Devil in a Pebble

Global Warming

Our Plastic Ocean

Nuclear Meltdown

Gas Leaks

Oil Spills

Zika

Ebola

Cancer

Flint 

Distractors (Trump, Clinton, Journalists, Kanye..etc)

Short term Business Thinking <–Consequence Deferred

War — (The Clock is at 3 Minutes to Midnight)

Greedy World Leaders <– Destroyers of Humanity 

Greedy Business Leaders <– See World Leaders

These things and more are pebbles in the jar of our world.  The pebbles will continue to add up and we watch these events and behaviors everyday and feel as if we can do nothing. 

The same pebbles that are adding up to destroy our world and our kind can be countered by good behavior and healthy contribution.

You don’t get fat or fit in a day.  The world is becoming something new and it doesn’t look favorable for the human race.    To address this, we need to change our focus from Kardashian to Flint.   From wars we can’t win to battles we can win.   From political nonsense to practical mindful behaviors and actions.

It is our world and it is our choice.  Each of us is a contributor and each of us has an opportunity to make it better.  Doing nothing is doing something and it is not too late to save us.

We don’t have to worry about aliens attacking, the plague or great disasters, we have to worry about silence, ignorance and a lack of caring or humanistic paralysis.

garbage-patch2

This is our world..

160128082101-01-zika-virus-0128-super-169
Image Linked from CNN

Summary:

Our first world, second and third world problems are connected.  Money won’t matter when there is nothing to trade.  We must raise awareness and bring these conversations to light.

As a people this is our test.  As a group, a community, a world, this is our judgement day.

The choices we make and the actions we take will determine the blessings or the curse for our children and their children.  Today we are leaving a stain over a mark.. and we have to work together to figure out how to change our behavior.

4a8c6b6516a281ae3dc7183958a0e56a

Pass it on..

 

 

 

 

 

Working Out Loud: Show Up (Part 1 of 5)

This is a five part series about working out loud and engaging people across multiple organizations in order to tackle tough problems in knowledge management.

Showing Up and Working Out Loud

  • Show up whenever possible. 
  • Ask to speak with senior leaders, chances are they will see you.
  • Advocate for yourself and others.
  • Speak to the heart and mind.
  • Have faith and courage.

Part 1 “Show Up” In you We Trust

If you are invisible, no one can see you.  If you are quiet, no one can hear you.  If you aren’t present, you can’t be felt.  

After 9/11 the Pentagon had a lot of work to be done beyond just rebuilding the walls.   The impact of the attack had disrupted what we held as fact and truth.   It took an emotional and psychological toll on many people and it reshaped the reality of war at home. Something interesting happened during and after this event that changed the way I understood leadership.   Some leaders that I expected strength from chose to step back and become quiet, while others gained clarity, focus and resolve and chose to step up.

Stepping up meant showing up, making yourself visible was risky and took courage.  The war on terrorism is still a hot button topic by 2005 we were still seemingly reacting and responding with a great deal of emotion.  People are very passionate around this subject and passion may not always convey to good decision making.   This being the case, any approach to help with this subject area had to be carefully examined and measured.    As my old friend Vince said “Cohen, attacking a nat with a baseball bat may not get you the desired result you seek.”

Trust is Tied to Knowledge   

When I first stepped inside the Pentagon, I could see the damage that was left over from the devastating attack on our country, our people.   I had this feeling that overwhelmed me and I was overcome by feelings that I didn’t understand or have words to describe.   As I tried to contain myself I was reminded verbally by my Chief Division Officer why I was there at the Pentagon in the first place.  He said “The men and women of this nation make critical decisions for the safety and well-being of our warfighters here in these walls; I understand how you feel and this is why I brought you.”  

Walking through the small passageways of the Pentagon, I thought about our long drive, sitting through traffic.   It could be 4 hours or more each way on a good day.   He did this drive at least a few times a week just to make sure he was physically present.

