Seagate recently announced a new hard drive that can store up to 10TB of data on a standard 3.5″ hard drive designed for consumer-class devices, raising the bar by two terabytes from their previous models. If you are having trouble visualizing how much data that is, think of it in these terms: A single terabyte (1000 gigabytes) is equivalent to 1400 CD-ROMs of data, 2000 hours of CD-quality audio, 27,000 36mb photos (super high-res), or 85 million Word documents. And that’s just a tenth of this hard drive’s capacity. For large companies, 10 terabytes might be a number that was surpassed a few years ago (depending on the nature of their work), but the average home computer user rarely amassed more than 1-2 terabytes of data, even with lots of photos, music and backups.
What this means for you:
Unfortunately, hard drives are like closets, attics and rental storage: they will fill up with stuff, and at some point, it becomes nigh impossible to find the thing you are looking for without digging through a ton of old, mostly useless stuff. Unlike physical storage, hard drive storage is becoming increasingly easy (and cheap!) to expand. You don’t even need to buy hard drives if you don’t mind storing stuff “in the cloud” (which is just a bunch of hard drives somewhere else). Software is improving constantly to help us sort through this mountain of data, but the one technology that is still struggling to keep up with exploding data sizes are internet speeds, and accordingly, offsite backups are affected. On an average consumer broadband connection whose upstream maxes out at 5 megabits/second, backing up a single terabyte of data would take over 500 hours, and that’s at optimum speeds! If you happen to be one of the lucky few that have something like Google fiber, you could theoretically backup that same amount of data in 2 hours, but only if your backup service could even sustain that transfer rate (insider tip: it can’t). Long story short: just because space is available, don’t fill it up without some solid planning. Determine what data needs backing up and what you could easily replace. Examples of the latter include downloaded music, videos or audiobooks, applications and local copies of photos that are stored in the cloud.
Image courtesy of Stuart Miles at FreeDigitalPhotos.net
The cloud icon has been used to symbolize a larger, connected network in technology diagrams for at least 30 years, so it’s not hard to imagine how the concept has migrated to its modern context: a collection of inter-connected computing and storage resources that can be shared amongst multiple services that can scale up and down as needed. If you are of a generation that recalls mainframes, mini-computers and batch runs (today’s PC is actually a “micro-computer” in the vernacular of the mainframe age), it’s a similar concept, except that instead of a single, gigantic device, the mainframe is now an array of CPU’s, storage devices and network interfaces spread across multiple locations and interconnected by the internet. If your understanding is still amorphous, you have creeping semantics to blame for that as well – the term “cloud” has become synonymous for internet-based resources, which can lead to plenty of confusion and debate about privacy, resilience and security.
Clear skies or storm warning ahead?
Just as being able to tell the difference between thunderheads and fluffy cumulonimbus can help us make decisions about grabbing the umbrella or sunglasses, understanding what is “cloud-based” or “hosted” or “virtualized” (or all three) can help you make informed decisions about what services and resources you utilize for your organization’s technology needs. As “cloud-based” has become something of a marketing hobby-horse that is frequently used out of context, it may be very hard to understand how the “cloud” comes into play in any given offering, if at all. If the “cloud” is mentioned to denote omnipresent resources or availability, it may be worth investigating whether this claim has any substance. Is the company or service in question making use of Amazon’s Web Services or Microsoft’s Azure platform? Those are examples of true cloud-computing platforms – very large endeavors and companies use services like these to power their own services and apps. Is your website or email “in the cloud” or is it “hosted”? For casual conversation, it doesn’t really matter (what matters is you don’t have a server on premise to manage anymore!), but it may be important make that distinction when it comes to evaluating your own organization’s technology security and resilience, especially if you are required to maintain compliance with industry regulations or federal laws.
