This blog article is designed to be ready by everyone. By everyone, I mean people who are new to the cloud, and maybe uploading a picture of their great grand children to Facebook, for the first time. Or maybe you're a seasoned technologist, like myself, with over 300 cloud-based logins. Chances are, you're probably somewhere in the middle, and this is perfect for you too.
The 5 simple tips I have outlined above, will help everyone. They're universal to everyone that uses the cloud. They are simple to implement, and need you to put aside a little time. They will protect you from cyber attacks.
Oh...and I also follow these 5 tips myself. Probably for about the past 5 years. I will not only explain how to implement each tip, but I will give you a specific personal examples. That way, you know my advice is real and that I follow my own advice. Only a fake person wouldn't follow their own security advice....right.....?
Each image in this blog is clickable, offering additional information about that subject.
What is a Complex Password?
Let me show you what a complex password looks like:
If you click on the image, it will take you to Troy Hunt's blog on passwords and hacking, which explains a bit more around why complex passowrds are important.
Let me break this down for you.
What is Multi-Factor Authentication?
It's a service, that most well-known cloud providers, now offer, as a means of additional security protection. Let me break it down with a specific example. I'm going to outline the overall approach using a cloud app called Xero. It is used for accounting and I love it:
Using Xero as an example, here is how it works, once it is configured:
If you're not sure, whether you cloud service offers MFA, either contact them directly, or perform a Google search to look up whether they offer the service. You may need someone technical to help setup for you, or if you have paid support, you call up your cloud provider.
You can also reach out to me publicly on twitter:
I'm always willing to help 'coach' you through to success.
What is a Password Manager?
t's an app that you download that stores all your passwords for you. It's very, very important that you create a complex password to open the app, as this becomes your key to all your other passwords. You also want to setup multi-factor authentication.
Typically the average technical person probably has around 200-500 cloud accounts they use or have used. So for the average person, 50-100 cloud accounts is not unusual.
If you're using an app on your mobile phone, then you most likely have a username and password for that app. Therefore if you have 100 Apps on your phone, you will probably have close to 100 usernames and passwords. Clearly it's very difficult to remember 100 different passwords, so the password manager really comes into play here for everyone.
There are also two extra benefits, among many, that password managers provide:
When changing your password, I would recommend doing this every 12-24 months, for all your accounts. And also delete cloud accounts that you no longer use.
Because that cloud provider may suffer a data breach in the future. A data breach is where a hacker gains data from a cloud provide. This could mean a malicious actor, could use your account to attempt to steal your money, damage your reputation or worse still assume your identity.
My top pick is Last Pass and I would recommend the Premium (Paid) version:
What is Anti-Malware Software?
This is an app that helps detect any malicious activity on your device. Sometimes known as anti-virus software, however devices can be attacked not just via virus, but also via many other attack vectors. So I prefer the term anti-malware.
I personally install anti-malware software on my Android phone and my Windows 10 machine. I don't install it on my Mac or my iPad. However, I would recommend that you install it on all your devices. Generally when you buy anti-malware software they give you a number of licences to run on different types of device, so it probably won't cost you extra. So I always recommend this extra level of protection.
The reason I don't do that, is because I have additional security controls to mitigate this risk. These are a little complex to explain. I also don't want to give away this information to potential hackers, who could also exploit me personally. I hope that makes sense. :-)
My top pick here is to use the Kaspersky.
I've personally used it for probably 10 years now. I came across it, when I was running high-powered flight simulation sofwtare on my machine and I wanted anti-malware software that would detect incoming threats, as well as viruses, without sucking all the processing power from my computer. I found that Kaspersky was the most cost effective and smallest footprint softoware on the market at the time, and have used it ever since.
What is SpearPhising or Phising?
Never click on links in an email, that are sent from outside your company.
Because you are opening yourself up to a Spearphising attack. Sometimes also known as a Phising attack for short.
So a Phising attack, is when a malicious actor, sends you an email with a link inside. You click on the link and a number of bad things can happen:
Here is an example, of a reasonably sophicated phising attack:
Click on the link above to be redirected to another simple definition of Phising.
But what about if you do business with external companies?
That's fine, we can modify this advice. Make a note of all the people you personally deal with outside your company. Agree with them, using the phone, how you're going to communicate via email and how you're going to share information. I personally use the OneDrive cloud links to share read-only files and I always set the link to expire after 30 days.
By creating a list, you're effectively creating a 'whitelist'. A list of people whom you trust. There is no guarantee, that someone else won't impersonate them, so by having an agreed format for the exchange, you can validate if it is genuinely from that person. If in doubt, give them a telephone call. You know that old-fashioned thing, that emails has replaced.......LOL.
If you're dealing with clients directly via email, then you'll hopefully be validating them as leads anyway, so there shouldn't be any reason to click on the links they are sending you.
If you're business is truly an exception to this rule, and clients need to send you a link then you're need additional security:
And remember...be aware but not alarmed. Cybercrime is relatively rare. Follow these tips and you'll put yourself in the Top 10% of the population, which means you're highly unlikely to be scammed.
Below is a great website to check for the latest scams too:
Many CIO, CTO and business leaders are all working through their cloud strategies. Most large companies in Australia have adopted a hybrid cloud approach, using both private and public cloud services. In this blog, I'm wanted to outline 10 critical steps on how you can create a cloud adoption roadmap and then align this roadmap to your current execution path.
