The next person that talks about the stupid cloud...

phoeneous · January 2012

...will get a free subscription to a punch-in-the-face-service. So sick of all these management sheep that think they're so innovative and godly by suggesting that we move to cloud. UGH!

Private Sub ihateyoucloudsheep
Do Until clue > 0
Call punch
Loop
End Sub

Claymoore · January 2012

But the cloud is going to be the biggest thing in the world. Bang, The world!!!
carvey - YouTube

Trifidw · January 2012

Cloud is on my imaginary list of tech words I can't stand. Along with sync.

DevilWAH · January 2012

I use to hate the cloud, but the company I work for is working on a cloud solution now as the service provider, and the word cloud does not do it justice!

In fact there are so many different variety of "cloud" that really the industry needs to come up with a better term, I wonder how many people on this board acutely know what the "cloud" is? Having seen the white papers for solutions ranging from small business of 5 to 10 workers, up to global enterprise cloud resources you see just how big this will be.

Cloud is simple Virtualisation, any one who has worked with that knows the advantages it brings, the idea of the cloud is just the next step along the way.

jibbajabba · January 2012

Manager: We need to move into the cloud
Me: Don't think there are removal companies with an FAA license
Manager: What?
Me: Never mind, we are already 'in the cloud'
Manager: Oh really, when did that happen
Me: FRIKIN YEARS AGO

Man, it's all abou buzzwords nowadays. Sales monkeys and executives seem to think its a new thing but 'cloud computing' exists since the dark (mainframe) ages.

Really can't stand that cloud talk myself anymore.

tpatt100 · January 2012

I think the word has moved beyond just putting stuff on remote servers.

RobertKaucher · January 2012

tpatt100 wrote: »

I think the word has moved beyond just putting stuff on remote servers.

No doubt. "The Cloud" ::dodging punch to face:: is not a synonym for "the Internet" and its meaning certainly contains much broader connotations than mainframe. Honestly, I really wonder if the traditional mainframe model is even relevant to what we consider could computing today at all. I mean, it's like looking at one of the fully electric Ford cars with the "my sync" and talking about how it's nothing new, people have been driving cars since the late 1800s.

I'm not saying the word is not overly hyped or poorly used! I'm just saying when we compare "the cloud" (a very broad umbrella of different technologies) to mainframe we are not doing any service to clearing things up.

SteveLord · January 2012

I use to be an an IT guy like you......then I took an arrow in the knee. So I moved my knee to the Cloud.

Forsaken_GA · January 2012

DevilWAH wrote: »

I use to hate the cloud, but the company I work for is working on a cloud solution now as the service provider, and the word cloud does not do it justice!

This is the same thing as the tablet fad. Some solutions are awesome to cloudify. For example, I *love* icloud. Being able to keep my iphone, ipad, and mac book's contacts and calendars in sync across the board is wonderful. That's something that's appropriate to cloudify.

Storing all of my companies financial data on an application in the cloud? Oh hell no.

phoeneous · January 2012

I love how infosec was so buzzworthy a few years ago and now they want us to move everything outside of that lan we've been trying to fortify this whole time?!?

The cloud isn't for everyone, regardless of how awesome it looks on paper/screen. And even if you do find some productive means of using it, would you put everything on it? Negatory ghost rider.

tpatt100 · January 2012

Forsaken_GA wrote: »

This is the same thing as the tablet fad. Some solutions are awesome to cloudify. For example, I *love* icloud. Being able to keep my iphone, ipad, and mac book's contacts and calendars in sync across the board is wonderful. That's something that's appropriate to cloudify.

Storing all of my companies financial data on an application in the cloud? Oh hell no.

Yeah for me I think storing information that syncs across all of my devices is what I like the most.

DevilWAH · January 2012

Forsaken_GA wrote: »

Storing all of my companies financial data on an application in the cloud? Oh hell no.

Why not, you store you company's financial date in the cloud already, its call a Bank...

The service my company offers for cloud includes security up to and beyond government, bank and MD approved levels. Indeed you even have fully encrypted clouds where it is not possible for anyone managing the cloud to view the data, it is encrypted before it leaves your site and only ever decrypted once it it comes back.

Security is the least of your worries when it comes to a cloud service.

Whats safer, a shoe box under your bed?? or a bank vault box??

RobertKaucher · January 2012

DevilWAH wrote: »

Why not, you store you company's financial date in the cloud already, its call a Bank...

