While it’s idiotic to refrain from updating your servers, it is doubly-idiotic to refuse to update your servers after they’ve been hacked.

Under the terms of the provisioning service that the servers were provided under, Fleishman-Hilliard was responsible for the administration and security of the servers, including operating system updates, software installations and backups, and had set up the servers—but “had chosen not to update their applications,” Brubeck said.

via After first Anon hack, PR firm failed to update other .gov websites.

Something you should read if you store data with Amazon, or even if you don’t, because:

“They basically are telling you compliance is all up to you regardless of the regulation,” said Joe Granneman, an information security professional with experience in the heavily regulated industries of health care and financial services. “This makes a lot of sense because there is no good way for Amazon to guarantee compliance when it only provides the infrastructure. The customer connects the infrastructure together and builds on top of it, which Amazon cannot guarantee. This document drives home the fact that compliance is still up to the customer and not the IaaS provider.”

via AWS cloud computing compliance paper details customer responsibilities, and Amazon Web Services: Risk and Compliance.

We’ve released two security enhancements to Gmail that help protect you from phishing attempts.

1. Going forward, email address will be visible next to the display name for senders that aren’t in your Contacts list.
2. We now scan messages and alert you if the sender may have spoofed a Gmail address.

Good – issue #1 there has irritated me for a long time.

via Google Apps update alerts: Protect your account with new security features in Gmail.

ShareFile presents: How to leverage the cloud to avoid downtime!

“ShareFile is spread across multiple availability zones on Amazon’s EC2 data center and uses all five of their major data centers in Northern Virginia, California, Ireland, Singapore and Japan. In addition, we have a whole farm of servers, spread across availability zones, that handle our customers’ uploads and downloads, and the servers are more or less interchangeable so that if one, or a handful of servers go down, our customers are not affected by any downtime.”

If an availability zone were to incur an issue, ShareFile has a monitoring system that will constantly monitor servers for a bi-directional data transfer heartbeat. Should that server become unavailable, it is dropped from the aggregated server farm automatically. I inquired specifically as to the sequence of events that happened in the US-East region and how ShareFile accommodated the outage, to which Lipson responded:

“When Amazon experienced it’s outage in one of the availability zones on the East Coast, the affected servers were automatically dropped from ShareFile’s server farm without any human intervention and the upload/download success rates were normal. The next day our team added some extra server capacity on the West Coast as a precautionary measure in case the issue got worse on the East Coast, but our customers didn’t experience any downtime. Since we are focused on businesses that share large and sensitive files externally and internally, there’s an expectation that these files reach the right people at the right time and we’ve been pretty conscious, since ShareFile’s inception, to provide continuous service for our customers.”

So basically, the same way you’d avoid downtime in your own server farm, but with cloud resources.  Well done.

via How innovative design allowed one cloud company to withstand Amazon’s recent outage | TechRepublic.

Kaviza’s VDI-in-a-Box, a plug-and-play virtual desktop system that has been gaining traction, enables just about anyone (not necessarily an IT specialist) to get a deployment up and running for a small or midsize business. Kaviza’s truly is an automated, turnkey way to do it; users install the software on a commodity server, and the software finds all the system nodes automatically.

Citrix, the world’s second-largest VDI provider (behind only Hewlett-Pacakrd[sic]), needed the IT that Kaviza brought to the table because it had not previously addressed the SMB space with a purpose-built VDI offering. Most of Citrix’s customers are large enterprises.

When Kaviza is running, the virtual desktop runs in its own browser-type window with all the application functionality needed. Little or no latency is apparent. Users can continue to use their local applications as normal. Read Frank Ohlhorst’s product review here.

Kaviza One of First to Do VDI on iPads

Four-year-old Kaviza, with its VDI-in-Box product, was one of the first to provide VDI support for iPads, iPhones and Android smartphones running on a data center hypervisor—Citrix Xen or VMware ESX 4.1.

via Citrix Acquires Virtual Desktop Provider Kaviza – Virtualization – News & Reviews – eWeek.com.

A new service from Amazon to help you deploy to their cloud!

