- The Inevitability of an Open Cloud
- Extreme mobility: Tools and tips for smartphone-only travel - Computerworld - Thorough piece though I find, especially in a business setting, just way too many gotchas.
- Red Hat's $1 billion proves value of software freedom
- Private cloud-public cloud schism is a meaningless distraction | Cloud Computing - InfoWorld - "The focus needs to be on the architecture and the right-fitting enabling technology, including both private and public cloud technology, and not gratuitous opinions. There should be no limits on the technology solution patterns you can apply. If that means private, public, or a mix of both, that's fine as long as you do your requirements homework and can validate that you have chosen the right solution."
- Research: Exchange Private Cloud Cheaper Than Public Cloud for Enterprises
- Twitter / @adrianco: @jeffsussna @krishnan @jam ... - @jeffsussna @krishnan @jamesurquhart @botchagalupe @adron "A sufficiently advanced DevOps is indistinguishable from PaaS."
- An American-Made Miracle: How An Aeron Chair Gets Built Every 17 Seconds | Co.Design: business + innovation + design - RT @dankeldsen: An American-Made Miracle: How An Aeron Chair Gets Built Every 17 Seconds | Co.Design << Still love mine
- The Rise of Digital Influence
- Best Buy, the end of big box and the future of retail — Tech News and Analysis - Good piece. Shift towards hands-on experience but margins will be a challenge.
Friday, March 30, 2012
Links for 03-30-2012
Thursday, March 29, 2012
Links for 03-29-2012
- BK Succeeds! …At Proving Bad Advertising CAN Hurt Business. « Doug Garnett's Blog - "Byron Sharp’s work shows that large brands become large by appealing to a wide target market – not by narrowly focusing on the most loyal. This truth may also explain the failings of BK strategy – I’d be interested to hear what Byron would offer."
- In cloud computing moves, money isn’t everything — Cloud Computing News - "While saving money is a common reason cited for moving IT to the cloud, it is really not the overriding driver at all for most companies, according to new research."
- Fundamental Elements Of Cloud Computing Security | CloudTweaks.com - Cloud Computing Community
- Anthony Bourdain's Best of San Francisco | Pinchit
Wednesday, March 28, 2012
Links for 03-28-2012
- The CIO as a Business Service Conductor - The CA Cloud Storm Chasers - CA Technologies - "Then there is orchestration, where the complex parts for all the individual instruments are all played individually, but they are further connected to a whole orchestra of other instruments to create a more complete experience. Orchestration can handle greater volume and scale, it is more informed about the musical piece as a whole, rather than just each individual part."
- Death of a data haven: cypherpunks, WikiLeaks, and the world's smallest nation - Sealand and Haven Co revisted.
- Microsoft: entertainment overtakes multiplayer gaming usage on Xbox | The Verge - Xbox apparently (finally) becoming something of a media hub.
- Red Hat: What an open cloud really means - "But Haff and CIO Lee Congdon said true open projects have a number of characteristics that users should look for. For example, open clouds are fundamentally based on an open source code developed and supported by a viable independent community that is not run by a single vendor. Open clouds are unencumbered by patents and intellectual property restrictions, which means they have extensible and open application program interfaces (APIs) that are shared within the community, gives users the ability to move across various cloud environments easily."
Tuesday, March 27, 2012
Links for 03-27-2012
- Ironic Sans: Idea: The Histogram as the Image
- Futurity | WERS 88.9 FM - Futurity with the Lisps with the ART in Harvard isn't perfect but it was fun.
- Do employees really want BYOD? | TabTimes - ""However, there is a disconnect between the assumptions and expectations held by CIOs and IT decision makers — and commonly by supply-side organizations — and the majority of employees when it comes to consumer technologies, device usage, and responsibility,” Cheah added. “IDC's Next Generation Workspace Ecosystem research has found that only two out of ten employees want to use their own device for work and for personal use, which means corporate devices are still desired by the majority." "
- ongoing by Tim Bray · Data Pricing Sanity Maybe?
- VMware uneasy about managing physical resources - Limitations of VMware in handling physical environments by @aebarrett
- Kazakhstan Demands ‘Borat’ Probe - The Daily Beast - Priceless. Oops. We downloaded the spoof version of your national anthem from the Internet by mistake
- What Happens When A 35-Year-Old Man Retakes The SAT? - I'm sure I would totally bomb it.
