chinese (Traditional and Simplified), and Korean characters, in addition to Latin and Greek scripts.

The Touch has a Wi-Fi version (US$ 99 with special offers) and a Wi-Fi / 3G version (US$149 with special offers). But guess what ? It is available for U.S. only. Looks like I need to use the tricky method to get it.

Kindle Fire

Lastly, the really cool Andriod-based, colorful, dual-core processor Kindle Fire. Cost only US$ 199 and (also) available in U.S. only, it is really the cloud-enabled device. It includes a cloud-accelerated browser – Amazon Silk, free cloud storage, streaming of songs and videos. In addition, similar to Amazon’s Whispersync technology to automatically sync your library, last page read, bookmarks, notes, and highlights across your devices. On Kindle Fire, Whispersync extends to video. Start streaming a movie on Kindle Fire, then pick up right where you left off on your TV – avoid the frustration of having to find your spot. Not a new technology but it sounds like really easy and as smooth as silk.

iPad-like screen, 100,000 movies and TV titles, runs Android apps, free cloud services, 17 million songs … hey, it is really as good as iPad and a great tablet.

So which one will you get ? I will probably go for Kindle Fire.

(Check out other Kindle related posts for evaluations, tips and tricks)