Posts Tagged ‘security’

Cloud Computing – 2010

Friday, January 8th, 2010

cloudbin Just came across a good article on the future of Cloud Computing for 2010 – it’s a great summary and indicator of how fast things are progressing, you can read the full article here, but in summary, the following (in my opinion) are the three key areas to watch:

The year of the platform – after years of working through Infrastructure as a Service (IAAS) and Software as a Service (SAAS)the coming of Platform as a Service (PAAS) marks the beginning of the realisation of the full benefit that the cloud approach has to offer.

Here Come Private Clouds – specially pertinent in the Public Sector, the information assurance requirements of governments and nations are driving an approach that sees the adoption of “national cloud” infrastructure.  This will challenge many of the cloud providers as issues around data sovereignty and legislation such as the US Patriot Act will force them to offer geographically local solutions (which is kind of counter intuitive to the purists architectural vision for cloud computing).

Security – What a surprise, the growth of cloud computing has lead to a new frontier to defend and secure.  whether it’s new concerns like Differential Privacy, or old “friends” moving to new platforms (the first cloud based bot-nets have recently been discovered).

6 Themes for IT’s Future

Friday, August 14th, 2009

Wow, time flies.  It’s been a busy and slightly ugly Summer, but enough of that, it’s finally time for us to bring you the presentation I made at this year’s Architect Insight Conference back in May of 2009.   A particularly important event for me as it marked the first public release of the 6 key themes we’ve been working on for the last 12 months or so.

This presentation walks you through the 6 key themes that are the foundation of all of the challenges (and opportunities) we face in helping move the value of technology in our society even further forward and why, in some cases, our initial perceptions of them are not always correct.

Sit back (remind yourself what Summers _used_ to be like) and enjoy…

You can download the webcast here (right click and “save as”) or click here to subscribe to the Envisioners podcasts on iTunes.

The Security Sledghammer

Sunday, May 3rd, 2009

Another week, another data security problem hits the headlines. It’s the same old story, human error results in the “misplacement” of a piece of technology (disk, USB stick etc) but the easiest way to deal with it seems to be to blame the technology and chase after that as the source of the problem.devilusb

The thing for me is, that people have been leaving important things on trains since Mr Stephenson stepped off the Rocket and said “Welcome to the Age of Steam, now where did I leave my umbrella?” so why is it now that we find ourselves in a world where the the humble USB key finds itself transported from “friend of the networkingly challenged” to Satan’s portable storage device?

The problem of course (beyond our own inability to deal with the implied human failure) is that we don’t have a sufficiently granular way of dealing with information risk.  We simply don’t have access to pervasive, infallible technology solution that on a file by file basis, enables us to protect data that is sensitive while leaving less important data alone.

As a result, organisations and Enterprises face a binary choice in deciding how to prevent this from happening again (which is often made even worse when they are reeling from the headlines and embarrassment of another data loss).  They can secure everything or secure nothing – it’s the only option they feel they have.  Guess which one they choose?

I’ve worked with organisations who have an outright ban on portable storage devices, some even go so far as to glue up the USB ports on their PC’s.  Let me tell you these are not organisations from the Security, Defence or Intelligence sectors, these are regular Enterprises just like yours.

sledgehammerDon’t get me wrong, I don’t blame them for doing this, but it’s a bit of a sledgehammer for what is essentially a walnut. The technology vendors have a big part to play in this, as do the various Governments and legislators that care about encryption standards, but importantly, the real challenge lies with you, dear reader, and it is one of data classification.  There doesn’t seem to be much point in having a pervasive, granular data security solution if you don’t know which bits of your data are sensitive and which aren’t.

So what are you doing about it in your own organisations?  Easy for me to say I know, but trust me, I know how big a deal this is.  I know it’s a mammoth task and involves getting the “business” to agree on a classification schema (and sometimes for some hard truth that their “sensitive” data really isn’t all that important) but no matter how arduous or tortuous the route, you have to take it if you want to be that agile, innovative organisation you always wanted to be. 

Ignore this and you might as well breakout the Araldite ™ and get cracking…

Security and Privacy – Give and Take

Monday, March 9th, 2009

Security & Privacy

So the last thing I’m going to try and do here is to attempt to talk to you about the principles of IT Security and Privacy.

But what we do need to understand is that people are increasingly willing to sacrifice elements of privacy in return for something we find valuable, grocery store loyalty cards for example are the gateway to a whole range of profiling and targeting that we subject ourselves to in return for some cheaper petrol and a few savings vouchers – it’s going to continue, especially as (through innovation and transformation) organisations get increasingly sophisticated in how they collect, analyse and use the data that we leave in our wake as we travel through our every day lives.

