Episode 22: When the rain from the cloud is just your tears

The tale of Mat Honan's remotely wiped Apple products has now been committed to the lore of the Internet. But this tale as with any comes with a proviso that has long been the anchor of the 'superhero' story; "With great power comes great responsibility." Our reliance on technology as the super-hero in our modern life has set us up for spectacular falls, akin to any great fallen-hero story-arch.

We have great power in our hands with our smart phones, mobile devices, cloud-enabled hand-held & remote technologies, & yet we wield these powers with little to no real responsibility. Mat Honan originally supposed that his accounts were brute force attacked (something he later retracted), but days later we learn they weren't. He was the victim of social engineering; the attackers rang Apple support, managed to pass through their security protocols due to "Apple's centralised single user account approach."

Blaming Apple is easy, but the fact is we are seeing further centralisation of our online lives with more & more of our accounts & services being linked together via our Twitter, OpenID or Facebook accounts. Each node we link in this way just increases our vulnerability. With security compromises of user databases on the rise, our entire 'digital life' faces compromise from any one of the countless services we interlink.

But that's not even the bigger risk. Publicising information about ourselves in such a carefree manner on social networking sites gives 'hackers' (calling them this when we make it this easy for them denegrates those who are 'real' hackers) less work to do when searching for information to use against us in a social engineering scam, when they wish to target someone.

The real threats as a result of our digitalisation is not our own personal Twitter, Facebook, LinkedIn, or Tumblr accounts - the real risk is our employers, & our businesses. As we increase the drive towards BYOD, our personal & business accounts become increasingly intermingled, something Honan discovered when his employer Gizmodo experienced as part of his account compromise, where tweets from Gizmodo were sent by the hacker.

Very few security breaches today are carried out by brute force. Most are the net results of social engineering, or end user stupidity - the breaches of Irish Department of Foreign Affairs systems by people linked to Anonymous earlier this year showed that stupidity really was the over-arching issue, with passwords such as 'Password1', which demonstrated two failures;

1. A failure culturally within the Department of Foreign Affairs ICT to educate users about the security of ICT systems, & to ensure a clear understanding of the requirement to always operate a 'strong password' policy
2. A failure of the users themselves to understand that given the sensitivity of information they handle from where they work, that security should always be to the forefront of their thoughts when working within ICT systems

Security breaches are often where 'hacker' opportunism meets 'end user complacency'. I have always maintained that the biggest threat to any business is not external, but at every level inside a business, even more so at executive level. Social Networking as powerful a tool as it is for good to be used by us, can just as easily be turned against us at a moments notice.

To protect you from yourself, there are a few simple steps I would recommend & suggest:

• every time you "link" a social media account to another account or app, ask yourself "Am I really happy with this connection being made permanently? What's this company's history on security like?"
• If you authorise an app to link to one of your social networking accounts, regularily review that connection - if you don't find yourself using it often, revoke access until it is absolutely needed again - don't leave authorisations blindly open
• Who can view your social networking streams? How much information do the reveal about you? Perhaps the only people who should see your streams are those you know, & not the great wide world.
• Are your personal passwords themed with your work password choices? If they are, address it immediately. 
• Do you save passwords in your browsers, or directly in applications? If so, remove them. Then change your passwords.
• Is your password comprised of a word with numbers, even with capitals? If so, this is hacker101 from a dictionary list. Even words where letters are replaced with numbers are straight from hacker101; i.e. 'l33t' should ring a bell with most.
• Do you use the same password for multiple services? If so, this is a rookie mistake, & often how many online gamers accounts get compromised. Using the same password or variants of over & over is just putting you one step at a time closer to getting burned. Badly.
• Ask yourself can anything I reveal or have revealed on my social networking sites help lead someone to one or more of my passwords? If your answer is 'yes' or 'I'm not sure', you've a problem you need to address.

When CloudedIssues.com is overdue an update

Firstly, I'm going to apologise for my lack of activity on the blog - this has been down to my involvement with the LootJunkie.com project, which has taken a large amount of my time, along with one or two other projects that are currently in development that I really can't speak about until they're a little further along (it kills me to not be able to speak about them - but that's just how it goes). I've a few blog posts for Clouded Issues near completion that I hope to publish up before months end (scouts honor!), & I hope I can return to at the very least one post per month going forward.

Secondly, for those who don't know - I'll be giving a speech at the forthcoming Cloud Summit 2012 event on September 12th in Croke Park Dublin called "When Cloud Meets Copyright" - which will discuss the issues facing the Cloud Computing sector & its customers amidst the ongoing copyright war.

