The next person that talks about the stupid cloud...

Forsaken_GA

vinbuck wrote: »

Who says I'm taking it on faith? Just because I'm choosing to outsource something in the long run doesn't mean I won't perform my due diligence in the short term and verify that a company is capable of providing what they advertise. If they don't measure up then they don't get the contract. That also doesn't mean that I won't check in at intervals just to ensure the quality of service and expectations are the same 2 years down the road as they were at the inception of a project.

Sure, for projects you're personally involved in, I have no doubt. I'm the same way.

However, the portion I quoted and responded to, you were generalizing. You stated the cloud provider is probably a whole lot safer. That's what I'm taking issue with.

vinbuck

Forsaken_GA wrote: »

Sure, for projects you're personally involved in, I have no doubt. I'm the same way.

However, the portion I quoted and responded to, you were generalizing. You stated the cloud provider is probably a whole lot safer. That's what I'm taking issue with.

I think you're actually reinforcing my point. Those IT shops that recognize the need to outsource and do the proper vetting will probably be safer. An IT department that outsources and doesn't go through the vetting process with the vendor is the same IT shop that's gonna set it and forget it - which means they are less secure any way you slice it. Thus, I hold to my original point - a cloud provider that has a proven, dedicated security team is probably doing a better job of securing it than the average IT department with a bunch of server guys that happen to know something about security.

I think there also needs to be a delineation between the cloud and the Internet (this is more of a general thread comment and not aimed at you in particular) - they are used very interchangeably, but as a provider, I can put you into an MPLS cloud without putting you on the "Internet" if that's what is needed. I have no doubt many of the "cloud" solutions that require higher levels of security are riding carrier infrastructure but not on the Internet.

Forsaken_GA

vinbuck wrote: »

I think you're actually reinforcing my point. Those IT shops that recognize the need to outsource and do the proper vetting will probably be safer. An IT department that outsources and doesn't go through the vetting process with the vendor is the same IT shop that's gonna set it and forget it - which means they are less secure any way you slice it. Thus, I hold to my original point - a cloud provider that has a proven, dedicated security team is probably doing a better job of securing it than the average IT department with a bunch of server guys that happen to know something about security.

Well, you're entitled to your opinion. That's a little too cavalier for my taste. I've seen far too many examples of server guys who know a thing or two that quietly shore up problems that management isn't aware of, or ones that they create with business decisions, and save the day.

On the flip side of that, I've seen behind the curtain and had direct experience with a security team that was billed as dedicated and proven whose members repeatedly escalated security events that they caused, without realizing it. Out of respect for my former co-workers, I'll say no more.

I don't like dealing in generalities.

vinbuck

Forsaken_GA wrote: »

Well, you're entitled to your opinion. That's a little too cavalier for my taste. I've seen far too many examples of server guys who know a thing or two that quietly shore up problems that management isn't aware of, or ones that they create with business decisions, and save the day.

On the flip side of that, I've seen behind the curtain and had direct experience with a security team that was billed as dedicated and proven whose members repeatedly escalated security events that they caused, without realizing it. Out of respect for my former co-workers, I'll say no more.

I don't like dealing in generalities.

I guess it all depends on your frame of reference/experience and as a former server jockey turned Network Engineer, I've seen far too many compromises in 12 years on security from other internal IT professionals due to lack of time, project deadlines, lack of knowledge, politics, etc to believe that the average IT shop is relatively secure. IT is often stretched too thin and proper security is going to be more work to provide the same user experience/accessibility - which usually means it gets the hatchet more often than any other area.

I will agree with you on two points

1) Not all security teams are created equal and some are just for management "show and tell."
2) If someone without a solid technical grounding is making the decisions about outsourcing without serious input from the resident geeks, then bad things happen. Those projects suck to the Nth degree.

Forsaken_GA

vinbuck wrote: »

I guess it all depends on your frame of reference/experience and as a former server jockey turned Network Engineer, I've seen far too many compromises in 12 years on security from other internal IT professionals due to lack of time, project deadlines, lack of knowledge, politics, etc to believe that the average IT shop is relatively secure. IT is often stretched too thin and proper security is going to be more work to provide the same user experience/accessibility - which usually means it gets the hatchet more often than any other area.

Yeah, it varies from company to company, and every situation is different. Last year was a banner year for high profile hacks, so folks have started to stand up and take notice. Part of the problem is that as security has become a hot jobs area over the last few years, it's been flooded with people looking to change careers, much like alot of areas of IT. And the bottom line is that most security people suck. Your average security analyst at your average solutions provider is basically your tier 1 helpdesk guy at an ISP. They're stat monkey's who just click buttons in whatever SIEM product the company has bought or developed. Unfortunately, by the time it makes to the SIEM system and someone actually notices it, it's already too late to avoid a compromise, and this comes from years of code monkeys not taking security seriously either. And then there's the fact that it took 10+ years for the worlds most widely deployed operating system to take security seriously....

