August 2011 Archives

Craig Beddis, the regional software vice president at UC4 Software, says if you don't get your cloud supplier right first time, it'll be ruinously expensive to change.

Investing in cloud services is not a new thing but what's on offer is getting better and better. However it should be planned carefully, especially if a business is putting critical applications into the cloud, to ensure data is secure and easily available. 

Every cloud provider promises different things - set out in service level agreements (SLAs) - so these should be considered when choosing a cloud provider to make sure you're getting what you need and are covered when things go wrong. This is just as important when moving from one cloud provider to another - data must be transferred securely and service levels must be upheld in the transition.

Let's take a fictional example. David manages the back office financial processes at a UK car dealership company. With the main showroom just south of London and four regional showrooms across the UK, David has to ensure that all the company's sales and revenue figures are collated for a senior management report at month end. 

Data from the five sales teams used to be inputted onto a cloud-based database but the service was unreliable and regularly unavailable. After two years David selected a new cloud provider that offered full access in its SLA as well as enhanced functionality. However he faced huge challenges in extracting data from the old provider to the new one, with vital data loss in the transfer process and errors in month end reports, none of which are covered by either provider's SLAs.

As a partner and a senior manager at Deloittes technology Consulting Practice, John Winstanley (left) and Bhavesh Morar spend all their time talking to big corporations who want advice on cloud computing.

These retail, consumer and life sciences giants all desperately want to talk about infrastructure as a service. Or so it would seem.

Maybe they're lonely and they just want someone nice to talk to, who isn't involved in their office politics. They certainly don't seem interested in signing any purchasing orders.

It's known in the business as Let's Have a Meeting Syndrome (LHMS), and it's got worse in the recession.

Anyway, these window shoppers have a good excuse not to sign off an infrastructure as a service project: "In large scale corporate back offices, the state of readiness is way behind the marketing material," says Winstanley.

Besides most of the corporates that Winstanley and Morar consult with are likely to be bound by strict compliance regulations. In which case, they need to know specifically which servers are being used to secure their data and where they are. Tying down details like this doesn't fit in with the ethos of cloud services.

Meanwhile, companies are adopting some of the properties of cloud services in their own data centres. They might transfer Unix platforms to Linux and organise partitioning far more efficiently on blade farms. They're packing more into their existing infrastructure and improving the utilisation of their hardware.

A high street retailer, for example, was only getting 17 per cent utilisation out of its Oracle/IBM platform, whereas other companies can push to 80 per cent.

Cloud services might not sell, but cloud computing techniques will still blight IT sales. Who is going to buy anything from you when they can triple the output of their data centre without seeing a salesman?

That's a double whammy. It's bad enough that all those sales meetings are a waste of time and money. But think of all the poor estate agents, removal men and data-centre-in-a-crate salesman. They're not gong to be doing much business either. That's two hidden costs in the same mortifying incident.

Hey, hey, you, you, get offa my cloud! Not my words, but the words of a service provider that decides you are surplus to their requirements, for whatever reason.

But the of process of moving between cloud offerings is punishing, says Vladimir Jirasek non executive director CSA UK & Ireland and member of CAMM. As is moving back to the internal service (internal cloud). 

"This is especially painful in SaaS where the application is bespoke and export of the data is not standardised," says Jirasek. Salesforce, for example.

"I see the migration from SaaS application as huge hidden cost that will bite many companies should they ever dare to leave the SaaS provider!

"The cost, complexity and disruption of migration from SaaS might be so huge that the company will rather stay with the cloud provider, being effectively locked in for a long time."

However, there's good news if you are in PaaS and IaaS. "The lock in is not as big problem as there is more standardisation on the platform and infrastructure level," he says.

There's an awful lot that can go wrong with service level agreements (SLAs) on cloud-based services says Craig Beddis, Regional SVP at UC4 Software.

Services in the cloud are not available when there is an outage.

Gradually we're starting to see businesses of all sizes using cloud providers for various services, with limited upfront costs and greater flexibility. 

You may think this sounds too good to be true. It an be when one of the main risks is some sort of outage which makes your data temporarily unavailable. In this case you'd expect service level agreements (SLAs) with your cloud provider to compensate you for not being able to access your essential services.

Unfortunately many SLAs do not cover companies for unexpected events such as a data centre network being cut off by somebody digging through some cabling.

Let's say Mr X is the CIO of a recruitment software company, supplying to more than 400 recruitment businesses across the UK. The specialist software is offered as proprietary (i.e. the client owns the license and data is stored in the customer's server) or is accessible via a cloud-based service. Since the recession the company has seen a huge growth in smaller recruitment businesses developing and choosing their software using the cloud-based model for the greater flexibility and lower upfront cost. 

