“There is no security on this earth, there is only opportunity.”
General Douglass MacArthur

Think about it. If a five-star general with more than a passing acquaintance with the Sherman tank wasn’t convinced security existed even after winning WWII, who can blame IT professionals for still having a few doubts about the safety of cloud computing? Unlike previous computing revolutions IT has weathered (mainframe to client-server, client-server to Web), cloud computing challenges traditional security assumptions and approaches. For starters, there are actually three models of cloud computing, each with its own level of exposure, risk and security needs.  Here’s a quick look at each and how the Cloud Security Alliance (CSA) describes their individual security concerns.

But first, a word about terminology:

Heads up: Definitions can vary widely.  This is how we see things at brightstack and where this blog is coming from.  If you have questions, please call me at [212-812-9446] .

There are two IT environments at work in most enterprises today. The internal, physical infrastructure comprised of legacy technology and business processes is the more familiar. But the rapidly developing, external virtual infrastructure may prove to be the more powerful.

Confused about the cloud? You are not alone. In a recent study of consumer awareness in the US [1]:

• 78% of respondents said they were unfamiliar with cloud computing.
• 76% of these same participants reported using an Internet-based (read: cloud-based) service such as Facebook, Gmail, Flickr, etc. within the past 12 months.

When you think about it, the disconnect makes sense. These days all kinds of professionals are weighing in on what the cloud is and does. Marketers, environmental activists, financial gurus -- everybody’s getting into the act. Especially technology analysts, as you can see below.

Part one: The Why and What
(Hint: You already know all about when and where — anytime, anywhere)

Why a Mobile Computing Security Strategy?
As if dealing with rapidly evolving devices, operating systems and business models wasn’t scary enough, according to newly released data, mobile computing security exploits are on track to double this year. [1]  Considering that both your mobile computing ecosystem and the forces that threaten it are in a state of constant change, unexpected disruptions are to be expected. You can’t plan for them, but you’d be crazy not to prepare. Having a mobile security strategy in place is a lot like having a flashlight in your briefcase. If your mobile environment suddenly goes dark, its job is to help you see where you’re going-- not to show you how to get there. You’ll just have to cross that bridge when you come to it.

A new survey of IT professionals sponsored by Dell KASE reports that nearly 90% of employees now use personal devices such as laptops, mobile phones and tablets for work-related purposes. [1]  No wonder Gartner analysts have predicted that 90% of organizations will support corporate applications on personal devices by 2014. [2]  Security concerns aside (we’ll deal with that topic in an upcoming blog), this is a trend IT would be smart to embrace. What follows is a quick look at just some of the many reasons why.

What ROI is  

• Return on Investment (ROI)
• A measurement of costs and expected benefit over time

What ROI is not

• Total Cost of Ownership (TCO)
• A measurement of costs only

Think fast. What do you get when you combine rapidly industrializing business models, the consumerization of IT and a global economy that’s slowly emerging from the worst recession in eight decades? In a growing number of enterprises these days, the answer is “an unprecedented opportunity.” The fact is that there has never been a better time to redefine traditional ideas about how in-house Information Technology (IT) organizations should look and work.

Part two: Who Needs to Know What

One Size Fits None
These days more organizations than should, are spending more money than necessary, on securing more resources than are practical, from more risks than make sense.  

Yes, it is true that:

• Security breaches are on the rise.
• There are laws to obey, standards to uphold, best practices to follow.
• Bad things sometimes do happen to good people.

But it is also true that:

• Statistically speaking it’s not happening as often, or to as many, as you may think.   
• From a liability standpoint negligence is not to blame nearly as much as may suspect.
• Legally, there may not be as much that you can do about it as you may hope.  

The information contained in this two-part guide provides a step-by-step plan to help you build a relationship with the right provider, regardless of whether you are looking to:

• Outsource your IT functions so you can focus time and resources elsewhere
• Strengthen or refresh your existing IT infrastructure without tying up capital
• Access specific capabilities without worrying about technological obsolescence

This documents focuses on everything you need to know to choose the right  provider for the job -- as well as detailed information about subsequent steps you can take to keep this valuable relationship on the right track.

Why IT should be worried
According to recently released data, mobile security exploits were on track to double between 2010 and 2011. [1] The news goes from bad to worse when you factor in these disturbing trends in the toll cyber crime takes on business: [2] Based on a comparison of 2010 and 2011, cyber crime was:

• 44% more common.  On average, participating organizations experienced more than one successful cyber attack per company per week.
• 56% more costly.  Cyber crime now costs organizations an average of $5.9 million per year.
  • On an annualized basis, of total external costs per year:

    Lost productivity accounts for 28%.

  Information theft accounts for 40%.

  • On an annualized basis, of total internal costs per year:

Recovery and detection accounts 45%.
67% more time consuming

The average time to resolve a cyber attack is now 18 days. The average time to contain malicious insider attacks is now 45 days.

The information contained in this two-part guide provides a step-by-step plan to help you build a relationship with the right provider, regardless of whether you are looking to:

• Outsource your IT functions so you can focus time and resources elsewhere;
• Strengthen or refresh your existing IT infrastructure without tying up capital; and/or
• Access specific capabilities without worrying about technological obsolescence

This document focuses on everything you need to know to find the best possible candidate for the job!

Snapshots are a great way to ensure rapid Recovery Time Objective (RTO – How long it takes to recover data) and Recovery Point Object (RPO – How far back can data be recovered) but they add overhead to the storage pool.

I was talking with my colleagues at VMWare today, and they said something very nonchalantly that was incredibly powerful.  I don’t know if they realized this at the time, but they basically said “VMWare will do the storage management.”  In my mind, this meant we can go lower end on storage as the storage management tools (snapshots, replication, de-duplication, etc) become even less important at the SAN level because they are being done at the VMWare level. 

In order to properly size a SAN for a customer, there are a few variables to consider. IOPS (Input Output Per Second), Raw Storage, Usable Storage and RAID configuration impact 90% of the decision regarding performance.

Selecting a storage partner was a tough decision to make. We knew that once we chose a partner, we were making a long term commitment and locking ourselves into a platform. The largest majority of cloud computing costs are in the storage. We also don’t want to oversubscribe storage and incur costs for our customers and ourselves related to resources that are yet needed. Some of the SANS we looked at came loaded with drives and storage was over provisioned. Others, allowed us to add disks as we needed.

I had a meeting with a client in the later part of 2009. He has always been a very forward thinker, very much ahead of his time.

I am really excited about transforming my business to a Cloud-based company. I see it as the culmination of a 25 year career that has brought me to this specific point in the evolution of Technology.