Solution Concept–Cloud brokerage…
My Amazon author page!!!!

There are a number of solution concepts that I have looked at for cloud in the past five years. All of them starting with broad sweeping technology change and a “new way to do things.”

I wonder about that. Organizations don’t like to do things differently. They have built to where they are and frankly they do not require change nor often do they like it.

Personally I like to look at the glass as neither half-full or half-empty as my son always says “its just a glass of water.” The presence of air is simply a reality regardless of the amount of water in the glass.

So based on that it is a glass of water these many solution concepts. The reality of BPaaS, IaaS, SaaS and PaaS is that they represent change. As much a new way of doing things as anything else.

That new way of doing things has a cost. Not a cost simply because it is new and new things cost more than old things. Rather than there is an added abstraction layer that in the end makes for more complexity while at the same time reducing complexity.

Cloud implementations for many organizations represent a circular argument. There are risks to implementing and moving your solution to the cloud. There are risks to staying where you are. Change is a funny thing, sometimes you choose not to change (in this case move to the cloud) while everyone around you chooses to change (move to the cloud). In effect your organization ends up stuck between the two situations in the end. You are late to the game.

The solution concept that I find most interesting today is that of cloud brokerage. I look at the overall concept as proposed by NIST and I think it’s a start. But its only a start. The concept of aggregated services presented in a unified fashion represents only a part of what the market will eventually want. Brokerage is so much more than that. I wrote a Safegov article about Cloud Brokers as the new DMZ about 6 months ago. That is only the tip of the proverbial iceberg.

I believe eventually brokers will represent safe havens for companies. A secure location call it a cloud locker where your company can connect to the locker and then interact with the world from this new safe location. Certainly they will be constantly attacked but the advantage of constant attacks is that your security team gets better at fending off the attacks over time.

This “cloud-broker” solution concept is quite expansive. It goes well beyond what NIST defined. It creates much of what I wrote about in my book the Syncverse (now two years ago). The concept of a cloud based solution focused on delivering secure assets to users without flooding them with security.

So close.


Scott Andersen

IASA Fellow.

Cleaning my lab and wandering OS world…
My Amazon author page!!!!

I am decommissioning my Windows Home Server this weekend. I’ve had one for more than 5 years. I just don’t need/use it anymore. It’s a great backup system but I moved to Carbonite for online and Western Digital for home backups so its redundant.

It’s the end of an era.

Interesting change in my lab. I’ve moved away from servers and into the end user world. Chromebook, Ubuntu, Windows XP, 7 and 8.1 all running in VM’s. I even have an Android VM. I suspect I should go get a Windows Phone VM as well. I haven’t to date, but perhaps I should.

The reason for the moves is as much an exploration as it is an evaluation of the potential reality of security. Its also a little personal curiosity. The Android OS appears in more and more devices. From the Kindle to the new Samsung Tablet series. Androids has a nice touch UI that makes it easy to use and simple.

Chrome has become a very interesting browser platform and the new versions of the ChromeOS and the Chromebooks are frankly highly useful. Many years ago Oracle tried to change the world with the Netbook concept. Microsoft even released a competitive netbook (I still have one from Asus). The new Chromebooks really offer a nice experience, incredibly fast and frankly replaceable. You can effectively destroy one, pick up another one and be up and running in less than 55 seconds.

Ubuntu has captured a nice and easy look and feel both for the desktop and the server version. Redhat still has a very nice look and feel as well, but the Ubuntu stuff has come a long way in the past two years.

iOS7 is also a significant upgrade. It is easier to use which is hard since iOS has always been incredibly easy to use. The newest is quite impressive. The interesting thing Apple has done with the new iPAD air (beyond the incredible commercials) is improved the battery life. It is truly now a media device that can go 9 or more hours running without needing a battery. What am I going to do with all my extra external batteries?

Finally – Windows 8.1. I would love to say my former personal favorite is an improvement but it isn’t a whole lot better than Windows 7. It certainly does a better job with touch computing, but the devices aren’t as touch supportive as the Android and iOS tablets are. If you add in Office 2013, then the solution suddenly starts to have legs, but without the Office connection Windows 8.1 continues to be lackluster. I do now have four boxes running Windows 8.1 in the house (the boys computers) and frankly I would walk back to Windows 7 in a heart beat (are you listening Redmond?).