As the number of clients grew and database functionality expanded, Mr X is concerned when he receives 80 complaints from clients unable to access their databases. When he contacts his cloud provider he's told that there was an outage on one of their servers which would not be rectified until later that week, and that unfortunately this incident was not covered under his SLA. As a result Mr X had to inform account managers of the issue and compensation was given.

Meanwhile, his boss is furious that money was wasted on a problem that wasn't even their fault.

In a survey conducted last week, this column uncovered the truth about iPhone users; they make the worst drivers.

The survey was conducted on two separate occasions on the same stretch of road.

Cycling against the traffic, from Chobham to Kingston in Surrey, researchers counted the number of motorists who were driving while consulting their mobile phones.

80 per cent of those who took their eyes off the road to look at their smartphone were iPhone owners.

The other one (20 per cent) looked like a Blackberry user. You know the type.

The results didn't surprise me, who conducted the bicycle based research. 

"IPhone users are a menace on the road, and should pay extra road tax," I said, before calling on the government to act. "I call on the government to act," I said.

Vladimir Jirasek, non executive director CSA UK & Ireland and member of CAMM, speaks from bitter experience about a cloud heist that went wrong.

"I have had experience of migrating to Cloud and between different SaaS clouds," he laments.

The hidden costs differ between various delivery model (IaaS to SaaS). Some IT managers do not realise that in IaaS the responsibility to manage operating systems and application still rest on their shoulders.

The cloud provider is here a mere virtual HW provider. Hence the hidden cost for the company is a realisation that the bulk of IT responsible for application integration and possibly for infrastructure management (operating system layer) is still needed.

The same applies to PaaS, he says, but here the CIO is responsible for application integration only.

Ten years ago, Winston Bogarde was a very good footballer. He must have been, because show biz club Chelsea paid him forty thousand pounds a week! That was a lot of money in them days.

So he must have been pretty handy. Mind you, I never saw him play. I don't think anyone saw him play. He was at Chelsea for 18 months and the nearest he got to the pitch was the subs bench.

Football clubs live in a parallel world. Where else would somebody pay a vast amount of money for something they never use?

Oh, I just thought of an example. Cloud computing customers.

If you meet anyone who thinks that cloud computing is a pay per use model, send them to me; I've got this bridge in the City of London they might like to buy.

If you put an application in the cloud and no one uses it, does it cost you money? Why, yes it does, mate.

The hourly compute charges are not based on how you use an application but for the machines that are reserved for you should you use that app.

So anyone who orders an app and doesn't use it probably assumes they won't be charged for it. Boy are they in for a shock when the bill comes in.

Deputy heads will roll. Sack the manager!

I told the world about SpinVox but no-one listened. Then along came the BBC's glamorous Rory Cellan-Jones, and they all listened. I can't imagine why no one took me seriously! 

(Here I am, left, in a kimono)

About the time when the News of the World stealing private moments from anyone with a saleable personal life, I was experiencing my own hacking crisis.

In my case, my privacy was invaded because I was a journalist. I'd been hired as a writer by a multi-millionaire to write some case studies about a telecoms dealer. They liked my work so much that they posted the articles, word for word, on their web site (as was established, when the case finally came to Coventry County Court where I eventually won a pyrrhic court battle).

But as soon as they discovered I was a journalist (boo! hiss!) they decided they hated me. Not only should no good deed go unpunished, they also decided - on receiving the court summons - to embark on a follow up hate campaign involving attempts to access all my phone conversations.

Like an idiot savant, I mounted a brilliant defence against this thuggery, without even realizing what I was doing.

I appointed a man in India to listen in to intercept all my mobile phone messages, type them out and text them to me. I didn't know I was doing this at the time, as the company that offered me the service, SpinVox, assured me it was all done by voice-recognition technology.

If the translations were really achieved by their machines (and I was personally shown them by the CEO, Christine Domecq) they would have been running voice-recognition algorithms 50 years ahead of their time.

I wasn't really bothered either way; I'd rather they were creating jobs for a man in India than for a machine in Marlow.

The point is, the low-techness of the arrangement stopped my calls from being hacked. All my lost phone messages were immediately removed from my inbox, recorded and emailed out to India, where a man hunched over a keyboard with a pair of headphones on typed them out and his broken English was then texted to me.

Funnily enough, the News of the World weren't interested when I told them about SpinVox's smoke and mirrors act. Only the Daily Telegraph took my story, but they stuck it on the City Diary page.

