Welcome!

Cloud Expo Authors: Pat Romanski, Carmen Gonzalez, Liz McMillan, Elizabeth White, Yeshim Deniz

Blog Feed Post

Cloud Computing, the NSA, and Why Businesses Should Care

Listen: as cloud computing consultants, we drink the cloud computing koolaid. We’ve implemented cloud-based software for businesses of all sizes, across just about every industry. We’ve seen it revolutionize how businesses work.

We’ve also seen security become a very real and increasingly serious concern.

Don’t worry, it’s safe!

When we first began showing cloud-based software to clients, the idea of storing your data remotely was a new concept. Like clockwork, clients were all concerned about security. Is my data safe? What happens if the software company folds? Can we be hacked?

cloud securityLike good cloud computing consultants everywhere, we’d listen, smile, shake our heads, and explain why clients needn’t worry, how storing your data on 3rd party servers was safer than storing it locally, how Google had armed guards.

And that was all true. In many ways, top-of-class cloud-based software tools do deliver top-notch security.

But in other ways, those early clients had prescient concerns. The shift to cloud computing has – in subtle and not-so-subtle ways – followed a fundamental shift in data and how we think of property writ large.

Lets rewind….

Software-as-a-pain-in-the-ass (SAPAS)

Before Salesforce, before Google, there were local servers and hard drives. If businesses used software (and that’s a big “if”), they had it installed locally, on-site, on their own computers or servers. Barbaric, I know.

This had major disadvantages: accessing your programs if you weren’t at the office was a pain. Syncing data between workstations was a nightmare. Collaborating in real time without overwriting was impossible.

Then there were the bills. Typically, companies paid third-party consultants like us huge retainers to maintain servers, push updates, and install patches. The value-add of those consultants was technical – they operated as IT janitors, doing the dirty work that no one else wanted or knew how to. Inexplicably, this is still a viable business model.

But for many businesses, cloud computing changed all that.

Enter the cloud

With cloud computing, businesses didn’t have to worry about maintaining anything. Sign up for an account and you’re done: the vendor does all the dirty work, no middle-man necessary. Just you, your data, and your sweet, innocent software.

Other advantages followed. Because vendors no longer relied on resellers for sales, the market was flooded with new software options – and increased competition meant better, cheaper products. And because the cloud affords technical advantages (such as integrations), the feature-set deepened. What could possibly go wrong?

The fight for your data

As many, many observers predicted, data privacy and security is today a major concern for businesses. This fact is highlighted by recent revelations about the NSA’s writing backdoors into consumer software, and Target losing credit card data on tens of millions of its customers.

Used to be, we didn’t care much about that stuff. It won’t happen to you.

business hackerBut the reality is, something major has happened. Most businesses don’t have technical control of at least some – if not all – of their data anymore. Their banking data, their client data, their sales data, their documents and records – for millions of businesses, that stuff is stored on anonymous data servers and leased back.

Now, I’m not saying that’s an inherently bad thing. And it’s still true, for most businesses, that their data is safer (in some ways) now than it was when it was recorded on some dusty Exchange server in the closet.

But it’s also true that vendors, businesses, and consultants all need to do a better job of being honest about the state of software security. Too many vendors say “we use bank-grade encryption” and leave it at that. Too many clients aren’t asking the right questions. And too many consultants just don’t care.

A better way

By definition, cloud computing means a loss of some control. A relinquishing of technical reigns in return for better products. That’s just a fact.

But that doesn’t mean we can’t demand more.

Vendors should have transparent security outlines, where it’s 100% clear where your data is, what they’re doing with it, how it’s protected, and what they plan to do when something goes wrong.

Businesses should demand more. When vendors or consultants don’t address security, they should force the issue – and don’t accept anyone rolling their eyes.

Consultants should care more. They should know about SSL vs TSL; the difference between hashing and encryption; the strengths and limitations of multi-factor authentication.

This stuff is stressful to think about, but it’s super important. We’ve never had a client or a vendor suffer a data breach, but we also know it’s a lottery – and it’s up to us (and you) to mitigate risks.

