The Science of Status Updates and Emotions

 

Today, I attended a keynote address by Richard Beecroft Allan, Baron Allan of Hallam, the Director of Policy in Europe of Facebook. One of the interesting things that Lord Allan mentioned, at least for me, was that businesses can target the right demographic on Facebook with their advertisements, however Facebook, as stated in their Policy, does not share any user details with the businesses. All Facebook guarantees is that the ad is displayed to that particular demographic.

I like the concept of 'Social Networks', however I still think it is not being done right. It currently feels as it may have felt when users had to deal with one of those earlier models of mobile phones. Bulky, Unintuitive and Cumbersome. There are lots of little issues to iron out and opportunities to improve. The 'iPhone' of the Social Networks has yet to arrive.

Conversations do not happen in the real world through 'Status Updates'. Conversations in real life are much smoother, subtle and enjoyable. I guess Status Updates are the outcome of the complexities and limitations of the keyboard technology. Expression through touching the screens or pressing keys on the keyboard is an outcome of the limitations of the digital world.

Social interactions are full of emotions, tones of voices, expressions of the face and movement of the eyes and bodies partly. The concept of 'Circles' and 'Lists' are all so digital and sound like products of technical brains too.

Oh well, we at least have a place to share our photos and limit the emotions to 'Like' or '+1' for the benefit of Facebook or Google.

Private Clouds - Are you sold yet?

Cloud computing in relation to infrastructure, in simple terms, is an evolution in the way compute and storage has been managed by the industry historically. Compute being the data processing technology and storage being the data storage technology.

According to the final version of NIST definition of Cloud Computing, any service provider claiming to provider cloud services under the Infrastructure as a Service (IaaS), Platform as a Service (PaaS) or Software as a Service (SaaS) service models should provide On-demand Self Service, Broad Network Access, Resource Pooling, Rapid Elasticity and a Measured Service.

For public clouds, I clearly understand and believe in the value and benefit that the Cloud brings to the business from IaaS, PaaS and SaaS models.

However, I have repeatedly struggled to convince myself on the value that private clouds bring to the vast majority of the businesses where the demand for compute and storage rise at a pretty consistent rate. Provided the businesses are on board the concept of virtualisation and understand the value that it brings, should they be considering private cloud? I would say not unless they are expecting a significant change in the way compute and storage is consumed. If there is an expected change in the infrastructure demand, the businesses should still be careful in selecting the private cloud strategy, as the primary benefit on comparision of the Capex and Opex for cloud vs non-cloud approach will be on the On-demand Self Service advantage that the private cloud will bring. The other four aforementioned characteristics may not be a strong sell for the CFO/FD as they will not drive strong cost reductions in terms of technology, people and processes.

To prove me wrong, please feel free to provide case studies or examples where businesses have implemented and benefited from a private cloud approach. I can point you to a special case here where private clouds have worked.

Managing unknown risks - what's your approach?

I was driving last Friday evening on the M1, a major motorway in the UK, when at around the same time in probably similar weather conditions one of the worst motorway accidents in the history on the island was unfolding on the M5, another busy motorway. Seven people were reportedly killed and 51 injured in a 34 vehicle pile-up.

Having known about the incident the next day, I probably was travelling in what I call an 'unknown risk' condition where I wasn't aware of the heightened likelihood of an incident in poor weather conditions (heavy rain and fog) and spectacular fireworks that were there to distract the fatigued drivers looking forward to their weekends. Although the controls were all functional, e.g. brakes, airbags, MOT'd car, good tyres etc., they were not designed to operate in a specific event condition like the one on M5.

I believe for businesses unable to identify such risks, they would fall to their Business Continuity and Disastor Recovery Plans as the common controls will be inadequate to sustain the impact from the incident. It is surprising to see the number of businesses, both in the public and private sector, that carry on their operations without such BC/DR plans.

Have you come across organisations that effectively manage unknown risks outside of their BC/DR strategies? If so, please comment. I will be keen to understand this and discuss.

 

Commoditisation - exciting times for the industry

The biggest shift we are observing and we will observe in these few years is how IT is being commoditised.

This puts businesses of today and of the future in a great position. The ability to select the technology solution when they want it, how they want it and at a price they are willing to pay for the technologies of interest. It is like lunch time frenzy where businesses are the customers looking for commoditised food. Too many eateries trying to tailor their menu in the expectation to attract the right clients. Quality of service will play a key role here along with the commodity. Whether you want to have a simple coffee in your local cafe or you'd like to tailor the flavours of your Frappuccino in Starbucks or may be just make your own. It is the same for your afternoon lunch or your business's technology requirements. The choices will be there, the key will be deciding what works and fits best for the business.

Some interesting Rackspace Cloud Private Edition posts:

http://gigaom.com/cloud/rackspace-makes-good-on-private-openstack-cloud-vow/?utm_source=social&utm_medium=twitter&utm_campaign=gigaom

http://www.infoworld.com/d/open-source-software/why-openstack-will-falter-178038

http://www.readwriteweb.com/cloud/2011/11/infographic-the-state-of-opens.php

http://blog.theloosecouple.com/2011/11/08/cloud-spring/

 

Thought Leaders in Information Security - Do they exist?

First things first - it's been a while since I last blogged so my sincere apologies.

I come across the word 'Thought Leader(s)' and 'Thought Leadership' quite a lot in discussions and reading. It has got me thinking at times as to 'What is it?'. With regards to Information Security industry, I think there hasn't been any Thought Leadership at all. This encompasses innovation around security management including but not limited to policies, procedures, standards, vulnerability assessments, penetration testing, patching, risk management, data loss, compliance, monitoring, incident response, security awareness et al. Same old, same old.

Good old Wikipedia says this for 'Thought Leader':

"The term was coined in 1994, by Joel Kurtzman, editor-in-chief of the Booz, Allen & Hamilton magazine, Strategy & Business. "Thought leader" was used to designate interview subjects for that magazine who had business ideas that merited attention."

According to commentators such as Elise Bauer, a distinguishing characteristic of a thought leader is "the recognition from the outside world that the company deeply understands its business, the needs of its customers, and the broader marketplace in which it operates."

So, it is 'ideas that merit attention' and 'recognition from the outside world that one gets it'.

I cannot think of an individual or a company in the security industry that has come up with ideas that merit attention or are recognised from the members of the security community for a while. Can you? Please enlighten and discuss.

PS: I don't class reactive discoveries for e.g. APTs, Cybercrime, surveys and point solutions as TL. I also believe there is a lot of TL going on in security offence than in defence. If there is a better definition, again - do post your thoughts.