How to Make the Private Cloud More Secure

Cloud securitySecurity concerns remain one of the biggest obstacles to cloud computing adoption, even as spending on cloud-based solutions accelerates. Users welcome the affordability and scalability of cloud solutions, but many remain fearful about the potential for network breaches and leaks. These fears typically focus on public cloud offerings, and as such, they open opportunities for securing private cloud environments.

Just as in the physical world, security is a multi-pronged approach in the virtual world as well. You need basic anti-virus/anti-malware protection just like any desktop or server receives across your enterprise; access controls so that a random employee can’t bring down your entire virtual infrastructure; firewalls and intrusion prevention products to keep network-based attackers out; and auditing and compliance tools to make sure your security is up to snuff. That is a lot of gear to handle, and all of it has to come cloud-aware otherwise it won’t be much use. Let’s look at some typical products in each category.

Reflex’ Virtual Management Center is the most comprehensive security solution, with modules in three broad areas (auditing/compliance, firewall/intrusion detection, and access controls). The product is actually four separate protective modules that are knit together with separate reporting and management consoles:

  • vTrust for virtual firewall protection,
  • vCapacity for capacity management,
  • vWatch which handles performance and resource monitoring and
  • vProfile for configuration management

Trend Micro purchased Third Brigade and has incorporated its features into its Deep Security product. The product has a variety of protective modules, including agent or agentless firewall/IDS, anti-malware, and web application protection. As you might suspect from a consumer software company, its Web management interface is very attractive and the dashboard has a lot going on. At a glance you can see your entire VM collection, whether any protective measures have been installed, and what alerts have been reported. You have to use the maps generated by VMware to see a visual picture of your network of VMs and their hosts.

Then there is Dome9.com, which is trying to make the cloud more secure by providing an automated service to centralize and consolidate security management across both private and public clouds and in and outside of your data center, including VMs residing on Rackspace, Amazon’s EC2 and GoGrid. They will manage all of your Window and Linux servers’ existing built-in firewalls. The product uses either agents or talks directly to VMware and other cloud provider APIs to automate secure access. For example, you can open and close RDP ports on a timed schedule to make sure that someone didn’t inadvertently leave them open when they were done with a remote connection.

They can also close ports without locking out legitimate server admins who need to get in on an as-needed basis without having to bother the overall security administrator to temporarily grant this access.

Tier 3′s Environment Engine can help the automation of various Microsoft and Linux server deployments. Each deployment can be configured to be private, shared publicly or limited sharing to specific individuals. You can add multiple VMs so that an entire Web app can be brought up with a single command, even though it is deployed across multiple Web, database, and app servers on different VMs. You can script out an entire installation, adding monitoring, backups, firewall rule sets – in short, you can replicate in the cloud your entire computing environment.

As you can see, the number of individual products and services that are available to handle cloud computing is a huge space, and only growing as the important of the cloud picks up for many IT managers. You should try out some of these services and experiment with the kinds of protective features that you need to feel comfortable with your cloud deployment.

We have just touched on a few of the products in this space and feel free to share the ones that you recommend as well.

 

 

How to Select a Cloud Backup and Recovery Vendor – Part 2

(This article is the second in a three-part series exploring how to evaluate and select a cloud backup and recover service. The previous article explored how to evaluate your data needs and the future article will cover the different backup methods. Read Part 1 here, and Part 3 here.)

Selecting a Cloud Backup VendorIn terms of backup requirements, not all of your data is the same.

One way of looking at your data is by importance: What data can’t you live without? What would be unable to reconstruct or rebuild? For example, you can re-rip new copies of your audio CDs or re-scan your old photographs, if you still have them, but you won’t be able to rewrite your project report or your novel manuscript from memory; you won’t be able to re-take pictures of your dog from five years ago.

Another question: what data do you need back as soon as possible, and how soon is “as soon as possible”? This is what backup experts typically refer to as “Recovery Point Objective” (RPO) and “Recovery Time Objective” (RTO).

For example, I’m a freelance writer; the files for my active projects, plus some key calendar, to-do list and other files, typically total to maybe a quarter of a gigabyte. My “archives” — files for projects I’m dealing with — and other less-critical files represent maybe a gigabyte or so.