VM Associates is a New York City cloud computing consulting firm. We help companies transition into newer, better, smarter software. Contact us to talk about your business, the cloud, and how we might help.

The post Cloud Computing, the NSA, and Why Businesses Should Care appeared first on VM Associates.

Read the original blog entry...

More Stories By Chris Bliss

Chris Bliss works at VM Associates, an end-user consultancy for businesses looking to move to the cloud from pre-existing legacy systems.

@CloudExpo Stories
Blue Box has closed a $10 million Series B financing. The round was led by a strategic investor and included participation from prior investors including Voyager Capital and Founders Collective, as well as the Blue Box executive team. This round follows a $4.3 million Series A closed in December of 2012 and led by Voyager Capital. In May of this year, the company announced general availability of its private cloud as a service offering, Blue Box Cloud. Since that release, the company has dem...
The Internet of Things (IoT) is going to require a new way of thinking and of developing software for speed, security and innovation. This requires IT leaders to balance business as usual while anticipating for the next market and technology trends. Cloud provides the right IT asset portfolio to help today’s IT leaders manage the old and prepare for the new. Today the cloud conversation is evolving from private and public to hybrid. This session will provide use cases and insights to reinforce t...
SAP is delivering break-through innovation combined with fantastic user experience powered by the market-leading in-memory technology, SAP HANA. In his General Session at 15th Cloud Expo, Thorsten Leiduck, VP ISVs & Digital Commerce, SAP, will discuss how SAP and partners provide cloud and hybrid cloud solutions as well as real-time Big Data offerings that help companies of all sizes and industries run better. SAP launched an application challenge to award the most innovative SAP HANA and SAP ...
SYS-CON Events announced today that Aria Systems, the recurring revenue expert, has been named "Bronze Sponsor" of SYS-CON's 15th International Cloud Expo®, which will take place on November 4-6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Aria Systems helps leading businesses connect their customers with the products and services they love. Industry leaders like Pitney Bowes, Experian, AAA NCNU, VMware, HootSuite and many others choose Aria to power their recurring revenue bu...
As Platform as a Service (PaaS) matures as a category, developers should have the ability to use the programming language of their choice to build applications and have access to a wide array of services. Bluemix is IBM's open cloud development platform that enables users to easily build cloud-based, creative mobile and web applications without having to spend large amounts of time and resources on configuring infrastructure and multiple software licenses. In this track, you will learn about the...
In her General Session at 15th Cloud Expo, Anne Plese, Senior Consultant, Cloud Product Marketing, at Verizon Enterprise, will focus on finding the right mix of renting vs. buying Oracle capacity to scale to meet business demands, and offer validated Oracle database TCO models for Oracle development and testing environments. Anne Plese is a marketing and technology enthusiast/realist with over 19+ years in high tech. At Verizon Enterprise, she focuses on driving growth for the Verizon Cloud pla...
SYS-CON Events announced today that Calm.io has been named “Bronze Sponsor” of DevOps Summit Silicon Valley, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Calm.io is a cloud orchestration platform for AWS, vCenter, OpenStack, or bare metal, that runs your CL tools puppet, Chef, shell, git, Jenkins, nagios, and will soon support New Relic and Docker. It can run hosted, or on premise and provides VM automation / expiry, self-service portals,...
Ixia develops amazing products so its customers can connect the world. Ixia helps its customers provide an always-on user experience through fast, secure delivery of dynamic connected technologies and services. Through actionable insights that accelerate and secure application and service delivery, Ixia's customers benefit from faster time to market, optimized application performance and higher-quality deployments.
SYS-CON Events announced today that Verizon has been named "Gold Sponsor" of SYS-CON's 15th International Cloud Expo®, which will take place on November 4-6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Verizon Enterprise Solutions creates global connections that generate growth, drive business innovation and move society forward. With industry-specific solutions and a full range of global wholesale offerings provided over the company's secure mobility, cloud, strategic network...