The service my company offers for cloud includes security up to and beyond government, bank and MD approved levels. Indeed you even have fully encrypted clouds where it is not possible for anyone managing the cloud to view the data, it is encrypted before it leaves your site and only ever decrypted once it it comes back.

Security is the least of your worries when it comes to a cloud service.

Whats safer, a shoe box under your bed?? or a bank vault box??

1. "the cloud" is NOT like a vault box in any way. Not all cloud services are created equally.
2. Security is of paramount importance in many cloud based services. Would the US Army be ok with a virtualized server used to process or store highly secret data being spun up in a datacenter physically located in China? I don't think so.

DevilWAH · January 2012

RobertKaucher wrote: »

1. "the cloud" is NOT like a vault box in any way. Not all cloud services are created equally.
2. Security is of paramount importance in many cloud based services. Would the US Army be ok with a virtualized server used to process or store highly secret data being spun up in a datacenter physically located in China? I don't think so.

1. "the Cloud" does not exist. any IT manager worth there salt will look at the different options, there are many cloud options out there they provide vault like cloud storage currently available, and some that provide the capability of encrypted computational resources, where the data kepted encrypted within the CPU's

2. Many government agencies already do run there IT partially in the cloud, including the military. Just because its in the "Cloud" does not mean you don't know where your date is or have control of it. If I create myself a cloud service at this moment, I can dictate what data centres it can exist in, even down to what servers it can exist on. So Right now I can provision a email cloud based service, that only uses our UK data centres, and only on the highest security server. While it may look from the out side as though the service is in a "cloud" from the management point of view a distinct area of resources have been provisioned that are separate from any other. Sitting in there own protected network, behind there own security measures. The only difference is the whole things is virtualised, so can be moved around and has resiliency.

When I say security should be the least of your worries, I mean that the people who have spent millions/billions creating these services, know that security is the first thing people require, and it is the core around most enterprise level cloud offerings. Security Visibility and simplicity are what people want with the cloud.

As you say there are many different "clouds" and they are not created equally. While a cloud from china may be OK for a personal website, its not going to be susceptible for the UK treasury. But there are plenty of solutions out there that are, I would expect the miletry or any company to do there home work before they chose a solution, even if they are hosting in there own datacenters/ server room.

it_consultant · January 2012

phoeneous wrote: »

...will get a free subscription to a punch-in-the-face-service. So sick of all these management sheep that think they're so innovative and godly by suggesting that we move to cloud. UGH!

Private Sub ihateyoucloudsheep
Do Until clue > 0
Call punch
Loop
End Sub

I have some cloud servers I can sell you. Mine are here in some datacenters in Denver. They are telecom diverse, have mulitple power sources to the buildings, diesel backups, never have to buy another physical server...

Forsaken_GA · January 2012

DevilWAH wrote: »

Why not, you store you company's financial date in the cloud already, its call a Bank...

The bank has an incomplete picture. They don't, for example, have all the PNL's, nor do they have payroll information, tax information, invoices, inventory, etc. And not all companies use a single bank for all of their needs. Alot of this information is stored in different applications that are traditionally hosted on the companies infrastructure.

These are the kinds of applications that marketing is targeting for movement to the cloud. Whereas you'd use something like the Microsoft Dynamics suite for your CRM and ERP solutions to integrate all this data, now you've got things like salesforce.com for your CRM, and even Microsoft is implementing the Dynamics suite as a SaaS product. Hell, Quicken is even doing Quickbooks as SaaS now for companies that are small enough to use that as their solution.

So while my bank may know my current balances, someone who compromises my Quickbooks account, or worse, hacks it on the providers end (or a dishonest employee helps themselves), they have a complete aggregated view of *all* my financial data.

No thank you!

Devilsbane · January 2012

One of those go to words that people really don't understand the meaning of. Sounds all nice and fancy, but that is really about it.

Another peeve of mine is how everyone seems to think we need an iphone app. Why? For some companies, sure it might be nice. But it doesn't really work with what we do. Just gonna be dollars wasted.

Turgon · January 2012

DevilWAH wrote: »

2. Many government agencies already do run there IT partially in the cloud, including the military. Just because its in the "Cloud" does not mean you don't know where your date is or have control of it.

Correct. The stock response that 'cloud' will not find uses in government, financial or military settings is myopic. If strategic leaders looking for savings believe there are benefits, ways will be found to leverage it that appease as many compliance requirements as possible.

