Tag: it-security

Harder than ever to work together.

Published on by Howie Cohen

We are so connected.   We are so connected to each other that we are disconnected from each other.  We have social networks, texting, phones, blogs, emails, television, internet channels and still we are disconnected.   Now we are looking to find ways to connect more.  The reason is that normal person  to person communication is breaking down.   We have a spillage of indifference in communication that is coming from this inhuman and impersonal nature of internet chatter.   The talking heads on television say things to each other today in common discourse that would have never been tolerated.   We have bullying at an all time high because people say anything on their minds.   The filters are coming off or wearing down.

We are becoming less trusting of each other and really for a good reason, bad behavior is tolerated.   The knowledge workers are tethered to the great internet, might as well be jacked in like Neo.  We seem to know everything all the time, or at least think we do.  In the past 10 years of my career, I have seen more people say “I know” grow beyond anything I could have or would have ever imagined.   We all “know it all” instead the truth is more like we know nothing of everything and something about nothing.   We actively choose to forget the things that matter or look to our past for lessons of our future.   I don’t like the way things are playing out and I don’t like this world that we are sculpting.   Our ethics and morals are going down the toilet but we build ethic and moral centers.  It is like we all say that those things that you are supposed to do are for others not for us.   Our jobs are getting harder because we don’t really talk to each other anymore and we are too smart to listen.

I wonder where we will be in another 10 years.  I love technology and tools, my life has technology integrated but I am really wondering if we are better off with less.

When (BYOD) Bring your own device becomes the norm, will we all be sitting in the same room texting each other?  I hope not..

Just hand me your wallet.. TRUST ME .. Cloud Risk

Published on by Howie Cohen

It doesn’t matter what your name is.. -The Rock

People throw their money in the garbage all the time.   Go to Las Vegas and see for yourself.   It is called gambling right?  What are you willing to risk? I recently went on travel and taught a Cloud Computing Professional course in Las Vegas, I watched a sea of people get caught up in the lights and sounds of the one arm bandits.    At least in Vegas you can see when you lose right away, in business it takes just a little longer.

It doesn’t matter what kind of business you are in, there is always risk.    Banks won’t lend to you if you don’t show them a plan including an understanding of risk.  Now more often than not, business people are looking to save money on “a sure thing” known as cloud computing.   The government is going all in because it seems to make sense and so are commercial organizations all over the globe.

I believe in leveraging technology and technology patterns to create savings and efficiencies for business and government but these should come with an understanding of the Trade off.   Below you will find a document written by (ENISA), they do a very good job of breaking down risks for analysis.  If you are moving to a cloud model, please consider a glance at this document for a pulse check at the least.

The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for the European Member States and European institutions in network and information security, giving advice and recommendations and acting as a switchboard for information on good practices. Moreover, the agency facilitates contacts between European institutions, the Member States, and private business and industry actors.

This work takes place in the context of ENISA’s Emerging and Future Risk programme.

CONTACT DETAILS:

This report has been edited by:

Daniele Catteddu and Giles Hogben

e-mail: Daniele.catteddu@enisa.europa.eu and Giles.hogben@enisa.europa.eu,

Cloud Computing Security Risk Assessment

“Risk should always be understood in relation to overall business opportunity and appetite for risk- sometimes risk is compensated by opportunity. ”

What about your wallet?

In the book Incognito by David Eagleman, he talks about a Trolly Problem  where people are faced with difficult choices and based on their perspective at the moment and what they PERCEIVE as risk, they are affected and the results may vary from their normal decision-making process.   One example is that if you had to push a button to kill someone to save others vs actually pushing someone physically.   Pushing the button is easier and we are more likely to do that if we are faced with this situation.  It is even easier if we have to push a button and we don’t actually physically see the result of our actions.

Let us apply this to business here.   You are reading my words here, you may or may not actually know me.   If you did, you would take what I am saying in context to your perspective about me.   Cloud Computing and remote business computing are realistically new concepts for people to manage (PEOPLE).   Technology is advancing faster than culture.

Would you hand someone your wallet?  Why would you give them all the information in your wallet?  You are doing this when you put your information in the cloud.   Wouldn’t you want to think about what information you are giving up?

Technology is advancing faster than culture

Technology is moving at speeds that people can barely keep pace with.   Everyone is busy with very little time to think and solving problems (real problems) as opposed to symptoms is a challenge at best.   Cloud is appealing because the cost of upfront engagement is generally lower.   What leaders need to think about is the TOTAL COST, not TCO, not ROI but the TOTAL COST including trade-off and risk to their business.

You have enough to look over with the PDF posted above! Good luck…

 

DoD isn’t ready for Cloud Computing

Published on by Howie Cohen1 Comment

If you read the Cloud Computing strategy paper there are a lot of great ideas but in our environment today they aren’t realistic.   Without getting into great detail or even attacking the strategy point by point we can totally dismantle the strategy with one concept, THE SLA / OLA.

How will you hold the DISA accountable when cloud services fail?   Where has DISA been successful with Cloud Computing today…? (be honest now).

Who will advocate for customers when DISA fails?  How will IT acquisition practices and programmatics change to accommodate the cloud?   I could really go on and on.

Bottom line is that DISA and the CIO don’t even know where all of the IT services are in the DoD holistically.   In other words, there is no “list” of DoD services.   I have been asking and looking for years for a list of even cloud like capabilities.    It is solving the wrong problems precisely to add cloud services to the mix and assume that you are going to force people to your services.

I would say that it will flat out fail until you start changing behavior not technology.

They talk about fostering adoption with the stick of governance but anyone who understands anything about “The elephant and the rider”  knows that in our world (DoD) we cannot DEMAND AND FORCE CHANGE.

I wasn’t clear.. sorry..  YOU CANNOT FORCE CHANGE IN THE DOD.

You can lead change.  You can inspire change.  There are a lot of things you CAN do but forcing people to go to cloud solutions on DISA isn’t going to be one of them.

Most people who I know have strong feelings about DISA..  I wouldn’t use the word.. LOVE .

The DoD tried to consolidate services and broker services with technology before, anyone heard of SOA?  It failed because they put technology first.

“If I give you this cool THING, you will LOVE me and you WILL give me your DATA.”  That is bologna.    If you put governance in place that will do it? NOPE.   Governance in the DoD from the highest levels is like a big fat tiger with NO TEETH.  It looks scary but the bite just tickles.

SO.. here is my challenge to YOU reader.  Ask everyone you know what cloud services exist in the DoD.   Ask them where they are and how much they cost.   Ask them what the SLA(service level agreement) looks like.  Ask them what the OLA (operational level agreement) looks like.   Ask them who they currently service .   Ask them for a list of technical capabilities.

LAST BUT NOT LEAST.. Ask them to be honest about what they have and who they are serving and the maturity of their environment.

Prove me wrong, but I am willing to bet that you won’t find a list unless you make it yourself.   You will find services all over the place funded in all sorts of ways.   You will find that the CIO doesn’t know what is in her enterprise. **sorry** is that effort underway?  I didn’t see a discovery phase in the strategy but maybe I overlooked it.

Let me know what you come up with…

 

 

 

 

http://blogs.federaltimes.com/federal-times-blog/2012/07/12/dod-releases-cloud-computing-strategy/