Thursday, 27 May 2010 20:46 administrator

Article comments enabled !

Since many of you were kind enough to register, i enabled comments in an effort to open a line of discussion.

All this is very new to me and i hope with your help we can actually create something here.

I will do my best to share interesting things, some thoughts, well will see.

Mario

Friday, 14 May 2010 13:41 administrator

Some raw concepts about security in the clouds, taken form a conference I attended in Washington DC

These are big picture ideas the panelist shared.

Where the data resides?

The essence of cloud computing is Virtualization, the core of Virtualization is the hypervisor, what if it is compromised?

Cloud providers use premade OS what if the OS is tainted

Clouds are multi tenancy systems, other customers could lead to intrusion or be the intruders.

Who owns the data, it is not clear or at least it is not regulated

Cloud providers work at the Petabyte level, is it possible to keep up with the traffic.

Can they properly administer the amount of images they deal with

We need to understand that we are outsourcing security

You are also buying cyber security operations, do they comply, do they share the protocols and policies you require about security?

DOD is focusing in private clouds, public cloud is a bridge too far.

DOD sees too many challenges at the operations level, remember all corporate network challenges also apply to the cloud model.

We need a security profile on a service by service basis, there is no such thing as a global security protocol.

Cloud providers do not provide the adequate security, they are working on it, but it proved to be very expensive.

The infrastructure should be built around security we are not there yet.

51% of the companies interviewed are not going to the public cloud computing model due to security concerns.

49% think the technology is immature

Government have a lot of Cloud computing initiatives but they are not implementing yet.

There are no standards, no compliance HIPAA SOX404, etc.

Security is a journey not a destination

Security is about risk management

No one is really using the cloud, the number of users is way lower than the perception, and this is because of security concerns.

Cloud services in collocations are more expensive in the long run than building them yourself

DOD thinks we have 5 years to do research and to perfect the public cloud computing model, no government agency will use it before that.

There is one exception, government and governmental agencies in general have tons of public data, public clouds are good for that purpose.

They defined the cloud as science fiction not fantasy, when asked about the difference, they said science fiction means it is possible but in the future.

Risk can be accepted, mitigated or transferred

Remember the cloud is also a single point of failure

Everything is commerce driven and they will be always security issues

What works now in terms of security will not necessarily work on the new model, it is not about technology is about the human element, security is about the men element, security issues are human issues, they are man driven.

A DOD problem is how to transform and secure legacy apps into virtualized web based systems.

Public clouds need time to mature, we need time to develop new standards based on lesson learned, early adopters will become the case studies.

DOD see information based on a need to share and not on a need to know model. Is not who owns the data but what do you do with it.

Cloud computing is the industrialization of IT, we are putting the IT infrastructure on the Internet

Cloud computing model

SAAS – Software as a service

PAAS – Platform as a service

IAAS – Infrastructure as a service

Best model right now, Public data goes to the public clouds, private data goes to the private cloud

As we create bigger systems, we create bigger targets

Connecting systems between clouds is a major challenge due to the lack of standards

We need more expertise

Do not open your Active Directory to the cloud!

In the cloud there are no boundaries, no certainty where data resides, when they cross boundaries, who has access.

Your data can be stored and managed overseas

Government expect to have an open security model by 2012

Analyzing security in the cloud just from the data flow angle require database sizes that reach unmanageable levels

Scaling is a big issue

DOD proactive security approach means using modeling scenarios through simulation

Cyber security evolve at the speed of policy and not at the speed of knowledge.

Information assurance is a technical issue not a policy one.

There are no defined metrics in public cloud computing, there are no standards to evaluate risk parameters

There is no transparency no regulated security protocols, no audits.

Governmental agencies have no idea how to address compliance

This is a paradigm shift, the idea is to embrace the technology, but a new model needs to be developed.

Add new comment

Last Updated on Thursday, 27 May 2010 21:16

Google apps stories

Friday, 03 April 2009 13:38 administrator

This is what my field IT network engineer emailed our folks in Central America in regards to the use of Outlook as an email when using Google apps.

We realized there is no longer a good reason to keep on using it, I know his email sounds like a commercial but it is genuine.

As you know Outlook implies PST files, that need to be backed up, copied once we reformat a computer, if it grows too big becomes a problem, if they are popping and the connection is slow or get interrupted they run the risk of Outlook restarting the download process again so they get duplicate emails and well i can continue naming issues. We are going to enforce the use of the Gmail interface since there is no excuse now that the offline feature is available. Here is the email he sent.