The point to all of this reflection is that we do have OS choices now. Its really important to take a few minutes and determine which choice is best for you. Each has its strengths (and the strengths are often significant) and each has a weakness.

Choose wisely – cola nut or uncola nut!


Scott Andersen

IASA Fellow.

Still working on the office of tomorrow
My Amazon author page!!!!

Continuing my thoughts on the Office of Tomorrow. I have a couple of things that I am curious about. The first is the reality of connection.

Back in my first IT job (now more than 20 years ago) I had a chance to visit a customer’s video conferencing room. It was a huge room filled with for all intents and purposes a TV Station. Four camera’s and an actual satellite connection so that they could have a reasonably live video meeting.

Most of that you can do over Lync today. Or better yet use the incredible CISCO Tele-presence system. You can do it over WebEx and you can do it on any of other conferencing systems. Does that in the end change the reality of connection?

The network meeting companies all advertise that you can reduce the cost of meetings by having people meet virtually. From interactive whiteboards to much better local video cameras there are a number of changes that have made the process better than the TV studio of 20 years ago.

But there are still a few things missing in the virtual meeting.

First off is cultural acceptance of remote. Personally if I have to get something done I am more likely to finish it at home than at work. I get interrupted constantly during the day when I am in the office. The other side of virtual is punctuality. I’ve noticed that when you have in person meetings and your day is stacked you end up running late for the meetings. There is then the reality of sitting on virtual hold while you wait for the one person you need to kickoff the meeting.

So cultural is two fold with virtual meetings. The first is the reality of people not accepting virtual attendees. The second is the reality of time. I still think the concept of a virtual presence device would fit in well to this overall play but that is well, out there.


Scott Andersen

IASA Fellow.

The ultimate portable office
My Amazon author page!!!!

Is the office of the future, portable? When we talk about cloud computing solutions portability is one of the key functions that cloud providers can support. For the office of the future is portability the big thing?

First off portability is an interesting problem in and of itself. What does portable mean? Is it a rolling bag with 20 pounds of gear or a small bag with 2 pounds of gear?

The portable office would need the following:

  • Fax (which you can get for your cellular connected device)
  • Printer (color is best of course, just in case)
  • Scanner (again color)
  • compute resources
  • network resources
  • entertainment for when you aren’t working

To paraphrase George Carlin the list above is the stuff you need for a portable office. That doesn’t mean you lug all of that with you wherever you go. Just that having those components at your hotel makes traveling easier.

When you are in the office you can actually cut down to a good laptop/tablet and your cellular phone to handle all of the items on the list except the printer. Normally if you urgently need a printer you can duck into Kinko’s or the business center of your hotel.

Still having your own printer with you is of value if you do a lot of documents or need to have an emergency backup of your slides (just in case of a Murphy incident).

I keep fax on there only because insurance companies and banks still rely heavily on the technology. The concept of faxing will decline over the next two to three years. Today most larger financials actually scan your incoming fax into an editable format. In the end the fax is simply an easy mode of transport.

Finally getting to entertainment. What a change that field has undergone in the past five years. You can watch virtually any video, TV Show or sporting event easily on your personal productivity device. You are no longer bound to where you are or for that matter what time it is. On my last trip I sat in the airport waiting for my plane (delayed 2 hours) but it didn’t bother me. I had my iPad and many more than 2 hours of entertainment. Plus I had a movie saved on the device for the actual flight. It is a brave new world.

In the end your portable office could be that backpack with 2 pounds of gear. You no longer need the larger bag (except you may want it back in the hotel room just in case).

To think I once lugged 40 pounds of portable office gear to Malaysia four times in one year.


Scott Andersen

IASA Fellow.

Cyber Overkill…
My Amazon author page!!!!

I’ve talked a lot about Cyber Security solutions for the past week. Its been on the top of mind for that time period. I did however want to take a break from the what’s possible in Cyber to talk about a different Cyber Security problem.

Cyber Overkill.

Or sometimes its more of a backlash. Where something happens either to your organization or to a peer organization and you implement harsh security rules to present the problem.

Cyber Security solutions like any other solution applied to and used to manage anything has a tipping point. The point where it becomes harder to do your job than the energy and time you can invest in that particular job.