- Guess What's the Fastest-Adopted Gadget of the Last 50 Years - Alexis Madrigal - Technology - The Atlantic
- Do Amazon AWS and Eucalyptus Now Have “Enterprise Cloud Appeal”? | Andi Mann – Übergeek - "In my experience with many enterprises actively moving to the cloud, most every large organization sees Amazon Web Services (AWS) as an aspiration, but not a preference. They tell me that they want to be like AWS, but typically only use AWS for edge cases and new developments – and typically non-mission critical applications, rather than mainstream production. At least for now. (I cannot comment on attitudes to Eucalyptus – I do not know any enterprise that is considering it.)"
Monday, March 26, 2012
Podcast: Red Hat's Chris Wells talks cloud service catalogs (Part 2)
- How to build a service catalog
- How a service catalog is different from a golden image
- How service catalogs enforce policy
Listen to OGG (0:05:30)
Listen to Part 1 of this discussion.
Transcript:
Friday, March 23, 2012
Links for 03-23-2012
- Man Survives Steve Ballmer's Flying Chair To Build '21st Century Linux' | Wired Enterprise | Wired.com - "Mark Lucovsky was the other man in the room when Steve Ballmer threw his chair and called Eric Schmidt a “fucking pussy.”" << Long article on Cloud Foundry.
- Untitled (http://www.oracle.com/us/corporate/press/1563775) - RT @thomasdcameron: Finally. After massive FUD and ridiculous foot-dragging, Oracle 11gr2 certified on RHEL6. #fb
- Has Amazon Solved its Private Cloud Dilemma? | Forrester Blogs - Positive take, with a bit of lukewarm on the side.
- 451 CAOS Theory » Open APIs: The Fifth Pillar of Modern IT Openness - "More recently, I wrote about what I now consider to be the fifth pillar, which is open application programming interfaces (APIs). Of course, when we talk about ‘open’ anything — open source, open standards, open clouds, open APIs — there tends to be debate about what is really open, how we should define open and who should or should not be able to carry the phrase. My focus on open APIs and on APIs in general generated some good discussion, as well as some pushback (Jim comment on LI, regarding the value of APIs compared to open source software, which APIs are open, and how open is open enough?"
- Untitled (https://plus.google.com/110354677618404479074/posts) - Red Hat Open Cloud has a new Google+ page. We'll be introducing team members & interesting news
Thursday, March 22, 2012
Links for 03-22-2012
- Hiking from a Corgi’s Point of View
- I can’t stop reading this analysis of Gawker’s editorial strategy » Nieman Journalism Lab - At a different level, I suppose this isn't all that different from a lot of mainstream magazines and newspapers.
- Eucalyptus Doubles Down on its Amazon Bet – tecosystems - "From a landscape perspective, this cements the perception that it’s Amazon and Eucalyptus versus OpenStack and everyone who’s not Amazon, with the notable exceptions of Joyent, Microsoft and VMware, each of whom owns and sells their own cloud stack."
- New OpenShift Release - March 22, 2012 - Node.js, DIY Cartridge, New Website and more! | Red Hat OpenShift Community - Another OpenShift node.js post by @Michael_McGrath @openshift cloud architect
- B2B Lead Generation: Great content or a great lead generation tool. - Somewhat self-serving but also some good ideas about supplementing whitepapers with related content to drive lead gen.
- If the Characters in Downton Abbey Were Portrayed by Canine Actors, What Breeds Would They Be? | Dogster
- 20 iconic tech sounds bound for extinction | ITworld
- What is Dart? - O'Reilly Radar
- 'NoOps' Debate Grows Heated | PCWorld Business Center - "The dust-up over the term "NoOps" escalated this week, with high-profile IT executives from Netflix and Etsy issuing dueling blog posts about the evolution of IT organizations."
- $1.5 billion: The cost of cutting London-Toyko latency by 60ms | ExtremeTech
Podcast: Juan Noceda talks node.js support on Red Hat OpenShift PaaS
- Give an overview of OpenShift
- Discuss node.js and why it's interesting
- Highlight some of the other interesting news with OpenShift
Listen to OGG (0:06:15)
Transcript:
Wednesday, March 21, 2012
Is there really a NoOps?
While Etsy Ops has made production-facing application changes, they're few but real (and sometimes quite deep). While Etsy Dev makes Chef changes, they're few but real. If there's so much overlap in responsibilities, why the difference, you might ask? Domain expertise and background. Not many Devs have deep knowledge of how TCP slow start works, but Ops does. Not many Ops have a comprehensive knowledge of sorting or relevancy algorithms, but Dev does. Ops has years of experience in forecasting resource usage quickly with acceptable accuracy, Dev doesn't. Dev might not be aware of the pros and cons of distributing workload options across all layers1-7, maybe only just at 7, Ops does. Entity-relationship modeling may come natural to a developer, it may not to ops. In the end, they both discover solutions to various forms of Byzantine failure scenarios and resilience patterns, at all tiers and layers.