I'd finally like to thank everyone who's been so supportive of the blog, & my other projects -- it means alot!

- Ian

Episode 21: Your legacy in the cloud & your rights (or lack of them)

As we shift more of our lives onto the Internet, & thus into the Cloud, we commit our lives either unconsciously for some or fully in the knowledge for others to big data, big business & profits for big business. It has long been sci-fi lore that humans would interface with computer systems uploading their vast knowledge & consciousness to cyberspace to 'live forever'.

But we don't. We die. And when we pass on, there's an estate that is disposed of either via a will with an executor etc, or via the granting of a letter of administration. But, our worldly possessions now are not just limited to the contents of our homes, bank accounts etc., we're all actually the rights holders to our information, our likenesses, & our works we publish on the Internet (unless you sign them away like FaceBook's terms & conditions).

For a long time in the 20th century, loved ones left behind photographs, slides, books, journals, diaries, mementos from trips, postcards. In the 21st century we're looking at Flickr albums, FaceBook wall entries, Twitter accounts, FourSquare pins, GMails, & countless other digital footprints from our lives. Even our own hard-drives of photos, movies, & music. The legacy of our lives can now be measured in ones & zeros. And with many of these future legacies, a problem arises; access to them to retrieve & pass on.

To use one of my own examples, when my maternal Grandfather passed in the mid 80's, he left an absolute treasure trove of things; photographs, negatives & slides from his countless travels around the world, some of his books with his notes written in them, some of his naval belongings - many of which today, I treasure greatly.

Zip forward about 25 years, & I look at my own little collection. Up until around 2000, I've a fine collection of photographs & negatives, along with trinkets & some writings from countries, cities & towns I've been from around the world. However, after that I'm seeing lots of digital photographs, my musings/writings are exclusively digital. I've e-mail accounts I've held going back to as far as 1995. I've a fantastic collection of gaming moments across a number of MMO games I've played (and some I continue to play today), along with many other exclusively digital assets.

As I go on in years, these will no doubt increase substantially. And when I inevitably pop my clogs, I will have to ensure I've a list of password details written down somewhere to allow my loved ones retrieve everything. But, what happens if something happened before I had time to plan for this eventuality? Should I already be creating a password safe of sorts? Convention on security would tell you creating one of these is absolutely insane, yet on the flip side, how else would loved ones retrieve everything else? It's not as if they can ask the service providers to hand over the data, as the contracts of use are between me personally & the providers, it's not like financial assets after death that form part of an estate.

Which brings on the more interesting question; while our personal data is recognised in data protection acts as our own, should our personal data now in turn form part of our estate legally? Should there be provisions for this in data protection legislation?

In the UK for example, 'property' when dealing with a dead person's estate is defined as follows:

"'Property' includes houses, real estate generally, shares, antiques, jewellery, works of art, and intangible property such as patents and copyrights."

and according to UK law, access to that property happens as follows:

"If the deceased held property in their sole name, and they left a valid will dealing with the property, the property will usually pass in accordance with the will. If the deceased left no valid will, or a will that did not deal with the property, it is dealt with under the law of intestacy.

If the deceased held property with another person or persons, the deceased's executor or administrator needs to find out how the property was owned. Where the property is a house, there should be written documentary evidence of the type of ownership."

In Ireland, under Ireland's own 1965 Succession Act, property is defined as "includes all property both real and personal", & none of the references seem to make direction to copyrights and or patents. part of the problem globally seems to be the lack of establishment by courts how some one's online services relate to transfer to estates upon their passing. This is not a new issue. It is an issue that has been questioned for a number of years, & a really good example to read is Thomas Scrampton's piece in 2009.

One of the leading writers/speakers on this area is Lillian Edwards, who is currently Professor of e-Governance at Strathclyde University. In mid 2010, she gave a talk at Wolfson College about 'Death & the Web', which raised many interesting statistics. More recently it has again come up for discussion, with Laurence Eastham writing about it for SCL, which was prompted by a press release by UK law firm, Rothera Dawson Solicitors.

And yet, in Ireland as a country pushing forwards as a central player in Digital Europe, apart from us having our cyber security act buried on some civil servants desk now for over a year in the life of this Government, & unimplemented from the last residents of the Government offices, there is no discussion about us moving this important area of legislation, or legislative discussion forward.

It is all well & good to push the agenda of Ireland as a centre of cloud excellence & influence, but if our legislation around data in the cloud continues to be woefully inadequate due to ill informed politicians, civil servants with their own agenda of 'not rocking the boat' & businesses who in general have a poor level of awareness of data protection & their legal requirements/compliance, & a no-one in the legal sector even spotting this is a ball that needs picking up & running with, we are heading for a massive storm amongst our clouds.