That balancing act is what makes a good security person overall. They don’t sit in an office and create policies they move out to the field and try the policy before implementing it.

Still I know a lot of good Cyber people. They are incredible at what they do, but in the heat of battle they like anyone would tend towards over reaction. The good news is that when they do this it tends to solve the short term problem.

The bad news is it cuts into productivity.

Back in the day Smoking Breaks, coffee breaks the water cooler and hallway conversations used to be productivity sucks. They really weren’t if you look at how people work. Staring at the same screen for 20 minutes is no matter what a productivity suck.

People need social interaction. They need to connect with other people doing the same things. When they are forced to sit and wait for something to happen they ultimately will find ways around that problem.

Years ago I used to design policies for large companies to be applied when the computer booted. How do you get around that? Easily, you never boot your computer. You put it in hibernate or sleep mode. Then you never get the annoying boot screen.

You as the user are not impacted by the security rules. The organization you work for is however at risk because that machine lives in a state that may be two – ten days old. When your organization is moving at cloud speed that can be a devastating reality.


Scott Andersen

IASA Fellow

The office of tomorrow impacted by Cyber…
My Amazon author page!!!!

What will the office of tomorrow entail? Will we support remote workers in a way that makes it less critical to be in the office? Instead of walls of cubes and offices the workplace becomes a collection of personal digital representatives. If you are in your cube you can connect toe the virtual presence devices. If you are remote you dedicate some of your connect to your VPD.

When you connect from home that virtual world connection will change as well. Logitech just brought out a new conferencing system that connects to your computer and allows you to connect to Lync, Webex and a couple of other conferencing systems. Ebeam let’s you turn part of your wall (painted with Idea paint) or a whiteboard into an interactive conference whiteboard. You can also use your windows, iPad or Android Tablet as a portable conferencing whiteboard.

Will the workforce of tomorrow work in their PJ’s?

Into this flow Cyber Security. If the workforce of tomorrow is in fact virtual how do we deal with home networking issues? Recently there have been any number of press discussions of the security and lack of updates for home routers.

It is a balancing act. Enabling the workforce of tomorrow without forcing them to have specific technologies in their home. It is a bright future, the office of tomorrow, but there are some kinks that need to be ironed out before it’s the perfect world solution.

It comes back to that concept I proposed yesterday (safely getting data that invokes governance ) of the users mobile device. Eventually data that will require governance could be tagged at the meta data level. This tagging would be adaptive (you’ve created new information from merging two old files that now requires governance) and you would then automatically capture that data and move it. You would need to leave a stub to that information on the users device (as they may create it and then touch it again later for edits etc).

That will require better quality tools on the Tablet and Cellular device than we have today by the way.


Scott Andersen

IASA Fellow.

Cyber, BYOD and MY changed data…
My Amazon author page!!!!

security concept for blog

Yesterday I talked a little about this security concept of myself and smart device connecting to the cloud and once there creating a new document that meets the organizational governance requirements and needs to be removed from my smart device and placed in the document repository of my organization.

I could, given the current state of things email said document to the Document Management system but that requires action by me. I suspect we would be better off evaluating the concepts of containers on the device.

In that scenario the data would be held in two places the first being the on-premise or cloud based organizational data store. The second place would be the mobile or smart device. When data is manipulated on the smart device the save process will force it into the container and the container will sync it back to the original store as a modification.

It would reduce the overall requirement for the user to actually engage and ultimately “send” the report in. The other side of this is of course something I’ve talked about many times. The reality of stepping on my personal bandwidth. I’ve made a joke in a few meetings recently (want to reduce organizational bandwidth requirements? Implement a BYOD policy and then don’t allow for that to be expensed, and don’t allow users to connect their personal device to the company wi-fi). The problem remains that in fact my bandwidth on my smart device is much less than on my home network or office connection.

The reality of device security will shape the next 2-3 years of IT. What do we do with all that data that is consumed on smart devices?

Will we see devices with secure stores directly on the device? A store that can only be accessed by a password, a finger print and eventually a gesture known only to the user? That would make the first part of the equation much stronger. Then simply have that chip securely communicate with the organizational on-premise or cloud based data management system.


Scott Andersen

IASA Fellow