Forsaken_GA · January 2012

DevilWAH wrote: »

When I say security should be the least of your worries, I mean that the people who have spent millions/billions creating these services, know that security is the first thing people require, and it is the core around most enterprise level cloud offerings. Security Visibility and simplicity are what people want with the cloud.

That argument is a really hard sell in the wake of the RSA hack. If a company that sells security products is so lax on it's internal security policies that it allows my data to potentially be compromised because of their product, I can't take *anyone* at their word. If you say your application is secure, you have to prove it. In this day and age, I wouldn't commit my company's vital information to a service just because someone says 'trust me, it's secure'.

networker050184 · January 2012

Forsaken_GA wrote: »

That argument is a really hard sell in the wake of the RSA hack. If a company that sells security products is so lax on it's internal security policies that it allows my data to potentially be compromised because of their product, I can't take *anyone* at their word. If you say your application is secure, you have to prove it. In this day and age, I wouldn't commit my company's vital information to a service just because someone says 'trust me, it's secure'.

Well, at some point you are trusting someone right? Whether it be an equipment vendor or contractor to set it up. How do you verify that is "secure"? I'm sure you test it. Same thing you can do with a cloud offering.

DevilWAH · January 2012

Forsaken_GA wrote: »

That argument is a really hard sell in the wake of the RSA hack. If a company that sells security products is so lax on it's internal security policies that it allows my data to potentially be compromised because of their product, I can't take *anyone* at their word. If you say your application is secure, you have to prove it. In this day and age, I wouldn't commit my company's vital information to a service just because someone says 'trust me, it's secure'.

Which is why you offer a solution where they don't have to "trust" you. Just the same as can put a usb pen in the mail to you with encrypted data, the key to which I have given you in person.

There are no worries about it getting stolen or intercepted as the only way to get the data is from one of us. The middle man, carrying the package cant do any thing with it. I don't need to trust it is secure, I know it is secure, or at least any weakness in the chain lies with me and how I have encrypted it.

One offering in the cloud market is the ability for customer to retain control of security of there data, while benefiting from the reduction in hardware costs. Believe me, those offering these services are well aware of the issues, most offer compensation in the event of a data breach that would ruin there company, both financial and in the market. So it is possible the most researched area of the cloud solutions. But by the provider and the clients

whatthehell · January 2012

jibbajabba wrote: »

Manager: We need to move into the cloud
Me: Don't think there are removal companies with an FAA license
Manager: What?
Me: Never mind, we are already 'in the cloud'
Manager: Oh really, when did that happen
Me: FRIKIN YEARS AGO

Man, it's all abou buzzwords nowadays. Sales monkeys and executives seem to think its a new thing but 'cloud computing' exists since the dark (mainframe) ages.

Really can't stand that cloud talk myself anymore.

This really sums it up! The word annoys the hell out of me too, but this quote has my ROFLing big time!

Forsaken_GA · January 2012

networker050184 wrote: »

Well, at some point you are trusting someone right? Whether it be an equipment vendor or contractor to set it up. How do you verify that is "secure"? I'm sure you test it. Same thing you can do with a cloud offering.

I have a little more faith in my ability to secure infrastructure that's behind my border. ERP/CRM/Accounting programs can be pretty easily restricted to only be accessible from my internal network or VPN, and if I screw it up, it's on my head. It doesn't matter much how many bugs or holes there are in the software itself at that point, if you can't talk to it, you can't compromise it. Obviously this doesn't protect against APT threats, or users being stupid, but that's uncontrollable anyway, and the cloud provider solution doesn't solve that either. If the users computer and password store gets compromised, then your data is in the wild whether it's hosted internally or externally.

With a cloud provider, I have no such ability to vet or validate their security scheme, and these services are internet facing by design. From a support staff perspective, a cloud solution is a black box, and those drive me nuts.

Then there's also the turnaround time to security issues. The cloud provider may not be very good about it. I can give a recent and salient example - Cisco's network-based web proxy product (I can't remember the name of it right now) did not revoke Diginotar's cert. Our IronPort appliances had the same issue for a bit, but Cisco issued an update to fix that problem in a relatively timely manner (took about 3 weeks). The network-based SaaS product? As far as I know, it *still* hasn't revoked Diginotar's cert, which makes all SSL traffic suspect. So while the internal traffic was at risk for a period of time, all the mobile clients may still be.

Am I saying cloud solutions suck across the board? No, I'm sure that some solutions are great. But it's not a solution that should be implement without a serious risk analysis accompanying it. If your company couldn't survive the total compromise of all data put into the cloud, then it's not something you should do.

