Sunday 23 March 2014

Wireless solutions and summer holidays

As we all look forward to our summer holidays, I look back and think I was fortunate to be a Technical Director in an organisation where we could bring on a variety of wireless solutions, as well as complementary solutions.  When looking at solutions, it’s easy to become vendor centric, and not find a way to talk about or link a variety of vendors to provide a comprehensive solution.

Wireless Access
There are many solutions out there that can provide a number of unique features, whether it’s directional antennas, blanket coverage, security, cloud controllers, controller-less or controller based wireless solutions.  I will tar them all with the same brush and suggest that although you need to pick the right one for the environment, they are only offering a connectivity method for wireless devices to connect to a network or the internet. 

Network Access Control (NAC) and Security
NACs have made a comeback as more and more people realise that the wireless network needs to be secured in some fashion.  They offer the ability to identify users, devices, connectivity methods, as well as time to create a comprehensive policy to control. There are other security solutions that are focus on just wireless, where NACs are typically available for wired, wireless and VPNs.

Guest Management and Social Media
People will say they want to “monetise” their wireless network.  Of course there is a cost associated with running a public wireless network, but you can’t always capitalise on it.  Most people will use 3G/4G networks, or worse case turn to your competitor offering complimentary access.  More important is how to manage these users when they access your network.  By management, I don’t mean just a user repository, but also the ability to integrate payment engines, ticketing systems, tracking and how long they can access the network for.

There are many articles highlighting how many hundreds of advertising dollars have to be spent before achieving a like on Facebook, a follow on Twitter, etc.  The issue historically is how you can leverage this from your known customer base.  If your wireless access solution includes or there is an application that can integrate social media to it, then you can leverage your existing customer base to grow your social media one.

Enjoy your holiday!
I liken the Wireless Access to people outside bars, trying to entice you in with free drinks.  The NAC and Security systems, are the bouncers, while the Guest Management and Social Media, is the receptionist taking your entry fee and asking you to join the mailing list.

Next time you’re on holiday trying to find wireless access, I hope you remember this analogy and smile! :)

The Myths and Reality of the "Cloud"

As an Information Security Professional, I am often asked by people “What is the Cloud?”  My answer depending on the audience is that it’s a marketing term to cloud (please excuse the pun) the technology that is used, where your data or application is held on someone else’s computer.

The term cloud was popularised in general culture, thanks to Apple and their iCloud to allow your Apple devices to be backed up into an offsite location.  Terms such as cloud computing have been used by Google, Microsoft and Salesforce, who give application access without having to connect to servers within your organisation.  We hear of terms such as Cloud Backup, where your data much like the Apple iCloud principle, is held in an offsite location.

As I say, I believe Cloud is an all-encompassing marketing term, rather than the saviour to all our IT woes.  In the not too distant past, there were terms like, Software as a Service (SaaS), Infrastructure as a Service (IaaS) and Platform as a Service (PaaS), which described the solution being provided.

With the popularity of the term Cloud, a number of solution providers have jumped onto the bandwagon, leveraging the good work and good name form the likes of Apple, Google and Microsoft, and using it for their own gain.  Let me explain…

Cloud technology should deliver the following:

Delivered via multiple servers and multiple datacentres, with the various failovers in place.
Meeting a number of compliancy regulations, delivered through processes, procedures, physical security, virtual security, encryption, firewalls, etc.
Reducing the environmental impact of their datacentres, utilising renewable energy sources, or local environment resources, such as geothermal cooling in Iceland.
Reduce Costs/Change Payment Models
Delivering true lower TCO or real ROI, as well moving from a CAPEX payment model to an OPEX payment model helping company cash flow.
“A La Carte” Approach
It should not be an “all or nothing” approach to moving services to the Cloud.  With any technology that breaks from the norm (and Cloud technology is that to most people), there have to be easy transitional steps, moving only the solutions that make sense.

This is the reality for a number of the larger brands or organisations with integrity and the mission to deliver a quality solution.  The issue will come when less reputable or companies with less integrity want to join the Cloud bandwagon, and the above points are compromised or neglected.

I have heard of Cloud organisations running applications on single servers, in a single datacentre.  I use the term datacentre loosely, as under-stair cupboard may be a better description.  Data security is often compromised, as it’s seen as a cost with no visible or immediate benefit.  Some providers insist the movement for all applications and infrastructure, whether it’s appropriate or not.  There are many providers who struggle with incremental billing, insisting that one, two or even three years are paid upfront prior to implementation.

There have also been examples of service providers going out of business where the Cloud technology was shut down or even held to ransom.  With the importance of the application and more so your data, what contingencies would you have in place if this were to happen.

There are some real benefits to moving to the Cloud, if done appropriately and with due diligence.  Just be aware there are some less than reputable organisations selling Cloud solutions, being delivered by “smoke and mirrors” rather good infrastructure, good processes and procedures, good security and a company is good financial standing.

Don’t be afraid to ask questions and if it doesn't feel right, don’t use them, your organisation depends on it!