We walked into a room filled with defense leadership and supporting cast members end to end,  there was a large long rectangular wooden table with senior leaders sitting and most others standing up against the wall.    After general practice and introductions there was silence.  I was looking around at the fine grain wood, paintings and designations on the walls.   There is history in every nook and corner of this building.  It is almost like going through a museum and art gallery at the same time.  Being in the room itself makes you feel as if you are part of this history.

They introduced my senior leader to the group with natural formality and gave him the floor to speak.  I can share the spirit of what he said in that room on that day.

We understand that there are things that we don’t know and we don’t ask.  We make the same mistakes over and again with assured confidence and certainty.  We make the same mistakes over again because even when we have our lessons learned, we don’t use them to prevent us from making poor choices.    Our great service men and women deserve better. They deserve our willingness to say that we don’t know.   We have to make both informed and uninformed decisions but we have a responsibility to them, to ask the questions and gain as much knowledge as we can.   We have to work together and be a joint force to accomplish this and we have to build trust across the services.   We can do these things with enterprise architectures.  We can do these things with knowledge fed to us with and for purpose for reuse across all of the services.

In his presentation and discussion his only request was for people to use our architecture tools and approach to pull together and share content in context for operations, decision making and analysis.

We were there to build trust and build knowledge through these trusted relationships. The high level objective was to learn and share in order to raise awareness with partners. The knowledge would then be used and reused to help reduce risk, save money and increase opportunities for operational and mission success.  My Chief didn’t stop here, he traveled and spoke with hundreds of people.   His message was known by all of his team and we were all encouraged to share information and help build a coalition with partners from various domains.  

We seek to “Help those who eat the MRE’s.”   (MRE= Meals ready to eat)

Showing Up is 

Showing up is a critical first step in the knowledge management practice.   Most leaders don’t have time to read.  I know how that sounds but it is true.   Chances are they will make time to meet if they are given a good reason.  That meeting is critical to both you and leadership.  It could be an opportunity to move forward with your ideas or fail fast and move on.

Part 2..  

“Senior leadership isn’t interested in what I have to say.”

“They (leaders) don’t care what we think.”

“We are just the hired help here.”

“I don’t have time and I am not really motivated”

“I have tried before and it didn’t work.”

Sound familiar.. will talk more about this next week.

  

Who is Responsible When Crowdsource Becomes Murder?

Question : Who is accountable or responsible when a false accusation or false report results in the death of a person?

Brown University student Sunil Tripathi was wrongly tied to the Boston Marathon bombing.   The result (may have been) his death.  There are indications that he may have died before the bombing.  The questions still remain. 

Reddit General Manager Erik Martin wrote:

though started with noble intentions, some of the activity on reddit fueled online witch hunts and dangerous speculation which spiraled into very negative consequences for innocent parties. The reddit staff and the millions of people on reddit around the world deeply regret that this happened. We have apologized privately to the family of missing college student Sunil Triphathi, as have various users and moderators. We want to take this opportunity to apologize publicly for the pain they have had to endure. We hope that this painful event will be channeled into something positive and the increased awareness will lead to Sunil’s quick and safe return home. We encourage everyone to join and show your support to the Triphathi family and their search.

Being Realistic looks like Pessimism

Is the glass half empty?

Is the glass half full?

Some friend you are.. calling me a pessimist..  I think of myself as a person who is realistic.

The glass is always full, just not full of what you want or expect.

Walk around in a bubble and you are bound to see the world from your own 360 degree perspective.  This doesn’t really reflect what is truly going on in THE world, just YOUR world.  It is shame really when you think about how business is today. Long gone are the days when you trust anyone.  I second guess almost everything because I have a hard time with trust.   I can trust but let us say I am cautious about it at this point.   It is kind of sad because growing up in Co-op City in the Bronx, I could trust people.  Of course we had our challenges but the only people that would steal from you would be the kids taking your lunch money.   Business people, every day people had honor.