The good news is that despite the scaremongering, people are really waking up to privacy and security issues and are increasingly able to make informed choices about what information they disclose and how to protect the information they seek to remain private.
Perhaps the best example of this occurred a couple of years ago with Facebook when Zuckerberg changed the status updates to a newsfeed service.

Zuckerberg faced a massive backlash from his user base, almost 300,000 users got together to revolt but then something happened. Surprised by the reaction, Zuckerberg implemented a privacy feature that enabled people to designate which information was private and which was public (and would therefore be sent out as part of the news feed update to friends). The reaction was incredible and transformed the usage of Facebook and ultimately set the standard for a bizarre conflicting standard for personal privacy that is simultaneously vigilant and laissez-faire.

But societal changes aside, lets return to the job at hand. In light of the other topics I’ve talked about today, Security and Privacy are no different. Traditionally, these concepts have been thought of as constraints to productivity, disablers of the possible, barriers to progress. I don’t think we’re there anymore. IT Security is an integral part of everything an organisation does and just like the others, given the other opportunities that both technology and society are presenting today, ultimately, our increasingly sophisticated needs and understanding become the catalyst for truly transformational change.

However, the biggest issue I’m left with today is our own organisational view on risk, I just can’t see how we can achieve the kind of transformation that’s going to be required without being forced to revisit some things that are obviously the very cornerstone of our operation and culture.

Ultimately, we are the only people that can answer this, but I’m hopeful that by continuing to collaborate through this blog (and other forums), both we and our other strategic partners will be able to provide you with pieces of the puzzle that make what is necessary, possible.

6 Themes for Comtemplation

Tuesday, March 3rd, 2009

The catalyst for the birth of “The Envisioners” was the emergence of 6 key themes that seem to be effecting everything we do with IT today (and why mostly, our understanding of these issues is not as it should be).  What better a way to start this blog than with an overview of these themes as they form the foundation of the work The Envisioners do, and will be core areas of focus as we continue along this journey of discovery, helping us all reach a better understanding of the true value of IT in a modern society.

We’ll be coming back to each of these in much greater detail over the coming weeks, but for now let’s get to meet them:

Cost Reduction
costreductionMore than just today’s bandwagon, the current state of the global economy offers a real force for change. It is absolutely vital we understand how to harness this to our advantage rather than treating it as a constraint to progress. Being respectful that the current economic crisis has a devastating effect on many people’s lives, we need to be bold enough to avoid the mistakes that “easy” answers for cost reduction will bring – we’ll be looking at examples that help to unpick how we can make the biggest difference without sacrificing our future.


Yesterday’s news? No, I thought not, but as with Cost Reduction, this is a considerable force for change that we need to understand properly before we can figure out the best way for us have the biggest impact. Please, this is _not_ a discussion about bottled water and virtualised data centres, this is about how we identify and embrace the systemic change that is required if we are to make a real difference in our own lifetimes.

Security & PrivacySecurity & Privacy
No broad discussion about technology would be complete without a conversation around security and privacy, this one however, is focused on how we need to understand more about the evolving boundaries of privacy and the changing way in which we need to think and apply security principles in all that we do. Like it or not, this is going to require some really difficult conversations about our definition of “risk”, but these are conversations we can no longer choose to ignore.

Like it or not, the world is changing around us. Technology is (or has) become a pervasive part of most peoples lives and is no longer the “special” thing it was when I was a lad. This is big, treat IT as something special and “complicated” and you will fail. Why? Because no-one really cares anymore – it just has to work and we as individuals just have to get on with making it work. Don’t believe me? Ask your kids.

As individuals, we are incredibly resilient, we cope with significant change every day and mostly without blinking. There’s something about the work environment that changes this and we need to understand why. Why is it that we resist change so much at work when at home we just suck it up and move on. Ultimately, the more agile we are (as individuals and organisations) the greater our chances of success.

Innovation ManagementInnovation
All of the other themes point towards the need and drivers for transformation in both our personal and professional lives and innovation is the only way we can make that transition happen. But most people will tell you that having the ideas is actually the easy thing, it’s doing something with them that’s the difficult bit. Above all things managing Innovation effectively is the most critical thing for your success in the future, we’ll be looking into how other organisations approach this problem and offering ideas (and asking for yours!) on how it can be done to best effect in any given situation.