Any IT system has the potential to go in the wrong direction, but the new versatility of cloud services will introduce whole new ways to go off the rails. Here are ten for starters

1. Assumption: the mother of all calamities
Vladimir Jirasek non executive director of CSA UK says that in migrating to and between different SaaS (software as a service) clouds, that there were an awful lot of assumptions made that weren’t actually true.

“IT managers don’t realise that in IaaS (infrastructure as a service) the responsibility to manage operating systems and application still rest on their shoulders,” says Jirasek.

So they continue on, oblivious to the fact that no one is taking care of the details. As they say in project management: who’s in charge of the clattering train?

In this case, the cloud provider is really a virtual hardware provider. This will cost you when you finally realise that the bulk of IT responsible for application integration and possibly for infrastructure management (operating system layer) is still needed.

The same applies to PaaS (platform as a service) though here the CIO is responsible for application integration only.

2. Shunted into an expensive siding
If you want to change Cloud offerings, that will cost you too. As will a retreat back into an internally managed service or an internal cloud.

“This is especially painful in SaaS where a bespoke application like SalesForce doesn’t give you a standard form of data that can be exported,” say Jirasek.

The migration from SaaS application has huge hidden dangers that will hurt many companies, should they ever dare to leave the SaaS provider. The cost, complexity and disruption of migration from SaaS will lock the company in to one provider.

“Many contracts don’t clarify who owns the data in the cloud and how you can get it back when the contract ends,” says Mike Small member of London Chapter ISACA Security Advisory Group. “This has caught out more than one large organisation.”

Mission cloud computing was supposed to give companies greater choice. Instead, many are imprisoned in an expensive contract. It is vital that the service contract clarifies ownership of data as well as the terms for the return of that data. It is also important, says Small, to ensure that the data is returned in a form that can be used without extensive processing

3. When you unwittingly move into a bad cloud neighbourhood
You wouldn’t open up a shop in Hackney in the middle of the riots, because you’d be able to see the risks. The problem with the cloud is you don’t know who your neighbours are, or how they’ll affect you.

What if the police had to seize your equipment as part of a sting against suspected criminals? It happens.

When the FBI raided a data centre in Reston, in Virginia, the ramifications were felt by Swiss-based DigitalOne, whose clients included New York publisher Curbed Network, service provider Instapaper and bookmarking site Pinboard.

The FBI was taking part in a co-ordinated operation with the CIA and various Western and Eastern European cybercrime bureaus. That’s a pretty comprehensive sweep and the all-encompassing seizures were bound to affect innocent users of the cloud.

DigitalOne’s chief executive, Sergej Ostroumow, was unhappy that the company’s web servers were seized and that he had to satisfy clients who were hit by up to three days of downtime.

“In the night the FBI took three enclosures with equipment plugged into them,” he told clients, “possibly including your server – we cannot check it. This problem has been caused by the FBI, not us.”

Though it was only interested in one of the company’s clients the FBI took servers used by “tens of clients,” Ostroumow said at the time.

His complaints about the FBI’s ‘unprofessional work’ fell on deaf ears. With the authorities conducting a cyberwar on the likes of Lulz and other hacking organisations, there could be a lot of victims of friendly fire in the cloud, warns Small.

While this example comes from the US, laws in most jurisdictions allow law enforcement agencies to seize equipment and data. Some countries may be an even higher risk – for example where there is a corrupt or autocratic regime that ignores international agreement

4. When your data is destroyed accidentally by your service provider
These things happen in the cloud. Microsoft reported that its Windows Live service had been experiencing problems dating from 30 December. “We had an issue with Windows Live Hotmail that impacted 17,355 accounts,” it admitted on a Windows team blog.

Customers affected temporarily lost the contents of their mailbox through the course of mailbox load balancing between servers. “We identified the root cause and restored mail to the impacted accounts,” Microsoft reported.

It assured customers that, with the problem solved, it would investigate, as it does with all incidents like this and take steps to prevent this from happening again.

Not good enough, according to one complainant, who testified the impact this loss of data had on his business.

“My inbox of over 8000 emails from the start of this address over 10 years ago is still gone. My emails were completely gone from late Oct 10 and prior. I am devastated by this loss, my life, business and tax info was all in this email I accessed daily,” said the user, known only as Westcoastborn, on the WindowsLive site.

“I was given some inadequate responses and then ignored by hotmail support,” he complained. After ten years of doing business in the cloud, he’d lost everything.

5. When the FSA finds out your cloud service is not compliant with FSA regulations
Whatever the regulations your organisation is bound by, a cloud service provider will claim to understand them. For example, personal data must be processed in accordance with the EU personal data protections laws.