That is what this is about.  You have a code?  Do you honestly care about your business or the people working for you or with you?   We don’t trust each other but you give all sorts of content to Facebook.   We don’t seem to trust each other but Amazon wants you to trust them with your business.  The truth is that we are being robbed and that is just real.   We are losing ourselves in text and media.  We are losing our honor and our ability to treat each other with kindness.  We don’t trust each other and we have to find a way back to that.   We have to find ways to trust each other and build trusted partnerships.  We also have to realize that we are being robbed.

How can we trust each other or learn to trust each other?

It seems to me that businesses need to start talking about trust and honoring their word.

  • We need to start practicing honest behaviors and proving ourselves as honorable people.
  • We need to define and follow up on a code of ethics and actually mean what we say.
  • We need to start communicating better and we need to start this by active listening.

This is our world today.

The WheelBarrel Story

There are many variations to this story.  I have seen a lot of churches use this in their literature but it isn’t religious.

There once was a man who worked at a factory. He worked at this factory for 30 years. And
about 20 years into his time there, the owners of the factory decided that the workers were
stealing things, so they set up guards at the gate to check all the workers every day as they left.
And every evening for those 10 years, five nights a week, this guy walked through those gates,
trundling his wheelbarrow, and the guards could see, every evening, that the wheelbarrow was
empty. They checked his pockets and all. They were sure that this guy wasn’t stealing anything.
Finally he retired, and the next week one of his co-workers commented as he left the factory,
“Well, we’ll see a lot less theft now that he’s gone.”
“Why? What was he stealing?” the guard demanded.
The co-worker grinned: “Wheelbarrows.”

Where are your wheelbarrows going? 

Just a thought..

 

In support of our Warfighter Creed

Perception

 “Reality is merely an illusion, albeit a very persistent one.” – Albert Einstein

Google “Contractors Creed” and this is what you get from http://www.militaryphotos.net/forums/showthread.php?57037-Contractors-Creed

THE CONTRACTORS CREED
I am a contractor. I look out for myself, the operators to my left and right, and no one else.

I will always take advantage of the fact that I can finally tell Commissioned Officers to pack sand, and will do so at every possible occasion.

I am my country’s scapegoat, the “plausible deniability” warrior, and I love it.

Less than 700 dollars a day is Unacceptable.

I am trained to eat things that would make a Billy goat puke, but will refuse anything less than 60 dollars Per Diem because I am greedy.

I care not for ribbons, nor awards for valor. I do this job for the opportunity to kill the enemies of my country, and to finally get that boat I’ve always wanted.

I will be in better shape than 99% of the active duty personnel, although this is not hard.

I will equip myself with the latest high-speed gear, and will trick out my M4 until it weighs more than 24 lbs, not because it works better, but because it looks cool in photographs.

I will carry more weapons, ammunition, and implements of death on my person, than an infantry fire team, and when engaged I will lay waste to everything around me.

In any combat zone, I will always locate the swimming pool, beer, and women, because I can.

I will deploy on my terms, and if it ever gets too stupid, I will simply find another company that pays me more.

How complicated…  or Maybe not

While this particular writing is referring to contractors that are serving (yes I said that) in the field alongside our finest.   It is a common theme heard in any situation where defense contractors are present.

According the NY Times “There were 113,491 employees of defense contractors in Afghanistan as of January 2012, compared with about 90,000 American soldiers, according to Defense Department statistics. Of those, 25,287, or about 22 percent of the employees, were American citizens, with 47 percent Afghans and 31 percent from other countries.” (http://www.nytimes.com/2012/02/12/world/asia/afghan-war-risks-are-shifting-to-contractors.html)

If that is true, which I believe it was at the time and still is, than contractors are part of our fighting forces and moreover they are part of our planning forces.   What this means is that

  • Contractors are people.
  • Contractors have a stake in war fighting personal and professional.
  • Contractors and Government Civilians are similar in a lot of ways.
  • Contractors and military service members can operate under the same conditions.