Image courtesy of Vichaya Kiatying-Angsulee at FreeDigitalPhotos.net
Several clients learned some hard lessons this week. First and foremost, no one is immune from malware, no matter how much money and time is invested in security. If you still don’t believe this, you might be surprised to know that the White House was hacked recently. Granted, I made fun of government-run websites and their pitiful security, but one has to imagine that the Secret Service takes POTUS security very seriously, and yet Russian hackers seemed to be able to access sensitive information by fooling someone through a phishing email. Yes, email. That indispensable tool that we can’t live with and can’t live without. While we are frequently the agents of our own demise (surely this email from this overseas lawyer about a long lost inheritance is real this time), we can also be the agents of our own salvation as well.
Let me testify!
Above all, stop opening attachments sent via email, and likewise, look for ways to stop sending attachments via email. There are tons of secure file sharing options out there (keep in mind we don’t consider the free Dropbox among them…yet), but as long as the business world continues to rely on attachments to get things done, cyber criminals will exploit your willingness to open things sent to you via email. Resist the urge to open attachments even if you recognize the sender, and verify via phone if they indeed sent the attachment. Here’s an important clue: financial institutions, law enforcement, government agencies and just about any large consumer-serving company will not send you an attachment in order to get you do something or notify you of important information. FedEx nor UPS do not send you delivery confirmations as attachments. Neither your bank or credit card company will send you an attachment asking you to open them. If you receive what you believe to be a legitimate attachment from a company with which you do business, call them to verify they sent you that file. Ninety-nine times out of one hundred, they did not send that file. I guarantee that you will receive emails that look and read 100% legitimate, but will in fact be clever attempts to trick you into nasty malware infection. Even the best anti-malware software won’t be 100% effective all the time. The criminals who send you attachments anticipate you have some form of protection installed, and their payloads are designed to turn that “foot in the door” into a full-scale home invasion, anti-malware or no.
The best management coaches say to always pair a “stop doing this” with a “start doing this”. Are you backing up your data? If not, you need to start, right now. If you are, have you checked your backups lately? Tried restoring a file? Are your backups stored offsite? One of the clients mentioned above was thoroughly decimated by the infamous cryptolocker malware. Not only did it take out a principle workstation and all data, it also kidnapped their server data and mangled their backups, primarily because they were onsite and not designed to go back more than a week before being overwritten. Cryptolocker is infamous for hiding out for days before making its presence known, precisely to destroy local backups in this fashion. If you are using proper offsite backups, either through rotating media offsite manually or by using a cloud-based platform, this form of infection is annoying but survivable. Do yourself a favor and review your backup strategies immediately!
Image courtesy of Stuart Miles at FreeDigitalPhotos.net
In the ever-escalating cloud services arms race, Microsoft just trotted out a whopper of a one-up over just about everyone in competition: Microsoft’s OneDrive VP just announced on the OneDrive blog that all Personal, Home and Education Office365 subscribers will have access to unlimited cloud storage for no additional cost. Lest you feel left out in the cold, business subscribers, Microsoft has plans to extend your storage in a similar fashion in 2015. All a part of its master plan, Microsoft envisions a future where everything is done in the cloud, and they want to make sure you are firmly rooted in their ecosystem.
What this means for you:
Before you rush off to move all your files to the cloud as Microsoft suggests, you should consider the implications. Cloud storage of any type is a double-edged sword: on the one hand, once you get your data uploaded, you can (supposedly) stop worrying about mechanical failures, such as hard drive crashes and sending your USB thumb drives through the wash. Another great benefit is your data is essentially accessible from anywhere on the internet. Setting up technology to provide this type of of service is not trivial. Even when you are as big as JP Morgan, it’s still possible to misconfigure your servers, so having a provider who is (probably) an expert at this is better than trying to do it yourself, especially if your company can’t afford a full-time IT professional.
On the other hand, your data is now stored on hardware (and a service) over which you have very little control, and which requires an internet connection. There is also the possibility that your data could be accessed without authorization, either by hackers who manage to penetrate the services security, or by the provider itself, who may be subject to government subpeona, or even by a provider employee with malicious intent.
