I am going to start recording these, because these are awesome statements:
“In cloud, everyone wants the sausage, but nobody wants to know how the sausage is made”
4 Brave souls or fools?
I recently asked my friends on Facebook and Twitter to help me fill out a survey. I have a secret admission: my intention was not to create or propose a new Netflix / Hulu / iTunes functionality. My intention was to see how many of my friends, who are relatively tech savvy, would reveal their propensity to share personal data
with an online video service. And it turns there are 4 brave souls who would share data! I want to raise
my glass to these 4 brave souls, and yet, part of me thinks they should be more hesitant.
Question 1:
To be fair, 100% of the survey respondents said yes to whether or not they had a Netflix / Hulu / iTunes service. This was satisfying to me, because I would expect no less of my friends. If someone did mark it as a no, I would have lost my mind trying to figure out who is still living in the 20th century. They probably chose not to fill the survey … so the final results here may be biased 🙂
Question 2:
The second question was also a filler question. Most of the people I know watch 30 minutes to an hour off an online video service.
Question 3
The third question is where it gets interesting. Let’s call this functionality S. I want to see this Functionality S in Netflix / Hulu / Movies on iTunes because I always fall asleep watching an episode or a movie before my wife does. And then going back the next day to watch the program means you have to watch the entire program from the start or struggle with streaming it to the exact spot (which I neverget exactly correct). Any small help in getting close to the spot where I fell asleep would help. I admit this is a very trivial problem; however, introducing ease of use in any product has always made it a great sale.
So what did my friends say? Apparently they agreed in majority. 70% of my friends thought it would be beneficial to have this option. 30 % said no, and no one skipped this question. I don’t know how many of the 30% have no partner / husband / wife. That is a piece of data I didn’t want to collect for obvious reasons.
Question 4:
For the next question, however, the tables turned. A large majority (greater than 80%) said no in regards to sharing any information about your partner / husband / wife to enable the Function S with the online service. In fact, some of you (slightly greater than 15%) might have been so turned off by the idea that you skipped this question. There were only 4 individuals who would share this data! Are these 4 brave souls or fools?
Side note: I wonder if anyone noticed that it was on the next page on purpose, to make sure there is little bias on the previous item from this question.
Thoughts:
I completely agree with the notion that sharing private details with an online video service can be difficult. However, I have to ask myself, most of the avenues where I asked the question are social media-based online services (cloud based services). These are online services where we are already exchanging this information. And with data mining and big data tools, being able to predict some of the semi-private information about your family has become easier. We all tag our spouses and partners on Facebook and Google+ pictures. Most of us exchange our family and partner’s geo data in our pictures and tweets as well. So what’s the harm in providing the partners’ basic information to an online video service?
The question becomes, are these 4 people actually smart to trade off functionality and ease of use for exchanging data that is already available? Or have they just given up the privacy and acknowledge that in this day and age it is not possible to maintain? And for the rest of us, why are we exchanging private data with sites like Facebook and Google+ but not others?
By the way, I don’t get to see the personal information of any of the respondents.
Credits:
I produced the graphs using Tableaupublic.com. For a deeper dive of the results, you can view it at https://public.tableausoftware.com/views/Onlinevideoinfosharingsurvey_0/Dashboard1?:embed=y&:showTabs=y&:display_count=yes.
Are you the reason why the cloud isn’t ready for the masses?
This is an anonymous post from a friend who has been involved in the tech industry for the past 7 – 8 years. While we are not always aligned in our views, he brings some unique insights that are worth sharing to get a diverse perspective on the issues.
Are you the reason why the cloud isn’t ready for the masses?
“I’m not an expert on cloud storage or security, but I do know enough to be dangerous. One thing I do know for sure is that the cloud isn’t ready for the majority of people to store their personal content. My parent, my siblings, my wife and my brother-in-law are all smart and intelligent but they are all exposing themselves to significant risk by using the cloud.
What bothers me a lot about this is that there are many of vendors that oversell the benefits of cloud storage and side-step some of the risks. They put the burden on the consumer to figure it out themselves. They even opt users in to using the cloud by default or make it confusing to turn the cloud sync functionality off. I’m looking at you, Apple.
“How do I turn the damn cloud off”
You need not look further than Jennifer Lawrence or other data breaches to see the impact of such an issue. Forget the millions of cases that never make it to the front page.
The biggest problem that we currently face is in dealing with passwords. The concept of user name/passwords is over 20 years old. As such, the weakest link isn’t the cloud but the user. Phishing can make it very easy for a user to give up their password. Even in cases where phishing isn’t involved, many users will use the SAME password on websites that they really should not trust. If Uber can have loose controls over who accesses your data, I guarantee you that other websites have weak controls as well. Who in those companies has seen your password? Do you even know?