A cloud adoption roadmap is a really important tool, as it serves to visualise and communicate your plans to all key stakeholders in your organisation. The important part of the roadmap is to ensure you have a clear 1 page visual outlining the key milestones / decisions points, backed up by clear definitions behind the roadmap of what each component on the roadmap means. My suggestion is to use a modelling tool to create your roadmap and my top pick is the Abacus tool from Avolution.
Before we delve any deeper into our cloud adoption roadmap, let's be clear on some basic terminology, to ensure we're all on the same page:
Software as a Service (SaaS)
These are services that end-users consume. Examples include: Social Media Tools, Salesforce, Office 365 and Xero. The apps that you download to your mobile phone are predominantly SaaS.
Platform as a Service (PaaS)
These are services that developers consume to create SaaS products. Examples include: Development Tools, Testing Tools and Datastores. Apps that you download to your PC or laptop at home to allow you to write code, test code and setup datastores in the cloud are all examples of PaaS.
Infrastructure as a Service (IaaS)
These are services that operations teams will build, test and commission to support developers, who consume PaaS and end-users, who consume SaaS on the PaaS, or SaaS via a 3rd party. IaaS can be virtual machines, networking or basic storage.
If you're interested in digging deeper in cloud definitions, there is a simple whitepaper that the National Institute for Standards and Technology have produced. It covers everything in 3 pages:
I've also created a simple reference model below:
This is cultural change centred around ensuring that the developers (working on PaaS) are collaborating and communicating effectively with the operations teams (working on IaaS). This is important to create secure, reliable and engaging SaaS apps.
Great video on DevOps from the DevOps Institute:
All organisations I have worked with in Australia, that have more than 100 employees will have a combination of private and public clouds in their environment. This is the definition of hybrid cloud. Probably 99% will have an on-premise (or 3rd party hosted) private cloud for Active Directory and using public cloud for Office 365 with Azure Active Directory. The 1% is a single instance of G Suite I have come across.
Great video on hybrid cloud here:
Now that we have defined these terms, we can take a look at our Cloud Adoption Roadmap and our 10 steps:
If you're interested in learning more, I offer a range of Cloud, DevOps and Scaled Agile courses at ALC Training:
Cloud Courses (Foundation to Advanced)
DevOps (Foundation to Advanced)
Scaled Agile Framework, or SAFe for short, is a large interactive knowledge-based of best practices, case studies, courses and toolkits. The patterns and resources are proven, backed up by numberous case studies. It is specifically designed to work for very small businesses, right through to multi-billion dollar corporate giants. How does it do that?
Well there are a number of components that allow the method to scale. This includes a list of the key principles, outlined above, but also used the concept of Agile Release Trains. These are teams of teams, containing all your resources, including suppliers and partners, that are co-ordinated through program increment (PI) planning. These planning sessions ensure all the trains are moving in the same direction and that all the work is decomposed into features and stories. This results in working code shortly after the first sprint.
The framework itself comes in four flavours:
Large Solution SAFe
Still not convinced.....well there are a wealth of case studies on the SAFe site:
Below is are a few of my favourites:
Want to know more about how to use SAFe? Please check out my Leading SAFe 2 Day Course. Please let myself or ALC Training know when and where we can run this course for your organisation:
For the first time in 2018, it's become easier than ever to gauge the state of the cloud market. New data from the top cloud providers, mean we can really see who is dominating the landscape. In this blog, I've chosen to look at the total revenue as an indicator of success. Partly because it's easy to measure, but also because it given an indication of relative market opportunity and growth.
This chart is taken from a great ZDNET article that was published earlier this year:
It clearly shows Microsoft as the dominant force, which I predicted would be the case back in 2016. My colleagues at DXC Technology will attest to that prediction. I think it's also a reflection on a number of compelling events that have materialised over the past few years:
On the Amazon Web Services side, there is much progress and improvement especially in the area of new services. AWS are very good in the Serverless and PaaS spaces, adding a whole series of new innovations. These and exciting innovations were announced at the AWS ReInvent 2017 conference last year and include:
Oracle are coming up fast, probably as a result of their push in the past 12-18 months. A rep at Oracle invited me to attend Oracle Cloud World, which introduced me to the maturity and sleek look of their latest cloud offerings. The pics below gives a quick overview of the Oracle Cloud offerings:
IBM is a little way behind the Top 2 leaders with their suite of cloud offerings. IBM Watson is probably the best known. I'm still waiting for IBM to approach me to, and invite me to their conference. Check out the screenshot below:
More information on IBM cloud services can be found here:
Alibaba are a definitely one to watch. My prediction, is that by 2020 Alibaba will be No. 3 by revenue and may well be looking to eat up AWS with a takeover strategy, to compete with Microsoft. Here is a quick overview of the predicted growth of Alibaba revenue vs AWS:
And here is a good article that articulates how large and dangerous Alibaba really is. I do apologise for all the popups, but the free content on the site IS worth the pain:
The link below gives another perspective on the Microsoft / AWS revenue growth story, outlining some of the great customers stories to come out of the Azure platform. These include:
Finally if you feel you need some specialised training or business advice on AWS, Microsoft Azure, IBM, Oracle or Cloud CyberSecurity, feel free to reach out to me or to ALC Training:
#CloudComputing #Cloud #AWS #Amazon #Microsoft #Azure #Office365 #CyberSecurity #CCSP #Training #Coaching #AI
Paul Colmer is a digital coach for ALC training and consulting, with a real passion for learning and applying disruptive technologies. Paul has responsibility for building and delivering ALC's digital architecture strategy and the development and execution of a number of cloud courses, including Cloud Security (CCSP), Amazon AWS, DevOps, Microsoft Azure and Office 365.