RobertKaucher · January 2012

DevilWAH wrote: »

When I say security should be the least of your worries, I mean that the people who have spent millions/billions creating these services, know that security is the first thing people require, and it is the core around most enterprise level cloud offerings. Security Visibility and simplicity are what people want with the cloud.

As you say there are many different "clouds" and they are not created equally. While a cloud from china may be OK for a personal website, its not going to be susceptible for the UK treasury. But there are plenty of solutions out there that are, I would expect the miletry or any company to do there home work before they chose a solution, even if they are hosting in there own datacenters/ server room.

I agree with you that service providers do take security into consideration a lot, but you made an unqualified blanket statement that even with your qualification in the quote above I still feel is white washing the topic. I am am not directly involved in providing cloud services nor am I security expert but I regularly listen to Virtualization Security podcast on Stitcher and they regularly discuss the security issues that revolve around cloud hosted virtualization and it should be a major consideration on the mind of any person who is moving their employer to cloud based hosting. And I am talking about the entire Security CIA triad not just confidentiality (avoiding data breaches). I cannot imagine that I will ever hear anyone involved in systems that contain secret government information say, "Security is the least of my worries. My cloud provider handles all that stuff." That's just unrealistic.

Forsaken_GA · January 2012

DevilWAH wrote: »

There are no worries about it getting stolen or intercepted as the only way to get the data is from one of us. The middle man, carrying the package cant do any thing with it. I don't need to trust it is secure, I know it is secure, or at least any weakness in the chain lies with me and how I have encrypted it.

And how am I to know that you don't have a backdoor built in to decrypt? Again, not a theoretical paranoid exercise. If you'll remember last year, Dropbox, who touted the fact that everything was encrypted to your account and no one else could get at it, revealed that they did indeed have the ability to decrypt anything you sent up to their service, without your input.

Now if all you're talking about is offsite cold data storage or backup, well sure, yeah, I'm encrypting my data before it ever gets to the cloud provider. Which has extremely limited utility. Only sending encrypted data to a SaaS product is kind of pointless. I'm not going to send Quickbooks encrypted data, for example, I'm going to give them raw information. Then I have to have faith that they're encrypting their databases on the backend, and that there aren't any decryption backdoors. And I've worked in this industry long enough, dealt with enough vendors and enough products to be absolutely apalled at the number of people who are encrypting raw data, but still storing passwords in an unencrypted format.

Taking security for granted, especially when you're outsourcing it, is a roll of the dice.

vinbuck · January 2012

From a security perspective, most IT shops are already in the 'cloud' anyway. Everyone is on the Internet and just about everyone has remote access to internal assets. Unless your organization has a dedicated security team that regularly audits and tests the overall setup, then you've probably got a boatload of holes you don't know about. It only takes one compromised host of the right kind to put all your internal goodies in the "cloud"

Like it or not, if you are connected to the Internet then you are part of the cloud. And also like it or not, a server in the hosted cloud that has a dedicated security team to implement and monitor security is probably a whole lot safer than letting Joe Pro IT guy put it on a DMZ ,firewall zone or plain old NAT inside the company and then forgetting about it until his company's data shows up in WikiLeaks.

I've worked in the Enterprise/Government and now I work in a Service Provider shop and the biggest difference is that Enterprise guys don't like to admit that they might need to outsource to an expert in a particular field (Security anyone?) because that's what the IT department is for. Service providers on the other hand will farm out anything that makes financial sense so that the Network Ops guys can focus on keeping the network up 24x7 and adding new capacity/technologies.

The days of being an "expert" at everything IT are long over...there are too many niches that require an actual expert and YOU aren't it....usually

DevilWAH · January 2012

Forsaken_GA wrote: »

And how am I to know that you don't have a back-door built in to decrypt?

I don't think you understand encryption...

If I provide you a security deposit box, then I might have a master key to open it, that's true.

But if you place your valuable documents inside you own protected box with in my safety vault, with motion sensors, locks and what ever other security you want to place on it. then the fact I have a key to the deposit box, I am still unable to get to your stuff.

And that is what the enterprise solutions are offering, IF I create my own encryption key of and use that to encrypt my data, I can give you that data and there is no back door, or positivity of a back door. You can hold it you can touch it, you can copy it do what you want with it. but it will always be private to me.