This will change. It has to, otherwise companies aren't going to survive. Until then, however, I will remain a paranoid isolationist when it comes to IT infrastructure.

networker050184

Forsaken_GA wrote: »

This will change. It has to, otherwise companies aren't going to survive. Until then, however, I will remain a paranoid isolationist when it comes to IT infrastructure.

I think that sums up your point of view on the whole subject!

demonfurbie

i tired to explain what "the cloud" was to my 6 year old (he asked) it went something like ...

me: well its when you have part of our computer network not at the office

him: daddy havent you already been doing that

me: yes

him: thats stupid it doesnt look like a cloud it looks like wires

me: we call it hosted server

him: i like your name better

Slowhand

Is it wrong that every time we have one of these threads venting frustrations over 'the cloud', I see this image in my mind?

Turgon

networker050184 wrote: »

I think that sums up your point of view on the whole subject!

Regardless of points of view, nobody on this forum pays for a single piece of infrastructure in the organisations they work for. We will do what we are told to do commercially, or institutionally if you work for the government. Strategy and policy will be defined by head office or the government and the techs will comply.

DevilWAH

Forsaken_GAReally? This will be fun.



This depends entirely on the application. In a SaaS model, this doesn't necessarily apply.

Follow me here -

If I'm using Quickbooks online to run my businesses financial data, then I have to give them data. Ok, let's say I give it to them encrypted. Do you know of any application on earth that can parse and act on encrypted data? No. In order to actually use that data, it has to be decrypted. And if you think otherwise, then I'd say you're the one that doesn't understand how encryption works.

OK for real security you have securecryptoprocessors. although not generally used in data center environment, these can decrypt and encrypt data with in the physical CPU out of site of any one trying to access the data. Aimed at the military and financial institution.

So in some applications, the provider has to be able to decrypt the data, and as soon as they've done that, your data is no longer securely in your, and only your, possession.

Yes you are right for common commercial applications, but the cloud does not have to just include SaaS, virtulised resources are just as common, allowing bespoke applications to be run. You talk about quickbooks. I don't consider that a financial product, the Financial banks I work with are looking to move there stock-market trading infrastructures to the cloud. If people such as that who are moving billions of pounds worth of assets to the cloud. It makes me fairly confident they are happy it is secure.

you can still achieve good security with applications that receive encrypted data streams, and carry out decryption and encryption in line, a method many financial applications use already, for the very purpose of insuring that the IT geeks in the data centres are unable to see the financial data on the system.

Banks already miss trust there internal staff enough and have taken steps to address them, no bank will put its data in to 3rd party hands with put being 100% sure that it is still there data.

Reseven

Trifidw wrote: »

Cloud is on my imaginary list of tech words I can't stand. Along with sync.

Wow. Those are the 2 I can't stand as well. I was just cursing to myself the other night about sync!!!

Great minds think alike!

demonfurbie

Reseven wrote: »

Wow. Those are the 2 I can't stand as well. I was just cursing to myself the other night about sync!!!

Great minds think alike!

another one that bugs me is "open"


if its so open why do i have to pay to use it

bigdogz

I hate the "C" word as well. People forget the term "Hosted Services" or "Hosted Solutions". Now there are certifications for the C word!!!??

I work for an ISP. We do everything from a fully managed hosted solution which may include managing and securing your network in a mesh topology to a collocation or (Co Lo) in which case we give you a rack, redundant power, and a pipe. The rest is on up to you, the customer.
As a service provider we tend to help these customers when they are trying to resolve some issues such as server, router, switch, firewall, or application. If we spend more than an hour we charge them.
If they get hacked depending on the severity we black hole them until they fix there issue(s). No need for a phone call or a knock on the door from the FBI. We perform tests on our own after the fact to make sure everything is OK which may include pen testing. Knowing the customer's environment and how it works is essential to resolving their issues. Sometimes it involves re engineering their environment because there is no thought behind scalability or bandwidth.

[Deleted User]

If only we could all synergistically collaborate about cloud services.

blargoe

I have guys now calling everything "the cloud". Us hosting our mailboxes at our parent company is "the cloud". I guess if they can't see it, it's the cloud.

ccnxjr

blargoe wrote: »

I have guys now calling everything "the cloud". Us hosting our mailboxes at our parent company is "the cloud". I guess if they can't see it, it's the cloud.