Captain Obvious

Good ethics and values are not bound by our uniform or contract.  In other words, whether I took an oath and wrote it down as a human to human kind of activity or I took an oath on my own the result is the same.   In contracting documentation and presentations given to government workers there is a note on the fact that a government worker took an oath.  Here is  an example ethics handout it is public via google.

(http://www.doi.gov/ethics/docs/Dangerous%20Liaisons,%20Dealing%20With%20Contractors%20Handout.pdf)

More on this www.acq.osd.mil/dpap/ccap/…/gov.ctr.relationshipaf.doc (Air Force document).

What the documents say is “do the right things” and they tell you what those things are by law.   Interestingly enough,  I have worked for years with contractors and leadership has told us over and over what the right things are.   The point is that WE should be ethical in OUR behavior REGARDLESS of whether we are government or contractor.  More often than not in my experience a lot of contractors are more inclined to do the right things because they really have more to lose.

Let’s think about this for minute..

  • Contractor does something wrong the result is termination of the contract.
  • Government worker does something wrong the result is an inquiry, after years the government worker is either terminated or promoted.

Isn’t this true?  Or do I just have a great imagination?

Point – If you are bored by now

We need a creed on behalf of our war fighter.  We need to be ethical and have integrity because.. JUST BECAUSE folks….  Politics are for politicians and there are a lot of them.  One thing I have learned over the years is that politicians don’t stop bullets from the boardroom.  I don’t really care what they are doing frankly, I care about what I am doing.  Am I doing what is right for my friends in the field?  Whether they are paid for by the government through one color of money or another doesn’t matter, the result is the same.  We are fighting for freedom; our freedom and democracy; our democracy. I am **ANGRY** because I am an American and I love this country and want it to exist and I want my kids to have choices in their lives.

I am tired.. of hearing excuses from individuals that they can’t do the things they need to do because of someone else.  I have mentioned in posts before that I know people that don’t give up but they are few.  So, here it is.. the short of it…

In Support of our Warfighter Creed 

I support our Warfighter. I think about my country and my family and the extension of those around me, I consider operators regardless of uniform and title.  

I will work to have faith in those around me and build trust with those whom I don’t know well in order to protect and preserve our existence as we know it.

I will lead from where I am and seek to be better every day knowing that if I excel those around me excel. 

I will look to practice being selfless and empathetic of others. 

I will be strong and take a stand when I have to. 

I will share information to benefit everyone that shares my cause.

I will reuse and recycle process, methods and tools anywhere and anytime I can.  

I have a code and recognize that others do as well, I will respect them as I expect them to respect me. 

I will collaborate, cooperate and communicate every opportunity I have as I understand together we are stronger. 

I will work to sharpen my body and my mind to be strong and ready. 

I will be concerning with my actions and take responsibility for me. 

I will be honest.

I will be loyal. 

I will deliver results and prove them when possible through measured success. 

I will not always know the mass effects of my work but I will recognize that results are independent of intent and results will vary while intent is consistent.  

I am accountable for my actions and I hold myself responsible and expect others to do the same. 

I know and understand right from wrong and if I am challenged to understanding the difference or I feel as if I am uncertain, I will ask a trusted agent to help provide clarity. 

End 

More ?

Some people can easily tie this to religion.. it can’t be about religion because we will differ.  This has to be for the purpose of our shared values.  Religion is divisive, that being said… if your faith is aligned with these concepts.. this shouldn’t be a problem for you.

I don’t expect people to take this idea and run with it or change their behavior overnight but I do want people to think about and recognize that our failings are our enemies strength.

The reason why American’s are so good is because we have shared values sewn together as a diverse tapestry with drastically dynamic and different roots.  In other words, we are all very different but when we come together these differences melt into something very powerful, common and known.  Ask anyone who grew up in a place like Coop City in the Bronx, we were all different but we were so tied together that we have been bound in friendship for almost 40 years.

