The Risk Of Cloud Upgrades…

By Guy Bunker | June 16, 2010 | 1 Comment 

Guy Bunker


So, you are using the cloud and all is going well. New upgrades to the software appear at regular intervals providing new functionality… all is going well. But what happens if something goes wrong? Twitter has just had such a problem, and it took down the service for many users. Who cares… it’s just Twitter?!?!? Well, quite a few companies have Twitter as a key part of their communication strategy these days, so when it’s down it does make a difference. However, the real issue here is the risk around upgrading cloud applications.

Obviously, the vendor doesn’t plan to make a mistake – but what if they do? What if it was your CRM system, or your ERP solution? In this particular instance, there were missing, late and/or duplicate entries… what would happen if this were your ERP system – could it handle the problems and more importantly would you know about it before the auditors!

Part of any risk analysis for the business needs to include the risks associated with 3rd party suppliers – and IT and data handlers are no exception. Service Level Agreements need to reflect these possibilities and potentially have clauses for reverting (quickly) to earlier versions, rather than bug-fixing on-the-fly to resolve issues. Now is the time to take a look at the contracts you have – and ask your supplier the questions… “What if an upgrade goes wrong?”

Guy Bunker

Where’s your online data and who’s responsible for protecting it?

By john_turner | April 14, 2010 | 1 Comment 

john_turner

BrusselsYesterday at the European Cyber Security Awareness Day event in Brussels the Business Software Alliance (BSA) released some interesting research. They found that people in Germany, France, Poland, Spain, and the UK are confused over where their online data is stored.

About one in five citizens admitted to being unaware of whether their personal data is being held ‘in the cloud’, and 60% said they didn’t know what ‘in the cloud’ means.

When it comes to who should take responsibility for protecting online data, respondents were confused, with more than a quarter expressing a belief that a combination of stakeholders including government, businesses, technology companies, and consumers should be responsible for securing data held ‘in the cloud.’ The BSA says that this suggests that there may be a need for better coordination between government, businesses, and users and better education on cyber risks and best practices.

Coordination between government and business can go a long way in fighting cybercrime and protecting online data. Sound cyber security policies and technologies that protect the online environment are crucial but education can’t be overlooked. Users need to be made aware of online risks and know how to spot and protect themselves against malicious activity. I believe that better education is key to good cyber security.

John Turner

The RSA Conference – Cloud, devices & social changing the game?

By abigail_lovell | March 5, 2010 | Leave a Comment 

abigail_lovell

The weather may still be cold in London, but San Francisco has been hot this week, especially for the security industry. The USA RSA Conference is one of the premier security events, educating and connecting security professionals from around the world.

Symantec’s CEO Enrique Salem took the stage earlier in the week as one of the keynote speakers.

He discussed the information economy, and how this decade will change the way we think about it. The two major trends Enrique thinks will change the information economy significantly are the adoption of cloud computing and the explosion of digital devices. Along with the rise of social media, these trends make a trio that are linked and will accelerate the need for an information-centric approach to security.

All three rely on trust, and that trust requires security, privacy and compliance measures in place so that information can be accessible by the right people, on any device and from any place in order for the information economy to reach its full potential.

I found this really interesting. Enrique said that security is not only about putting up higher walls around information or locking down devices, it is about delivering solutions that provide trust and confidence. And he also spoke about how it is an opportunity for the security industry to enable, nurture and navigate through this future of the information economy.

It would be great to know what you are you doing in your organisation to securely allow information to flow freely between the right people. What has changed over the past five years and what predictions do you have for the next five?

Abigail Lovell

Photo credit

See You In Prague…

By Guy Bunker | May 15, 2009 | Leave a Comment 

Guy Bunker

Just a quick reminder that it’s the Cloud Computing Conference next week in Prague and my session is on The Darker Sides of Cloud Computing: Security and Availability. Cloud computing is definitely the buzzword for 2009 and so it will be great to hear other peoples’ opinions along with some practical advice. See you there.
cceep-226

2009: Chaos In The Clouds?

By Guy Bunker | December 9, 2008 | Leave a Comment 

Guy Bunker

We live in uncertain economic times where money is tough… but the cloud and more importantly, services within the cloud appears to offer value for money. You pay for what you use and so on. But… will this lead to chaos?

A decade or so ago the likes of PC World started to make a big impact on business computing. You could nip down there in the lunch break and buy a wireless router or a printer, pop back to the office and have it all connected up to the corporate network. Hurray. Well, not actually because the IT department eventually got wind of it, OK so it took several years, and decided that IT equipment in the office should be owned and managed by them in order to reduce the management cost, complexity and risk. So, the rogue wireless hubs slowly disappeared (some too slowly as the war driving and data loss incidents have shown) but they went.

Move on to 2009… budgets are tough but businesses still want to deliver new services. Will ‘the cloud’ become the next PC World equivalent, people rushing out to buy services outside of the IT department? As with ten years ago, all appears to be fine while it works – but when it doesn’t, what then? Even when it is working, the service acquired might not be up to scratch with corporate policy when it comes to having data outside the organization.

So… in the last couple of weeks of 2008, IT departments and CIOs need to think carefully about the cloud and how it can be used within their organizations – ahead of the business units. Develop, distribute and educate staff on policies around Information Protection and data loss prevention. Put a process together to rapidly respond to requests for new services which live in the cloud. There is still time to avoid the chaos… and use the cloud to business advantage.

When Is Cloudy Day Is Better Than A Sunny One?

By Guy Bunker | July 22, 2008 | Leave a Comment 

Guy Bunker

Cloud 999
It happened again, the cloud went away. Of course we are not talking about clouds in the sky, but one of those on the Internet. The outage was 8 hours this time – so a ‘working’ day. It was a Sunday, but that doesn’t mean that people aren’t working – we live in a 24×7 world, so 8 hours is 8 hours.

(Some) customers were quick to come to the defence of the service this time – but perhaps they wouldn’t have been if it had lasted a week… or maybe if it had been a Tuesday…

Choosing a service provider is not as easy as it appears – you do need to ask about their Disaster Recovery / Business Continuity plans and ensure their plans meet your needs, otherwise you could end up with no service and no business.