Years later (years!) the BBC and The Guardian picked up on my revelation and SpinVox eventually got in trouble for misleading investors, went into a downward spiral and got bought out.

In its heyday it was Britain's fastest growing telecoms services company and hailed by everyone from government spin doctors to the Sunday Times Top 100 Business list. International telcos and mobile operators were queuing up to buy the service.

I still think the service was (and is) brilliant. If only they'd been honest about it.

Surely, given our new-found insecurities over phone hacking, it's high time someone revived SpinVox. I'd sign up for it.

I told the world about SpinVox but no-one listened. Then along came the BBC's glamorous Rory Cellan-Jones, and they all listened. I can't imagine why no one took me seriously! 

(Here I am, left, in a kimono)

About the time when the News of the World stealing private moments from anyone with a saleable personal life, I was experiencing my own hacking crisis.

In my case, my privacy was invaded because I was a journalist. I'd been hired as a writer by a multi-millionaire to write some case studies about a telecoms dealer. They liked my work so much that they posted the articles, word for word, on their web site (as was established, when the case finally came to Coventry County Court where I eventually won a pyrrhic court battle).

But as soon as they discovered I was a journalist (boo! hiss!) they decided they hated me. Not only should no good deed go unpunished, they also decided - on receiving the court summons - to embark on a follow up hate campaign involving attempts to access all my phone conversations.

Like an idiot savant, I mounted a brilliant defence against this thuggery, without even realizing what I was doing.

I appointed a man in India to listen in to intercept all my mobile phone messages, type them out and text them to me. I didn't know I was doing this at the time, as the company that offered me the service, SpinVox, assured me it was all done by voice-recognition technology.

If the translations were really achieved by their machines (and I was personally shown them by the CEO, Christine Domecq) they would have been running voice-recognition algorithms 50 years ahead of their time.

I wasn't really bothered either way; I'd rather they were creating jobs for a man in India than for a machine in Marlow.

The point is, the low-techness of the arrangement stopped my calls from being hacked. All my lost phone messages were immediately removed from my inbox, recorded and emailed out to India, where a man hunched over a keyboard with a pair of headphones on typed them out and his broken English was then texted to me.

Funnily enough, the News of the World weren't interested when I told them about SpinVox's smoke and mirrors act. Only the Daily Telegraph took my story, but they stuck it on the City Diary page.

Years later (years!) the BBC and The Guardian picked up on my revelation and SpinVox eventually got in trouble for misleading investors, went into a downward spiral and got bought out.

In its heyday it was Britain's fastest growing telecoms services company and hailed by everyone from government spin doctors to the Sunday Times Top 100 Business list. International telcos and mobile operators were queuing up to buy the service.

I still think the service was (and is) brilliant. If only they'd been honest about it.

Surely, given our new-found insecurities over phone hacking, it's high time someone revived SpinVox. I'd sign up for it.

It can be expensive if you have a careless cloud looking after your data.

Many of these providers are more clown than cloud service providers. Your business could be found found on the hard drives sold by the Cloud provider. Don't laugh, it's already happened.

When data is deleted on a hard drive it is not rendered inaccessible the data blocks are merely marked as available. So unless the Cloud provider takes steps to shred this data, it is potentially available to other users or purchasers of the equipment. We know that but, amazingly, many cloud service providrs seem not to, as a recent study found.

Sensitive information for shooting down intercontinental missiles as well as bank details and NHS records was found on old computers, by researchers from BT and the University of Glamorgan.

Of 300 hard disks bought randomly at computer fairs and an online auction site, 34% still held personal data. They bought disks from the UK, America, Germany, France and Australia.

The information was enough to expose individuals and firms to fraud and identity theft, said the study.

"It's not rocket science," said Glamorgan University's Professor Andrew Blyth, "we used standard tools to analyse the data." 

Why does the NHS constantly lose our personal data? Is it corruption? Is it because nobody cares? Bad management?

Safestick, a secure USB, could be the answer to our problems. It's a simple device, aimed at simpletons who are prone to heft and loss. 

Robert Howorth, senior technical architect at West Suffolk Hospital NHS Trust swears by it.

The NHS has bought 100,000 of its SafeStick USB flash drives right across the Health Service network. (So if you want one cheap, you can probably buy one off an NHS employee).

The Safestick is Password protected and featuries military grade encryption. The NHS uses BlockMaster's SafeConsole management tool as well, so they can track and control their SafeStick portfolio. Using this system, they could remotely track, manage and enforce acceptable use policy for every single drive, anywhere in the county.

