Archive

Posts Tagged ‘collaboration’

is CloudCamp relevant?

August 24th, 2010 Comments off
Reading Time: 3 minutes

Currently on the twittrsphere there is was a debate on the value and benifits of CloudCamp:

This was quickly followed by a number of points of view, rants, and seemingly irrelevant comments.

When you look at the the “mission” of CloudCamp,

CloudCamp was formed to provide a common ground for the introduction and advancement of cloud computing

Or look at the opening statement on the homepage:

CloudCamp is an unconference where early adopters of Cloud Computing technologies exchange ideas. With the rapid change occurring in the industry, we need a place we can meet to share our experiences, challenges and solutions. At CloudCamp, you are encouraged you to share your thoughts in several open discussions, as we strive for the advancement of Cloud Computing. End users, IT professionals and vendors are all encouraged to participate.

Ruv (Ruven Cohen) responds with:

Whilst these are all well and good what seems to happen, from my own experience, is that a number of the louder attendees take over the sessions they are involved in either to push their product or get an answer to a specific problem (the last one in Sydney was a perfect example of that).

I think that the education part is a little tired now and there are more than a few resources online that can sufficiently educate the masses. As for furthering Cloud Computing… at this early stage, I don’t see any of it happening.

The standard format of CloudCamp is:

  1. Lightening talks – Sponsor presentations that go for ~5 minutes
  2. Unpanel – an impromptu panel of “experts” who get to respond to questions from the audience.
  3. Unconference Breakout Session planning – attendees get to put up options for discussion and the ones with the most votes get discussed in breakouts
  4. Breakout Session 1 – Topics get discussed  (groups formed and scattered around the conference facilities)
  5. Breakout Session 2 – second round of topics discussed
  6. Social event – normally drinks somewhere

The biggest issue is actually being able to measure the effectiveness or the value of the current CloudCamp model. As by definition it is an unconference, therefore it’s pretty hard to get a solid handle on any measurement criteria ahead of time.

With all that said, I think that they are still useful, especially outside of the U.S. where there isn’t really another Cloud Computing related conference to attend as a single place to go to see what is happening in your local market.

A couple of points where I think improvements can be made:

  • Pick a theme for the event:
    • This way attendees can have a clear understanding of what they will learn.
    • It will also curb the tendancy for “Lightening Talks” to be vendor pitches
    • hopefully this will also stop irrelevant talks.
  • Supply some form of online feedback ability – You can’t make it better/more relevant if there isn’t the ability to have an open dialogue with the actual community (locally that is).

</rant>

… and I’m back!

June 16th, 2010 Comments off
Reading Time: 1

It’s official, after an eight (8) month stint in the back of house looking after new business for the delivery arm of the big T I’m moving back into a technical role.

Whilst I’ve learnt many things and worked with some great people, I really am looking forward to getting back into the thick of it, rather than watching from the sidelines. So this time next month I’ll have taken over the reigns of the Lead Security Architect for Telstra Enterprise and Government.

I have some pretty HUGE shoes to fill but I’m really looking forward to the challenge.

Collaboration becoming more attractive.

October 15th, 2009 Comments off
Reading Time: 1

Piggy bankThoughtlet: Just saw this article on ARN Daily :”Collaboration tools worth the investment, survey says”.

Apart from the sales pitch at the end of the article, it’s interesting to see that the Frost and Sullivan study now sees the return on investment is up from what I wrote in a previous article to four and a half (4.5) times.

This goes to show that technology is becoming cheaper and easier to use and more and more businesses will look to take on these tools.

What is your businesses collaboration, and supporting security, strategy?

Security – data in a collaborative world

September 5th, 2009 Comments off
Reading Time: 6 minutes

OMFG WTF Did this really happen?

Recently, whilst working on a customer proposal around introducing collaboration capabilities within their environment, I was struck with the security implications of exposing business critical information (data, documentation, strategies)  to partners, suppliers and potentially random onlookers.

Why Collaboration?

As the businesses requires greater flexibility and connectivity (as it becomes more time critical and complex), collaboration tools enable authentic and productive working relationships regardless of geographic or time zone differences (what I like to call Geo-Temporal restrictions). Collaboration encompasses a broad range of tools that enable groups of people to work together including wikis, web sharing, video & audio conferencing, instant messaging, blogging services and even email.

Just as the market has become more flexible and connected, so too has the workforce. The evolution of the personal workspace has seen the progression from mobiles to laptops to smart devices, allowing people to communicate wherever and whenever they wish.

