Bio not provided
this is a great post and subject, something most people don't like to deal
with, it's like explaining a virtual server to my mum: it's a computer (hard enough to explain) but you
can't touch it. I definitely think there's a room for the role at larger vendors
but smaller most probably can't afford to have the dedicated role. The
business most probably isn't big enough. You might be multi-talented and have
other responsibilities but you really have to know what you're talking about
when it comes to laws and regulations. "I think" isn't good
enough. Excellent choice would be to use consultancies niched on quality,
security and compliance. Probably they offer branch specific services too
(care, bank, general privacy etc). Quiet often I see open quality and
compliance positions so the market for these competencies/services seems
to increase fast.
also think we need to divide security and compliance in to two different areas but still
closely related to each other.
1 month, 2 weeks ago on Compliance: Data Storage in a Regulated World
Paul. A lot of companies struggle to find its core, or they know their core but
they keep on delivering non-core. Result: both core and non-core becomes
neglected. You have to know your core, do it excellent, know your customer and
bring value...and you really have to know what's valuable for them. Source:
Customer partnership and collaboration. But; even if there's no one size fits
all everyone can't use bespoke services. Ask people around how many bespoke
suits they have in their wardrobe… SaaS and VAR's need to provide customizable
"boxed" services easy to integrate. Large scale, as said, need to
really know its market, competitors, channel etc.
1 month, 2 weeks ago on Customer Intimacy or Platform Efficiency: Which way will you look in 2014?
Esther and I do think Enterprise App Stores are vital for a successful BYOD
program, even if my POV of BYOD true ROI is quite vague. 25 percent might be too
low as you say since this most truly will thee way apps will be provided to
mobile devices AND PC’s (probably quite a bunch left of them in 2017). This will
also push traditional SW vendors to go the SaaS way and saddle roles like
brokers and aggregators which we can see some vendors and distributors already
are doing/trying to do. One great thing is that SMB’s probably don’t have to
set up MDM systems themselves, they will be able to use customizable app stores
from brokers/aggregators and ITO’s as a service.
thing is to keep a great, user-friendly and attractive store up to date so
users do use it. All too often internal stores and IT are or soon becomes
neglected even if the intention was else, business comes first… It’s a mind-set
companies have to change to become more efficient and productive. Like @DanielSteeves says I think it’s clever to start
with a basic functional “approved” store.
question, when we talk about not approved: do we talk about not allowed or just
not approved like supported? This triggers the privacy question about employer management
software/apps on the personal device.
1 month, 3 weeks ago on Are Enterprise App Stores a vital ingredient for any successful BYOD strategy?
@SinghBasant Thank you Basant. Great info.
5 months, 2 weeks ago on Is Your SaaS Multi-tenant?
post Basant and I agree with the benefits you get from a multi-tenant SaaS,
both as the provider and the customer. It's a Nirvana for tenant or non-cloud SaaS
and Application developers/providers (ISV’s) to reach out with the next version
of their solutions and apps. And we need to support them in this: platforms,
channel etc. Though; my POV is that a SaaS doesn't have to be multi-tenant to
be allowed to be defined as SaaS. SaaS is "bigger" than cloud. It's
when you say you use cloud as a delivery model it should be multi-tenant.
Agree? And it's when you misuse the cloud definition to non-multi-tenant xaaS
customers will be misled - cloud washing... But, if we stick to the Cloud
SaaS and a question (not a POV ;)): is your opinion the DB needs to be
Good points. Outages is part of the game and they will exist, regardless if on-prem, priv or public cloud. It's how you handle them that matters. Yes, it is about marketing and risks and sometimes penalties (money and/or market reputation). No one should promise AND expect 100% if ANY part in the service or product can fail. And if you're still cocky enough to promise or calculate (expect) 100% the harder you fall.
9 months, 3 weeks ago on Mimecast Email Servers Go Down – 100% Uptime SLA?
@comparethecloud To not change focus from Richard's great post and important subject; would it be a good idea if I post my (a bit long) reply as a separate post?