Let's hope they get this system at Scotland Yard, so that they can start cleaning up their act.

Why does the NHS constantly lose our personal data? Is it corruption? Is it because nobody cares? Bad management?

Safestick, a secure USB, could be the answer to our problems. It's a simple device, aimed at simpletons who are prone to heft and loss. 

Robert Howorth, senior technical architect at West Suffolk Hospital NHS Trust swears by it.

The NHS has bought 100,000 of its SafeStick USB flash drives right across the Health Service network. (So if you want one cheap, you can probably buy one off an NHS employee).

The Safestick is Password protected and featuries military grade encryption. The NHS uses BlockMaster's SafeConsole management tool as well, so they can track and control their SafeStick portfolio. Using this system, they could remotely track, manage and enforce acceptable use policy for every single drive, anywhere in the county.

Let's hope they get this system at Scotland Yard, so that they can start cleaning up their act.

The cost of getting your data back when you change Cloud provider is horrendous, warns Mike Small, a member of London Chapter ISACA security advisory group.

"Many contracts do not clarify who owns the data in the cloud and how you can get it back when the contract ends," he says. "This has caught out more than one large organisation."

Another unexpected cost bombshell is detonated when your cloud service is disabled as a result of legal action against a co-tenant that is suspected of acting illegally.

"On December 30th we had an issue with Windows Live Hotmail that impacted 17,355 accounts," says Chris Jones of Windows Live. "Customers affected temporarily lost the contents of their mailbox through the course of mailbox load balancing between servers."

Windows Live identified the root cause and restored mail to the affected accounts by the evening of January 2nd. Three days later!

"As with all incidents like this, we will fully investigate the cause and will take steps to prevent this from happening again," says Jones.

Could be too late, mate!

If you're going to be a service provider, you might as well be nice. 

Start with the welcome you offer people when they arrive at your company.

There's a business logic. Nice people tend to listen more, understand the customer better and, consequently, are sixty per cent less likely to get sued by a disappointed cloud services client.

A new book by a couple of advertising agency bods sets out the business arguments for being nice.

According to The Power of Nice by Linda Kaplan Thaler and Robin Koval, doctors who have never been sued in America spent, on average, three minutes longer talking to their patients.

The same applies to business over here; every outsourcing contract or cloud service that goes wrong is almost certainly going to be down to a lack of understanding, created by a failure to communicate. The thing about the IT industry is that most of them are terrible communicators. Terrible at talking and even worse at listening.

Could be worth reading. Or, are you one of those people who doesn't suffer fools gladly?

The Power of Nice. Go on, give it a try.

If you're going to be a service provider, you might as well be nice. 

Start with the welcome you offer people when they arrive at your company.

There's a business logic. Nice people tend to listen more, understand the customer better and, consequently, are sixty per cent less likely to get sued by a disappointed cloud services client.

A new book by a couple of advertising agency bods sets out the business arguments for being nice.

According to The Power of Nice by Linda Kaplan Thaler and Robin Koval, doctors who have never been sued in America spent, on average, three minutes longer talking to their patients.

The same applies to business over here; every outsourcing contract or cloud service that goes wrong is almost certainly going to be down to a lack of understanding, created by a failure to communicate. The thing about the IT industry is that most of them are terrible communicators. Terrible at talking and even worse at listening.

Could be worth reading. Or, are you one of those people who doesn't suffer fools gladly?

The Power of Nice. Go on, give it a try.

What are the hidden costs of cloud computing?

Let's count them.

There are some awful fates awaiting you in the cloud.

Take for example, the fate that befell New York publisher Curbed Network, which got kicked to the kerb when its data was suddenly seized by the FBI.

The problem with being in the cloud was that Curbed Network had no idea who its neighbours were. Neither did the FBI, to be fair. So they took out every server in the hybrid cloud hosted facility they raided in Reston, Virginia.

The host, DigitalOne, was powerless to defend its clients. "In the night FBI has taken 3 enclosures with equipment plugged into them, possibly including your server," explained chief executive, Sergej Ostroumow. "We cannot check it."

Though the G-men were only interested in one of the company's clients they took servers used by "tens of clients", and after their visit DigitalOne could not restart its own servers for 15 hours.

Curbed Network's sites, including popular blogs covering real estate, restaurants and other topics, were left unavailable for days. As were Instapaper, a service that saves articles for later reading and Pinboard, a bookmarking site. Pinboard managed to run on a backup server.

Companies can survive downtime, as this example shows, but being taken out like this is likely to be fatal for many organisations.

