Category Archives: Cloud computing

Cloud computing, compliance, risk management

Avoid the Security Umpire Problem

Have you ever been part of a team or committee working on an initiative and found that the security or compliance person seemed to be holding up your project? They just seemed to find fault with anything and everything and just didn’t add much value to the initiative? If you are stuck with security staff that are like this all the time, that’s a bigger issue that’s not within the scope of this article to solve.  But, most of the time, it’s because this person was brought in very late in the project and a bunch of things have just been thrown at them, forcing them to make quick calls or decisions.

A common scenario is that people feel that there is no need to involve the security folks until after the team has come up with a solution.  Then the team pulls in the security or compliance folks to validate that the solution doesn’t go afoul of the organization’s security or compliance standards. Instead of a team member who can help with the security and compliance aspects of your project, you have ended up with an umpire.

Now think back to when you were a kid picking teams to play baseball.  If you had an odd number of kids then more than likely there would be one person left who would end up being the umpire. When you bring in the security or compliance team member late in the game, you may end up with someone that takes on the role of calling balls and strikes instead of being a contributing member of the team.

Avoid this situation by involving your Security and Compliance staff early on, when the team is being assembled.  Your security SMEs should be part of these conversations.  They should know the business and what the business requirements are.  They should be involved in the development of solutions.  They should know how to work within a team through the whole project lifecycle. Working this way ensures that the security SME has full context and is a respected member of the team, not a security umpire.

This is even more important when the initiative is related to virtualization or cloud. There are so many new things happening in this specific area that everyone on the team needs as much context, background, and lead time as possible so that they can work as a team to come up with solutions that make sense for the business.


Cloud computing, hybrid cloud, Private Cloud

What Should I Do about Cloud?

The word of the day is “Cloud.” Nearly every software and hardware vendor out there has a product and shiny marketing to help their customers go “to the cloud.” Every IT trade rag has seemingly unique, seemingly agnostic advice on how their audience can take advantage of cloud computing. Standards bodies have published authoritative descriptions of cloud computing models. If you’re an IT decision maker or influencer, you’re in luck! Many reputable players in the industry have published reams of information to help you on your journey to take advantage of cloud computing. Pick your poison… Public, Private, Hybrid, Community, SaaS, IaaS, PaaS… even XaaS (anything as a service!). On-premises, off-premises… or even “on-premise” if you want!

Starting with an on-premises private cloud of your own seems like a sensible choice. A cloud environment of your own, that you can keep cool and dry inside of your own datacenter. Architects can design and build it with the components of their choice, management can have the control that they’re used to, and administrators can manage it alongside every other system. Security issues can be handled deftly by your consultant or cloud-champion – after all, your cloud is internal and private!

Another perspective is to skip out on a cloud strategy, forgo some early benefits, and wait for all of the chips to fall before making any investments. This is the respectable “do nothing” alternative, and it’s a valid one.

Yet another perspective is to take a close look at cloud concepts and prepare your company to act, when appropriate. Prepare, act, appropriate time. Sounds like a strategy brewing.