As a result, Etsy doesn't have to endure a drama-filled situation (like you allude to) with arguments concerning stability, availability, risk, and shipping new features and making change, between the two groups. Why is this? Because these (sometimes differing) perspectives are heralded as important and inform each other as the two groups equally take responsibility in allowing Etsy to work as effectively and efficiently as it needs to in our market.
These differences in domain expertise turn out to be important in practice, and we have both because it's beneficial for Etsy. If it wasn't, we wouldn't have both. They constantly influence each other, and educate each other, informing the decisions we make with different and complimenting perspectives. As we continue (as Netflix does, it sounds like) to evolve our processes and tooling, it's my job (as well as the CTO and VP of Engineering) to keep this flow strong and balanced.It's oftentimes useful to coin new terms. For example, DevOps seems to speak to a legitimate breaking down of the walls between development and operations people. Even if the walls weren't always as high and impervious as the contrast suggests. It's not like developers never needed to concern themselves with issues of scale and redundancy. Nor like operations people were wholly divorced from how the code they ran came into being.
I'm not yet convinced that NoOps brings a meaningful distinction to the fore, however. (Though I'm open to being convinced.) One of my colleagues noted to me recently that, at a recent event, "the notion of the needs for different management/operational models was well received but there was a bit of pushback on the 'NoOps' term. Questions like 'What is it, magic, then?'"
I think this is where the problem lies. As I read through all of Allspaw's and Cockcroft's thoughtful posts, what I take away is that operations is changing and, yes, operational concerns are increasingly embedded in code and made a joint responsibility of a variety of groups.
In other words. NoOps means something akin to "Not Traditional Ops."
A hosted approach, such as Red Hat's OpenShift Platform-as-a-Service offering or Amazon Web Services for Infrastructure-as-a-Service, may also take certain day-to-day operational concerns out of the hands of the user of the service. But this isn't fundamentally anything new; it's just been moved up a level in the stack by cloud computing. (See this video featuring Matt Hicks describing some of the low-level features that transparently help OpenShift performance and security.)
But none of this means that operations aren't present--somewhere. It's not magic.
Tuesday, March 20, 2012
Links for 03-20-2012
- Open plan offices must die! - Rogish Reading Writing
- Getting Real About Distributed System Reliability - Jay Kreps - "You hear this assumption of reliability everywhere. Now that scalable data infrastructure has a marketing presence, it has really gotten bad. Hadoop or Cassandra or what-have-you can tolerate machine failures then they must be unbreakable right? Wrong."
- Google Grows Up: A Necessary Evil? - Joshua Gans - Harvard Business Review - "Facebook's threat was and continues to be to Google's core product, search. Facebook gathers information that Google's own success destroyed: the linking behavior of website developers and owners that allowed for citation-based search to organize the web. Once Google could organize the web for us, why link? Why set up a portal? Why set up a useful page directing people to various bits of information? There was no reason. But Facebook has given people a reason to link again — to share information with friends."
- Rational Survivability » Security As A Service: “The Cloud” & Why It’s a Net Security Win
- Connections: Podcast: Red Hat's Chris Wells on cloud management and service catalogs - Podcast w #redhat's Chris Wells talks IaaS management and service catalogs
- Tertiary data: Big data's hidden layer - O'Reilly Radar - "Back in the days of floppy disks, the lines of ownership were pretty clear. If you had the disk, the data was yours. If someone else had it, it was theirs. Things these days are much blurrier. That tertiary data — data that's generated about us but not by us — doesn't just build up on your mobile devices of course. Other people are building datasets about our patterns of movement, buying decisions, credit worthiness and other things. The ability to compile these sorts of datasets left the realm of major governments with the invention of the computer."
- Empowered - "First, there is such a thing as truth. Second, even in normal situations, truth shifts depending on who is telling the story, because of the choices they make. Third, always consider the source -- this may the only remaining differentiating factor for conventional news media. And fourth, with all the resources available to you online, it is your responsiblity to seek out more viewpoints. The truth will out. But only if you, the reader, do a little more work."
