This article first appeared on Information Week, and was written by George Crump.

In our last entry we discussed different ways that you can move data into the cloud, something I call onramps. In theory the ability now exists to put all your data types on a cloud storage platform, but is that the right choice for your business? How do you determine which data you should put in the cloud?

The answer, like almost everything else in I.T., is it depends. It depends on what your key internal storage challenges are and what the internal resistance to using an external service might be. Notice that not included in that discussion is what is the size of your company, the amount of IT resources you have nor the amount of data that you have. While I find that it is often assumed that cloud storage is for small business owners only, there are cloud storage solutions for businesses of all sizes including large enterprises.

The first area to examine is how much data is being accessed on a moment by moment basis. As you may have noticed from the discussion in our last entry there is an onramp or cloud gateway for almost every data type now, ranging from backups to primary block storage. The moment by moment change rate plus the data type will determine how large the local gateway cache will need to be and how often data will need to be recalled from the cloud. The total size of the data set is for the most part irrelevant, other than the GB cost to store it but that cost should be relatively static. The movement of data from your local cache from the cloud will be what delays an application. The more often that data can be served from local cache either through smart caching algorithms or large cache space the better. Also several cloud storage providers charge extra for the transfer out of the cloud back to local storage, so it can lead to a surprise on your bill. Since most onramps or gateways give you a choice of provider it makes sense to know what the hidden extras are from each provider.

The impact of restoring data back from the cloud and its potential extra costs is one of the reasons that backup and archive data have been so popular. The transfer is almost always one way; upload. Also most big recoveries can happen from the local cache and don't need the data stored on the cloud. The backup copy in the cloud mostly serves as a long term retention area. As you move into using cloud storage for primary data the transfer issues become a bit more thorny. The easiest data set use case to deal with is the file share use case. Most files on a file server are only active for a few days and then become dormant. This is an ideal use case for cloud storage, let the older files migrate to the cloud. Even if they do need to be recalled from cloud storage later only a single user is typically impacted by the delay in access, and a single file access is relatively fast.

Databases become a bit more tricky. Here look for applications that have a small portion of the application that is accessed on a regular basis. Microsoft SharePoint is a good example of a "ready for cloud now" data set and potentially some mail systems that store attachments and messages as discrete files. In the near future don't rule out busy transaction oriented databases. As the developers of these platforms embrace the availability of cloud storage they can build in ways to auto-segment off tier sections of data so that it can be stored on different storage types automatically and the cloud could be one of those types.

Comment (0)

This article first appeared on InfoWorld, and was written by Ted Samson.

MalCon organizers want us to believe that security community can benefit from an event showcasing and teaching malware.

Anyone who was ever concerned by the concept of hacking conventions such as Black Hat -- which has evolved into a reputable venue for security defenders -- should brace themselves: An event called MalCon is on the horizon, which will provide a fine venue for malware creators to hone their craft, as well as, theoretically, an opportunity for malware fighters to bolster their arsenal to fight malware.

The organizers of the MalCon, which will take place in Mumbai and Pune, India, have attempted to put a positive spin on the event, as noted by security guru Brian Krebs. According to the conference website, MalCon is "the worlds [sic] first platform bringing together Malware and Information Security Researchers from across the globe to share key research insights into building the next generation malwares."

In addition to showcasing the top whitepaper submissions from malware researchers and coders, the event will offer training workshops on topics such as coding malware, analyzing malware, and reverse engineering. Said workshops are recommended for those who "[want] to develop or code [their] own virus / malware for research" (italics are mine) and for those who "aspire to advance their professional skills in security research and malware analysis."

The whole event sounds about as wholesome, innocent, and security-minded as a nuclear-bomb building convention in Tehran. Sure, some people might attend to learn a bit more about fighting malware, but it's bound to be more of a magnet for ne'er-do-wells who are eager to put their newfound knowledge to malicious use.

I ran it by InfoWorld Security Adviser blogger Roger Grimes for a reality check, and here's what he had to say: "No good can come from the conference. It's probably being held in India because there are a lot of 'legitimate' companies there, very out in the open, that produce bad software for other people.

"There have been similar projects before: virus coding books (plenty of them), dozens of malware ezines, etc., and none add to the good side of the equation," he added.

The conference coordinator Rajshekhar Murthy attempted to put a positive spin on the conference, Krebs reported. "While a conference can be done by inviting the best / well known security experts who can share statistics, slides and 'analysis' of malwares, it is not of any benefit to the community today except that of awareness. The need of MalCon conference is [to] bridge that ignored gap between security companies and malcoders. They have to get on a common platform and talk to each other."

And the capper from Murthy: "Just like the concept of 'ethical hacking' has helped organizations to see that hackers are not all that bad, it is time to accept that 'ethical malcoding' is required to research, identify and mitigate newer malwares in a 'proactive' way.'"