As the cloud finds itself becoming part of the discussion on rightsholders & their legal reachs via SOPA/PIPA/ACTA etc - why are we not asking for the rights to our own creations/works/digital assets to remain with us? Surely as the discussion about privacy is front & centre to the Cloud & digital media/social networks, our rights to our own content must become part of that fabric of discussion, & part of the discussion as 'rightsholders' in our own sense.

Episode 20: The dirty business of cleaning the Cloud with SOPA

SOPA has become the pariah term for the Internet in recent weeks. In the US, mass lobbying from internet users made it more undesirable than a fart in a spacesuit, & that is saying something. However, the day after the January 18th protests, MegaUpload was taken down by the FBI, citing fraud, money laundering, racketeering, & its founders arrested in New Zealand, pending extradition to the US to face those charges.

Over a week later, the FBI is seeking to confiscate all MegaUpload data that was held on US based servers, whether legitimate or not, & the owners of legitimate data have little to no indication if or even when they will have their property returned to them.

In Ireland, a statutory instrument is being sought for implementation by the music industry there under threat of legal action against the state following the unsuccessful suit by EMI Ireland against Internet Service Provider, UPC, where the judgement laid down that instructions to block sites, and or force disconnections of offending users could not be achieved due to a gap in legislation.

That 'gap' in legislation was due to be plugged last week, were it not for a steam-train of lobbying by Irish Internet users in the 'Stop SOPA Ireland' campaign, which raised the alarm to industry, & internet users alike. It also prompted the Irish Internet Service Providers Association to issue a strongly worded letter against the proposed statutory instrument. ALTO, who represent a group of telecoms companies, also set forward their view opposing the change in law in its current form.

The issue with the secondary legislation due to be passed was the vagueness of how it could/would be used, leaving interpretation wide open to the judiciary, no clear indication of how costs of such challenges would be met (or by who), along with even going so far as having such vagueness to possibly effect the likes of Google, FaceBook, Twitter, LinkedIn & others who operate in Ireland, as no clear-cut guarantees could be given to them not coming under threat from it.

All of which led to over 77,000 signatures on a petition against the legislation in its current form, hundreds of thousands of emails to politicians, calls, on street demonstrations & for the first time, having secondary legislation becoming subject to an open debate in parliament chambers.

The intense increase with which such 'seizure' legislation is being sought worldwide completely undermines the viability of Cloud Computing, as the legislation being sought is often extremely on-sided, does not seek to ensure that access to legitimate information is protected while also allowing the wheels of law to engage against infringing data.

Those seeking the legislation (the movie, music & entertainment industries) claim it is needed to protect their business, while caring nothing for the businesses that will be caught in the crossfire, many of whom will be small to medium enterprises, which will not have resources to extricate themselves from the legal salvos on both sides, while their business suffers.

What is worse is the fact that Governments who are trying to stem the bleed of small business failures are doing nothing to recognise this, or recognise the impact on innocent parties. Even the organisations who represent small business seem to turn a blind eye to this, & don't seem to care how they could in fact one morning as a result of some action being taken wake up to find a membership out of business simply because they failed to be informed, step in to seek consultation, & drive for that.

There is a very real threat out there to the Internet & cloud computing. It is not piracy. It is not copyright infringement. It is over-zealous politicians eager to not offend rights-holders who seek legislation that is potentially incredibly damaging to the growth of our now globalised information & knowledge society.

No-one is disputing that copyright infringement is wrong. No-one is disputing that piracy does hurt businesses in some way. However, the ideology of American-esque 'shock-and-awe' to solve this problem is unhelpful, self destructive & damaging, & the Cloud will suffer, as will the industries around it, those who depend on it to try keep businesses afloat so they can move forward.

The destruction of the Cloud at the hands of ill-thought, ill-considered, under-debated & consulted anti-piracy measures that are enacted with iron fists will cost more jobs globally than the issue of piracy itself.

Today in Ireland, as we debate the issue of how such legislation needs to be approached, thought & consulted, a country seen as leaders in the Cloud will find its fate determined by a Minister of State under pressure to save face, save costs from a legal action & keep Ireland out of the spotlight. Unfortunately, his actions to date have ensured there is one on Irish Government buildings today, & the outcome from the chamber debate.

Episode 19: If Prof. Trelawney did 2012 cloud predictions, it would be these.