- Dan Heller's Photography Business Blog: Pinterest Copyright Infringement: Yeah, so what? - Whether or not you wholly agree, very thorough analysis of Pinterest and copyright
- Software, Services and The Office of The CMO – James Governor's Monkchips - "Systems of Record were bought by, and for, the bean counters. Systems of Record are owned and managed by the Office of the Chief Financial Officer (CFO). But Systems of Engagement- getting closer to employees, customers and partners, encouraging greater participation in company ecosystems- well that’s a marketing function isn’t it? The key buyer for Systems of Engagement will likely be the Office of the Chief Marketing Officer (CMO)"
- Cutting the cord: Vodafone UK's revolutionary approach to mobility, flexibility & productivity | opensource.com - "While employees and all levels of management – even the board – have home zones throughout the six buildings on campus, where colleagues carrying out similar functions may reside, no-one has a dedicated desk and everyone is so mobile that they can pitch up wherever they are needed. The working environment is designed to facilitate the creation of cross-functional teams who gather in order to launch a product or deal with an issue."
Monday, March 19, 2012
Podcast: Red Hat's Chris Wells on cloud management and service catalogs
- Red Hat's CloudForms hybrid Infratsructure-as-a-Service management product
- The difference between virtualization management and cloud
- How IT is changing
- Service catalogs: What they are and why they matter
Listen to OGG (0:08:49)
Transcript:
Links for 03-19-2012
- 10 Tips for Data Visualization
- It’s the battery, stupid: The looming 4G smartphone crisis | PandoDaily - In general, I think the market rewards svelteness over long battery life. For my personal taste, smartphones don't have long enough battery life--especially those without replaceable batteries (although I don't think replacement batteries are a panacea.
- The End of Pax Papyra and the Fall of Big Paper - Forbes - Fascinating read.
- For most Prudential shopping center businesses, two-day blackout means lots of red ink - The Boston Globe - Srsly? "Guests are what are valuable to us" but don't know if will discount/refund after no power/showers/etc?
CastingWords for podcast transcriptions
Now I wasn't about to do this myself. Transcribing takes a fair bit of time even for a fast touch typist with the right gear (which I am not and don't have). So, I asked and Googled around and decided to give an outfit called CastingWords a shot.
You can see the results here. I only did some very light editing--mostly for formatting in the blog post (changing some paragraph breaks and the like). All the technical language, even non-inutitive stuff like spelling "Basel" correctly, was handled flawlessly as was the random capitalization that afflicts so many IT industry terms like JBoss. To be sure, I gave them a well-edited and audible file to work with, but the results are nonetheless top-notch.
Pricing for 6-day turnaround was $1.50 per minute of podcast time. (My only--minor--beef with the service was that they took about 7 days. Not a big deal.)
The behind-the-scenes at CastingWords is quite interesting. They have a workflow that leverages Amazon's Mechanical Turk, splitting audio files into chunks and having them worked on by both transcribers and "editors." The idea is that there's a system of checks to ensure a quality finished product. (This also means that the cost is doubtless higher than if you were to just use Mechanical Turk on your own, but presumably you get a more consistent result. For my purposes, CastingWords' price is low enough that it's not worth spending much time to shave a few more cents.)
Friday, March 16, 2012
Links for 03-16-2012
- The 25 Happiest Animals In The World
- A Look at DeltaCloud: The Multi-Cloud API
- The World's Most Ethical Companies - Forbes - Must say, 2 (of the handful) of IT companies on this most ethical list seem... interesting... choices
- Reality Check on Ubuntu's Enterprise Claims - An analysis of Mark Shuttleworth's latest Ubuntu claims by @jzb on @RWW << tl;dr The claims are very iffy
- Is there a Plan B if Windows 8's Metro fails? | ZDNet - IMO the whole question of the degree to which touch & traditional desktop interfaces can be brought together is underappreciated. >> "Not only that, but it seems like the entire OS was really not designed for desktop computing. If you don’t have a PC that is touch UI enabled or has human interface devices that are touch-optimized, most of you are not really going to get a ton of value from running Windows 8."
- Cloudcamp - An Unconference for Cloud Computing - Do you have Good #Cloud Kung Fu? Take survey and find out. ITPI is having fun with serious research.