If your cloud service provider holds that data somewhere where it is cheaper to do so than in the EU (and how likely is that to happen) your company won’t have the appropriate processing contracts in place. In the case of data privacy remember that the buck stops with the data controller (ie the organisation) owning the data not the data processor (ie the cloud provider).

Data privacy is not the only compliance issue and it is vitally important that the regulatory requirements for the cloud service are made clear to the provider and that the provider is legally bound by a contract to provide a service that meets these requirements.

6. When your intellectual property is stolen by a cloud service administrator.
Cloud service providers are no different from previous generations of service or product vendors. They can’t afford to re-invent the wheel for every client. Service providers only enjoy the economies of scale if they can find a model that can be mass-produced. Otherwise, your profits will be eaten away by a labour-intensive production process.

So the work you put in to create your cloud administration – effectively your intellectual property – could be used as a model for others. The service provider doesn’t want to re-invent the wheel for each client. It’s far cheaper to get you to do the work or use your installation as a learning experience.

This presents security problems that could cause your company enormous grief later. The cloud infrastructure needs to be maintained. To achieve this there are a number of very powerful admin accounts that can bypass normal security controls, warns ISACA’s Small.

7. Disaster strikes when your data is found on the hard drives sold by the cloud provider.
We all know that data deleted from a hard drive is not really destroyed. It is merely rendered inaccessible and the data blocks are marked as available. Even most end users know that, until someone overwrites that data, it can still be found.

Clearly, some cloud providers didn’t know that. Or care to take the steps to shred this data.

Researchers from BT and the University of Glamorgan who bought disks from a variety of global sources found all kinds of sensitive information. Bank details and NHS records were found, along with enough information to help shoot down intercontinental missiles.

Of the 300 hard disks it bought randomly, 34 percent still held personal data. The information was enough to expose individuals and firms to fraud and identity theft, says Professor Andrew Blyth, who led the research.

Along with bank account details and medical records, they found data about a proposed $50bn currency exchange through Spain.

Most organisations still have no idea about the potential volume and type of information that is stored on hard disks says Blyth.

8. When the Cloud is breached and your valuable secrets come tumbling out
In the cloud everyone can see your silver lining. That’s not always the case, but there is evidence to show that your data is easier for criminals to get their hands on.

Hackers can burst through your shop window and loot your database, as long as they can find one of the user names and password combinations that are floating about.

The European Union had to suspend registries on its spot carbon-emissions market after permits were stolen. It can’t lift restrictions until members beef up security.

On 19 January this year one Czech trader found his $9 million account had gone. As many €29 million worth of permits are missing, according to the EC’s accounts. Given that no EC accounts are ever signed off, who knows how bug the real fraud could be. Holcim, the Swiss cement maker, lost 1.6 million permits to CO2 thieves.

The EU market was supposed to be the model for a future global carbon programme. It went from being an 80 billion euros market, in 2010, to no market. That’s an 80 billion euro cloudburst, and all because nobody secured the permits. In one of the classic cases of assumption, the EU left this job to the national registries. Who in turn assumed it was somebody else’s job.

It could take “a long time, possibly years,” to finally resolve who are rightful owners of any stolen EU allowances, says Owen Lomas, a London-based consultant at Allen & Overy LLP’s climate change practice.

9. When your cloud service provider’s provider goes bust and lawyers circle the building
The cloud service you buy might be reliant on a Cloud service that it buys from some anther cloud outfit. Who knows where they get their service from.

When one of them goes bust, your chances of retrieving the situation are slim chance and no chance. If more than one goes under – and it’s likely that they’ll tumble like a house of cards – that last slim chance will disappear too.

“It is really important to understand who is involved in providing the service to you and where these organisations are located,” says Mike Small (referenced above) a member of the London Chapter ISACA Security Advisory Group. This is not just a question of whether the supplier will go bust, it also concerns the compliance issues regarding where data is located as well as the reliability of the service provided to you.

Beware the legal costs involved in trying to unpick the cloud service agreement that one of your subsidiaries signed, says Small.

Most large cloud service providers offer a take it or leave it contract. This usually involves the whole organisation in the deal even though it may have only been signed by one employee.
10. When the Cloud Service Becomes Obsolete

Logica’s UK cloud lead, Stephen Simpson, says clients can end-up buying a vendor’s re-branded proprietary solution and associated services that the vendor does not evolve in step with the market.

“Cloud solutions and services are immature, and we know that there will be significant advances and changes in how they are engineered and delivered over the next few years,” says Simpson.