AWS Elastic Beanstalk is an even easier way for you to quickly deploy and manage applications in the AWS cloud. You simply upload your application, and Elastic Beanstalk automatically handles the deployment details of capacity provisioning, load balancing, auto-scaling, and application health monitoring. At the same time, with Elastic Beanstalk, you retain full control over the AWS resources powering your application and can access the underlying resources at any time. Elastic Beanstalk leverages AWS services such as Amazon EC2, Amazon S3, Amazon Simple Notification Service, Elastic Load Balancing, and Auto-Scaling to deliver the same highly reliable, scalable, and cost-effective infrastructure that hundreds of thousands of businesses depend on today. AWS Elastic Beanstalk is easy to begin and impossible to outgrow.

via AWS Elastic Beanstalk.

It’s like the last revolution where the shift was from everyone generating their own power, to centralized power generation facilities.  Tremendous economies of scale in cloud computing.

A Microsoft study bears out what environmentally-conscious companies have hoped for all along: cloud computing has the potential to reduce energy consumption and carbon emissions by 30 percent or more.

Large data centers, like those run by tech giants Microsoft and Google, benefit from economies of scale and operational efficiencies, according to the study. Small businesses, of about 100 users, moving business applications away from on-site servers into the cloud can see net energy and carbon savings of more than 90 percent, the researchers wrote. For mid-sized organizations, of about 1,000 users, the savings were between 60 to 90 percent, according to the Microsoft-commissioned study.

via Microsoft Study Finds Cloud Computing Is Good for the Environment – Cloud Computing – News & Reviews.

Interesting – Cisco hardware with virtual desktops embedded?

In a nutshell, Cisco will embed Citrix’s XenDesktop in its desktop virtualization offering, which is part of the company’s unified computing effort. The Cisco Desktop Virtualization Solution will include Citrix’s XenDesktop, FlexCast and HDX technology. The Cisco-Citrix combination will be available from channel partners Cisco blog, statement, Citrix blog. Simply put, Citrix will ride along as Cisco’s Unified Computing System architecture gains steam.

via Cisco, Citrix team to push desktop virtualization | Network Administrator | TechRepublic.com.

Cameron Sturdevant lists 9 points to keep in mind when comparing virtual desktop hypervisors.

I start by identifying what will be required of the desktops, what sort of hardware (client and server) will be required to support the requirements, and then I dive into the murky, swirling world of licensing:

1. License costs

In addition to the “three C’s” one of the most important testing criteria is licensing costs. None of the competing vendors make it easy to do an apples-to-apples comparison, so you’ll need to do some noodling to get a price per-desktop, per-year figure. It makes a difference how many years you include in your calculations. I suggest looking at a minimum of three and a maximum of five years, depending on your current physical desktop or laptop formula. Speaking of physical systems, you should factor in the costs of the user devices on which the remote virtual desktops will be hosted.

via Critical Testing Criteria: Virtual Desktop Infrastructure – Virtualization from eWeek.

If you’re not familiar with CloudAudit.org:

CloudAudit and the Automated Audit, Assertion, Assessment, and Assurance API (A6)

The goal of CloudAudit is to provide a common interface and namespace that allows cloud computing providers to automate the Audit, Assertion, Assessment, and Assurance (A6) of their infrastructure (IaaS), platform (PaaS), and application (SaaS) environments and allow authorized consumers of their services to do likewise via an open, extensible and secure interface and methodology.

Now, via Anton Chuvakin Blog – “Security Warrior”: CloudAudit Delivers – Cloud Compliance Maps:

CloudAudit delivers it’s first batch of cloud compliance specifications. Quoting from the announcement:

“The CompliancePacks map control objectives to specific namespace entities which are contained below and feature NIST SP800-53, PCI DSS, HIPAA, ISO27002 and COBIT compliance frameworks. Ultimately these directories are where a Cloud Provider will store and secure the assertions and supporting materials related to each compliance framework or assertion.” [<- the bold part is kinda the whole point

If you’d like to audit your cloud, give it a read.