- The TSA's Insane Budget And Woeful Track Record | Co.Design: business + innovation + design
- Transformer fire sends black smoke into streets near Back Bay Hilton; wide swath of the city is plunged into darkness after power is cut - Metro Desk - Local news updates from The Boston Globe - Looks like my choice to head home after #Directions12 rather than grab dinner first was a good decision
- After 244 Years, Encyclopaedia Britannica Stops the Presses - NYTimes.com - RT @apatrizio: RIP the Encyclopedia Britannica print edition. << Inevitable I guess but still wow & a bit sad
- Why I left Google - JW on Tech - Site Home - MSDN Blogs
- Server virtualisation: From sprawl to stall - CIO UK Magazine - RT @AndiMann: "From sprawl to stall" - Freeform's @Dale_Vile on virtualization to #cloud (via @CIO_Magazine) #VMstall
- Oracle has a cloud computing secret — Tech News and Analysis - Oracle's pricing problem with the cloud
- Instagram - RT @karaswisher: People will stand in line for anything at sxsw. It's like USSR but with hipsters.
Monday, March 12, 2012
Links for 03-12-2012
- The PC Is Dead ... Again - Forbes - Smart, nuanced piece.
- What ‘Angry Birds’ Teaches Us About Sales | BostInno - Amusing but also insightful.
- Google Lat Long: Exploring 1938 San Francisco through aerial photography in Google Earth
- Something’s Unraveling, Alright | Matt Thomas - Nice sarcasm.
- Introducing the Symantec Smartphone Honey Stick Project | Symantec Connect Community - "Maybe you think that having a 50/50 chance of getting a phone back is a glass half-full situation. Sorry, but I have to drain your glass: Even the people who attempted to return the phones made attempts to view the data on them. In fact, 96 percent of our lost smartphones were accessed by their finders."
Podcast Post-production in Python
As I've begun ramping up my podcast production a bit, I've also started running into some error-prone tedium associated with getting all the files and their associated incantations updated and distributed to all the right places. To help matters, I put together some Python code that automates some of the process. By design, the code doesn't push anything live at this point--although it would be fairly straightforward to extend it to do so.
The script:
- Gets information such as duration from MP3 file
- Creates an XML file for insertion into an iTunes podcast feed
- Uploads previously-created MP3 and OGG files to Amazon S3
- Creates a draft blog post on Blogger with a label (tag)
Given my workflow, I still need to:
- Update master iTunes podcast feed XML file
- Upload edited file to S3
- Make the newly uploaded XML and MP3/OGG files public
- Make Blogger post public
That may sound like a bit of manual work, but these are pretty quick and straightforward steps relative to the actions taken by the script. For example, the script gets the file size of the MP3 file and calculates the duration, which are needed for the iTunes feed.
You'll need to install boto (https://github.com/boto/boto.git) for S3 access and mpeg1audio (https://github.com/Ciantic/mpeg1audio/) to extract the duration from the MP3 file. You'll also need to setup the appropriate accounts on Blogger and S3 and set a number of global variables before you can use the script.
Thursday, March 08, 2012
Cloud Security Chat with Richard Morrell and Ellen Newlands
Our Red Hat cloud team was all together in Westford, MA this week, which gave me an opportunity to sit down with Richard Morrell and Ellen Newlands to discuss security trends in cloud computing. Richard is our new cloud evangelist in EMEA (Europe/Middle East/Africa) so he's basically my counterpart across the pond. Ellen's responsible for Red Hat's security products. They're both serious security experts with lots of experience. We talked about:
- Cloud standards
- Whether the cloud is "safe"
- The role of identity management
- Why application security matters
And more...
Listen to MP3 (13:43)
Listen to OGG (13:43)
Transcript
Gordon Haff: Hi, everyone, this is Gordon Haff, Cloud Evangelist with Red Hat. Today, I have two guests. We're going to talk about cloud security, which is something that always seems to be on everyone's minds. We have Richard Morrell, and Ellen Newlands. Richard, why don't you introduce yourself first?
Richard Morrell: Right, so I'm Richard Morrell. I'm the Cloud Evangelist doing the equivalent of Gordon in EMEA, but with a focus very much around cloud security and around application-level security for our ISVs and also our cloud provider partners.
Ellen Newlands: And I'm Ellen Newlands, and I'm doing product management for our certificate system, directory server, and the identity management features and functions that we've recently placed in Red Hat Enterprise Linux.
Gordon: So Richard, I'm going to start off by asking you a question that probably gets your blood pressure up every time you see it in a news headline. Is the cloud safe?
Richard: I think the cloud is as safe as the vendor, the controls that are put in place, and also by the thought and the governance that goes into the development and the architecture of the systems that are deployed on cloud.