Given the two sides of this very sharp sword, one must make a reasoned decision about whether to employ cloud storage as part of your technology profile. The most important factor will be the type of data you are planning to store: if any of the alphabet-soup laws apply (HIPPA for example), you may be severely limited in what you can legally store on a cloud-based service. Even if the laws don’t seem to directly apply, consider the consequences if any of your data were to be exposed on the internet for anyone to see: would it be damaging to your business or your clients? If so, you may want to rethink whether the cloud is ready for you.
Though no comment has been forthcoming from Apple yet, the mainstream press has been awash in reports that dozens of Hollywood celebrities had their iCloud accounts hacked over the Labor Day holiday weekend and, as you might have guessed, explicit images and videos have surfaced on the internet. News of the breach first surfaced on infamous website 4Chan where an unidentified individual offered to share the explicit material in exchange for bitcoin donations. Representatives for some of the celebrities confirmed the legitimacy of the material, and threatened legal action against both the hackers as well as the various websites where the the photos and videos started appearing. As of now, authorities are still trying to identify the party or parties responsible.
What this means for you:
Despite the numerous, very public incidents of famous people taking explicit photos of themselves and reaping the consequences (good or bad), everyone – famous and not – continues to underestimate the weakness of technology security on mobile devices and cloud platforms, as well as the fact that erasing a file on your smartphone does not necessarily equate to destroying it permanently. Both iOS and Android devices are designed to upload any photos or videos you take with your device to their respective cloud storage platforms, ostensibly to back them up in case of device loss, as well as to facilitate the ability to share them via the internet. What most don’t realize is the default for both platforms is to allow this, and you have to pay attention when setting up your device at the very start to disable this functionality. If you quickly punch “OK” through this process, you can easily miss this very important setting.
As always, if you need to store important information must remain confidential, cloud storage (iCloud, Dropbox, OneDrive, Google Drive, etc.) is a very high-risk option that should only be considered with eyes wide-open to the worst-case scenario. The terms of service/use for most of these platforms indemnify them from these types of breaches, so if even if your information was leaked through no personal fault of your own (as might be the above mentioned hack), it’s highly unlikely you will be able to hold anyone accountable aside from yourself.
Dell, on the tail-end of a dismal earnings report that failed to meet Wall Street’s expectations, has been busily diversifying its product offerings in the face of flagging PC computer sales. The fruit of one of those diversifications is coming from Dell’s recently purchased WYSE division, a manufacturer known most prominently for their thin-client platforms, in the form of an extremely small thin-client that can be plugged directly into the HDMI port of late-model monitors and TV’s to create a “computer on the go.” Dubbed “Ophelia” this device is just slightly larger than a USB flash (nee thumb) drive, and will run the Android 4.0 OS natively, but can also hook into virtualization platforms from industry standards VMWare, Citrix and Microsoft. Expected to arrive in July for developers and the general public this Fall, Ophelia is expected to cost approximately $100.
What this means for you:
More and more businesses are turning to virtualization and cloud-based resources, one of many factors that is contributing to Dell’s weakening PC sales. The purchase of WYSE was a shrewd move, assuming this trend continues, and we don’t see a rebound like the industry saw in the 80’s with it’s first romance with the client-server model. Unlike the first go-round with client-server technology, today’s thin clients are more than powerful enough for the average knowledge worker’s needs while still being easier and cheaper to maintain than a fleet of standard desktops. The move to ultra-portable seems to be a natural next step, given the modern workforce’s growing acceptance of mobility, and may be a much-needed shot in the arm for Dell.
Should you go out and buy one? At $100, it may add another layer of sophistication to your fancy LCD big-screen in the living room, or add a valuable and extremely portable resource to your traveling business kit. It’s still way too early to tell, but basing it on Android will give the device a solid app eco-system that will hopefully prevent it from being just another addition to the drawer of lost technology toys.
Yesterday, the internet experienced a moment of apocalypse angst when Gmail users around the world (including C2) experienced a variety of issues getting email. Lasting roughly 40 minutes, users experienced complete outages, slowness and, if they were using Chrome with browser syncing enabled, outright application crashes. It turns out, rather than being able to blame ancient prophecies, Google fingered one of their own as the root source of the problem.