Not prepared to lose

But I’ve also got 50+ gigabytes of photos, 25+ gigabytes of video, some audio, dozens of scanned images, and gigabytes of assorted sundry stuff.

And when I get to digitizing my older photos and negatives, record albums, and CDs, I’m sure I’ll have a terabyte or so of additional multimedia files.

None of which I am prepared to lose — so it all must be backed up.

For you, essential data you need available may include three large databases, many spreadsheets, several presentations, the past three months’ worth of email, and client billing and payment data for the past six months. If you’re a professional photographer or designer, you may need a ready archive of tens, even hundreds of gigabytes of photos and images.

And you may have lots of personal multimedia — photos, video, scans, etc. — that you don’t want to lose.

RPOs and RTOs

So I’ve really got several sets of RPO/RTOs and yours might look similar to mine:

  • For the RPO consisting of “Projects that I am actively working on, plus roughly half a dozen files of to-do, calendaring, etc.” my RTO would be “two to three hours at most.” Ideally, for the half-dozen or so files relating to projects I’m working on immediately, I’d prefer an RTO of “one hour or less.”
  • For the RPO that also includes other current projects, along with marketing and pitching, I could probably live with an RTO of 1-2 days.
  • For all my other files, I’m sure I could wait a week, even weeks to months — as long as I knew for sure that I’d get them all back.

All this, of course, is just for data. I’d also want a working computer with my core productivity applications on it. (Having recently bought a new, small notebook computer, I’ve got that covered — although there’s more I could be doing in that area… but that’s straying from “data backup.”)

Create and change

The next question: How often do I create or change files — and how much do I care about saving these changes.

For example, my multimedia files are pretty “static” — once I’ve created, organized and named or tagged them, I don’t expect to edit or change them, as a rule.

But the files for whatever I’m working on are created or changed throughout the day. If I lose a file that I have been working on all day (and my most recent backup was at midnight) I’ve lost hours of effort.

So you not only have to know how much data you have, but also how much of it changes frequently, and which and how much data you need near-continuous access to versus what you can wait a few days or even weeks to regain access to.

Now you’re ready to look at cloud backup services, and see which of these match your requirements.

 

 

Do We Need A Desktop OS Anymore?

Mozy cloud storageMicrosoft fought a long battle to achieve a near monopoly of the desktop Operating System market that may stand forever. But does it even matter? Do we even need a desktop OS anymore?

As we see what is happening with Windows 8 and Metro, I am coming to the conclusion that the answer to this question is “no.” We may be reaching the point where the desktop OS is no longer important, eclipsed by the developments of the browser and ironically a victim of better integration of the Web by Microsoft and others.

My prediction is that Windows 8 will become the OS/2 of the modern era: an OS that is elegant but instantly made obsolete by events, designed for the wrong chip (in the case of Windows 8, the mobile ARM CPUs) and based on a cellphone design ethos that no one could care less about. Yeah, but it has a great new set of APIs!

It wasn’t all that long ago that Internet Explorer became almost indistinguishable from Windows Explorer. And with the rise of Chromebooks and how much of our time is spent online, the days of the particular desktop OS is almost irrelevant now. Who really cares what OS we run?

Remember when the desktop OS did things like keep track of directories, protect us from viruses (and Windows still doesn’t really do that all that well), make copies of files to removable media, and handle printing? Yes, I know I still can’t print my Web pages out with any kind of fidelity, and if I have an iPad, printing is almost an afterthought. But is that the browser’s fault or my OS?

Now that you can get gigabytes of free file storage in the cloud (thanks Mozy!), do you really care what is on your hard drive? Well, some of us dinosaurs (and I count myself among them) still cling to our hard drives but soon they will be totems from another era, much the way many of you look upon 5 inch floppy disks, or even 8 inch ones if you can recall back that far. Wow, we could carry an entire 360 kB of something around with us! (Of course, we didn’t have mp3s or videos either, but still.) And all this cloud storage is happening as hard drives are getting so cheap that they will be giving them away in cereal boxes soon: a 2 TB drive can be had for less than $50.