Whether it be a corporate wiki or a Microsoft hosted instance of SharePoint, collaboration isn’t something that is going to go away, and security zealots along with network and system administrators will have to concede (at some point) that people are going to start to use these tools, either by hook or by crook, and therefore should be prepared.

Criticality of these tools to businesses

Businesses are not only taking collaboration more and more seriously; today they rely on it to get things done.

Quote from “Meetings Around the World: The Impact of Collaboration on Business Performance” — conducted by Frost & Sullivan and sponsored by Verizon Business and Microsoft Corp via the Microsofts Press site:

Collaboration is a key driver of overall performance of companies around the world. Its impact is twice as significant as a company’s aggressiveness in pursuing new market opportunities (strategic orientation) and five times as significant as the external market environment (market turbulence)

What that statement means is collaboration has a real impact and those that embrace it reap the rewards. What that translates to in the real world is “we need these tools now and don’t care what it takes!”.

Risk to the Business

Business data is exposed. This applies regardless of where the data is stored locally or *gasp* in the cloud. For the security focused of you, the principals around confidentiality,  integrity and availability (CIA) are screaming out. For the rest, the questions are, how do you ensure that only those who should see the information are the ones who are seeing the information? How do you ensure that information shared via collaboration is not accidentallyor maliciously altered? And, will the information be available when you actually need it?

When you realise how simple it is for someone to start sharing your business’s’ innermost secrets, or how that urgent proposal is now inaccessible because the portal is down, all the benefits of collaboration come in to question.

Measures to reduce risk

There are a number of different measures that can be put in place to help reduce risk as well as increase the overall awareness.

  • Security Policy
  • Data Classification
  • Restriction  – Access Control
  • Company provided and sanction tools
  • Use a large stick.

I’ve loosly applied parts of the ISO27001:2006 framework to my measures (well, the bits that are generically applicable) and, depending on what is being used, more of the management framework could be applied.

Security Policy

It always starts with policy, but policy only gets you so far. As with any security policy, if it is too restrictive or just too complex , people will just ignore it and do what they want, or need to do. As Bruce Schneier recently pointed out in ablog post:

They know what the real risks are at work, and that they all revolve around not getting the job done. Those risks are real and tangible, and employees feel them all the time. The risks of not following security procedures are much less real. Maybe the employee will get caught, but probably not. And even if he does get caught, the penalties aren’t serious.

He goes on to say that unless you impose harsh penalties and make a public spectacle of the infringer, little will change. Collaboration tools add to the temptation for users to go around the system to get their job done. I personally have done and am currently guilty of this particular sin.

Data Classification

Data needs to be restricted and classified. More now than ever, you need to clearly define the data, what can and cannot be distributed or used in in this manner. If it’s being cached/stored externally, do you trust that facility and if so to what level? What do they do when you close that account? Is the information still kept?

Restriction

Collaboration tools need to be able to authenticate (provide a mechanism to verify) participants in order to ensure that only the correct people are accessing not only the tools themselves, but the data within. These tools need to support the ability to restrict the functions based on role as you might not want the average user, say, accidentally sharing their desktop, be able to involve participants external to the organisation or even try starting up his own corporate blog.

Provide the tools

One of the simplest ways to stop people going around the policies and procedures and reducing some of the risk is to give people access to the tools they need. That way they can be controlled, logged and audited as required. Users that dont’ have access to the tools they NEED to be efficient at what they do, WILL use them anyway; regardless of the policies as pointed out above, people know the real risk is not performing. Simplistic examples are:

  • Executives with BlackBerry or iPhones wanting to access their corporate mail now from unpoliced, uncontrolled decices.
  • IT staff who bring in their own Netbooks or Laptops to be able to be portable and work on the road or from a cafe.
  • Sales staff who use web collaboration and meeting tools, share documents and give presentations that do not have authentication mechanisms.

Accountability (Use a large Stick)

When an incident happens it needs to be dealt with and dealt with swiftly. Ultimately, unless people are held accountable nothing will get them “thinking” about the risks and acting differently. This goes for everything from classification and restriction of data, to using the tools.

I don’t think that this a complete list, it is just a subset of the issues faced. The funniest thing is the parallels when looking at utility computing, as collaborative tools these days are also more and more “Cloud” based.

There is certainly a lot more that could be added. Anyone care to add their thoughts?