What this means for you:
Cloud nay-sayers may have had a brief moment in the sun while Gmail was on the ropes, but the fact remains that it’s still a very reliable service. Several lessons may be learned from the experience, all of them common sense:
- If your critical business practices rely on a free email service being available all the time, everywhere, you may want to re-evaluate those practices.
- When making adjustments to your business infrastructure, always double-check your work, and make sure you have a backup of your data.
- When technology fails, 9 times out of 10, a human is behind the failure.
In what is being the called the largest migration to cloud services so far, the Department of Veteran Affairs has just inked a deal with Microsoft and HP Enterprise Services to move its 600k users to Microsoft’s cloudbased office productivity suite Office 365. The move is seen by many as further evidence of a significant shift in corporate IT strategy away from costly infrastructure investments to cloud services for every aspect of technology. Over the past 10 years, enterprise IT departments have been gradually, but inexorably moving application platforms out of their own datacenters to providers like Oracle and SAP, but hesitated when it came to the garden-variety desktop applications that knowledge workers use daily. That reluctance may be disintegrating as services from Google and Microsoft make it hard to dismiss the tremendous efficiencies and savings that can be realized by getting rid of the real estate and overhead needed to maintain desktop-based applications.
What this means for you:
Many of you work in the cloud daily without giving it a thought. Perhaps you never thought of Gmail or Hotmail or Yahoo Mail as a productivity app, but what about Salesforce, or LinkedIn, or even Facebook? Both Google and Microsoft’s cloud-based office apps are full-featured and powerful enough for everyday business tasks, and the very nature of their delivery makes deployment, security and maintenance much simpler that software installed on desktops. It’s this same strength that also proves to be a weakness, as if you lose your internet connection, you also lose your ability to work. Well that’s easy to solve, I can hear you say. Why not just move to another location where the internet is working? What if it’s the cloud itself that is unavailable? Once again, the cardinal rule compartmentalization comes into play – never base the entirety of your critical business operations in the hands of a single, monolithic platform, even if that platform is largely reliable. And this goes doubly so for a platform around whose neck you can’t comfortably get your hands, as is the case with a provider like Microsoft or Google.
On October 26 of last week, a number of popular, “cloud-based” services suffered multi-hour interruptions. Among the outages was Google’s App Engine, a platform that is used by thousands of other websites and internet platforms including one of my favorites, Passpack.com. Some of your favorites may have been impacted as well: Dropbox, Tumblr and even YouTube were affected. For many, this was a non-event, particularly those who operate and compute within enterprise-based platforms, or rely solely on the desktop and storage of their own computers. C2 Technology relies heavily on cloud-based services, primarily Google products, for our core information systems, and I use Passpack to track the multitude of passwords I need to do my work. So when those outages hit on the 26th, I found myself unable to access the keys to my various digital kingdoms, and felt very much like someone who finds themselves locked out of their car, and at the mercy of another person’s timetable. In this particular case, Passpack.com wasn’t even to blame, as their own reliance on Google’s App Engine service hamstrung their ability to deliver service to their customers, and the fine engineers at Google themselves were struggling with the outage. Everyone’s brand took a hit, and yet there was no one any one of us could blame for the outage – not even a radical hackivist group looking to ruin someone’s day for political currency.
What this means for you:
Very simply, “Never put all your eggs into one basket.” This homily, however pastoral-seeming, still very much applies to how you should use technology, especially when it comes to your core business processes. As an illustration of how this can be bad: I was using Passpack to store my Gmail password, which was complicated and impossible to remember, and instead relying on a complicated, but easier-to-remember passphrase to access Passpack to retrieve that password whenever I needed it. When Passpack went down, so did my ability to access Gmail and all of my client contact information. The lesson to take away from this: if you are going to store critical information online, have a back-up plan for continuing to operate without access to that information. Either back-it up locally (fraught with its own set of risks), or compartmentalize parts of your operations so that they aren’t heavily reliant on a single service provider, or the presence of the internet.
Image courtesy of “vichie81” / FreeDigitalPhotos.net