The release of Google Buzz adds another new step in the ongoing evolution of online communication.  And I hope you’ve been paying attention to the evolution so far.

Buzz, along with Google’s other recent release Google Wave, add real-time communication to traditional email inboxes in ways that, quite frankly, most people will fail to grasp for some time yet.

These new Google releases are part of a long running change in the consumer side of online communications.  Looking back 10 years the average web user had email, newsgroups, and basic instant messaging, all performed on their computers.

Today we have blended platforms such as Facebook that include email-style messaging, real time chat, and broadcast communications such as status updates.  In addition to this more and more content is shared in non-text formats.  Photos and videos are exchanged between friends as often as written messages are.  Business deals are done on Twitter.  And no one ever complained that a sales pitch was too short.

Business communications are charting a similar, but slower evolution.  Email quickly replaced much of our phone and fax communications and became a collaborative workspace, albeit a highly inefficient one.

In recent years collaboration has moved out of the inbox and into document management systems and intranet workspaces.  Faxes go directly to electronic records management systems instead of being dropped on our desk.  And telephony systems are integrating with our real-time communications servers to make voicemail and presence data available to us at our desks or on our mobile devices. Continue reading What Will Email Be In 10 Years?

The increasing popularity of in-the-cloud email delivery and email security solutions, and the wealth of innovations available, raises the discussion of whether email administrators should consider cloud-based solutions. While the free, Web-based email remains out of the question for corporate use, some other cloud solutions that offer more robustness and security may be appropriate for some users.

Security is always imposed in cloud-based systems to one degree or another, but a major limitation is that many cloud providers still implement their own proprietary security approaches. While such an approach may well impose good security, this has still limited the uptake of cloud-based models. A more appropriate approach to cloud-based security would be the adoption of a common security model, made available through the cloud platform-as-a-service.

As outlined in “Cloud computing made easy,” co-authored by yours truly, a cloud platform (as opposed to cloud “software as a service” applications) imposes common software elements, which are used by developers to write cloud applications without having to re-invent the wheel for every aspect of each application. The use of a cloud platform is particularly useful for imposing rigorous security, in that it presents a standard security model for managing things like authentication and authorization, role-based access, secure storage, multi-tenancy, and privacy policies. Developers of common SaaS applications may not always be experts in security, but by using the common security model of a cloud platform, the developer is able to draw against the expertise of other developers who are. Continue reading Security and the cloud

The European Network and Information Security Agency (ENISA) has issued one of the most comprehensive reports on the security risks and benefits of cloud computing. The report takes an impartial look at the cloud phenomena, and it starts out with the obvious—that is, cloud computing’s benefits of ease of access, scalability, instant provisioning and monetary savings are undisputable, but the biggest issue holding people back is the security concern.

In many cases, the concern over security is one of perception. We tend to think that things are more secure if we can put our hands on it. But the ENISA paper gets into more specific detail about precisely what the top security risks are:

1. Loss of governance. The biggest and most common concern, ceding control to a cloud provider may create a vulnerability if security isn’t specifically addressed in the service level agreement.
2. Lock-in. A lack of standardization and portability means that it may be difficult to switch cloud providers, or bring service back in-house.
3. Isolation failure. Because it is based on multi-tenancy, the cloud may be vulnerable to guest-hopping attacks or attacks on the cloud’s isolation mechanisms.
4. Compliance risks. The cloud provider may not be able to provide evidence of compliance with regulations to which the customer must comply.
5. Management interface compromise. There may be an increased risk of exposure through the customer management interface.
6. Data protection. The customer may not be able to verify the provider’s data handling processes.
7. Insecure or incomplete data deletion. What happens when you request that your resources be deleted? A true “wipe” of data may not take place, and reuse of resources may pose some risk of deleted information being detected later by another party.
8. Malicious insider. Insider attacks are always a risk, whether on-premise or in a cloud provider.

But it’s not all downside, either, and the report lists several security benefits as well. Most importantly, there’s the obvious differential that exists between what a small business knows it should do, and what it has actually gotten around to doing when it comes to on-premises security. Smaller businesses in particular which may lack in-house expertise and may be short on time or funds often don’t have the best security, and it is often out of date. In such a case, the cloud may present a big security advantage, since the cloud provider is more likely to have security expertise and the staff to implement it. In the case of the cloud provider, it’s a matter of scale. A top of the line security investment at the cloud center is paid for ultimately by distributing the cost between hundreds of customers, which makes it possible to get better protection for all parties.

Security is major barrier to adoption of cloud computing.

Security is playing a key role in the willingness of organizations to adopt cloud computing solutions, according to  a study recently released by Launchpad Europe, a business accelerator outfit based in London.

The study based on a survey of 105 IT security experts across the globe found that more than 50 percent of them identified security concerns as the primary reason their organizations were shying away from embracing the cloud.

Asked what their highest priority was when considering a cloud services provider, 37.9 percent cited security of the cloud infrastructure. Another 12.6 percent identified security procedures to protect their data centers as their highest concern.

The data collected by the researchers also suggests there is considerable doubt about whether those security worries can be met by a cloud vendor. Some 49.5 percent of the respondents told the pollsters their companies neither use nor plan to use the cloud in the next 12 months.

Other significant items when choosing a cloud vendor cited by the survey respondents were due diligence and track record of service provider (18.4 percent) and ease of migrating data from vendor’s service to a new service.

Among the companies participating in the survey who do have cloud deployments, 16.5 percent said they used public deployments; 16.5 percent, private deployments; 10.7 percent, hybrid; and 6.8 percent managed.

Continue reading Security tempers zeal for cloud computing

The increasing popularity of cloud-based solutions has resulted in many new offerings of cloud platforms as well as numerous as-a-service software solutions. We also have storage-as-a-service, to alleviate in-house storage demands; and even supercomputing-as-a-service. Are all of these cloud services robust enough for mainstream, daily use?

Computing is seldom a one-size-fits-all proposition, and what works for one company won’t work for another. The same is true with the cloud. What’s clear though, is that it is here to stay. There are two things that have led more companies to face the cloud question head-on: Available technology in the form of cloud services and solutions, and greater availability of cheap, high-speed connectivity; and simple economics. These two factors have converged nicely.

Continue reading When is in-the-cloud security appropriate?

It seems as though the move to cloud computing is inevitable, at least for parts of the enterprise. It’s gaining in popularity, and it has the incredible attraction of being cheap—which makes cloud services a favorite for corporate bean counters. But are those bean counters listening to their security guys before deploying it?

There are still security and privacy concerns to be addressed. According to a recent Unisys poll, security and privacy concerns are still big barriers to cloud computing. The survey asked, “What do you see as your greatest barrier to moving to the cloud?” And 51 percent cited security and data privacy. Twenty-one percent cited integration of cloud applications with existing systems as a potential barrier.

Continue reading Is cloud computing safe?