2012 is mere hours away. A new business quarter looms, & Irish cloud companies will be gearing up for the traditional January assault on the market. With the last twelve months behind us, & a new year to look forward to, 2012 is the year that will make or break the cloud in Ireland. As such, I've taken a look ahead at what I believe the next 12 months will hold for the cloud computing market.



1. The continued rise & rise of the enterprise app market
With thriving markets for Apple's iOS devices, Android, Google Apps, SalesForce Force.com, & Amazon's App Store already mainstays, 2012 will be the year where AppStores will take off in the enterprise space, providing Cloud services to replace traditionally more expensive pieces of software. This will come from the growing PAAS space, where developers will build out on these platforms. If Google Apps is anything to go by, there will be a big push in this space for enterprise from the big five.


2. PAAS growth
With AppStores taking off, PAAS players will be rubbing their hands gleefully. Long gone are the days of issues over OpenSource VS Microsoft. The real power play is going to be in who provides the better incentives for developers financially. Sure, Google's Android market has more Apps than Apple's, but Apple makes a better payout to developers, & more often. It is also widely acknowledged for having better earning potential for developers. People in the PAAS area turning to the enterprise App market will be aware that having a great App is not enough, enticing people to use your market & make it worth their while will be the key.


3. More mobile & tablet computing
We're starting to see the death of even netbooks with Dell winding their offerings down, & the real focus is on the mobile & tablet computing side of things. With these access points being so focal in the consumer market, it is only natural that adoption in the enterprise area will follow, which will go hand-in-hand with an explosion in the enterprise app market in 2012. The frantic increase in the lawsuits over IP in the tablet/mobile computing space right now across the globe should tell you everything. For the big players, we're at the forefront of the latest technology warfront. Control of the battlefield is essential to how platforms, app stores, developers & the future of the technologies in the enterprise space is at stake.


4. Less Private Cloud discussions
As far as I'm concerned, the debate over private cloud is well & truly over. Private cloud doesn't exist. Call it what it is; virtualised consolidation of private environments. This contentious area of the cloud has been debated ad-infinitim, & has been murked by vendors who were silling these kind of solutions against what are accepted cloud solutions as a means to show a value against what are often cheaper competitive solutions. Private cloud in 2012 will become part of the 'do you remember when' types of discussions, as opposed to constructive parts of discussions about where the cloud goes from 2012.


5. More consumer cloud solutions
Between Google & Amazon's music lockers, iTunes, iCloud, & Microsoft recently announcing they were seeking to bring on more cloud services for their mobile OS users, & Nintendo sneaking an App store under the radar, things are moving at a freight train pace for consumers. Digital Television is finally coming into the fore across Europe, so expect an explosion of cloud-based consumer services for the consumer, including TV-related ones, especially following the US court ruling that TV/movie content uploaded into cloud lockers by consumers is not a violation of copyright law. With Apple rumoured to be releasing a range of televisions in their own unimitable style this year, & With SOPA coming under increasing pressure publically, consumer cloud will continue to be the canary down the mine for Cloud services, which will eventually cross over into the Enterprise.

Episode 18: Did 2011 have a silver lining for the cloud in ireland?

2011 for the cloud in Ireland was a turning point. At the start of the year, there were but maybe two handfuls of cloud computing service providers in Ireland, & twelve months on, the choice has ballooned, with numerous IAAS & SAAS providers in the market place, pushing forward the commoditisation of the cloud away from preserve specialty services they have been in recent years.

One of the biggest complaints & criticisms levelled at Irish cloud service providers by their customers, even by those in the market space as potential adopters is the inability by those same providers to actually make the services easy to access, in the same way Apple makes its technology intuitive & accessible. They want it easy to use, with a user-friendly interface. They don’t care how it works, or why it works and rightfully so. They don’t need to. It should ‘just work’ right out of the well packaged & marketed box as promised. It’s not a uniquely Irish problem, but one that is in the forefront of the Irish cloud space.

To an extent, 12 months on this is still the case, but as the Cloud pervades further in the consumer space, the innovations from this will drive into the enterprise solutions to address this. This is atypical of how the technology life cycle works. First, things become the preserve of a few innovators at the vanguard with early adopters. Then, the tech is adopted, moulded & shaped to find it's way into the biggest market where real cost-return scales can be achieved, to then eventually become more refined, powerful & resilient at the enterprise level.

Earlier this year, Microsoft & the IDA announced Ireland could become a global centre of excellence for the cloud. And this showed, with Irish Cloud companies taking in investment from VC funds, foreign cloud companies setting up shop here, like EngineYard, Marketo, & Tethras, to name but a few (although this had more to do with a low unchanged  Corporate Tax rate than Ireland's output from the cloud to date), the big players like EMC, IBM, HP & Dell furthered their investment in their cloud services from Ireland.

