Hosting
Comments and opinions about the world of Hosting and IT in general
Tuesday 29 July 2008, 2:13 PM
Let's get Physical ! (sorry couldn't resist...)
IT Security consultants scare me. But I guess that’s their job isn’t it?
I have a very good appreciation for security. Belonging to a company that specialise in Data Centre Hosting, security is an important benefit of our service and we have a lot of both logical and physical systems in place to protect our customers and allow them to sleep soundly.
We were at Infosec in April, my first visit, and found ourselves surrounded by companies selling Firewall, IPS, IDS, Token authenticators or software to protect your data from the nasty, evil people out there. It made me feel a bit uneasy if I’m honest. You see, it’s easier to sell your wares to people who are feeling a little paranoid and generating this paranoia is the bit I’m uneasy about.
Because security isn’t always about having multiple little devices that check each packet in lightning speed before deciding what to do with them. We all know what a complete waste a Firewall is if not properly configured and managed yes?
But when purchasing all these devices to keep the nasties at bay do you ever consider physical security?
The reason I ask is that I’ve recently visited 2 companies that who haven’t really considered the very real need for physical security. You see for every successful hacking attempt, masterminded by evil teenagers from the other side of the world, there’s at least a few computers being stolen – don’t you think?
The first customer really scared me (even more than IT Security consultants). This business holds very sensitive user data and has been doing so for years. This data isn’t part of some nice encrypted SQL database, no, it’s Word Doc’s mostly. Feeling uneasy yet? The worse part of this is that the backup for this data is kept on an external USB harddrive and all this is located in an a Large Garden Shed/Office. My only recommendation to this customer was to get this data somewhere secure and encrypt it that day. I’ve a good feeling it’s still there.....
The other customer, far less scary, just optimistic or uninformed. Wanted to run an online casino platform from his own premises. Fine, no problems. It was a lovely building too. Glass fronted with a nice tint to block out those UV rays. The comms room was at the end of the large open plan office. I asked about physical security.... ‘The comms room is always locked’. Good. Good strong door I noted. Now, I’m not a professional burglar but as I said, I do have an appreciation for security. I looked at the door for a while – good strong door that one. Nice big windows next to it too.
Realistically, if someone was after a server for eBay then it wouldn’t take them long. The upshot of this is that the customer might be very unlucky and they take the database server along with all the customer data.
Do me a favour today, have a think about how long it would take you from the outside of the building to get inside and potentially take away your businesses crown jewels...
Oh my Gosh! Spreading paranoia, scaring people, I've become a Security Consultant !
I have a very good appreciation for security. Belonging to a company that specialise in Data Centre Hosting, security is an important benefit of our service and we have a lot of both logical and physical systems in place to protect our customers and allow them to sleep soundly.
We were at Infosec in April, my first visit, and found ourselves surrounded by companies selling Firewall, IPS, IDS, Token authenticators or software to protect your data from the nasty, evil people out there. It made me feel a bit uneasy if I’m honest. You see, it’s easier to sell your wares to people who are feeling a little paranoid and generating this paranoia is the bit I’m uneasy about.
Because security isn’t always about having multiple little devices that check each packet in lightning speed before deciding what to do with them. We all know what a complete waste a Firewall is if not properly configured and managed yes?
But when purchasing all these devices to keep the nasties at bay do you ever consider physical security?
The reason I ask is that I’ve recently visited 2 companies that who haven’t really considered the very real need for physical security. You see for every successful hacking attempt, masterminded by evil teenagers from the other side of the world, there’s at least a few computers being stolen – don’t you think?
The first customer really scared me (even more than IT Security consultants). This business holds very sensitive user data and has been doing so for years. This data isn’t part of some nice encrypted SQL database, no, it’s Word Doc’s mostly. Feeling uneasy yet? The worse part of this is that the backup for this data is kept on an external USB harddrive and all this is located in an a Large Garden Shed/Office. My only recommendation to this customer was to get this data somewhere secure and encrypt it that day. I’ve a good feeling it’s still there.....