1 year ago on What makes a quality Cloud hosting provider? Part 1
@Andrew Cuthbertson I will reply to this one during the day and try to keep it short. :) It's possible we're discussing different clouds and the complexity and scope of the service.
@comparethecloud Thank you! Sorry, flu one week and now selling the house... Soon be back on track.
Richard, great post and I look forward to the next part. My comment: I agree you should check up on your CSP or reseller but I do think we have a problem if we have to check up on what hardware the service is running on. Of course it depends on what service you adopt and data you put in the service (= how business critical) but don't you think we need to put in more trust on the CSP? We should never be careless, we need to read the T&C (or says on the tin ;)), do the compliance, lock-in, security, compatibility, SLA etc check's, but if checking to deep nitty gritty it will take too much time etc. A reference is good but shouldn't be trusted as fact, though rumor might give you a hint. Couldn't that be somewhere enough? According to me; one part of what you need to let go when adopting cloud services is the detailed control of everything and put trust in you CSP and put more effort on information management. Sometimes you get what you pay for but I really do think that if you adopted a service produced in the bed room or in the cellar you haven't done your basic homework well enough.
Great post Robert!
1 year, 2 months ago on A Quick Guide For Cloud Companies That Don’t Understand Marketing
I realized my comment could be read a bit snooty. I apologize in beforehand; my intention was to salute Abduls post and to add “verified” pros, not to brag. Truly sorry.
1 year, 2 months ago on Is Desktop Virtualization The Way To Go?
Great post Abdul. I end up with a short bio to “verify” my comment, so it’s not a commercial. ;)
In general I agree to your post but I want to add some points/pros.
- Cost approx. the same as a mid-range computer. But there’s definitely some pro’s like ROI; less power consumption, fewer parts can be broken, longer life cycle
- Minimize theft of the physical device itself
- Low > no noise
- Even if longer life cycles it’s not true they can live forever. It’s a myth that needs to be ripped apart. Multimedia etc demands more power and better techniques = new TC’s
- A perfect start in a BYO-program
- More or less device independent
- As you say you can quickly roll-out upgrades, new apps etc. But you’re also able to easily roll-back if something goes wrong.
- Possibility to provide different OS and app versions to different users
- Possibility to provide two or more apps to a user, apps that normally aren’t compatible with each other.
- DaaS for MSP’s and CSP’s.
- Bandwidth might be a problem if you allow aero UI, audio and video. Today it’s very difficult to tell bandwidth per session. You should restrict this if needed with policies, both written- (staff handbook) and group policies.
- In most of the European countries there’s really not a bandwidth problem anymore.
Short bio: I’ve been working 15 years at a leading Nordic SP of ITaaS and ITO based on a multi-tenant VD platform. In March last year I wrote a post named ‘”Citrix? Whew!” Or?’(http://inmaxmind.blogspot.se/2012/03/citrix-whew-or.html) to “re-release” faith in Citrix and primarily XenApp which the multi-tenant VD platform was based upon. I ended my employment at the SP in September and now more run my own consulting business focusing on advisory in Cloud, ITO and ITaaS.
@RazorthornChloe Certainly agree. Business is not Jeopardy!
1 year, 3 months ago on Interview with James Rees of Razor Thorn Security
@comparethecloud I think my comment to @RazorthornChloe explains a bit what I think. Some adoption, especially public cloud services, won't be practical (or even possible) to DD too much where Next > Next > Next > T&C > Accept is the process. This is why the roles of Trusted Advisors, Brokers and Experts will be very important. They should be able to analyze, advice and support.
@RazorthornChloe Great advices. Of course facts are important, the combination of facts AND reputation. (It is references you shouldn't "trust".) Trusted independent reviews and advices are important in cloud adoption and future IT and I predict it will become even more important the coming years.