Cork Institute of Technology announced in May that it had under consultation with cloud system heavyweights EMC, VMWare, Cisco, GreenPlum, RSA, & SpringSource, developed a two year programme to allow people to attain an actual qualification specialising in the field of cloud computing, as opposed to say a grouping of certificates from various companies; i.e. Cisco accreditation, VMWare VSP etc. This was heralded as proof of Ireland's ability to reshape & own its identity as a knowledge economy.

2011 was also the year where people realised the true impact of what happens when cloud can & does go wrong. None more so than the outages at Amazon, & the countless security breaches throughout the year. These incidents made news headlines, & had people jittery, reacting over the top, & discussions about how fragile the cloud was were made like they were children's fairytales. This could not have been farther from the truth, but the fallout in the media was plain to see, & not limited to specialist media.

Security, reliability, resiliency & data protection were all constant reoccurring themes. While Ireland was being positioned by its new Government  as a Cloud Computing/Digital Gaming/Life Sciences & Clean Tech place to do business.

Ireland itself was not engaging in areas such as helping to tighten up on areas of digital security, following up on EC court rulings about ISP content blocking, or its own Government moving towards cloud adoption the same way some of its European & global counterparts were.

All of this happened against a backdrop of increasing economic depression at home & globally. Ireland asked & got its change of leadership earlier this year, and that leadership by year end despite sound bites, media ramblings, event appearances has still failed to reach out to  those in the Irish Cloud market, even despite the announced €5m centre of cloud excellence announced by that same Government.

2012 will require the indigenous cloud computing sector in Ireland to shout to have its voice heard above the noise of foreign multinationals whose first interest is in tax savings they can make here rather than fostering Irish industry to serve itself at home & abroad.

Episode 17: When the cloud goes bust & you're up a river without paddles

2011 has not been a kind year for Irish business. Five small businesses failed every day this year. 2011 has also seen a huge increase in the number of cloud service companies open for business in Ireland across SAAS/IAAS/PAAS areas. A burning question for many about taking their trip into the cloud is; what happens if my provider goes bust? How do I get my data back?

Browsing through vast majority of the terms & conditions belonging to many cloud services providers operating in the Irish market, there are absolutely no provisions in there about what happens to your data, or how you can access your data in the event your provider of choice goes bust.

When companies are touting for your business to move what are key systems from inside your business into theirs, & there are no provisos for what becomes of access to your data in the event they go into receivership, or go out of business when your business depends on that data, there is a much bigger issue at play.

An oft-quoted comic book theme is that 'with great power comes great responsibility'. This is true, & an even more crucial truth for the Cloud, & something the cloud industry must do to win faith from would-be converts. It is not good enough to say 'but we won't be going bust'. Provide your customers with explicit details of how in the event of the company going out of business what happens to their access, & more importantly than their data. In this current period of time, un-necessary costs to wrangle access to your property as a small business is unhelpful, & undermines any pro-cloud arguments.

Small businesses more than anyone else today cannot afford risk. If you offer a cloud service, you better provide a better form of risk than the data in or on their premises. The 'savings' argument is no longer enough. In a world where assurity carries a greater premium, this must be a tenet for the cloud service provider.

Sure, big cloud companies servicing big business will make sure that in the fine lines of the contracts there's provisions for these kind of what-if's. But, this really has got to also become part & parcel of offerings to small businesses by default, not something they should be paying a premium for, afterall - you are being charged with holding onto their data; which in today's world is the real asset in any business, not the bricks & mortar.

If you are currently being courted by a cloud services company, ask them what their provisions are for access & retrieval of your data from them in the event they go bust, & if these provisions are in the contract or agreement for your services from them. If they're not, I would suggest walking away. Someone's word is no substitute for your business being dead in the water because you can't access your data when you need it.

One thing that we have learned in 2011 is that data capture, analysis & actions arising from those activities is absolutely paramount. Take supermarkets. The data being collected on each shopper is shaping your shopping experience; what special offers get put where, aisle layout, how to drive people through the store to essentials to encourage people to buy more than was intended. We are long past the 'if you build it they will come' routine, & businesses today need access to their data on demand; no delays, no hiccups, no impediments.

So, as you shop around for your cloud service needs, ask your friendly cloud sales rep about contingencies for access & retrieval of your data if they should for any reason 'go bust', & more improtantly, how quickly your data can be exported back to you.