SimpleECM is the only platform to offer a powerful combination of enterprise content management (ECM) services, capture solutions, and third-party business services providing simplified integrations and workflow development for solution providers. SimpleECM is opening the market to businesses of all sizes by reinventing the delivery of ECM services. Our APIs make the development of ECM services simple with the use of familiar technologies for a frictionless integration directly into web applicat...
The only place to be June 9-11 is Cloud Expo & @ThingsExpo 2015 East at the Javits Center in New York City. Join us there as delegates from all over the world come to listen to and engage with speakers & sponsors from the leading Cloud Computing, IoT & Big Data companies. Cloud Expo & @ThingsExpo are the leading events covering the booming market of Cloud Computing, IoT & Big Data for the enterprise. Speakers from all over the world will be hand-picked for their ability to explore the economic...
Cloudwick, the leading big data DevOps service and solution provider to the Fortune 1000, announced Big Loop, its multi-vendor operations platform. Cloudwick Big Loop creates greater collaboration between Fortune 1000 IT staff, developers and their database management systems as well as big data vendors. This allows customers to comprehensively manage and oversee their entire infrastructure, which leads to more successful production cluster operations, and scale-out. Cloudwick Big Loop supports ...
To manage complex web services with lots of calls to the cloud, many businesses have invested in Application Performance Management (APM) and Network Performance Management (NPM) tools. Together APM and NPM tools are essential aids in improving a business’s infrastructure required to support an effective web experience… but they are missing a critical component – Internet visibility. Internet connectivity has always played a role in customer access to web presence, but in the past few years use...
SAP is delivering break-through innovation combined with fantastic user experience powered by the market-leading in-memory technology, SAP HANA. In his General Session at 15th Cloud Expo, Thorsten Leiduck, VP ISVs & Digital Commerce, SAP, will discuss how SAP and partners provide cloud and hybrid cloud solutions as well as real-time Big Data offerings that help companies of all sizes and industries run better. SAP launched an application challenge to award the most innovative SAP HANA and SAP ...
Software AG helps organizations transform into Digital Enterprises, so they can differentiate from competitors and better engage customers, partners and employees. Using the Software AG Suite, companies can close the gap between business and IT to create digital systems of differentiation that drive front-line agility. We offer four on-ramps to the Digital Enterprise: alignment through collaborative process analysis; transformation through portfolio management; agility through process automation...
What are the benefits of using an enterprise-grade orchestration platform? In their session at 15th Cloud Expo, Jeff Tegethoff, CEO of Appcore, and Kedar Poduri, Senior Director of Product Management at Citrix Systems, will take a closer look at the architectural design factors needed to support diverse workloads and how to run these workloads efficiently as a service provider. They will also discuss how to deploy private cloud environments in 15 minutes or less.
Headquartered in Santa Monica, California, Bitium was founded by Kriz and Erik Gustavson. The 1,500 cloud-based application using Bitium’s analytics, app management, and single sign-on services include bug trackers, customer service dashboards, Google Apps, and social networks. The firm states website administrators can do multiple tasks online without revealing passwords. Bitium’s advisors include Microsoft’s former CMO and the former senior vice president of strategy, the founder and CEO of Li...
The Transparent Cloud-computing Consortium (abbreviation: T-Cloud Consortium) will conduct research activities into changes in the computing model as a result of collaboration between "device" and "cloud" and the creation of new value and markets through organic data processing High speed and high quality networks, and dramatic improvements in computer processing capabilities, have greatly changed the nature of applications and made the storing and processing of data on the network commonplace. ...
StackIQ offers a comprehensive software suite that automates the deployment, provisioning, and management of Big Infrastructure. With StackIQ’s software, you can spin up fully configured big data clusters, quickly and consistently — from bare-metal up to the applications layer — and manage them efficiently. Our software’s modular architecture allows customers to integrate nearly any application with the StackIQ software stack.
Things are being built upon cloud foundations to transform organizations. This CEO Power Panel at 15th Cloud Expo, moderated by Roger Strukhoff, Cloud Expo and @ThingsExpo conference chair, will address the big issues involving these technologies and, more important, the results they will achieve. How important are public, private, and hybrid cloud to the enterprise? How does one define Big Data? And how is the IoT tying all this together?