Take a stand and share this creed..  letting people know that you care is a step towards building trust. 

Dispatches from the Front: 11 September 2012

From Kenny

Today, September 11, 2012, eleven years to the day, each of our worlds changed forever.  How will you celebrate such an epoch in world history?

Here on a Forward Operating Base, Bagram Air Field, Afghanistan, we will be mourning the loss of 3 men on duty and 8 wounded from enemy rockets and mortars that took their lives and broke their bodies early this morning.  The mortars fell short of the intended target.  My hut is within 100 yards of that target.  Had the rounds fallen equally long, it is only for the Grace of God go I. 

I have attended 26 Fallen Hero ceremonies since arriving on 17 June 2012 and thankfully survived 22 rocket and mortar attacks on our compound that come in the night.  This “Who Cares” war rages on.  We who witness its horror and who know what terrible things are yet to come do care.

The families who have loved ones sent into harm’s way care.  You who are reading these words care for you would not be receiving this Dispatch if you did not.   Tell me if I am wrong, it appears the rest of our magnificent country just wishes this war would go away.  Even that response has to be pried out when forced to think about Afghanistan at all.  When did our society become complacent?  When did the attitude, “I’ll just write a check and my moral conscience cleared” become acceptable?  I remember in Africa watching two buffalo being chased by a lioness. One was taken.  The other carried on.  That is the cycle of life.  What of humans in the same situation?  Does the one, who makes it, simply say, Damn, I’m glad it was not me, and it sucks being the one that did not?  Questions I seek answers to, but today, have none.

I truly believe, even those who do not support this war, in their hearts support the individuals sent to fight it.   That has to be good enough.

Semper Fidelis,

Ken

GS-15, CJTF-1, 1D, CJ Assessments

Task Force Defender

Bagram Air Field

NIPR: 303-552-8026

kenneth.d.williams@afghan.swa.army.mil

CENTRIXS: 611-263-8665

kenneth.d.williams@afgn.centcom.isaf.cmil.mil

SIPRNET: 718-552-7515

kenneth.d.williams@afgn.centcom.smil.mil

“It boiled down to courage and tenacity”: My “Inbox Interview” with Howard Cohen, Community Manager at DISA Forge.mil and Technologist by Chris Maher

I was interviewed a few weeks back by Chris Maher on Linkedin.  The topic was concerning “Trusted Computing”  and ramblings on security.

CM: Howard, as you know, I quoted you at the 2011 NSA Trusted Computing Conference & Exposition: “Well.. I believe in Americans. I believe that when we see various challenges that we individually step up and out to deal with them. We have put your faith and trust in leadership and leadership has been pounded with more work than they can handle (yes, I am being nice). That being said, it is up to us individually to lead where we are. We must individually work to change our own behavior and look to influence others by leading from where we are. If I am a Janitor, then I look for ways to be efficient in cleaning and thrifty in spending for supplies, or find ways to reuse supplies. If you are an Executive Assistant, find ways to make a difference in the office. If you are a Technical Strategist, teach everyone everything you know about Service Orientation and Trusted Computing and technical reuse models. It doesn’t matter who you are, it matters what you do. Our jobs do not define us holistically. In recent days I have seen civilian leaders (you know who you are) step up to the plate and take risks in order to share their ideas on how to create a more effective and efficient acquisition solutions. It isn’t only up to them. We will find more success together by working to change these behaviors and tackling the challenges we can see one person and one problem at a time…” (SOURCE):https://cohenovate.wordpress.com/category/howard-cohen/

It’s a great quote for a variety of reasons. That said, I want to focus on your awareness of and experiences with Trusted Computing. How you were first introduced to Trusted Computing?