Meanwhile, Adobe has big plans for Flash, where it will take over the kinds of OS-like services that I mentioned above (ditto on the protect us from malware issue too, at least so far). And Google is trying mightily to rejigger HTML with its Dart Web programming language. And VMware has a new version of its View too, which is probably the OS that I really will end up spending most of my time with going forward. Whatever comes of these efforts, it almost doesn’t matter whether we are running Windows or Mac or Linux. Because we don’t need them anymore for our online lives.

Now stop and reconsider that last paragraph. Whom have we trusted for the next OS? It isn’t Microsoft, and it isn’t Apple. It is a bunch of folks from the valley that have never built an OS before (well, give Google half credit). Think about that for a moment.

Back at the dawn of the computing era in the 1980s we all wrote dBase apps (and saved them on those darn floppies too). Then we moved up to use Lotus Notes, before the Web took root. Then we branched out in a dozen different directions, using all sorts of programming languages that used HTTP protocols. That was the beginning of the end for the desktop OS.

Now we’ll still have desktops of one sort or another. And yes, Windows isn’t going away, much as Microsoft is determined to pry every last copy of XP from our cold, shaking hands. But when Adobe, Google and VMware all get done with their stuff, it won’t matter what will be running on our desktops. If we even have them around much longer.

 

 

Geeking Google Earth with the Mozy App

Geeking Google Earth with the Mozy AppI’m a total geek for Google Earth. I use it to find places for my wife and I to explore in the Utah outback.

I scout out campsites with it. It helps me to locate minor roads and two tracks. Photos from Panoramio reveal lesser-known points of interest for us to explore. To me, Google Earth is one of the most wondrous innovations of the information age.

Google Earth has a native file format, known as “KML,” that you can use to share placemarks, routes, photos, and complex shapes for defining whole areas. For example, the United States Geological Survey (USGS) provides KML files for the surface geology of each US state. Also, many geolocation-enabled apps provide an “export to KML” option (Runkeeper is a great example).

Unfortunately, there has always been a big shortcoming with KML files. Although you could create them with Google Earth on your computer, you could not read them in the Google Earth app on your mobile device. At least, you couldn’t until this week. Google just updated the Android and iOS versions of Google Earth to v6.2.1 so that the app can accept when you send a KML file to it. And this is awesome for me as a Mozy user!

I have numerous KML files in my Stash–many that I have created, others that I have downloaded. So now, I can use the Mozy app to send these files to the Google Earth app. I’m so stoked about this that I created a quick demo video for any other Mozy users who are as geeky about Google Earth as I am.

If you want to try it out, but you need a KML file, you can grab the one I used for the demo video from IntrepidXJ’s Adventure Blog (and also see some fantastic trip reports showing Utah scenery).

 

Until next time, be safe,

Ted

Cloud Roundup: Cloud Computing Expected to Produce 14 Million Jobs

Analyst firm IDC released a study March 5 revealing that spending on cloud services will produce nearly 14 million jobs worldwide by 2015. IDC, however, said the numbers are the result of adoption in the private sector rather than in government. The U.S. government’s slow adoption, even as agencies are encouraged to consider cloud computing first for all new IT investments, is largely due to security concerns, according to Washington Business Journal. The report reiterated what many have already predicted: The federal government will seek out private IT cloud services, which bring enhanced security by not commingling data with other customers, and reserve the more open public clouds for less risky applications such as email, Web portal development and collaboration.

Workers: Give Us the Cloud

A report released by Gartner March 5 claims workers will circumvent traditional systems to access cloud services if their employers don’t provide these services. Many companies are using a hybrid model for their IT, with some applications remaining in-house while placing others in the cloud. The ease-of-use and functionality available in some of the newer cloud versions of traditional solutions, however, is enticing for many employees, according to CloudPro. “IT organizations that do not match the request for IT as a service run the risk of internal customers bypassing the IT organization and consuming IT services from the external cloud, thereby placing the company at greater risk,” said Chris Howard, managing vice president at Gartner.

Cloud Computing’s Impact on India

As companies continue to adopt cloud-computing practices, more than 2 million jobs are expected to be created in India by 2015 because of this, according to an IDC study commissioned by Microsoft. “A common misperception is cloud computing is a job eliminator, but in truth it will be a job creator, a major one,” Chief Research Officer and Senior Vice President John F Gantz of IDC said.