Hello,

Speaking of Outlook...the best option available would be to not use it and use instead the Google Apps web interface (start.yourdomain.com). Google Apps provides so many options and features and is constantly getting even better-you already have shared and private contact lists, shared and private calendars, high-speed secure email, shared docs and spreadsheets, intra-office chat and video, excellent search and organize capabilities, etc. and most of this is now available on mobile devices as well, and it is all synchronized. Google Apps gives you full and secure access to all of your emails, appointments, contacts, docs, spreadsheets, etc. from any Internet-connected computer in the world, most handheld devices as well--and you aren't tied to the computer that Outlook is installed on. Gmail has an Offline feature now that allows you to open Google Apps, read and compose emails, check your calendar, etc. on your computer with no Internet connection, and the way that Gmail allows you to organize and search emails is also superior.

Disaster recovery

Concept

There are many different approaches to a continuity of operations solution.

The one that makes the most sense for us is one that not only provides the redundancy to the network but at the same time increase its functionalities.

We are constantly growing and we need to develop a platform that has room for future expansion.

We use many services that are critical for their operation, such as email, SharePoint, payroll, accounting in general, file system and others.

We intend to design a system that provides an immediate solution if one or more services in the network become unavailable.

We explored many systems and found that many of the solutions include one or many of the following issues

Involve alternate systems unfamiliar to the users, requiring routine drills to make sure everybody understand what to do during downtime.

Requires a new username and password

New Internet addresses or alternate Intranet sites to group the new links

The security protocols of the vendors providing these services are usually not disclosed and are not legally regulated yet.

Other approaches allow using the same credentials but require sharing Active Directory with third parties, and exposing it to the Internet

During the crisis all email traffic and storage is redirected to the alternate sites. Once the crisis is over data stored in the alternate sites needs to be reeled down back to the HQ servers.

Cold sites cost nearly as much as production sites but are seldom used and do not represent a plus for network performance and require IT resources.

Require routine tests to prove its full functionality

They need to be patched and administered just like production environments

Our approach

We use a cluster approach, not just having a disaster recovery site but doubling the available resources of the company.

SharePoint and Exchange were designed to work this way (server farms), traffic is routed based on availability, short path, fastest path or any combination that prove to be more efficient.

It doesn’t matter if one of the networks is not available the traffic will automatically be routed to the available server, same link, same username, same interface.

During normal operations we improve the performance of the networks for the users in HQ and the field.

We do not open AD, since we link both sites via a private Point to Point connection.

The new network add some complexity to the operation but once it is configured it provides additional resources the IT staff can benefit from , like moving resources from one network to the other based on need or performance.

Test security patches in an idling server before trying them on the production ones.

The acquisition of the UCS is the first step towards the implementation of this model. Virtualized servers can easily be moved or replicated.

Since the UCS was designed as a truly private cloud computing platform, it has built in functionalities that allow managing one or more systems without additional complexities, and precisely these capabilities allow us to manage both system without the need of additional resources or skills.

Add new comment

Last Updated on Friday, 14 May 2010 13:46

Pacal Votan

2012 the end of what?

After reading quite a bit about the predictions regarding 2012, I have to say that I have some concerns as it seems that some of the predictions might be becoming a reality.

You might think I‘m talking about the end of the world?

I'm having a real tough time trying to find information from scholars or reliable sources, there are so much "noise" on the internet about this topic that is really hard to separate what is real than what is just marketing or New Age no sense. But don't get me wrong i think there is also New Age make sense as well.

But also when you find information from archeologists or what seems to be "reliable" sources, they negate everything like the Mayas never ever mentioned anything other then predictions about floods, favarobale seasons for their crops, or not. So it seems the gap is really huge. I will continue my un scientific research seeking an answer that is good to me, that i intend to share in this site.

What i understand so far is that the Mayas never mentioned the end of the world. The Tortuguero monument includes the only known inscription depicting the end of the current 13-baktun era in 2012, the reference, it refers to “the end of the 13th b’ahktun which we will see in the year 2012” and as to what will happen, they say, “…utom, “it will happen” followed by something that we cannot read and he “will descend” yem. The last glyph begins with ta followed by something. However, this is not the end of the world.

Many comments mainly from Mexican archeologistsnot claim that what the Mayas said was that we are running out of time, and we need to go back to living according to the natural time. We are so attached to technology and to a rhythm that is so away from the natural cycle that we are destroying ourselves and the planet.

So the deadline can be interpreted as the last opportunity to change, and I think that we are changing, not sure if fast enough but we are certainly seeing the effects of the mess we created.

So no matter what that date represent for some reason it became a landmark and it will serve a turning point, which we can certainly use to drive change and evolve.

If the earth is aligning with the center of the galaxy, well I still need to understand that a little bit better.

But I respect the Mayan knowledge that is amazing and a real mystery, I started this blog to share with you opinions and information, and let’s see what happens.

Add new comment

More Articles...