Chris,  Thank you very for clearly understanding and articulating the message of “leading from where we are.”  I have been working for the Department of Defense for close to a decade now, before that I worked at a school division and the commercial industry.  I have worked for Joint Forces Command, Joint Staff and now DISA.   I started hearing about Trusted Computing while working at the school division, if anyone is going to break your system it will be the kids.  I learned a great deal about system hardening as I entered the world of military architectures at J8.   I started at US Joint Forces Command by using security technical implementation guides (STIGs) as we call them.   Prior to that I was using non-military oriented technologies like hard drive sheriff, deep freeze, bootable cd os (barts PE), stuff like that. 
And, in your estimation, why does Trusted Computing matter? Why is it important?
In enterprise computing you want to be able to leverage standards. We need the ability to look at metrics and we need to understand what “expected behavior” is.  In other words, we need to be able to know when something is not working right.   So you need standards so that experts can be on the same page and understand what they are looking for as “normal” as opposed to seeing something that “interesting” , if everyone is doing their own thing at the enterprise it makes it very complicated to know what the heck is going on.   You have “shadow IT” that will compromise the integrity of the network simply because it exists.   When working in an enterprise users and operators need to trust that mechanisms are in place to protect them.  I can go on about this but the bottom line is that to know if something is wrong you need to establish that something is right.  I believe that is why Trusted Computing is important. 

CM: As you may know, Richard Stallman once rebranded Trusted Computing (TC) as “Treacherous Computing” which made a neutral set of technologies out to be a threat to open computing and/or our civil liberties. Stallman conflated Microsoft’s Palladium effort with the word of then TCPA. Ever since, TC has been dogged by the adjective “controversial.” For me, TC (including self-encrypting drives) actually protects my civil liberties by arming me, the digital citizen, with technologies that can defend my information from any intruder… including an intrusive government. But that’s just my opinion. How do you assess the intersection of Trusted Computing and civil liberties.

As long as there are people involved in computing, there are going to be hackers.   As long as we are at war with others, there will be people who will look to harm us in the real world or through technology.  Sure you are sharing the standards but I would say process and method are two different things.  In other words, you may have common technological frameworks and standards but how enterprise strategists think about and employ these technologies are different.   For example, I know of an organization that uses two layers of username and password and additionally requires a common access card, all of which are standardized.   The practice is abnormal but if a technologist was brought in to help solve a problem once he or she understood the architecture and because they are using standardized technologies and platforms they can help solve the problem.   I equate it to having a human in the loop.  People are your greatest protection mechanism as well as your greatest threat.   In terms of civil liberties, I think we have some problems with the law more than technology.  We don’t have a right to privacy, it isn’t guaranteed by the constitution and that means corporations and people are free to snoop around our business.  When that gets into information gathering and data aggregation it poses a much bigger problem than just technical mechanisms to protect our data.  It is more about what information did your city just put out about you and your home value, stuff like that.  So, in other words I am not sure that Trusted Computing makes a difference here unless we are just talking about me protecting my local hard drive.

CM: Much noise is made by IT professionals about the difficulties of using TC, specifically going into the BIOS and having to turn on TPMs. And it must be said that there has not been the development of many applications that leverage TPMs. In your experience, is Trusted Computing too hard to implement?
I have seen full disk encryption at the corporate level and while working with the government.  I have not seen BIOS based modules employed and I don’t have personal experience with BIOS based secure computing.  As I mentioned earlier, while working at the school division we used a device call hdd sheriff and some technology out of Israel to perform persistent drive management and encryption.   This was over 10 years ago too but the concepts have been around for a long time.   There aren’t a lot of commercial options that I have seen at the application level that use TPM’s but I think there is value there depending upon the requirement.   This is all about balance.  Risk is the key.  How much is this going to cost you?  What are the implications?   If I am working in the financial sector, I want as much technology as I can to protect my information.  The same could be said for the medical industry, I haven’t figured that one out yet but I am sure there is a good reason.  