Job growth will occur across continents and throughout organizations of all sizes because emerging markets, small cities and small businesses have the same access to cloud benefits as large enterprises or developed nations, Gantz added, according to NDTV.com.

A Clouded Terminology

InfoWorld’s David Linthicum sounds off on what, exactly, cloud computing is and how the term is often misused and over-hyped in a recent blog post.

Linthicum says cloud computing is “so widely defined, and thus so vague, that providing a crisp definition is nearly impossible. More disturbing, there seems to be an increasing overuse of cloud computing concepts as saviors for all past IT mistakes.”

He says “the concept of cloud computing is about the ability for organizations to stop solving all IT problems by themselves. It’s certainly about sharing resources, such as storage and compute services, but it really should be more about sharing solutions and pushing risk out of the business.”

 

 

How to Select a Cloud Backup and Recovery Vendor

(This article is the first in a three-part series exploring how to evaluate and select a cloud backup and recovery service. Future articles will explore how different data types are treated by backup services and different backup methods. Read Part 2 here, and Part 3 here.)

How to select a cloud backup vendorFor anybody whose computer activities include creating “data,” frequent, reliable backups are as important as, perhaps even more than an Uninterruptible Power Supply (UPS) or an anti-virus security suite.

This applies to everyone from those using their laptop purely for personal activities to Small Office/Home Office (SOHO) folks like me large enterprise organizations.

And like any purchase, whether you’re looking to buy a new car, big-screen television, smartphone service plan, a hamburger — or an account with a cloud-based backup service — it’s important to do some research and think before you choose.

With a car, for example, you need to know what you want it for — commuting 50 miles each way every day to work? Being a “tornado chaser” in bad weather on bad roads? Transporting half a dozen teen soccer players? A two-seater electric vehicle is good for the first, but not the other two. You get the idea.

For backing up your computer data to a cloud service, the same holds true. Different backup services work differently. In order to select one that one, you need to both know what your backup requirements are, and how backup services work.

Making copies

Backups, of course, mean, “a separate copy of data on your computer, in case something happens to your computer.”

“Data” can include not only Microsoft Office-type documents (word processing, spreadsheets, presentations, databases, email) which business and personal life increasingly rely on, but also address books and contact information, photos and videos you’ve taken with your digital camera, scans you’ve made of important documents. And it can include copies of data from your smartphone(s), tablet(s) and other mobile devices. Plus music, videos, ebooks and other multimedia you may have purchased and downloaded.

“On your computer” may include not only data on its hard drives (including solid-state drives) but possibly also on external hard drives, and removable media. And data uploaded from your smartphone, etc.

Safekeeping

Having a backup means that if you accidentally delete a file, or if your computer is damaged, lost or stolen, you still have to replace the hardware, but at least you can recreate your files, documents, spreadsheets, presentations, contact information, photos, scanned documents… all the information that your personal and/or business life relies on.

“Local” backups, typically done to an external hard drive or even to a USB flash drive, are affordable and increasingly easy to do. But they can require daily attention — remembering where they are, to plug them in, turn on the application. And because they’re local, which typically means right next to each other in the same room, the odds are good that the same incident — electrical surge, theft, fire, flood, tornado, meteor strike — may also wipe away your backup, leaving you with no copies of your data.

Plus, “local” backups can be harder to do if you’ve got a notebook and are travelling away from your home or office.

To the cloud

Online backup, saving copies of your files to a service in the cloud, avoids the problems of local backups. Backing up to the cloud does, of course, require your computer to be connected to the Internet, but the odds of this are high. (For example, otherwise you couldn’t read this article.)

Cloud backup services — like local backup products — come in a range of approaches, with a corresponding range of prices, features and options. Selecting one isn’t “which one is best?” (Although some will be better than others.) Of course you want one that’s good. But it’s also a matter of determining which one best matches what you need in a backup.

So you shouldn’t pick a cloud backup service without first identifying what you want to back up, and how different cloud services do backups — so you can pick a cloud backup service that matches your goals.

 

 

Mozy for Mac Beta Testing Opportunity

Mozy Mac Beta

Dear Mac Users,

The latest, greatest Mac client – Mozy for Mac version 2.6 – is in beta and you’re invited to participate in the beta process. We’re very excited about the changes in this release, including substantial improvements in memory utilization, and we’d sure appreciate your help validating this release.