What’s really scary is that you can be careful and provide unique passwords to each website, but accidentally type in the wrong password once and lose all the security you depended on. This is because some websites might be logging your password. Facebook’s founder took advantage of such an approach when he was in college. I used to accidentally do this all the time.
There are ways to alleviate this issue, but NO ONE wants to use them unless forced. One-time passwords (OTP) are a good example. Phones are a great way to actually verify the user. They allow a user to control who has access, because the minute they lose their phone they know that they are no longer secure. Setting up an OTP on your phone is what major cloud service providers recommend, but few know about it or use it. It also needs to be simpler AND available for use on ALL sites that you trust.
1Password-like solutions are also another great option. There is a chance your one local password could be compromised, but it is significantly lower risk than manually entering in the same password across websites (possible over the unsecure internet).
There are so many vectors for attack and many papers have been written about them, but OTP and 1Password-like solutions alleviate a lot of them with regards to protecting access.
For full disclosure, as I said before, I know enough to be dangerous. As such, I put a lot of sensitive data such as health related receipts in the cloud because I have given it significant thought and found it untenable to keep hundreds of receipts in my basement. I also use a VPN over insecure WiFi and encrypt files – but I think that’s a little extreme for most.
The reason why I wrote this blog post is because a lot of cloud vendors make ease of use a priority over security, because they need to show their VCs growth. But, they need to make our security our priority and innovate beyond the password. The assets they keep in their storage are, in many ways, more important than those kept by a bank. Once they are leaked, there’s no way for a government body like the FDA to make the consumer whole again.”
Cloud Computing costs vs. cost of a Honda Accord
Latest edition of the Cloud Sommelier blog. Thanks to my friends Ali Pasha and Laura Schaefer for their help. I compared the costs of cloud computing over past years to the cost buying a Honda Accord. For more details, see the link below:
Other companies backing Microsoft on data privacy
Other tech companies backing up Microsoft for Data Privacy
Microsoft telling the US government off
I love this debate. Imagine if this was the other way around. If a European (or for that matter any other country) asked for US based data. In my opinion, this could have terrible precedence.
Microsoft tells US: The world’s servers are not yours for the taking
http://arstechnica.com/tech-policy/2014/12/microsoft-tells-us-the-worlds-servers-are-not-yours-for-the-taking/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+arstechnica%2Findex+%28Ars+Technica+-+All+content%29
Great work by the writer on this one.
How to be personally secure in the cloud world (Part 2)
Interestingly after publishing the last blog, I started getting blog views from the Russian Federation. The image above shows the last 7 days of views, before this blog was published.
Here is part 2 of the discussion with Jeremy (Background: I recently had a chance to talk to a friend, Jeremy Guthrie, who has been in the Information Technology / Internet Service Provider business for 23 years, concentrating on networking and security architecture).
What about the tradeoffs of over-securing?
Jeremy: One of the most dangerous things you do every day is get into your car and drive somewhere. But we all do drive or use some sort of transportation daily, because of the fact that there is a risk and a tradeoff. So don’t over secure yourself so much that you hurt your online experiences substantially.
For example, let’s think about the Apple iCloud breach from this summer. Apple and other providers could have done way more to protect the information that was stolen. However, these providers also have to consider the tradeoffs of various levels of security vs. usability. For example, you can gain more security by using multi-level authentication or varying degrees of password complexity or user logouts after X number of logins. This also means it could make their cloud services difficult to use and cumbersome. So this security situation is a tradeoff between convenience and usability vs. security. If you have to attract a large user base, you have to make the product easy to use. Regardless, the provider should be transparent about how they protect their data across their entire online interface. Your choice is whether you want to leverage their additional tools to secure your data and post your data there.
My thoughts: Apple has implemented two-step verification for Apple ID, which is the user ID used with iCloud. It is not turned on by default. Here is a link to turn it on: http://support.apple.com/en-us/HT5570
Anything else we should watch out for?
Jeremy: Be careful about exchanging too much information on websites associated with different political / charitable causes. While the websites might try to secure the environment, these are generally targets for groups of hackers who want to malign the website / cause. Thus you are providing an unnecessary target on your information.
Another Interesting phenomenon currently developing is the Apply Pay feature and how it will impact your financial services. For example, before when your credit card was stolen and unauthorized transactions were made through it, the bank would help you out in most cases and take your word for it. However, now that the credit card credentials are on your phone, if it gets stolen for a certain time period before you realize the phone is stolen, will the bank hold you responsible for proving whether this item was stolen? Effectively, the phone is still authorized by you to make the payments on your behalf. And if you thought TouchID was not vulnerable to finger print spoofing, think again. The onus would shift to you to prove that the phone was stolen, in a time period when you don’t actually have your phone in your possession. Just something to ponder.