So the cloud could be fatal.

McAfee has released the results of a five year study, code named Operation Shady RAT, which shows how an unnamed rogue hacker has attacked a variety of global players.

In a range of studies over the course of a five year operation they identified one specific, probably nation state source of cyber crime, which targeting more than 70 global companies, governments and non-profit organisations.

Researchers at McAfee Labs collected logs that reveal the full extent of their target demographic.

Starting in mid-2006, researchers analysed attacks affecting some organisations for up to 28 months.  In total, compromised companies spanned 14 countries, including the UK and more than 30 unique organisation types ranging from the US federal government, satellite communications companies, the Canadian government, the Vietnamese government, the Taiwanese government and more.

Were there any major nations they didn't attack?

We wonder who this country could be?

McAfee has released the results of a five year study, code named Operation Shady RAT, which shows how an unnamed rogue hacker has attacked a variety of global players.

In a range of studies over the course of a five year operation they identified one specific, probably nation state source of cyber crime, which targeting more than 70 global companies, governments and non-profit organisations.

Researchers at McAfee Labs collected logs that reveal the full extent of their target demographic.

Starting in mid-2006, researchers analysed attacks affecting some organisations for up to 28 months.  In total, compromised companies spanned 14 countries, including the UK and more than 30 unique organisation types ranging from the US federal government, satellite communications companies, the Canadian government, the Vietnamese government, the Taiwanese government and more.

Were there any major nations they didn't attack?

We wonder who this country could be?

I've never been to Thailand, so I found myself on Amazon recently, browsing travel books like Thailand Diaries.

I was about to buy it when suddenly, a cold hand clutched at my heart. I became paralysed with fear.

What if they take the order and don't send the book? What if someone hacks into Amazon and steals my banking details?

What if Simon uses this computer while I'm at lunch, and sees all the dodgy stuff I've been browsing on Ebay and Amazon? [too late - Ed]

What if the book's rubbish?

This is where businesses need an IronKey.

It's a USB disguised as a concealed weapon! It's shielded in a solid, tamper-resistant and waterproof metal casing that could stop a bullet, never mind a hacker.

The IronKey Personal USB (the one for consumer use) comes with military-grade encryption and easy-to-use identity management and password manager.

[What exactly is 'military grade encryption? Is that a made up term that means nothing, like paradigm shift? Is there such a thing as a military grade paradigm?]

I like the idea of a secure private browser. So I can surf anonymously, without any marketing creeps gathering information on me. It also protects my password when I go online, says the vendor.

So, it'll be handy if I do get to Thailand and need to transfer funds. Or indeed if I'm still in Britain, and don't want people snooping at my Amazon account.

PS. Ironkey has passed a number of 'unbreakable' tests, apparently. Don't tell the hackers that, as it's like throwing down a gauntlet to them.

Photo courtesy: BananaStock/ThinkStock

I don't know about you, but I hate wearing headsets and those ghastly ear things. There must be a nice way to be handsfree.

Gigaset has just released the latest handsfree home phone, the Gigaset L410.

Unlike an ungainly headset, the L410 does not attach to the ear but is simply clipped to clothing and, weighing just 30 grams, is hardly noticeable, meaning you no longer have to compromise on style.

They could have made it a bit more stylish though. Why not make them in nicer colours? Or in the shape of a brooch or something. Surely a nice pink flower brooch style handsfree gadget would accessorise any outfit!

The end result is that users are able to take care of other tasks in the kitchen whilst simultaneously making a call - whether that's loading the dishwasher, making a coffee or simply cooking.

There's one marketing agency I know of whose offices are like a library, normally.

But, when a client visits, the old codger running the agency puts gangster rap on the sound system, in an attempt to convince the client they are young and funky.

It works, too. When I was there, they won the Citrix account!

There are less desperate ways to give your office a hip, contemporary feel. Surely. I'm buggered if I know what they are. But here's a suggestion.

The POP handset is a bright and funky accessory that offers mobile phone users the convenience and comfort of a traditional telephone with all the functionality of today's most popular devices.

Available in pink, yellow, purple, blue and green soft touch finish, has a fun feel that combines a contemporary edge and a compelling health proposition - the POP phone reduces the users exposure to potentially harmful radiation exposure by up to 96%.

Using a 3.5mm jack (adaptors are available) users can connect the POP phone to a mobile phone, iPad or PC for Skype calls, and are able to enjoy the full functionality of the device whilst making calls. You could be checking your diary, reading emails or dancing like dad at a wedding.