The latest builds are available here and they’ll simply install as an upgrade to your current Mozy application:

MozyHome: https://www.mozypro.com/downloads/mozy-2_6_0_453-37400.dmg
MozyPro: https://www.mozypro.com/downloads/mozypro-2_6_0_453-37403.dmg

Please let us know about your experience with version 2.6 and report any issues to macbetafeedback@mozy.com
Thanks!

The Mozy Mac Team

Survey finds small businesses ignore risks of data protection on mobile devices

SEATTLE – March 14, 2012 – Mozy®, the industry-leading online backup service, released the surprising results of a data protection survey. The survey, produced by Mozy and independent market research firm Compass Partners, LLC, found that an increasing number of professionals (80 percent) work remotely and rely on personal devices such as smartphones (63 percent), iPads (30 percent) and laptops (80 percent) to access company data. Despite the expectation that professionals with sensitive client data would understand the associated risks and responsibilities, the numbers reflect that many professionals working remotely, and their companies, are either unaware or too casual about how to keep this information safe and secure.

The study profiled several professions that routinely handle sensitive client information, including medical practices, legal, real estate, and financial service firms. It found that they were at even greater risk compared to generalized small and medium businesses to experience a significant loss of sensitive business information.

The survey found that while over two-thirds of all small-to-midsize businesses with fewer than 1,000 employees have a formal procedure for backing up company data, 87 percent have no formal policy in place regarding employees’ use of personal devices for work purposes. One-third of companies let employees make their own decisions about how to back up company and client data on their devices, and most companies polled do not have backup or data recovery plans that meet modern standards for data protection. Forty-one percent of small businesses readily store and back up company data on portable USB devices – which may be used by family members, get lost, or even stolen.

Businesses Still Unaware of Risks

Legal professionals trailed the field, with 78 percent of lawyers reporting they were either not at all concerned, not that concerned or only somewhat concerned about the security of their company data for employees using personal devices for work. While financial services and medical firms are more concerned about the security of their company data than companies in real estate, construction, and law, the majority (more than two-thirds) in each of those industries expressed a lack of concern for risk of loss and security of company data. This lack of discipline creates unnecessary risk in the protection of company and customer data. The numbers do not lie: very important people have very important data that should be better protected.

Without adequate backup and other data security policies, many businesses are ill prepared to protect company and customer data in the event of a hard drive crash, loss or theft. The survey shows that 30 percent of companies suffered a hard drive crash in the past year. In 70 percent of those cases, data was not fully recovered.

The risk of lost or stolen data is more serious than ever with changing work habits and more employees holding sensitive company data on personal devices. With the start of the new year’s business travel season and a larger number than ever of professionals on the road, they carry sensitive company or client data with them on their laptops, tablets and smartphones. The Mozy survey shows that one in nine businesses have experienced the theft of a laptop, and in 98 percent of such cases they were not able to recover all of the lost data.

While just over two-thirds of companies surveyed do have formal backup processes, most are using antiquated methods such as external hard drives with no online backup connection, or tape. Both are extremely susceptible to failure in the event of an on-site disaster.

New Season, Better Protection

“Companies can ‘spring clean’ by ensuring they have defined best practices and policies to protect sensitive company and client information,” said Gytis Barzdukas, Director of Product Management at Mozy.

“If employees are using personal devices for work, companies should consider what kind of work can be performed on their devices, and how to ensure that confidential information is not at risk if the device is lost or stolen. If your company doesn’t have a backup and data recovery policy today, they really should put even a basic plan in place. Using tape, server and thumb drives is a start, but any good backup plan should consist of having both a local and offsite copy,” Barzdukas continued. “Mozy recommends that all company data – whether it resides on employee personal devices or company equipment – be automatically backed up to a secure, reliable location.”

About Mozy

Mozy is the world’s most trusted online backup service for consumers and businesses, with more than three million customers, 70,000 business users and 70 petabytes of information stored at its multiple data centers around the globe. Mozy was acquired by EMC Corporation in 2007 and operates as part of Decho Corporation, an EMC company. More information can be found at www.mozy.com .