Interesting reads Jeremy recommended about security:
- Freakonomics blogs and podcasts about security offer an interesting take on security, risk aversion and the costs related to it
- Science of Fear – Why We Fear the Things We Shouldn’t–and Put Ourselves in Greater Danger by Daniel Gardner is about tradeoffs
- Spycraft: The Secret History of the CIA’s Spytechs, from Communism to Al-Qaeda by Robert Wallace is a look into how far people will go to get information.
How to be personally secure in the cloud world (Part 1)
With recent cloud-related security concerns, this topic has become a big conversation piece. I recently had a chance to talk to a friend, Jeremy Guthrie, regarding Cloud Security and how people should approach it. Jeremy has been in the Information Technology / Internet Service Provider business for 23 years, concentrating on networking and security architecture. Side note: I was tempted to include a face-covered picture of Jeremy but unfortunately no cloak and dagger stuff here, just two friends talking. 🙂 Thank you Jeremy!
Here is the synopsis of the conversation, in a two-part blog:
Let’s start with how to think about Cloud-based security for an average cloud user:
Jeremy: As a user, you have to start thinking about where your data is going. You might not need to know the exact physical address, but rather, who is the data going to? What data is going there? Conceptualize whether or not you have control over the data / information you are placing in the cloud. An example: Recently a cloud-based storage / file sharing service, which is used by corporate and individual users, blocked access to sharing of MP3s from individual customers’ accounts. Interestingly these were blocked due to compliance to Digital Millennium Copyright Act (DMCA1). So in this case, the question is who is in really in control of the files?
For the record, neither the writer of the blog or Jeremy Guthrie is arguing for or against the actions of the storage provider or DMCA.
My thoughts: Typically we tend to think of cloud-based storage as an extension of our laptop or device that resides in our physical premises. In which case, typically no one can impose any restrictions on them without either a court order. However in this case, the 3rd party is placing the restrictions in compliance of a legal order.
So what should an average cloud user do?
Jeremy: It is easy to be lazy about the information you give out online and in the cloud. Track what data / information you give about yourself and where. Imagine no data you give out is trivial. Maintain separate passwords for your different online accounts and make sure you have system to store these. If something bad happens, the first question will always be “What did I have there?” If you cannot answer that question, then it is harder to come to a reasonable response. Not every data loss is the end
of the world but you need to know your footprint.
Where can I store my various passwords?
Jeremy: 1Passwordis a good tool. (Here is a link to 1Password: https://agilebits.com/onepassword).
It’s about making you a harder and smaller target. If someone is hell-bent on stealing your identity, they will be able to steal it after making some effort. However the purpose of protecting your identity is to make yourself not stand out and not be an advertised target. Protecting yourself online is basically about reducing the risk of becoming a target. As with any risks, there are trade-offs.
What can you do reduce the risk?
- Know where your information is.
- Use different passwords for every site. Answer password recovery questions with gibberish answers.
- Use two-factor authentication for sites like Facebook, google, yahoo, PayPal, your bank, etc.
- Don’t post your travel plans online in an open forum.
- Post pictures of major travel after the travel dates.
- Don’t post personal information which might give out your identity easily and without thinking about it.
- Don’t share about activities that might get you into trouble, either with future employers or law enforcement.
- Protect your children’s information and environment. As they grow up, they will be in an overexposed world of information, interaction and social media.
- For recurring events, don’t make them public information or publicly reveal you are going to attend them.
(You can read the rest of this next week …. 🙂
Analytics in the cloud
Dear readers,
It has been 4 weeks since I put something here. Update: I am working on a couple of blogs side by side related to Cloud Security. In the meanwhile, my friend Marc Clark wrote a really good blog about Analytics in the cloud and the utility of cloud to solve problems.
http://blogs.teradata.com/data-points/the-cloud-isnt-a-silver-bullet-for-analytics/
Next week:
Cloud Security with Jeremy Guthrie!
Kitchen Cloud, huh?
Cloud for the small business owner: Kitchen Cloud, huh?
I would like to get back to the “as a service” discussion from a previous post. Recently I watched an episode of Travel Channel’s Bizarre Foods America. The episode centered on NYC and late night food and culinary practices in NYC. Of specific interest to me was the story of Hana Kitchens. As Andrew Zimmerman puts it on their website, “These are the people that are going to be the titans of the food industry in the years to come.” Well then, what does Hana kitchen provide? According to their website: “At Hana Kitchens it is our mission to be the resource providing the means and the support and business advice to culinary entrepreneurs and to be a collective that has the tools and equipment to offer both apprentice and professional alike.” http://www.hanakitchens.com/about/
Basically, they provide advice and industrial styled kitchen space and equipment on rent on an hourly basis to chefs and businesses that want to produce culinary delights.