James, to explain my question a quote: "The one thing I can see right now with 100% clarity is that at some point in the next year or so one of the larger cloud vendors will have a catastrophic security event that will destroy their brand and reputation. It will be a wakeup call for the survivors..." I often tell customers and the market you have to trust CSP's in security, continuity etc and let go of detailed control. They should focus on compliance, T&C, lock in etc and choose on reputation (not references), value etc. You buy top security etc when you adopt a cloud service is my saying. You shouldn't have to verify and control as you have to with your own on-prem (let go of detailed control). This one of the advantages of cloud computing - to focus on value to your business. I'm also saying you should think and plan well before you act. I know the effect will be devastating (for the CSP and all its customers) if a larger CSP is affected by a larger incident related to security or outages. My Q: Should organizations be afraid of adopting cloud services, even from well-known CSP’s with good reputation? And should organizations NOT let go of detailed control?
A comment from the non-techy guy. Orchestration solutions are really needed. At the same time it's also about orchestrating your customer. As an IT department, ITO, appl operator etc you have to start think as an orchestrator, it's not only about technique, in: service management, governance, partnership etc. Take the possibility to be the trusted advisor and orchestrator to your customer, someone has to and someone will. My old post the Orchestrator from September last year more in detail explain the way I reason. http://inmaxmind.blogspot.com/2011/09/orchestrator.html
1 year, 3 months ago on You Need Cloud Orchestration
Sorry about the formatting....
1 year, 7 months ago on What is Information Security Really?
A lot of really great comments and traffic to a great post in an important matter. First and this is important; I’m not an InfoSec expert, at the most I would call me novice. So my points are in humble respect to all InfoSec experts. And I apologize if I’ve missed comments similar to mine in the thread. But, I will give you my opinion from “my mind of view”. I make it a long one…
Normally I use to say: Don’t worry about security in the cloud. It’s probably better than the one you have today in and around your on-prem solution. And if it’s better “at home” you either:
- Have a specific business that needs to be top secure. Most probably you shouldn’t put this type of service into a public cloud. Maybe a private one.
- A specific CSP have a lousy security solution – a minimum solution!
- You have probably built a better solution than needed + your owner or the management isn’t informed or don’t understand the actual cost.
CSP’s core business is to deliver services. If a CSP fail in security it’s a bad mistake and the CSP should, in my opinion, ask themselves why they are in the business at all; in the business to make easy money or truly deliver a good service to customers? The business is self-sanitizing but it’s bad for cloud business in general if credulous customers learn the hard way. By saying credulous I don’t mean sloppy. You should read T&C and benchmark but you should be able to trust the facts and results.
On the other hand;
CSP’s struggles with costs since customers demand more than they are willing to pay for (read my post about that customization isn’t the future on outsourcemagazine.co.uk). It might also be a problem when a customer asks for i.e. a SaaS where InfoSec isn’t a selection criterion and several CSP’s compete about the contract; why should the customer choose a more expensive service even if it’s better?! To me this is the biggest problem: Customers choosing the cheapest alternative even if they (know?) needed a better solution - the unaware CFO and CEO putting their businesses at risk because they didn’t understand, nor aren’t aware enough, just thinking about money in short term. To quote a colleague of mine: “When buying quality you only cry once.”
For sure, as in all situations; attacks will happen where it hurts the most. So CSP’s will be more attacked and vulnerable than single on-prem solutions. Therefore, I still say; Security is probably better in the cloud than with a business functional on-prem solution – because the CSP will be “erased” from the market if it fails.
Security shouldn’t be a defense wall only. The only way build “Fort Knox”-security is to use tons of money. Or you can erase all threats by dropping the Internet-connection, use rigorous controls when hiring and when the employees comes to work. But business is about taking risks, not stupid ones but some. You can’t afford “Fort Knox”, you can’t “afford” dropping Internet or setting up rigorous controls and you can’t afford incidents. You have to know threats and what risks you’re taking and try to minimize them, but most important; you have to know what to do if something fails or someone hurts your business. If you put the least acceptable level of effort (=minimum) to fulfill a certification, standard etc you as a customer jeopardize your business or as a CSP jeopardizing both your own and your customer’s business. If you know you’re doing minimum…reconsider if you should be in business at all.
Unfortunately the customers are driving the “minimum”. Let’s hope maximized security bangs aren’t the way to wake customers up from security minimalistic dreams.
Minimum is not ok – for me, you, he, she & it/IT, and none of us can afford a serious incident. Good q's are: What is maximum and what's "enough"?