Blog posts by Mike Small

Blog

Organization, Security and Compliance for the IoT

The Internet of Things (IoT) provides opportunities for organizations to get closer to their customers and to provide products and services that are more closely aligned to their needs. It provides the potential to enhance the quality of life for individuals, through better access to information and more control over their environment. It makes possible more efficient use of infrastructure by more precise control based on detailed and up to data information. It will change the way goods are manufactured by integrating manufacturing machinery, customers and partners allowing greater product...

Blog

Where is my Workload?

One of the major challenges that faces organizations using a cloud or hosting service is to know where their data is held and processed. This may be to ensure that they remain in compliance with laws and regulations or simply because they have a mistrust of certain geo-political regions. The location of this data may be defined in the contract with the CSP (Cloud Service Provider) but how can the organization using the service be sure that the contract is being met? This question has led to many organizations being reluctant to use cloud. Using the cloud is not the only reason for...

Blog

A Haven of Trust in the Cloud?

In September a survey was published in Dynamic CISO that showed that “72% of Businesses Don’t Trust Cloud Vendors to Obey Data Protection Laws and Regulations”.  Given this lack of trust by their customers what can cloud service vendors do? When an organization stores data on its own computers, it believes that it can control who can access that data. This belief may be misplaced given the number of reports of data breaches from on premise systems; but most organizations trust themselves more than they trust others.  When the organization stores data in the cloud, it has to trust the...

Blog

CESG Draft Cloud Security Principles and Guidelines

UK CESG, the definitive voice on the technical aspects of Information Security in UK Government, has published draft versions of guidance for “public sector organizations who are considering using cloud services for handling OFFICIAL information”. (Note that the guidelines are still at a draft stage (BETA) and the CESG is requesting comments).  There are already many standards that exist or are being been developed around the security of cloud services (see: Executive View: Cloud Standards Cross Reference – 71124 ) so why is this interesting? Firstly there is an implied prerequisite...

Blog

Microsoft OneDrive file sync problems

A number of users of Microsoft’s OneDrive cloud storage system have reported problems on the Microsoft community relating to synchronizing files between devices. So far, I have not seen an official response from Microsoft. This can be very disconcerting so, in the absence of a response from Microsoft, here are some suggestions to affected users. These worked for me but – in the absence of a formal response from Microsoft – I can offer no cast iron guarantees. What is the problem? It appears that files created on one device are synced to another device in a corrupt state. This only...

Blog

Cloud Provider Assurance

Using the cloud involves an element of trust between the consumer and the provider of a cloud service; however, it is vital to verify that this trust is well founded. Assurance is the process that provides this verification. This article summarizes the steps a cloud customer needs to take to assure that cloud a service provides what is needed and what was agreed. The first step towards assuring a cloud service is to understand the business requirements for it. The needs for cost, compliance and security follow directly from these requirements. There is no absolute assurance level for a...

Blog

EU Guidelines for Service Level Agreements for Cloud Computing

In a press release on June 26 th , the European Commission announced the publication of new guidelines “help EU businesses use the Cloud”.  These guidelines have been developed by a Cloud Select Industry Group as part of the Commission’s European Cloud Strategy to increase trust in these services.  These guidelines cover SLAs (Service Level Agreements) for cloud services.  In KuppingerCole’s opinion these guidelines are a good start but are not a complete answer to the concerns of individuals and businesses choosing to use cloud services. Cloud services are important as they...

Blog

AWS: Great Security but can you Trust a US Owned Cloud Service?

Cloud computing provides an unparalleled opportunity for new businesses to emerge and for existing businesses to reduce costs and improve the services to their customer.  However the revelations of Snowden and the continuing disclosure of state sponsored interception and hacking undermine confidence in cloud service providers.  In this environment CSPs need to go the extra mile to prove that their services are trustworthy. In general there are two kinds of customers that are adopting cloud computing.  The first kind is the so called “born on the cloud” customers who are starting new...

Blog

IBM’s Software Defined Environment

In IBM’s view the kinds of IT applications that organizations are creating is changing from internal facing systems to external facing systems.  IBM calls these kinds of systems “systems of record” and “systems of engagement” respectively.  The systems of record represent the traditional applications that ensure that the internal aspects of the business run smoothly and the organization is financially well governed.  The systems of engagement exploit the new wave of technology that is being used by customers and partners and which takes the form of social and mobile computing.  In IBM’s...

Blog

Card Clash on the London Underground

Recently there have been posters in London Underground stations warning users of Oyster Cards - the Transport for London (TfL) NFC enabled electronic travel wallet - that there is a risk of “card clash”.  These posters warn that they need to keep other contactless NFC payment cards separate from their Oyster Card when they “touch in” on a bus to avoid the risk that the wrong card would be charged.  TfL will be rolling out the ability to use NFC enabled payment cards on the Tube (London Underground), Overground and DLR later in 2014, and this could lead to further problems.  The charges...


KuppingerCole Select

Register now for KuppingerCole Select and get your free 30-day access to a great selection of KuppingerCole research materials and to live trainings.

Stay Connected

Subscribe to our Podcasts

KuppingerCole Podcasts - watch or listen anywhere


How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00