About the Study

The study was executed by Compass Partners LLC, an independent market research firm focused on consumer technology. The study was fielded among 641 business decision makers responsible for the purchase of software and computer related services for small and medium businesses with 1 – 1,000 full-time employees. Field dates were October 24 through November 1, 2011. For each industry vertical sampled (each cell contained a minimum of 100 responses), the margin of error is +/- 9.8% at 95% confidence interval.

###
Contact: Steve Jensen
Public Relations
Mozy
(801) 701-4136
steveje@mozy.com

How the Cloud Reduced Our Newlywed Stress

Cloud Storage for PhotosDespite having been through it all once before, I made the rookie bridegroom mistake of thinking that once the wedding was done, all of the stresses involved in that specific day in our lives would be over. After all, the wedding had gone off without a hitch, everyone involved had a good time, we had a great destination event with family and friends, and being in our 50’s, I thought we had all of the bases covered. After all, this was the second time around for both of us.

I was wrong.

Despite a pretty high level of technical awareness, my years of focusing on business technology, from basic hardware through designing data centers had ill prepared me for the changes that had happened in a small corner of the  consumer technology world; the wedding photographs.

The first time I got married, sometime back in the 20th century, the wedding photo book process went like this: The photographer sent you proofs, you picked out the photos that you liked, the photographer delivered a wedding book made up of those prints. You complained about some part of it, then went on with your life.

It doesn’t seem to work like that anymore.

We received 7 gigabytes worth of pictures on CD; this might seem like a good thing (it did to my wife) but to me it meant that there were close to a thousand images that had to be sorted through. And as a fairly decent amateur photographer, it meant that I could look at an image and see how just the right post processing might make it a better picture.

So much for the simple yes/no judgment for each of those images.

To make it worse, my wife really wanted to be able to create lots of different photo books, with the intent to eventually print them. A book for her parents, a book for mine, one for her bridesmaids, one for my only sibling (we had taken lots of pictures the day before the wedding itself).  And while she was more than willing to start sorting images, it was up to me to do the post processing. And get her the two or three hundred images that she had narrowed her selection down to for all those different photo books.

Traveling photos

To make my life just a little more complex, my wife’s job requires that she travel a fair amount. And when she traveled for business she often met up with old friends and wanted to show them the wedding pictures. This meant that before she left on each trip she would ask me to put a selection of the pictures on her tablet. Of course, I never seemed to have the pictures she wanted available to be copied to her tablet, with the post processing of the images being relatively low priority in the crush of events that define our lives.

Fortunately for our marriage, the cloud actually came to the rescue. Using a cloud backup service with a client for her tablet, I was able to create some working directories that replicated to the cloud from my desktop, and she was able to pull images that she wanted to show off down to her tablet whenever she wanted them, eventually deciding on a core set of images that she stored locally, and others that she downloaded to show specific people. Most importantly, from the husband perspective, was that it took me out of the loop. She had all of her images available, without using up a large percentage of her local storage, she could see what images were in the pre-or post-processing stage, and with a simple email to me, while she traveled, she could ask to have a specific image edited to her liking, often so she could have it printed out for a family member she was seeing in her travels.

It’s been six months and she’s still trying to decide which images get printed for who, but with the cloud making all of the pictures available to her wherever she happens to be, my honey-do list has gotten significantly shorter.

 

 

“The Secret Origins of Stash”

Last week, I presented about the results-so-far of the Stash public beta at our bi-weekly Mozy-internal all-hands presentation. As part of it, my buddies in Marketing armed me with the new Stash t-shirt. It looks a little like this:

Mozy Stash

Within a couple hours, a friend and former Mozy colleague contacted me via Twitter asking:

@reverendted Hey, I really want a stash shirt. What do I need to do to get one?

To which I replied:

@tommetge Ask.

To which Tom replied:

@reverendted I am definitely asking. Maybe pleading. Does that work?

How could I say no? Tom was instrumental to making Stash happen. In fact, Tom’s latest blog post provides insight into The secret history of Mozy Stash. Tom sports his Stash shirt for the occasion.

Maybe you’re wondering the same thing that Tom originally came to me about. If so, then here’s a hint: we send an occasional shirt out to some of the Stash beta participants who are most active in the Stash forum.

Be Safe, and happy Stashing,

–Ted