CloudGovCo

A periodic review of #CloudGovernance should verify that policies and procedures exist to ensure that a cloud solution has a return on investment and contributes to cost containment (including chargeback), continuous cost optimization, and relevant cost controls for managing usage and billing.

These concerns are not so much present #OnPremises or are taken for granted because typically the IT department does not make them transparent to the end business user.

Cost containment monitors and controls cloud usage, and analyzes usage to perform continuous cost optimization. Monitoring should be weekly at a minimum to avoid surprises at the end of the billing period.

Multi-cloud use should be managed carefully because it could have hidden costs. The theory is that costs are reduced if a cloud has a competitive advantage for a type of service. However, tools for multi-cloud management are immature and administrative costs could be very high. Tools for different clouds have poor integration so it is difficult to get a good over view.

The Five Eyes intelligence agencies are it it again, MacDailNews reports MI5 is trying to get politicians to break encryption and  #PrivacyProtection. Their demand is that the government must be able to read everything you do to keep you secure. Say What?

Back doors in #encryption will give criminals access to our bank accounts and more. Apple CEO Tim Cook says.

There have been people that suggest that we should have a back door. But the reality is if you put a backdoor in, that backdoor’s for everybody, for good guys and bad guys.

The mainstream press plays along, casting the discussion as a spectrum from privacy to security. It’s not. Privacy and data protection provide security. The alternative is pervasive surveillance in dictatorships such as China. Learn about security threats to your well being and what to do with our free security awareness training.

There’s a phrase that software is eating the world but #Corvid19 has shown its financialisation that is killing us. Back in the day the morning business news used to report on jobs in the real economy but soon after deregulation of financial markets in the late 1970s the morning news started featuring the stock market. Media stopped reporting on employment and job figures.

The idea was that the West would shift to designing products and the East would make them. This was nonsense at the time because it was obvious that design expertise would eventually follow manufacturing, so now the West is generally de-industrialized and dependent on financial services. Mostly, we don’t know how to make stuff anymore.

Deregulation was led by UK Margaret Thatcher and USA Ronald Reagan. The neoliberal idea was that by freeing money from monetary controls global wealth would increase at the top and trickle down. Money was free to move around the world but workers were not. So jobs outsourced to the cheapest producing countries and, yes, the rich became the 1% like Michael Bloomberg with his insane accumulated wealth of more than $64 billion.

And now Corvid-19 is actually eating the world. It is exposing the financial bubbles and magical thinking that drive the stock market and cap the real opportunities and wages of workers trapped in a gig economy.

Here are a few ideas of what is needed to restore a healthy economy:

• Ban short selling, which is purely speculative.
• Ban automatic machine trades which artificially create chaos.
• Restrict stock buy-backs by executives.
• Tax large financial transactions.
• Tax wealth at the source.
• Provide a universal minimum income to transfer wealth from the 1%.
• Provide universal health care.
• Stop corporate welfare.
• Develop industrial policies so manufacturing is restored.
• Stop privatization of public goods and public-private projects.
• Ban the use of economic sanctions

This malicious software is usually delivered through an innocent looking email attachment or an unpatched computer. For protection in the #cloud and #onpremises implement Security Awareness Training and:

• Segment networks with Virtual Local Area Networks (VLAN)
• Implement a zero-trust security framework
• Classify data based on its sensitivity to loss using CIA (Confidentiality, Integrity and Availability)
• Understand where important data is kept and create an effective backup strategy
• Maintain an air gap to backup systems so they don’t become infected
• Manage network switches out of band
• Firewalls should quarantine emails with attachments that come from outside the organization
• Employees should not open attachments from unknown people or addresses
• Change default passwords across all access points
• Use multi-factor authentication (MFA)
• Data recovery programs should be in place and tested
• Business continuity programs (BCP) should be in place and tested
• Train staff to recognise suspicious emails
• Apply software patches to keep systems up to date

Privacy and data protection in the #cloud is converging with the European Union’s GDPR (General Data Protection Regulation). In the USA the California Consumer Privacy Act (CCPA), tabled in 2018,  takes full effect July 1 2020. Very Good Security (VGS)  has an overview of the CCPA and how it will affect your business and consumer rights in North America. For example, Microsoft will enforce the CCPA for all customers in the USA.

While creating a GDPR course and CloudGovCo‘s policies and procedures for data protection and incident response, we made our privacy policy compliant with the #GDPR, #CCPA and #PIPEDA, Canada’s Personal Information Protection and Electronic Documents Act,

Canada is slowly revising its regulations to converge with GDPR, which is the international gold standard driving these changes. The province of British Columbia has struck a special committee to review privacy legislation and Quebec is planning to update its act Respecting the Protection of Personal Information in the Private Sector.

With so many #security breeches happening in the #cloud so often we have decided to make our security awareness course free. This is comprehensive and so much more than your run-of-the mill checkbox course at most organizations. Registration required but no obligation.

The #cloud is more complex than IT on premises. Employees must be more knowledgeable and skilled.

Learn how to setup a cloud centre of excellence (CCoE) to manage a knowledge-base and assist your organization in maturing its cloud capabilities. A CCoE defines a common set of best practices and work standards. It assesses your organization’s maturity profile against these best practices and work standards. It provides guidance and support, tools and templates and training in implementing these best practices and work standards.

Cost control is the biggest #cloud issue impacting operational budgets. This workshop brings together technical managers and developers to learn the elements and techniques of #CostControl in the cloud

It was announced this week that the #Boeing737Max will remain grounded to at least mid-summer 2020, as new defects are found. We have to wonder if a large scale #DevOps culture and a lack of robust software architecture is part of the problem. Of course, the origin of all this is a bad hardware design for the plane, which made it dynamically unstable and they tried to fix this with a software patch.

The latest is a new software bug preventing the dual flight computers from communicating properly. At least this is not an explicit safety issue because the plane cannot even move without the flight computers. Of course, a dual node design is inherently unsafe but that is another discussion. Ok, well, as a submarine commander who wore three watches once told me, “A man with one watch does not know the correct time. A man with two is confused. A man with three watches has a chance that two will agree.”

The reason I wonder about the software #Agile culture is that adding a second compute node shouldn’t bottle the system. This is beyond comprehension. Also, the Starliner space launch in December 2019 failed to reach orbit because the elapsed timing system software had an error in it.