The other customer, far less scary, just optimistic or uninformed. Wanted to run an online casino platform from his own premises. Fine, no problems. It was a lovely building too. Glass fronted with a nice tint to block out those UV rays. The comms room was at the end of the large open plan office. I asked about physical security.... ‘The comms room is always locked’. Good. Good strong door I noted. Now, I’m not a professional burglar but as I said, I do have an appreciation for security. I looked at the door for a while – good strong door that one. Nice big windows next to it too.
Realistically, if someone was after a server for eBay then it wouldn’t take them long. The upshot of this is that the customer might be very unlucky and they take the database server along with all the customer data.
Do me a favour today, have a think about how long it would take you from the outside of the building to get inside and potentially take away your businesses crown jewels...
Oh my Gosh! Spreading paranoia, scaring people, I've become a Security Consultant !
Tuesday 1 July 2008, 11:51 AM
Return to the dark side?
Microsoft’s Virtualisation Strategy concerns me.
We’re about to see the release of Hyper-V. Around this release will the usual amount of marketing and razzmatazz that Microsoft usual bring to what is a major release for them. Of course, Microsoft are once again late to the party.
VMWare being the undoubted leader in this area and we ourselves invested in a large VMWare virtualisation infrastructure for our customers because VI3 is a really great product that has benefits we can pass on to our customers.
We are a technology lead company, flexible enough to be able to change direction and supplier if something better comes along that
allows us to give provide a better service or gives more value.
We’ll be sticking with VMWare for a while I think.
Hyper-V doesn’t give us anything that we haven’t already got and I think most companies will feel the same way. Understanding that they have a new product that they need to push aggressively, Microsoft are going full out to claim some market share and it’s this that causes me some concern.
If you buy Windows Server 2008 Enterprise edition you’ll receive 4 free licenses to run Hyper-V instances of Server 2008 on that server, unlimited if your budget can stretch to Datacentre edition. This is wonderfully generous of them, giving away all those licenses, and will certainly help IT departments in consolidating servers as well as moving over to Windows Server 2008.
However, doesn’t this feel a little like their buying their way into this market?
Are you getting that 90’s Browser Wars feeling again?
I found myself at a Microsoft Analysts Seminar recently where they showed comments from various high level Exec’s (including Ballmer) stating that Virtualisation is their Number 1 priority. I find this level of focus a little frightening considering past history.
More competition in this important area should be welcomed, right? VMWare have really had this area to themselves for too long but I’d like to see more competition from a technology vs technology perspective rather than cost. But that easy for me to say – Budget holders around the country would maybe see things differently !
We’re about to see the release of Hyper-V. Around this release will the usual amount of marketing and razzmatazz that Microsoft usual bring to what is a major release for them. Of course, Microsoft are once again late to the party.
VMWare being the undoubted leader in this area and we ourselves invested in a large VMWare virtualisation infrastructure for our customers because VI3 is a really great product that has benefits we can pass on to our customers.
We are a technology lead company, flexible enough to be able to change direction and supplier if something better comes along that
allows us to give provide a better service or gives more value.
We’ll be sticking with VMWare for a while I think.
Hyper-V doesn’t give us anything that we haven’t already got and I think most companies will feel the same way. Understanding that they have a new product that they need to push aggressively, Microsoft are going full out to claim some market share and it’s this that causes me some concern.
If you buy Windows Server 2008 Enterprise edition you’ll receive 4 free licenses to run Hyper-V instances of Server 2008 on that server, unlimited if your budget can stretch to Datacentre edition. This is wonderfully generous of them, giving away all those licenses, and will certainly help IT departments in consolidating servers as well as moving over to Windows Server 2008.
However, doesn’t this feel a little like their buying their way into this market?
Are you getting that 90’s Browser Wars feeling again?
I found myself at a Microsoft Analysts Seminar recently where they showed comments from various high level Exec’s (including Ballmer) stating that Virtualisation is their Number 1 priority. I find this level of focus a little frightening considering past history.
More competition in this important area should be welcomed, right? VMWare have really had this area to themselves for too long but I’d like to see more competition from a technology vs technology perspective rather than cost. But that easy for me to say – Budget holders around the country would maybe see things differently !
