The Cloud: part 2

The Cloud: what’s in it for me?

Part 2 of our Introduction to the Cloud (see part 1 here).

Cloud computing is here to stay, at least for the duration, and with the internet getting faster, the Cloud is still getting bigger. To make the best decisions about what this means for your business, you need to understand what’s on offer and how it works. There are three main cloud service areas:

Software-as-a-service (Saas)
Instead of purchasing boxed software and licenses, you sign up for online access to it and pay a subscription based on usage or the number of users. This bit of the Cloud is making a big impact on small and medium-sized businesses – most services of this kind let you increase or decrease your package month by month, so they offer real flexibility when compared to buying extra licenses or upgrades.

Infrastructure-as-a-service (Iaas)
Rather than making a capital investment in servers and network equipment, you can subscribe to a service and pay according to the amount of resources your network consumes. The scale and cost of this kind of Iaas services make it more useful for large enterprises, but many small business are tapping into Iaas through their website hosting arrangements.

Platform-as-a-service (Paas)
This covers the operating systems, software, and anything else needed to run (for example) web, database or email services. Pricing models vary, but many are subscription-based. CRM software packages like Salesforce.com and SageCRM are good examples of platform-as-a-service, as is IP telephony (VOIP).

There are obvious advantages to a lot of this, but before deciding to migrate any of your business process to the Cloud, it’s a good idea to understand what you have at present, what you need, and what’s out there. You’ll want to assess potential pitfalls as well as potential advantages, before making a decision.

On the plus side
On the plus side, information that’s stored remotely on a massive server is much less vulnerable in, for example, a local crash. Cloud services can be accessed any time from any computer, so long as it is connected to the internet – And with many of them you download an app so you can work locally, offline.  Lots of network technologies like Outlook Web Access and Terminal Server are already available like this; the Cloud is widening it out and putting it in reach of smaller enterprises and home users.

By working on a subscription model, cloud computing has the potential to lower capital costs – because you’re not investing in hardware – and to improve cashflow by being a predictable monthly outgoing, rather than involving expensive upgrades.

It’s also flexible. Most Cloud-based services operate on a pay-per-user-per-month basis; there is no lengthy contract to bind you something you no longer need. You can increase or upgrade services quickly and temporarily, so you can be completely responsive as your business expands or contracts. For small enterprises this can make project-based work more profitable, or even possible.

But on the other hand…
Cloud computing cannot work without the internet. If your internet connection fails, or if a Cloud-based provider goes down, you will be left with no access to files unless they’re also stored locally. You still have to back up, and have a contingency plan.

With the massive expansion of the web and its functions, new security holes open up all the time. Keeping users’ information safe is a massive priority for reputable providers, but it still pays to ask: how vulnerable is your data to being ‘mined’ or otherwise inappropriately accessed? How much data are cloud companies collecting, and how might that information be used?

Once you decide to stop a Cloud-based service, who actually owns and controls your data? Is it being stored in compliance with UK data protection laws? Can you get it back? How can you be certain that the service provider will destroy your data (after you’ve retrieved it, of course) once you’ve canceled the service? It’s important to read the small print.

In short, with the Cloud as with everything else, it’s important to do your homework before making any changes to your service provision. Some services may look good, but your business may not really need them. Think about how you work, what your actual problems are, and what’s working great just as it is. Weigh up the pros and cons of each service and decide what will work best for your business.

Migrating your functions to the Cloud is not all or nothing proposition.  Some services may change so they only exist as cloud-based options, but for others there will be alternatives. Moving everything – becoming completely cloud-based – probably won’t be the most practical step, either strategically or economically. Many small businesses take advantage of Cloud computing selectively, for example, by moving anti-virus and backup to the Cloud, or by subscribing to a cloud software service instead of buying a boxed software upgrade.

If you find that some aspect or aspects of your business will work better in the Cloud, make it as strategic a change as any other change. Make sure you have a transition plan, ensure that everything is backed up and that you have full access to your information, and have a Plan B in case it turns out not to be what your business needs.

Who is watching you?

Who is watching you?

One thing we’ve been thinking about a lot lately is the way in which you’re never alone on the internet. Whatever you are doing, digitally (and yes, your loyalty card is digital), you’re being watched, tracked, and data-harvested. Various aspects of this pop up all the time: from cookie permissions that you have to tick to get to the page, to  the ubiquitous targeted ads, to the recent development of polite requests to turn off your ad-blocking plugin, we are constantly reminded that our job is to be consumers.

As Madhumita Venkataramanan wrote last year in Wired magazine:

Even as you’re reading this — you may be sedentary, but your smartphone can reveal your location and even your posture — your life is being converted into… a data package; once it has been compiled into lists (interested in technology, subscribes to magazines, probably male, professional, high earner) by intermediaries known as data brokers, it’s sold on to data aggregators and analysts and eventually any company. Ultimately, you are the product.