I believe as technicians *WE* would prefer the term "High Availability Cluster".
"the cloud" might be a good way of explaining to a lay person when you don't want to get into the details of a thing.
(Either because it would take too long to explain the nuances, or they simply don't know how it works :P )
That's how I see it, even in school, when we were discussing a very specific aspect of technology, that connects to another technology but getting into the details would be detract from the topic, we draw a cloud to signify "Don't get caught up in the details here, you can research what happens here on your own time" .

NetworkingStudent

I think the cloud is the way of the future, but isn’t cloud just either a data center, virtualization solution, or a combo of both? (Forgive me, because I know someone said this already)

I think cloud storage is huge especially with companies that can guarantee lots of storage, and only charge for what you use..

Dell Compellent - Introducing Fluid Data

I attended a local ISSA meeting and it looks like security could go to the “Cloud”. Several new trends point to sending suspicious acting programs to a cloud type lab, instead of looking just for signatures.

http://www.youtube.com/watch?v=RNs8-zWsxak&list=UUmb3AN9RMv4NZslyIsdI-Bg&index=1&feature=plcp

What Is Next Generation Threat Protection | FireEye, Inc.

Videos & Demos | FireEye, Inc.

What does everyone think of Office 365?

Webmaster

NetworkingStudent wrote: »

I think the cloud is the way of the future, but isn’t cloud just either a data center, virtualization solution, or a combo of both? (Forgive me, because I know someone said this already)

The answer to your question is sort of in your question already: oversimplified, a cloud is used to describe or depict something of which you don't know exactly what it is. That's probably why it works so well as a marketing tool I drew clouds in network diagrams over a decade ago already, frame relay clouds, VPN clouds, clouds called Internet or Intranet, and other network areas that were treated somewhat like blackboxes from our perspective or in a certain context. Cloud marketeers indeed often point out features/benefits that belong to services within 'their' cloud (in the hyped version of the word), services that have been around for a while, or a "combo" of them.

phoeneous

xmalachi wrote: »

If only we could all synergistically collaborate about cloud services.

Yeah, see what I started?

Great discussion though!

[/and the reps just started pouring in]

PC509

What about the CEO that wants all their data "in the cloud", then realizes that it is a lot slower than when they had it in their offices.... Could be the T1 for 200 users that is limiting speeds... Maybe... I think that there is a lot of misinformation out there. For one, it is marketed as being faster and more reliable. This can be true, but it is still limited by your weakest link - usually your WAN connection. If it drops and you don't have redundancy, you're dead in the water. If it is slow, you're slow. I don't trust the infrastructure enough to put everything "in the cloud". Especially on a rainy day and it all comes crashing down.

vinbuck

PC509 wrote: »

What about the CEO that wants all their data "in the cloud", then realizes that it is a lot slower than when they had it in their offices.... Could be the T1 for 200 users that is limiting speeds... Maybe... I think that there is a lot of misinformation out there. For one, it is marketed as being faster and more reliable. This can be true, but it is still limited by your weakest link - usually your WAN connection. If it drops and you don't have redundancy, you're dead in the water. If it is slow, you're slow. I don't trust the infrastructure enough to put everything "in the cloud". Especially on a rainy day and it all comes crashing down.

Any CEO who orders all company data to be put into the cloud and it gets executed over a T-1 should fire the Network Planner/Designer

Hell T-1s are even considered antiquated here in Mississippi

demonfurbie

vinbuck wrote: »

Any CEO who orders all company data to be put into the cloud and it gets executed over a T-1 should fire the Network Planner/Designer

Hell T-1s are even considered antiquated here in Mississippi

t1s are nice as a backup connection ot for voip overflow

vinbuck

demonfurbie wrote: »

t1s are nice as a backup connection ot for voip overflow

So is my Comcast home internet connection that is 32 Mbps down/3Mbps up for 60 bucks a month

On a serious note, I would probably aggregate several cheap internet connections before using a T-1 unless I had no other choice.

phoeneous

vinbuck wrote: »

Any CEO who orders all company data to be put into the cloud and it gets executed over a T-1 should fire the Network Planner/Designer

Hell T-1s are even considered antiquated here in Mississippi

Not everyone can afford fiber

Not all isp's provide ethernet

vinbuck

phoeneous wrote: »

Not everyone can afford fiber

Not all isp's provide ethernet

There are many copper solutions that aren't T-1 such ase HDSL4 or SHDSL using EFM technology (basically Ethernet over telco copper)

The original poster was talking about VOIP which sits in Layer 3 so as long as you're on an IP network it doesn't matter what layer 1/2 are as long as the performance meets your specs.