Friday, February 20, 2009

The Answer to: What is Cloud Computing

Cloud Computing Summed Up Is Thus:

"A system where part of the deployment is unknown to the IT department"

Cloud = unknown.

Wednesday, February 18, 2009


I have enabled Disqus for my Blog and highly recommend every blogger do so.

(No, I am not being paid for this endorsement, but I am open to bribery...)

The nicest thing about it is that I can track comments made by me on different (Disqus enabled) websites and my comments even get added to my FriendFeed.

Very nice.

[Incomplete Thought] Cloud Computing - WTF is it?!

Sometimes the details are important!

{I'm borrowing the idea of an Incomplete Thought Post from The Hoff - jotting down some though on my blog before it is fully complete. I hope it will lead to faster posting. I have about 25 posts that are half written which I probably should have posted but they are just not quite right. This post is something I have thought about but may be open to discussion.}

Cloud computing is new which is why it is fun. Its like a new gadget and although you probably have no idea what it is or why you need it the Cloud Computing salespeople are already convincing you that your competitors are using it to get ahead of you.

I think that the original plans for Java are pretty similar to what we are expecting from Cloud Computing. Plug in an object a server, know the interfaces to it and Bob's your uncle - you are up and running. You can do limited customisation but you really don't need to know how everything is happening - just accept that it is. In Java we called it "Black Box" and now it is called "Cloud Computing". In both cases you don't get to see the inner workings. In both cases you are not supposed to care.

The power of this is that once you have a good object defined, you can use multiple objects chained together for scaling up or multiple different objects working together for a common cause. You could even get your chain to scale up and down as needed. Likewise, you could drop new objects in place as you want to create new services. You can even change objects as you find better working examples of them.

An example of this is my Blog. I could run it on my own server and manage the server, the database, the web (HTML, code, etc). Or I could go to Blogspot, sign up and be online in a few seconds. And, if all of a sudden there is a massive interest in my Blog (pfft) then Google will supply me the bandwidth and Server power to keep my site up. This is all very well but I have other advantages now too, such as, I have thrown out the vanilla comment section and put in one that works better. I could throw out that one too if I find something better. I have gone with feedburner for managing the RSS feed but I have a few choices there. Inter-connectivity is making my Blog so much more than a static web page.

I am really benefiting from "the cloud". On the other hand - there is nothing on my Blog that is private at all. The whole point of this Blog is to "get the word out there" so the more people that read my stuff - the better. I may not want spammers getting my email but thats pretty much it.

So, honestly, I don't care where my data is stored, what happens to it in transit, who reads it, etc. It is better not to know because my head can hold only so much junk. I also benefit in that I don't have to stick everything together. (Where I do stick different pieces together - it is made very very easy for me) and I don't need to pay for a dedicated server.

On the other hand, (and this is key) if it was corporate information then the details of where, how, what, etc become important.

Monday, February 2, 2009

Sometimes a piece of bread is just a piece of bread

I really like Andy the IT Guy but sometimes he goes overboard...

Andy the IT Guy is, of all the bloggers I read, the most practical. He isn't an analyst like the Securosis guys or a salesperson like most of the others. Or a ninja-type like the Hoff. He is a hands-on security person. Like me.

I find sometimes, I will be sitting in the traffic or walking down the street or shopping or whatever and thinking "there must be some Information Security parallel to this" and I get ready to blog about whatever it was. You can equate just about everything with Information Security. I'm sure that bloggers of all types go around thinking " blog about that..". There should be a support group. Maybe there is. Maybe it has a blog. I hope not.

By the way, Andy's advice about Information becoming "mixed" is really good advice and all companies should take note. I am about to start an Information Classification program and I shudder to think what it is that I will find. If everything was done right from the beginning ("pffft...") then it would be a simple thing to perform.

Andy, I totally agree with your observation, mate. But, sometimes just switch off and enjoy your breakfast. Even if it does taste slightly generic. I could use my own advice too. Maybe we should just give in to the addiction...

Now, what do fishpaste sandwiches have to do with Information Security? They smell funny but they are really good for you? Hmmmm....

Prediction Number 2 for 2009

Security lessons not learned will haunt us in 2009

This is exactly what I was thinking but I can't put it any better...

Please take a look at this article called Security lessons not learned will haunt us in 2009 and learn. This article is written in layman's language so no-one has any excuse not to read it and take in the important information that is included in it.

If you haven't read my 1st prediction - read this article first and then read prediction 1. Then get busy fixing up your Information Security Plan or cower in a corner crying.

Well done Mary Landesman, ScanSafe and ZDNet.