Comment (0)

We have all experienced it - a computer crash, the blue screen of death, a program freeze and the worst of all, a hard drive failure resulting and data loss.  When faced with the following situations your crucial data may be lost or become inaccessible.  Here are some tips on solving that problem.

Click Image to Enlarge>>

Click Image to Enlarge>>

POST ON YOUR SITE AND SHARE

To put this graphic on your web site, just highlight, copy and paste the HTML code below:

Comment (0)

When I first heard the term cloud computing, I thought it was just putting your server in a data center and accessing it from anywhere. This is a similar concept, and has its benefits. About a year ago we lost power in our office for about 3 hours. All of our servers were in-house, connected to a big UPS battery backup that lasted all of about 20 minutes. We rely heavily on our servers to report the status and health of our clients’ networks, and to provide remote support and maintenance. It was an awful feeling. I started sending people home where they at least had internet access, but without our servers, it did us no good. It was then we decided we needed to make some changes. We started pricing power generators and special air conditioners. These just weren’t realistic, and still had limitations. We moved all of our critical servers to a datacenter. Redundant power, cooling and internet are just what we wanted to be able to work from anywhere. Even if our office has no power, we can find an internet connection and get to work. Now we host several client servers at our datacenter, so they can have the same benefits.

Comment (0)

A few months back we had a client’s network compromised by a former employee, stealing information for a competitor.  This network had a high end firewall, an encrypted wireless network, and security measures in place to prevent something like this from happening, yet it still happened. 

It happened because people don’t like to remember a lot of passwords.  I can’t say I blame them, I think we’re all guilty of using the same password all over the place sometimes for years.  Unbeknownst to me, everyone in this company new the boss’ password.  It’s the same password he used on everything, which forced him to let others know what it was so they could do things like configure the security system, login to web sites, setup the phones, etc.  This ex-employee used that password to login to their system after he was released, and downloaded critical data he used to better his position where he was working for a competitor.

I showed him how to change his password after this employee was let go, which he did.  However, putting a “1” at the end of the existing password in my mind doesn’t constitute a password change. 

I can’t stress enough the importance of complex passwords.  Sometimes we will setup a new server for a client who has never had passwords before, and they complain like crazy that I’m forcing them to have a password to sign in, especially complex ones.  To them I say, “wah.”  A complex password must include 3 out of 4 character types: uppercase, lowercase, numbers or symbols.  If you are using a password that doesn’t meet these requirements, I suggest you change it.  Hackers can perform what are called dictionary attacks, where a program will automatically try every word in the dictionary with your username, attempting to get to your data.  Complex passwords aren’t in the dictionary, and are harder to crack with other types of attacks as well. 

If you have a server in your office, changing your password can be easy.  Simply press ctrl-alt-del all at once.  If you see a change password button, click it and follow the instructions.  For machines without a server, the password can be changed in the control panel, under the users section.  It is especially critical for server based networks, as one password could protect access to your machine locally or remotely, as well as access to email or other data. 

Don’t put it on a sticky note underneath your keyboard either. 

Its not difficult to make an existing password meet complexity requirements, just change a lowercase letter to uppercase, through a symbol at the end, and your password becomes complex, and hopefully you can still remember it.  Changing it at least every 6 months or so is not a bad idea either.  Even if you don’t think you’re data is worth protecting, think of the damage it could do in the wrong hands.

Top 7 password mistakes:

Comment (0)

As computers progress and get cheaper, it is often easier and cheaper to replace a computer than it is to fix it. Some of our clients aren’t used to this approach. Many have been using computers since they cost $5,000 and are accustomed to maximizing the investment by getting as much use as possible out of the computer. Here are some of the reasons I give when I tell clients their money would be better spent replacing a problematic PC older than 3 years:

• Productivity. Almost everyone who gets a new computer talks about how much faster it is compared to the old one. For business owners, that means your employees can be more productive, and hopefully make you more money.
• Data protection. While it is always good to test your backup strategy, doing so by experiencing a failed hard drive is not what I would recommend. A 3+year old hard drive is in some cases a ticking time bomb. It is much easier to replace a computer before the hard drive dies.
• New programs and features. Often times, companies contact us when they have a new program they want to install that won’t run on the computers they are currently using. This means that if they want to run the new program, all computers need to be upgraded or usually replaced.
• Warranties. As a machine gets older, it is often more difficult to find replacement parts for some components. By being covered by a manufacturer’s warranty, we can typically receive all necessary parts next business day, free of charge.
• Budgets. When you drive a computer until the wheels fall off, it is difficult to predict what the expenses will be. Computers often die a slow death, requiring on-site visits to replace failed components and employee downtime. If a company decides to replace all computers every three or four years, it is easy to plan in advance, before yearly budgets are created, which machines will need to be replaced during that year.

{sharethis}

Comment (0)