This is a common statement about social media. No less august a body than the EU itself recently issued a warning: ‘Leave Facebook if you don’t want to be spied on‘. They were talking not about shopping, but about the American NSA gathering data from citizens of other countries in the name of security. And America isn’t the only country that’s doing it. Web journalist Jacob Silverman coined a phrase – ‘open-source intelligence‘ – to describe how ‘secret services around the world’ are ‘mining social media and other public forums’ for data – data which we, all of us, rush to provide.

Janet Vertesi, an expectant mum, conducted an experiment: she would try to keep her pregnancy secret from all the online marketers. Her marker of success was never to have an ad for baby or pregnancy goods  targeted at her. She quickly found out that was going to be even harder than it sounded, ‘given how hungry marketing companies are to identify pregnant women‘. Suffice to say that when she bought gift vouchers with cash one time too many, for buying things anonymously online,  she ended up being threatened with the police.

For months I had joked to my family that I was probably on a watch list for my excessive use of Tor and cash withdrawals. But then my husband headed to our local corner store to buy enough gift cards to afford a stroller listed on Amazon. There, a warning sign behind the cashier informed him that the store “reserves the right to limit the daily amount of prepaid card purchases and has an obligation to report excessive transactions to the authorities.”

But what difference do your details make to anyone? There are millions of us – surely little old you can’t be that special. Vertesi’s link, above, is a chilling description of how minute the retailers’ interest in you is. John Naughton,  in the Guardian, explains how you can see it in action for yourself:

If you want to get a sense of what drives this, install theGhostery plug-in for your browser and then go and visit some of the sites you normally access. I’ve just looked up one at random – reed.co.uk, which describes itself as “the UK’s #1 job site”. It has 10 trackers at the landing-page level, but when you search for particular jobs in a particular location the number of trackers explodes. A search for “software architect” in Cambridge, for example, produces a page with 28 trackers.

There are various steps you can take to minimise your trackability.  You can tick the ‘surf anonymously’ box in your browser – but if your browser is run by a large search engine, you might wonder whether it’s really in their interests to make you truly anonymous. You can install AdBlocker or another ad-blocking browser plugin. But websites are catching onto this. We admit that we were charmed by the beautifully graphic haiku someone had thought to write for the Forbes website, but it also shows how very much they want you to let the ads in. In any case, blocking ads solves only one problem. Just because you can’t see it doesn’t mean they’re not doing it.

If you feel that simply logging out of Google isn’t quite a robust enough step, you can use a browser that doesn’t track any of your activities. Try Tor or DuckDuckGo.

And if none of this feels like enough, you can always just get rid of all your loyalty cards, pay only cash for goods, and stay completely off the web.

Good luck with that.

Web security: don’t be shellshocked

For years, it’s been assumed that Windows-based PCs were at risk of security threats, and that Linux and Mac systems were safe, because not enough people used them to make aiming viruses at them worth the scammers’ time. But the new dangers are not viruses – they’re weaknesses in web systems that all computers use. It’s this that gives them such a potentially huge impact.

The three recent security flaws to hit the news are just little corners of systems left unsecured when they were developed. The web has changed so much, in terms of both how it’s coded and how we use it, that weak spots develop as new capability develops around them.

Heartbleed was the first of the new weak spots to be discovered. It attacks the SSL algorithms that make financial data secure on the internet. Basically, it meant that websites with the hyper-secure ‘https’ prefix – the ones we use for pushing our money around the place – had a small window open in the basement. Heartbleed compromised, potentially, the users of over half a million websites, including online banks and shopping outlets. The fixes began the instant the flaw was discovered, but they are still ongoing.

The best advice we can offer is to check with all the websites you send sensitive information through – all those with ‘https’ at the beginning – and see that they’ve patched their server. Then change your passwords. To find out more, read these articles in CNET, Business Insider and Vox.

Shellshock is a flaw in the Bash shell, which is essentially the Linux or Unix equivalent of the Windows command prompt. This is a pretty basic element of the operating system; Bash has been around for over 25 years and is extremely widely used in the Linux community. The good news is this one doesn’t impact on Windows computers, but the bad news is that many of the devices that provide security defences for networks, such as firewalls, are vulnerable – along with websites. Many of these have already been patched, but businesses should check with their providers.

There are informative articles on CNET, Business Insider, and Vox.

BadUSB is the most recent flaw to emerge in the news, and it gets us where it hurts – in our phones. It’s centred on code that underlies the ubiquitous USB protocol, which malware can search for and attach itself to, only to wreak havoc when the device is plugged into another computer – your laptop, say, or a colleague’s PC. Signs are that this is an open door that can be exploited easily, and would give attackers the ability to access data on a system that’s connected to a USB. At the moment nobody really knows how to fix it, and as we all know, USB devices are everywhere. Our best advice at this stage is to limit your USB use wherever possible, especially of devices with a memory component. And remember that most devices have memory these days.

To learn more, see Business Insider and Wired.

We work hard to provide all our clients with the best possible web security. If you’re not sure yours is up to the mark, get in touch.