Let’s make Hana Kitchen cloudy
Let’s think of a scenario: You are a patisserie chef, who is just starting out in NYC, wanting to start a business making pastries for the local bakeries. You just graduated from a fine culinary school, you have the talent and the knowledge of how to cook, and have an idea of products you want to produce on daily basis. What you probably don’t have is cash or funds! As a patisserie chef, what are the activities that you should be spending time on? Should it be: refining your recipes, trying new recipes, making a perfect batch of goodies, gaining new knowledge of food, learning new tricks of the trade? Or should it be paying individual bills for the kitchen like electricity, gas, etc., managing the equipment, and, if anything breaks down with the equipment, fixing it? Isn’t that a waste of chef’s brain and time? This is what Gartner or other advisory services call “concentrating on your competitive advantage.” A chef’s competitive advantage is recipes, his / her knowledge of the food and presentation of the food. Not the kitchen equipment and oven. Yes, good tools definitely help in the process, but if your recipes are not great and your knowledge of the food is lacking, then great equipment can’t replace it. What are the first major costs you have to incur when you start the business? You have to basically rent a kitchen space and buy all the equipment. This means, whether you are working or not producing pastries, you own that piece of equipment. It is not being used. Plus to own all of this equipment, you will probably have to ask a bank for money or use some of your own. if you are rich enough or have money lying around, more power to you. However, if you don’t, like most new small businesses don’t, then aligning your sales and cash flow to the use of your resources is very important. You can’t tie up cash in equipment that is not being used a lot of the time.
Step in Hana Kitchen. They allow you to rent kitchens for 6 to 8 hour shifts that allows you to produce a batch of goodies to send out and sell to bakeries that day. This means you are not using your money to invest in this business, but actually getting your customers to pay for kitchen. Plus someone else is managing the kitchen, keeping it up and running for you. You don’t have to manage it, pay individual bills, and maintain the equipment. You get to concentrate on refining your recipes and building your competitive advantage. Keep in mind, Hana kitchen has to provide a certain level of good equipment. It can’t be terrible experience for a chef.
Thus Hana kitchen is a Kitchen Cloud!
Lessons for a small business owner
So what does it teach a small business owner? Small business owners have to traditionally do a lot of the stuff themselves. Cloud based tools just help you perform the tasks automatically, without reinventing the wheel. This helps you to concentrate on creating competitive advantage and aligning your expenses to your revenue. The competitive advantage is very important because almost always a small business is competing with large businesses for customer attention.
There are multiple cloud services to help perform different business functions. If you need to produce documents and balance sheets, use Google Docs (free) or Office 365. Use Dropbox / Box.com / Google drive / Microsoft OneDrive (all of them have a limited free services) to exchange documents with your customers rather than buying your own storage and sharing setup. Here is a link to some small business storage services, where you can back up and store a lot of the information: http://business-cloud-storage-services.toptenreviews.com/
There are ton of tools like Intuit Quickbooks / Fresh books / Intuit payroll etc. to help you manage the finances, do payroll, manage expenses, etc. If you need processing power, use a cloud provider like Amazon or Rackspace or Microsoft rather than buying servers. Use Adobe Connect, Webex or GotoMeeting for meeting with your customers. Use Gliffy for making diagrams like org charts, floor plans, etc. As you grow, use Salesforce.com for your business. For accepting payments, use PayPal or Square on your phone as and when you can.
List of tools:
Here is a slightly older, albeit a good starting list of tools: http://www.pcmag.com/article2/0,2817,2361500,00.asp
The basic idea is that there are a lot of tasks involved in support functions like finance, documentation, accounting, storage, etc. that are required in running a small business. Large business can afford to perform these functions on their own, and with a large support staff. If you’re competing with them, don’t try to do it all yourself. Try to compete based on your competitive advantage, and for support tasks that don’t add to your competitive advantage, use a cloud based tools.
What is the advantage? Cloud services are normally priced by consumption like resource or per user, so you can align them to your cash flow and sales. The image below helps to summarize these facts and puts some items really well. Look at the numbers: 98% have technology as a success factor, but 42% do NOT have an IT department. I think the majority of the rest 58% probably have a small 1- 5 people department. This is where it is essential to use cloud services to your gain.
Update on Hana Kitchen
Eerily similar to the major cloud providers’ growth strategy, Hana Kitchens is looking to establish itself on both coasts of the continental US. Their next destination is LA. Given the way they are able to breed new culinary ideas coming out of their kitchens, I think they will be titans of the food industry.
There is a similar communal kitchen here in Madison WI called FEED Kitchens, but it has a non-profit bent: http://feedkitchens.org/
cloudsommelier 