Indeed. On Tuesday, July 22, 2014, Bill Humphries <[email protected]> wrote:
> I have an accounting firm that is ditching Lacerte and all the other > vendors are pushing nothing but cloud options at them. Most of the > security talk has been "let us tell you how the datacenter is secured." No > talk of real factors such as how passwords stored, multifactor > authentication availability, backing up your own data, etc. > > One of the vendors did provide a couple of PDFs for security. One sheet > was like a SAS 70 checklist with a blurb stating we have a policy for this > for each section. The other PDF was outlining the IBM datacenter they use > and that IBM maintains their security and backups. The one interesting > thing in that is that they claim that all the backups are through Tivoli to > tape and then cloned for offsite storage. That is a lot of tape. > > Bill > > > -----Original Message----- > From: [email protected] <javascript:;> [mailto: > [email protected] <javascript:;>] On Behalf Of Susan Bradley > Sent: Tuesday, July 22, 2014 10:49 PM > To: [email protected] <javascript:;> > Subject: Re: [NTSysADM] I'm sure you've heard already... > > I just called up my cable company to reconfigure my ever increasing cable > bill and renegotiated the costs. So the idea that cloud services > has a defined cost structure I would debate on. My personal experience > in all cloud services is that some have gone up, some have gone down. :-) > > As the premise options become > a. more expensive > b. less attractive > > and quite frankly as we dinosaurs age out/retire/the youngsters that only > use Google apps take over/ this will all change. No one here is not saying > all of this is not happening, I'm just not willing to accept some of the > ideas that the vendors provide are the key advantages. It's an advantage > for them for sure. > > As the vendors themselves stop developing premises based software - (and > this is the key movement I see in the SMB space) - because it's cheaper for > them (less support for us pesky desktops with lord knows how many versions > of OS), easier for them to build the infrastructure where they want it, and > better for them as they can plan on the revenue subscription model. As Rod > said, it's the app model taking over. > > It is what it is. All of us will deal. But outsourcing isn't always best > for a firm (ask the NSA and their outsourced admin Snowden) and has it's > risks as well as the benefits that shouldn't be overlooked. > > Ask the hard questions of the vendors and don't just click through those > eulas (as we in small biz do). Ask who has the encryption keys, etc etc. > > (spreadsheets from the cloud security alliance as examples) > > https://downloads.cloudsecurityalliance.org/initiatives/ccm/ccm-v3.0.1.zip > https://downloads.cloudsecurityalliance.org/initiatives/cai/caiq-v3.0.1.zip > > Many of the vendors are still putting in place key elements and still > fighting jurisdictional issues. (Examples: > > http://blogs.microsoft.com/on-the-issues/2014/06/04/unfinished-business-on-government-surveillance-reform/ > > http://blogs.microsoft.com/on-the-issues/2014/07/01/advancing-our-encryption-and-transparency-efforts/ > > Susan Bradley > Meet up with me, Amy, Philip and Jeremy at the Brain Explosion in Florida > this September. I'll be talking about protecting your network > http://www.thirdtier.net/brain-explosion/ > > On 7/22/2014 6:47 PM, Ken Schaefer wrote: > > > > I s*trongly* urge the guys (and gals) on the list that think like the > > previous post to take a step back, and ask yourself “why are these > > cloud providers becoming popular?” This is a bit of a long post, but > > bear with me – but it might help shape your future career. > > > > For large enterprises, we went to outsourcers a long time ago – MSPs > > also had some limited penetration in the SME market. But traditional > > outsourcing involves a fair amount of vendor management overhead, so > > it was significant barriers for SMEs (and even large organisations). > > Despite these costs and barriers, people still outsourced. Why? > > > > There’s only a single reason IME. > > > > Look in any ITSM framework (ITIL is the obvious candidate here), and > > you’ll see a section in Service Architecture called “Financial > > Management” – how do develop business services that provide value > > whilst also being profitable (or at least, break-even). In many > > organisations, due to the thinking in some of the posts in this > > thread, it was impossible to quantify the actual cost of IT. Consider > > the very simple financial model below. It doesn’t even have a service > > catalogue – it just attributes general ledger costs (actual cash > > outgoing) back to business units. *Most organisations had IT units > > that were incapable of figuring this out*. > > > > Instead, IT is simply see as a sinkhole of random requests for money – > > need to replace the SAN. Need to replace a server. Need to buy some > > network bandwidth. But what’s the **value** provided by that kit? What > > applications is that kit supporting – is the app bringing in $1m > > running on $2m of expenses? What business units are consuming this > > expense? Can they justify the bills being spent by IT to support them? > > > > **THS** is why outsourcing (and now Cloud) is popular. *Cloud gives a > > very defined set of services, for a very defined set of costs* (and > > it’s also OPEX to boot – which is usually a bonus). A business can see > > how much a printed page is costing, or 1GHz of CPU or 1GB of mailbox > > storage, or 1 CRM user. All the licensing, hardware, labour, network, > > IT service management etc. is wrapped up into a single $x/month, and > > it comes in