Add to the fact your company's security may be run be a network engineer or two with what ever experience and budget you can afford, while a large service provider may have a multi million pound system with 10's of highly skilled staff to provide there's. And yes there are rogue staff, but what's to say you don't have one in your own company. And staff access is much more restricted and monitored in data centres than it is in more IT teams.

Public clouds such as google docs are hard to secure as access is from so many areas and by so many people. However prvt clouds such as a
SQL backend, are not so hard, as the entry points are limited to a single company. So it becomes he same as having off site data center. Like almost every large enterprise already has.

Forsaken_GA · January 2012

vinbuck wrote: »

Like it or not, if you are connected to the Internet then you are part of the cloud. And also like it or not, a server in the hosted cloud that has a dedicated security team to implement and monitor security is probably a whole lot safer than letting Joe Pro IT guy put it on a DMZ or firewall zone in the company and then forgetting about it until his company's data shows up in WikiLeaks.

Again, you're taking that on faith. Logically thinking, you'd be dead on. You're forgetting that there's money involved, and that means logic goes right out the door. You're making a very dangerous assumption that a cloud provider has a dedicated security team and that they're adequately trained, or at least better trained than your own people.

Then there's the fact that going with a well known cloud provider if you're a small relatively unknown shop will actually *raise* your threat profile. That's obviously not something to base the entirety of your decision off of, as it's another form of security through obscurity, but it can be a factor.

Security is an issue no matter what solution is implemented, and I'm not trying to say that you're going to have better security automatically by keeping it in house. What I *am* saying is that the opposite is not true - you are not going to automatically have better security by cloudifying your infrastructure, and that's the implication that I seem to be hearing. Any company which dismisses security concerns because they're outsourcing it to the cloud is making a grave mistake.

Forsaken_GA · January 2012

DevilWAH wrote: »

I don't think you understand encryption...

Really? This will be fun.

And that is what the enterprise solutions are offering, IF I create my own encryption key of and use that to encrypt my data, I can give you that data and there is no back door, or positivity of a back door. You can hold it you can touch it, you can copy it do what you want with it. but it will always be private to me.

This depends entirely on the application. In a SaaS model, this doesn't necessarily apply.

Follow me here -

If I'm using Quickbooks online to run my businesses financial data, then I have to give them data. Ok, let's say I give it to them encrypted. Do you know of any application on earth that can parse and act on encrypted data? No. In order to actually use that data, it has to be decrypted. And if you think otherwise, then I'd say you're the one that doesn't understand how encryption works. So in some applications, the provider has to be able to decrypt the data, and as soon as they've done that, your data is no longer securely in your, and only your, possession.

Once again, if the only scenario you're talking about is data warehousing, then you are 100% correct. That's hardly the only cloud application that's being touted these days, however, and the second you move from data warehousing to data processing, your encryption no longer provides the absolute bulwark you think it does.

vinbuck · January 2012

Forsaken_GA wrote: »

Again, you're taking that on faith. Logically thinking, you'd be dead on. You're forgetting that there's money involved, and that means logic goes right out the door. You're making a very dangerous assumption that a cloud provider has a dedicated security team and that they're adequately trained, or at least better trained than your own people.

Then there's the fact that going with a well known cloud provider if you're a small relatively unknown shop will actually *raise* your threat profile. That's obviously not something to base the entirety of your decision off of, as it's another form of security through obscurity, but it can be a factor.

Security is an issue no matter what solution is implemented, and I'm not trying to say that you're going to have better security automatically by keeping it in house. What I *am* saying is that the opposite is not true - you are not going to automatically have better security by cloudifying your infrastructure, and that's the implication that I seem to be hearing. Any company which dismisses security concerns because they're outsourcing it to the cloud is making a grave mistake.

Who says I'm taking it on faith? Just because I'm choosing to outsource something in the long run doesn't mean I won't perform my due diligence in the short term and verify that a company is capable of providing what they advertise. If they don't measure up then they don't get the contract. That also doesn't mean that I won't check in at intervals just to ensure the quality of service and expectations are the same 2 years down the road as they were at the inception of a project.

NOC-Ninja · January 2012

The management is trying to save money so that they can have a bigger bonus. Most not all but MOST management doesnt know anything about technology or knows about technology but does not keep up with it. So by saving money for the company, they put the company at risk.

Old article about govt moving IT to the Cloud
Obama Administration Moving IT to the Cloud; Closing 100 Data Centers - News24 | NewsDigest24.com

Whats the big deal in saving money if we can print some more?

The next person that talks about the stupid cloud...

Comments