I think if we can look at the trailblazers in cloud who have started to move those applications and services into the virtualized environment, into the new world of elastic computing, we have a compelling story to tell, which needs people to start thinking about being courageous enough to start building the internal controls and processes to be able to think about the workloads they want to move to cloud to keep them safe.
Gordon: In other words, it's really a pretty meaningless question without any context.
Richard: What we're doing in cloud security is really no different to the security controls that we've used in the SOA environments traditionally within data centers and in on-premise data. What we need to think about is the cost in ownership of how we actually get to cloud, and once we get there, the management controls and the governance risk control piece that we as IT professionals are dear to as part and parcel of standard business-as-usual activities.
Gordon: Now, Ellen, you were just out at the RSA conference in San Francisco. We talked a little bit the other day, and there was really a lot of attention being paid to cloud out there. Admittedly cloud is a term that is applied to an awful lot of different things, but it does seem to be getting people thinking about security and governance in a somewhat different way.
Ellen: I found it very interesting that many of the IT professionals with a background in security who work for the larger companies, the enterprises, are thinking about what is the best way to take advantage of the cost benefits of the cloud. Some are sophisticated enough to do this quite wisely, and many others are looking for guidance. But clearly, there's no question that the economics of moving to the cloud are quite compelling. Everyone in this field is looking for the best way to maximize their return and minimize their risk of moving to the cloud.
Gordon: Now, we're starting to hear a little bit of discussion around standards in the cloud, in general, but since we've got security experts here, let's maybe focus specifically around cloud security standards. I guess I'd have a couple questions. First of all, does it matter? Secondly, what is happening out there?
Richard: The security standards in cloud have been dovetailed into a mishmash of risk issues, which people like the Cloud Security Alliance are absolutely critically involved. We have been working very, very closely with the CSA now for quite some time, and in past lives I've been pushing and promoting the cloud security matrixes. If none of you are already aware of this, I suggest you Google the words "security matrix" and "CSA," and you will find that there are over 80 individuals working out there, from the Basel, PCI-DSS, ISO, and the open-source community, building levels of controls that you can push to your applicable workloads, in whichever vertical that you happen to be working in, whether it's health, whether it's finance, to enable you to get a standing start in understanding what you need to be able to say to your CIO or your CFO with regards to who needs to sign off against what, and also the controls and matrixes that you need to push against the applicable standards you're building.
Gordon: Now, Richard, I think you touched on something which is I've certainly seen around cloud security. That is that the "security" word seems to get used, really, to cover a much broader range of risk mitigation and governance issues.
Richard: Sure.
Gordon: Ellen, you've obviously worked a lot around identity and access management. It seems that, for instance, those kind of technologies tend to get lumped under security, even though it means something very different from firewalls or protecting against SQL-based exploits or whatever.
Ellen: One of the things that's very common, especially as you're moving into the cloud, is you're moving beyond the borders of the traditional enterprise. You may find that your users are not your employees. So, you may be working with your partners, with your suppliers, with your consumers, your customers. One of the things about that is you want to know who is accessing what you put in the cloud, and you want to make sure that they are only accessing what they're allowed to. That is the security piece. Part of where the standards come in is that, when you move to the cloud, you want as much openness, interoperability, and as little lock-in as possible. What you're seeing in identity and access management is sets of standards that allow great flexibility and interoperability while still allowing you to know who is accessing your information, who has the privileges to access your information, and who, frankly, to blame if for some reason things may go wrong.
Gordon: Yeah. It's not really even just cloud. It's just the way computing, in general, has been evolving, so that the old-fashioned, 19th-century fort model of having this big, honking, strong wall to keep "them" out from the data center, really, increasingly doesn't apply to cloud. Not that it ever really applied all that well to traditional data centers either, given how many security breaches were traditionally done by employees, of course.
Ellen: Your average person now has so much computer power in their hands. You get an iPhone or a tablet of any kind and you find, as you say Gordon, that the walls around the enterprise, the walls around the data, are breaking down. There really is a consumerization of IT. People bring their own devices, people go to the cloud, and the organization has to securely enable that.
Gordon: It's really at the application level, as we've discussed, Richard.
Richard: Sure. The ability now for vendors to start developing the tools and the hooks that customers need to be able to develop security into those applications, to understand who is consuming what, but also to be able to patch control and to keep version control on the libraries and the binaries that you're using or the applications that you're using.
Red Hat came from a community background. We've grown on the ethos and the goodwill that's come from the open-source community, and also the maturity that we help bring to it. But what we see increasingly in the open-source community is greater granularity in the versions of PHP and Ruby and Python, to allow people to get to cloud faster.