“We want our clients to be in a position to take full advantage of what is happening,” he says. “But this means getting the right balance between the risks of lock-in, short term delivery pressures and the longer term uncertainty over which technologies and vendors will win through.”

A balance that many companies won’t get right. So are the risks worth taking? Hang on, is it a risk? Surely the cloud is about avoiding risk, isn’t it?

Mike Small believes that the risks of not adopting the cloud often outweigh those of adoption. This is because cloud providers are big to afford the skills and equipment needed to provide a secure and resilient IT service. They can also invest in improving their services.

Conclusion
Cloud computing is a tactical investment and it can help you avoid the risks inherent in big IT projects. But, as we shall see, it brings a new generation of uncertainty. Having said that, it’s true to say that while client server computing didn’t kill off the mainframe, it was massively successful in its own right.

Cloud computing does eliminate many of the risks of owning your own infrastructure. Just make sure you are fully aware of the new ones.

A fascinating little point made in a much longer piece about the smartphone wars. One that makes me wonder whether Unix can now be considered to be the most successful operating system of all time. Which is certainly a change from when I first entered the computing industry when Unix boxes were vast behemoths and the Windows based PC was what was used by the masses.
The point is made here:
“Within that, roughly 1.1bn had ‘smartphones’ at the end of 2012, of which around 900m ran either the iOS or Android versions of Unix. (As an aside, it is pretty striking that almost a fifth of the earth’s adult population has a Unix box in their pocket.)“

Apple’s iOS and Google’s Android are variations of Unix and with 900 million concurrent users it might indeed be the largest number of people using an operating system yet.

I agree that Windows sales numbers are, over time, much higher than of these Unix variants. So I agree that Microsoft has, over all the generations of Windows, sold more licenses but many of these licences are out of use.

My feeling is that Unix is indeed the world’s most successful operating system ever considering justthe two Unix variants, Android and iOS.
Add in all the servers used in the world at the same time plus All the TV’s that use Unix and the number is probably double the 900 million units. 1800 million concurrent users? I don’t think Windows will ever managed that because the currently installed and in use Windows systems is unlikely to be 900 million units, certainly not all operating at the same time. 

The growth rates are divergent, almost all tablets and smartphones now run some variant of Unix and those markets are still growing by leaps and bounds whereas the PC market is actually shrinking. 

 

 

That accolade goes to a product we supply that not many have heard of.

Panasonic, Amazon, Google, IBM, the Internet, some CMX clients even Apple all have something major in common. They are based on a product called UNIX which first saw life in 1969.

Who realises that Apple computers, i-phones and Android boxes are UNIX derived?  

We installed UNIX systems in the early ’80s using computers supplied by AT&T. It’s now running on ordinary PC servers in several of our clients.

It’s main claim to fame?
It uses less computing power and is more reliable than Windows systems, most of the software is free, it doesn’t need licensing, Unix systems usually don’t get virii, There are tons of reasons it’s better than Windows.

If its so good why doesn’t everyone supply it? 

That’s simple it has to be installed by knowledgeable IT people because it’s not easy. There’s probably only about three companies in Essex and Suffolk who supply it, whereas whereas for Windows there are thousands because you don’t need much training.

So whats the benefit?
Basically reliability and cost. Lets look at cost. Microsoft Windows needs plenty of RAM and Processor, the software costs and on top you have the installation and maintenance. Unix uses less power, (thats why big business and phones like it), so cheaper hardware, no software costs and because we know its more reliable our support charges are lower.

When should I not use it?
If you have a special need such as an Exchange or SQL server then it might not be right for you as you may have to go to Windows, talk to us we can soon let you know.


Ok I have not heard of UNIX but I have heard of ??IX
Thats because it has developed and moved around over the last 40 years, ownership has changed and there are variants. There is XENIX, Chrome, iO7, Android, Apple OS, POSIX, AIX, Solaris, Linux, Sequent, HP-UX, Red Hat Enterprise Linux, Fedora, SUSE Linux Enterprise, openSUSE, Debian GNU/Linux, Ubuntu, Linux Mint, Mandriva Linux, Slackware Linux and Gentoo. Maybe thats why its not that known, too many flavours but thats re-assuring.

For more information go to http://en.wikipedia.org/wiki/UNIX or talk to us, we converse in English and compuspeak (Which sounds like Martian I am told).

Email us on info@cmx.co.uk if you would like to know more.  




If you have a spec

 

I keep looking at the title and I’m not sure if it’s good English but it exactly represents what we keep coming across time after time. Just because you haven’t been told something, it doesn’t mean it hasn’t happened. That English seems just as bad, let me explain.

