I managed to sneak in a quick afternoon visit to Infosec last Wednesday. I'll admit the free (and, quite honestly, excellent) lunch that I'd been invited to by the chaps over at IRM was influential in making sure that I didn't miss the show completely this year. Good food, interesting conversation. Thanks Phil :-)
I'm not entirely sure what I made of this year's show. To my eyes, it seemed quite busy in terms of attendee numbers and a number of the brave souls manning the stands seemed to be losing their voices by the time I got there after lunch. Which means it's probably safe to assume that they'd been kept occupied pitching their wares and handing over the usual treasure trove of pens, t-shirts and cheap puzzles. However. Other than finding out some more positive details on the Forum Systems products and coming across a promising new cloud security vendor (CipherCloud - check 'em out!) I'm not sure that I got too much out of the exhibition. Primarily the same old(er) faces pitching the same old(er) solutions and, unfortunately, the same can probably said of the education streams. Can't help thinking that the information security scene needs an injection of new DNA to breathe some new life, enthusiasm and ideas into what seems to be becoming a somewhat jaded, self-serving and self-congratulatory sector. The irony of my posting that last statement on a blog has not escaped me :-)
Whilst I'm being a little negative, the big story from the cloud computing world has been the downtime over at AWS which even made it on to the BBC web-site: http://www.bbc.co.uk/news/technology-13160929. We're still awaiting details of the problem (other than that there was a problem with EBS volumes and dependent services) but the biggest surprise(?) was that the issue spanned supposedly isolated availability zones within the affected region. I'm really hoping that the promised "post-mortem" discussing this event provides sufficient detail to enable AWS customers to design for resilience with a full understanding of exactly how isolated availability zones really are...
Tuesday, 26 April 2011
Friday, 8 April 2011
Latest cloudy ramblings
See, I'm making the most of my recently discovered free(ish!) time by popping up in Computer Weekly talking about the adoption of cloud services by SMEs. Link below:
http://www.computerweekly.com/Articles/2011/04/06/246204/CW-Security-Think-Tank-Whats-holding-up-the-cloud.htm
Some interesting differences in tone and opinions amongst the contributors to this Think Tank piece. When it comes to the use of hybrid cloud models I think I tend more towards the opinions expressed by Christofer Hoff over at http://www.rationalsurvivability.com/blog/?p=3016 rather than the view expressed by the chap from Gartner that cloud providers should be targetting SMEs with hybrid cloud services.
Hybrid is fine if you're talking about mixing your delivery of capabilities across on-premise and cloud, I've always had more of a problem with Hybrid as a way of delivering increased capacity on demand in that it's always seemed the worst of both worlds from a security perspective, i.e. you need to worry about the security problems associated with both models rather than just the one!
And, as Hoff says, "If your Tier-1 workloads can run in a public cloud and satisfy all your requirements, THAT’S where they should run in the first place!"
http://www.computerweekly.com/Articles/2011/04/06/246204/CW-Security-Think-Tank-Whats-holding-up-the-cloud.htm
Some interesting differences in tone and opinions amongst the contributors to this Think Tank piece. When it comes to the use of hybrid cloud models I think I tend more towards the opinions expressed by Christofer Hoff over at http://www.rationalsurvivability.com/blog/?p=3016 rather than the view expressed by the chap from Gartner that cloud providers should be targetting SMEs with hybrid cloud services.
Hybrid is fine if you're talking about mixing your delivery of capabilities across on-premise and cloud, I've always had more of a problem with Hybrid as a way of delivering increased capacity on demand in that it's always seemed the worst of both worlds from a security perspective, i.e. you need to worry about the security problems associated with both models rather than just the one!
And, as Hoff says, "If your Tier-1 workloads can run in a public cloud and satisfy all your requirements, THAT’S where they should run in the first place!"
Subscribe to:
Posts (Atom)