It's really up to individuals who consume those technologies and those libraries to ensure that when you go to cloud that you work with your vendor to ensure that you have the latest, greatest patches working there, what your rolling maintenance period is, to make sure, and also to have a complex risk register so you understand, potentially, what that means from a data leakage or a data privacy, especially in Europe and especially in the USA.
I think, more, there's a level of maturity that a sys admin can have from a perspective in his organization, to go from zero to hero. Traditionally, the sys admin's been locked in a cupboard. Now, a sys admin can be an even more bigger hero in his organization, because the safety and security of the whole cloud operation sits on his shoulders daily.
Gordon: As these things scale up--and that's one of the consequences of cloud is that things are really happening at scale. It does seem that it becomes more and more important that you automate a lot of these processes.
Richard: Yeah, sure.
Gordon: Because you just can't keep up with all this stuff at scale.
Richard: No, you can't. If you look at the percentage of people who are using OpenJRE applications in cloud, you'll see a large amount of JBoss.org applications. The JBoss.org community has some very good security people in there, people who are thinking very much about how applications are consumed. But we're also seeing a lot of JBoss.org customers, in the SME space and ISV space and the enterprise, moving across to becoming supported JBoss.com customers, where we have the power of the JBoss Operations Network, known as JON, to enable them to automate those functions, and also to audit and report.
I think we can't lose focus on the fact that, at the end of the day, you need to be able to be auditable. In the US and further afield, we have the SAS 70 certification, which is really no more than an accounting standard. We hope will be surpassed by the sort of standards that the cloud security lines are pushing and promoting, and also the PCI-DSS and Basel piece where companies are actually looking to make revenue from applications hosted either on a public/private hybrid model or directly public cloud providers.
Gordon: Ellen and Rick here, maybe finish up here by asking each of you to share if there were three pieces of advice that you could give people looking at moving to the cloud, whether that means adopting a public cloud, whether it means building a more automated self-service resource internally. What are three pieces of advice you'd give them? You first, Ellen.
Ellen: Well, I think my first piece of advice would be to understand what is the value of what you are moving to the cloud and make sure that you start your movement to the cloud, in security or in any other way, on a business case with an understanding of the business economics. I always believe that business drives security.
The second thing that I would say is there is a great deal of value in working with trusted vendors who understand this space and can certainly help with that movement.
Last, but not least, I think is to begin. I think it is important to take some level, however minor, of risk and start moving those applications that make sense into the cloud so that you'll have the experience and the background to do more over time.
Gordon: Thank you. Great advice. Richard?
Richard: I regularly stand up at conferences and I don't tend to conform to the norm and the first question I ask the crowded room is, "Who wants to go to jail first?" I'm met with a lot of white, ashen faces. I do a lot of cloud aggregation where I sit down with organizations looking to move to public cloud vendors rather than the private model.
That big piece of white paper that we sit down with enables them to start understanding who owns what risk, be it the provider, be it themselves, and what controls you can actually build and place to go to cloud. It's those controls which are the hidden cost to your company of adopting virtualized cloud computing.
The other thing is when you're working with your chosen provider, don't be afraid to ask them for the levels of both security controls and also the physical and mandatory access controls that they have built into their architecture. They should be able to provide it. If a provider just comes back to you saying oh we're secure or here's my SAS 70 certificate that's not enough. You need to be able to push and promote the fact that you're also talking to other cloud vendors that can do it bigger and better. Please can I have the right information.
The third piece is the fact that you need to be able to ensure that the data that you're moving to cloud is secure. Think about the level of risk that your company is willing to be exposed to. Also, is it possible that you can work with your trusted vendors to be able to have a hybrid model where you can tunnel databases from your data center to a cloud provider without exposing that level of risk?
The other thing is this is fun. This is enabling us to change the paradigm of computing. Red has a trusted vendor. We have the ability now to help you get to where you want to go. It's like a level of adolescence now and we're here to help you get to that next level.
Gordon: Thank you. Is there anything else you would like to share with the audience?
Richard: Stay safe.
Gordon: That sounds like good advice, no matter what you're doing. Thanks, everyone. I've been here with Ellen Newlands and Richard Morrell talking about cloud security. Thank you. Bye bye.
Links for 03-08-2012
- Rough Type: Nicholas Carr's Blog: Bring back Google Scholar! - "This is exactly the kind of of self-serving bloat that Google used to make fun of Microsoft for. We become what we hate."