You install an antivirus package and then relax safe in the knowledge that should your computer become infected the software will stop it doing any damage. What if your antivirus package is so poor that it doesn’t react? Your computer is now infected, the virus is doing what it was designed to do, the AV Software is in La La Land but you feel quite happy, safe and secure as nothing has alerted you otherwise.

We all know the damage that the virus or spyware can inflict, not just on your computer but your personal wealth and possibly safety. If you don’t understand, then e-mail me at glyn@cmx.co.uk and I shall try to gently enlighten you.

Taking a recent example of a Windows XP machine running free AVG software, the user had complained how slow the machine was working but considering that it was eight years old we weren’t surprised. We connected it to a new Unix server where it just had a letter representing a volume. Although we had not supplied the machine, it was a simple task.

About five weeks later we were called back because the computer could no longer access the server. A quick on site investigation did not give us any clues so the machine was taken away to our workshops.

The first thing we did was to extract the hard disk and put it on our isolated system. This is a computer that is not connected to the Internet, it has the latest ESET antivirus software and up to date spyware checking software. The advantage of doing this is that we know we are inserting this disk into a clean system and any malware doesn’t get a chance to load before it’s detected in a scan.

The suspect computer had 36,000 cookies, not a problem but rather excessive, however 16 viruses and 32 malwares were definitely bad news. The disk was cleaned, reinserted and the system returned to the client fully functioning and considerably faster than when we collected it and with ESET installed

What damage had been done? We can only guess at as the malware that was loaded was designed to look for a sequence of numbers in four groups of four plus any sequences either side. Sounds like a credit card, expiry date and security number would fit the bill.

If a supermarket gave away free petrol and a short space of time no one would be selling any petrol let alone giving it away. If, however, the free petrol was defective then word would soon spread keeping the chargeable petrol companies in business.

For some reason most of the professionals, and I mean professionals, not enthusiastic amateurs either steer well shy of these products or just wipe their machines and reinstall regularly. The word hasn’t reached everybody that there are better products on the market because most people think they’re safe because they hadn’t been told them not. Or put it another way you get what you pay for.

If you think you’re machine need a check then the antivirus companies have online checking. Housecall by Trend is good and so is the online scanner on the ESET website. These are good at detecting Viruses but for spyware I would use Malwarebytes or Spybot S & D. If you are not sure how to use these then e-mail me or call our Ipswich and Colchester centres which are personned 24/7 and someone will come out and perform a free, yes free, System Health check for you.

I know the plural of virus is virii if everyone is used to viruses as an expression, this is one debate that if I do have an opinion on I don’t really care to express it!

Up to 2001 Microsoft had a great package for small business, it contained all the goodies that the big enterprise guys use but at a tiny, tiny fraction of the cost. Now every small business server package has gone. You now buy the basic server version without all the bells and whistles which doesn’t make sense. A decent (not a toy, ask me why) file server with Microsoft used to cost around £3K. If you want in house e-mail then Microsoft ask you to add another server with Exchange for another £3K. So double the price for the same functionality you had six months ago, Why? That’s easy.

Microsoft (MS) only want small businesses to buy a single server but for e-mail you can use Exchange on their server for £30 a month. You see the difference? same initial revenue to MS and then an extra £30 a month, that’s at least an extra £1,800 going in to the MS pocket over five years, as they say MS’s duty is to the shareholders not the users or the partners (that’s us).

Now where this falls down is in this area, most small businesses are rural and in small towns in East Anglia. Broadband struggles to get over 2 Mb down and 0.5Mb up whereas London, Brighton can get 50-100 Mb in both directions. So not only does it cost more but the Internet is less efficient making cloud computing a non starter unless you are in the city. Oh, and you have less control and facilities.

The daft part is that where we are concerned it won’t make any difference but MS will lose out. Remember the 3K server, well we can get the same performance out of a Linux server for half the price. Need e-mail? Then we can install IBM PostFix or Mdeamon instead of MS Exchange for a minimal amount.

I like the idea, its marvelous, it means that Dell cant touch us for price and the small IT firms who don’t have the level of expertise like us can’t sell Linux.

So you will have a choice for your new server; come to cmx or spend more with Dell, MS or the enthusiastic hobbyist who thinks he is in the IT business, he sells boxes and has limited knowledge whereas we install cost effective business systems. Just ask anyone who is a cmx client, we can even give you the contact details of a few.

If you want to know more call 01473 231800 or 01206 256459 24/7 and talk to an expert in English