a nice service catalogue format. > > > > Certainly this is more of an issue for larger enterprises today, than > > it is for smaller companies. But as the barriers to engaging an > > external provider continue to fall (and they will), it will become > > more and more attractive to all parties. Companies **will** buy IT > > services just like they buy marketing, legal, utilities, property > > management and cleaning services today. > > > > **If** your IT BU can get ahead of the game, and turn itself into an > > actual IT Service Provider (and reading something like ITIL Service > > Architecture and Service Design books is essential here, IMHO), then > > you stand a chance of still providing IT services internally. If not, > > then it will simply become too attractive to go with an external > > provider, and just buy commodity IT services from an external IT > > Service Provider. > > > > This is just the top of the iceberg, and I’m happy to elaborate if > > there’s any genuine interest in the topic. I have seen a reasonable > > amount of moaning about “the cloud” on the list though, and a bit of a > > failure to understand why it’s popular. The drivers above are not > > going to change – they are just going to increase. So, as IT folk, we > > can either ride the wave, or get dumped on the beach. I know which I’d > > rather prefer, even if it isn’t the career I anticipated when I > > started out. Hopefully the above gives you a bit of visibility into > > one facet of what IT architecture involves JFiguring out how we do the > > above is one facet of working as a service management architect (if > > that’s a route you choose to go down). > > > > Cheers > > > > Ken > > > > *From:*[email protected] <javascript:;> > > [mailto:[email protected] <javascript:;>] *On Behalf Of > *J- P > > *Sent:* Wednesday, 23 July 2014 11:06 AM > > *To:* NT > > *Subject:* RE: [NTSysADM] I'm sure you've heard already... > > > > a) 200 per month to manage > > b) storage, minimal as its SQL based and the database compresses at > > roughly 90% (again this is one particular case) DB is <1GB , post > > compression less than 100mb > > c) host was already pre-existing , so the hardware was already in > > place , and under warranty, and i normally add extend support once the > > initial 3yr 5x9 expires > > > > > > > > > > ---------------------------------------------------------------------- > > -- > > > > From: [email protected] <javascript:;> > > To: [email protected] <javascript:;> > > Subject: RE: [NTSysADM] I'm sure you've heard already... > > Date: Wed, 23 Jul 2014 00:48:47 +0000 > > > > a)How much is that host (and associated network equipment, storage, > > security appliances etc.) depreciating per month? > > > > b)What the additional management overhead of another VM? (backup > > space, DR testing, ongoing patching, new outage windows) > > > > It’s never as simply as “just add another VM”, otherwise running > > 100,000 VMs would cost just as much as 1 VM > > > > *From:*[email protected] <javascript:;> > > [mailto:[email protected] <javascript:;>] *On Behalf Of > *J- P > > *Sent:* Wednesday, 23 July 2014 10:17 AM > > *To:* [email protected] <javascript:;> > > *Subject:* RE: [NTSysADM] I'm sure you've heard already... > > > > I was referring to the vendors cloud , i.e. "we'll host our XYZ > > software on our servers/cloud for you" thus giving management the > > illusion that it's more cost effective , no hardware to maintain, no > > "outages" , no IT cost etc.. > > > > They don't take into account "well based on users and modules, it will > > be 900 per month" > > > > When in reality , just add a VM guest to an already existing host and > > voila > > > > > > ---------------------------------------------------------------------- > > -- > > > > From: [email protected] <javascript:;> > > To: [email protected] <javascript:;> > > Subject: Re: [NTSysADM] I'm sure you've heard already... > > Date: Tue, 22 Jul 2014 23:57:32 +0000 > > > > That's becoming less of an issue. You can now create your own local > > server and app images and upload them to Azure to run in a VM of your > > creation. Eliminates the compatibility issues. > > > > Sent from my Surface Pro 3 > > > > *From:*J- P <mailto:[email protected] <javascript:;>> > > *Sent:* Tuesday, July 22, 2014 6:49 PM > > *To:* '[email protected] <javascript:;>' > > <mailto:[email protected] <javascript:;>> > > > > At one non-profit I work for , when upgrading/updating to latest > > accounting application version , the salesperson himself said > > > > "based on the amount of modules you use, you would be wise to host in > > on premise" > > > > > > > > > > > > Jean-Paul Natola > > > > > Date: Tue, 22 Jul 2014 14:23:53 -0700 > > > From: [email protected] <javascript:;> > > > To: [email protected] <javascript:;> > > > Subject: Re: [NTSysADM] I'm sure you've heard already... > > > > > > I still have a fair bit of line of business apps that aren't in the > > > cloud (granted that's a yet) and if that vendor moves to the cloud > > > it's highly unlikely to be in Microsoft's cloud. > > > > > > Meanwhile back at the cloud we pick really sucky passwords and we > > > are not solving the access problems of divergent cloud vendors. > > > > > > Small businesses that are just starting out may be more Google apps > > > ready than Microsoft cloud ready. > > > > > > > > > Susan Bradley > > > Meet up with me, Amy, Philip and Jeremy at the Brain Explosion in > > Florida this September. I'll be talking about protecting your network > > > http://www.thirdtier.net/brain-explosion/ > > > > > > On 7/22/2014 2:16 PM, Rod Trent wrote: > > > > The Cloud is all about small business - at least from Microsoft's > > perspective. > > > > > > > >