- Alex Payne — How Not To Sell Software in 2012 - "your site says “cloud”, but your sales process says “1970s mainframe”."
- 90 Minutes Of Free Lightroom 4 Video Training From Adobe | PhotoshopSupport.com
- Basic color schemes: Color Theory Introduction
- Terry Heaton’s PoMo Blog » Blog Archive » The ‘Great Winnowing’ has begun - "What we’re going to see over the next several years is a “Great Winnowing” in the industries of journalism, a shifting in the marketplace of ideas and information from one driven by paid professionals to one driven by passion, whether amateur or professional. Those who make it best will be independent contractors, those who live and thrive apart from the teat of mother employer. This is likely to be a brutal place, which means the selling of the “occupation” to wide-eyed high schoolers will be problematic for universities and the institution itself."
- Ambient Social Location Apps Will be Consumer Duds - "The microclimate that is SXSW and San Francisco often creates hype for services that, ultimately, no one is going to really care about. Foursquare and Twitter did well at SXSW in their growth phases but those companies may prove to be the exception instead of the rule. The crop this year includes several "ambient social location' apps that are likely destined for obscurity when the time comes that normal users are supposed to adopt."
- Kdenlive Part 1: Introduction to Kdenlive | opensource.com
- Dos and Don’ts for PowerPoint Business Presentations | BostInno - IMO the "best practices" for Powerpoint animations etc. can mostly be summed up as JUST SAY NO
- This Article Generating Thousands Of Dollars In Ad Revenue Simply By Mentioning New iPad | The Onion - America's Finest News Source - RT @TheOnion: This Article Generating Thousands Of Dollars In Ad Revenue Simply By Mentioning New iPad
- 10 Great Imperial Stouts To Try Right Now | Serious Eats: Drinks
- These Ducks are Ready to Start Drinking For St. Patty’s Day [Image] | BostInno - The duckling are ready to start drinking. Very funny.
Wednesday, March 07, 2012
Links for 03-07-2012
- Facebook Cartoons Tell it Like it Is [COMICS] | BostInno
- The 5D Mark III – From the Inside « Canon Rumors
- Five Leadership Lessons From James T. Kirk - Forbes
- The Wild West of Big Data | ITworld - "So really, the community isn't missing so much as invisible, and that raises a sharp difference between the Linux and open source sector of a decade ago and the big data sector of today. Community in big data is acknowledged as a corporate resource, and that is all. Commercial vendors here seem to pay little more than lip service to their open source origins, and usually only to mention how they contribute back to projects like the ones mentioned earlier."
Tuesday, March 06, 2012
Links for 03-06-2012
- Dollar Shave Club Launches Razor Subscription Service, Raises $1M From Kleiner (And Others) | TechCrunch - Someone please tell me that an Onion headline accidentally ended up on Techcrunch.
- E-discovery in the cloud? Not so easy - Computerworld
- 24/192 Music Downloads are Very Silly Indeed
- Five Leadership Mistakes Of The Galactic Empire - Forbes
- 9 Phrases We Should Stop Seeing in Tech Journalism | Dissociated Press - "“Anything-killer” – I’ve probably done this myself, so mea culpa. But this is so over-used now, and so very often wrong. Mostly, though, it’s the binary nature of the argument that I find most objectionable. It’s possible for two successful products of similar types to co-exist."
- 451 CAOS Theory » That’s not science: the FSF’s analysis of GPL usage - RT @maslett: That’s not science: the FSF’s analysis of GPL usage << 451 analysis seems pretty solid
- Data vs. models at the Strata Conference | The Pervasive Data Center - CNET News - RT @xamat: "Data vs. models at the Strata Conference" - Great summary of my #strataconf talk at CNET by @ghaff
- Groupon Fail: Daily Deal Site Offers Deal For Closed Cambridge Restaurant [Image] | BostInno - Groupon runs daily deal for (very recently) closed restaurant. Oops.
- TileMill | MapBox
- Technology News: Distros: Canonical's Ticking Time Clock - "Given Canonical's history of abandoned users and product announcements that come up short in execution, Shuttleworth's most recent goal of 200 million users by 2015 doesn't compute. There's simply no path from "declining OS vendor" to "competing on an equal footing with Microsoft, Apple and Google." It's the sort of rhetoric a CEO would say to rally the troops, but it's become obvious that it's already too late."
- Are community cloud services the next hot thing? - Includes comments from me.
- Appealing to the base - Roger Ebert's Journal