CM: It’s been my contention that government MUST take the lead in adopting and recommending Trusted Computing. In this regard, I’ve been heartened by the NSA’s (more or less) full-throated endorsement of TC and by the CESG’s recommendation in favor its use. Further, as you may know, NIST 800-155 (in draft form) has recommended (or will recommend) the use of a hardware root of trust as a foundation for BIOS Integrity metrics. Still, it seems like .gov and .mil domains have been quite slow to fully adopt these open standards and technologies. In your view, what’s the state of play re: TC adoption within our government?
This is about cost of implementation and ability to implement.  In other words, as long as there are programs that are “Programs of Record” with Title 10 authority, essentially meaning that they can control their own technical destiny there won’t be adoption unless it becomes part of the culture.  For example, while working for Joint Forces Command I stood up one of if not the first accredited virtual infrastructure.   Most people were getting rejected at the time because hardening didn’t exist aside from the vendor best practices.   Information Assurance folks were afraid to take the risk, although it could mean millions in savings.   It boiled down to courage and tenacity.   The government leadership I worked with and for championed the idea and helped me bring people together by supporting our teams ideas.   It took many briefs and I think I have stock in some chocolate company now as well to get people to believe that there was value in virtualizing the infrastructure.   I know that sounds funny now because so many have adopted virtual technologies.   Here is the kicker though, today even though virtualization has proven to be of great value there are many government programs that haven’t virtualized and / or won’t go because of requirements and title 10 authorities.  CM: A great deal of academic and industry research has focused on the value of TC when it comes to authenticating users in a cloud-computing context…as well as using TC to protect user’s data in the cloud from the “insider threat.” Speaking specifically about the cloud-computing context, how important do you think TC technologies (TPMs) and protocols are as enablers?

As I started working on enterprise computing concepts and strategies, I started to see a trend.  Thomas Erl talks about this in his service oriented architecture books but it has to do with understanding dependency.  Cloud computing may increase risk.  Notice I say “may” instead of will, the reason is that every enterprise situation and IT ecosystem is different, remember earlier when I was referring to process and method being two different things.   Regardless of the situation organizations will have dependencies, for example you need communication services to connect to the Internet.  As you increase services and connectivity requirements it is likely that you introduce more dependency.
The cloud really refers to “off premise” services. These services are interconnected enterprise services that go beyond an organizations local physical infrastructure.   This is very important to realize because it means that hardware and IT resources are still potentially under trusted controls of an organization which of course then leads to leveraging organizational standards etc.   

The difference is that when you have a dependency on a “cloud provider” that is outside of your organization you build dependencies in which you may lose control over the IT resources.  As you give up autonomy or operational governance, you become more reliant on legal remedies.  In other words, SLA’s or Service Level Agreements become critical to the organization.   This relates to Trusted Computing in a lot of ways, for example a service provider may need to employ certain (TPM’s) prior to an agreement of use.  This increases the cost to service providers and also may limit choices as to what service providers’ organizations can use.  An example is that Amazon offers Federal services with enhanced security.  I am not advocating for any service provider, I am simply saying that as cloud services increase, the costs of these services will increase and the demands of security and stability increase.   In the grand scheme of things it wasn’t that long ago that most folks were on dial-up, it was $9.95 to $19.95, today most people pay $40.00 for Internet services not including the extra services they pay for while on the Internet.  As these costs increase, it pushes the price of everything up, simple economics.  Trusted Computing in the cloud is costly, but organizations when moving to the cloud will need to absorb these costs.  

My key point is that we can’t rely on technology alone.  Technology as it is today can be overcome by the human brain.  That being said, we still must put barriers in place to slow down attackers enough so that we can identify in some manner that our information is being attacked.   It is the difference between having a lock on the door and adding a security system.   Some people would say that adding a security system adds no value or is a waste of time.  I think as we continue to build technological solutions to thwart attackers or secure the enterprise, we strongly need to consider how we can keep “a human in the loop” and have people involved in watching the various stores.   As we move forward with these kinds of discussions we truly need to consider people, process, methods and finally tools which in my mind is where a lot of the Trusted Computing area currently addresses.