This blog article is designed to be ready by everyone. By everyone, I mean people who are new to the cloud, and maybe uploading a picture of their great grand children to Facebook, for the first time. Or maybe you're a seasoned technologist, like myself, with over 300 cloud-based logins. Chances are, you're probably somewhere in the middle, and this is perfect for you too.
The 5 simple tips I have outlined above, will help everyone. They're universal to everyone that uses the cloud. They are simple to implement, and need you to put aside a little time. They will protect you from cyber attacks.
Oh...and I also follow these 5 tips myself. Probably for about the past 5 years. I will not only explain how to implement each tip, but I will give you a specific personal examples. That way, you know my advice is real and that I follow my own advice. Only a fake person wouldn't follow their own security advice....right.....?
Each image in this blog is clickable, offering additional information about that subject.
What is a Complex Password?
Let me show you what a complex password looks like:
If you click on the image, it will take you to Troy Hunt's blog on passwords and hacking, which explains a bit more around why complex passowrds are important.
Let me break this down for you.
What is Multi-Factor Authentication?
It's a service, that most well-known cloud providers, now offer, as a means of additional security protection. Let me break it down with a specific example. I'm going to outline the overall approach using a cloud app called Xero. It is used for accounting and I love it:
Using Xero as an example, here is how it works, once it is configured:
If you're not sure, whether you cloud service offers MFA, either contact them directly, or perform a Google search to look up whether they offer the service. You may need someone technical to help setup for you, or if you have paid support, you call up your cloud provider.
You can also reach out to me publicly on twitter:
I'm always willing to help 'coach' you through to success.
What is a Password Manager?
t's an app that you download that stores all your passwords for you. It's very, very important that you create a complex password to open the app, as this becomes your key to all your other passwords. You also want to setup multi-factor authentication.
Typically the average technical person probably has around 200-500 cloud accounts they use or have used. So for the average person, 50-100 cloud accounts is not unusual.
If you're using an app on your mobile phone, then you most likely have a username and password for that app. Therefore if you have 100 Apps on your phone, you will probably have close to 100 usernames and passwords. Clearly it's very difficult to remember 100 different passwords, so the password manager really comes into play here for everyone.
There are also two extra benefits, among many, that password managers provide:
When changing your password, I would recommend doing this every 12-24 months, for all your accounts. And also delete cloud accounts that you no longer use.
Because that cloud provider may suffer a data breach in the future. A data breach is where a hacker gains data from a cloud provide. This could mean a malicious actor, could use your account to attempt to steal your money, damage your reputation or worse still assume your identity.
My top pick is Last Pass and I would recommend the Premium (Paid) version:
What is Anti-Malware Software?
This is an app that helps detect any malicious activity on your device. Sometimes known as anti-virus software, however devices can be attacked not just via virus, but also via many other attack vectors. So I prefer the term anti-malware.
I personally install anti-malware software on my Android phone and my Windows 10 machine. I don't install it on my Mac or my iPad. However, I would recommend that you install it on all your devices. Generally when you buy anti-malware software they give you a number of licences to run on different types of device, so it probably won't cost you extra. So I always recommend this extra level of protection.
The reason I don't do that, is because I have additional security controls to mitigate this risk. These are a little complex to explain. I also don't want to give away this information to potential hackers, who could also exploit me personally. I hope that makes sense. :-)
My top pick here is to use the Kaspersky.
I've personally used it for probably 10 years now. I came across it, when I was running high-powered flight simulation sofwtare on my machine and I wanted anti-malware software that would detect incoming threats, as well as viruses, without sucking all the processing power from my computer. I found that Kaspersky was the most cost effective and smallest footprint softoware on the market at the time, and have used it ever since.
What is SpearPhising or Phising?
Never click on links in an email, that are sent from outside your company.
Because you are opening yourself up to a Spearphising attack. Sometimes also known as a Phising attack for short.
So a Phising attack, is when a malicious actor, sends you an email with a link inside. You click on the link and a number of bad things can happen:
Here is an example, of a reasonably sophicated phising attack:
Click on the link above to be redirected to another simple definition of Phising.
But what about if you do business with external companies?
That's fine, we can modify this advice. Make a note of all the people you personally deal with outside your company. Agree with them, using the phone, how you're going to communicate via email and how you're going to share information. I personally use the OneDrive cloud links to share read-only files and I always set the link to expire after 30 days.
By creating a list, you're effectively creating a 'whitelist'. A list of people whom you trust. There is no guarantee, that someone else won't impersonate them, so by having an agreed format for the exchange, you can validate if it is genuinely from that person. If in doubt, give them a telephone call. You know that old-fashioned thing, that emails has replaced.......LOL.
If you're dealing with clients directly via email, then you'll hopefully be validating them as leads anyway, so there shouldn't be any reason to click on the links they are sending you.
If you're business is truly an exception to this rule, and clients need to send you a link then you're need additional security:
And remember...be aware but not alarmed. Cybercrime is relatively rare. Follow these tips and you'll put yourself in the Top 10% of the population, which means you're highly unlikely to be scammed.
Below is a great website to check for the latest scams too:
For the first time in 2018, it's become easier than ever to gauge the state of the cloud market. New data from the top cloud providers, mean we can really see who is dominating the landscape. In this blog, I've chosen to look at the total revenue as an indicator of success. Partly because it's easy to measure, but also because it given an indication of relative market opportunity and growth.
This chart is taken from a great ZDNET article that was published earlier this year:
It clearly shows Microsoft as the dominant force, which I predicted would be the case back in 2016. My colleagues at DXC Technology will attest to that prediction. I think it's also a reflection on a number of compelling events that have materialised over the past few years:
On the Amazon Web Services side, there is much progress and improvement especially in the area of new services. AWS are very good in the Serverless and PaaS spaces, adding a whole series of new innovations. These and exciting innovations were announced at the AWS ReInvent 2017 conference last year and include:
Oracle are coming up fast, probably as a result of their push in the past 12-18 months. A rep at Oracle invited me to attend Oracle Cloud World, which introduced me to the maturity and sleek look of their latest cloud offerings. The pics below gives a quick overview of the Oracle Cloud offerings:
IBM is a little way behind the Top 2 leaders with their suite of cloud offerings. IBM Watson is probably the best known. I'm still waiting for IBM to approach me to, and invite me to their conference. Check out the screenshot below:
More information on IBM cloud services can be found here:
Alibaba are a definitely one to watch. My prediction, is that by 2020 Alibaba will be No. 3 by revenue and may well be looking to eat up AWS with a takeover strategy, to compete with Microsoft. Here is a quick overview of the predicted growth of Alibaba revenue vs AWS:
And here is a good article that articulates how large and dangerous Alibaba really is. I do apologise for all the popups, but the free content on the site IS worth the pain:
The link below gives another perspective on the Microsoft / AWS revenue growth story, outlining some of the great customers stories to come out of the Azure platform. These include:
Finally if you feel you need some specialised training or business advice on AWS, Microsoft Azure, IBM, Oracle or Cloud CyberSecurity, feel free to reach out to me or to ALC Training:
#CloudComputing #Cloud #AWS #Amazon #Microsoft #Azure #Office365 #CyberSecurity #CCSP #Training #Coaching #AI
Klout was a social media tool that helped online influencers measure their influence in the virtual world. It was bought for $200 million by a company called Lithium in 2014. It targeted the most popular social media platforms such as twitter, instagram, linkedin and youtube and provided you with an influencer score. The higher the score, the more influential you were likely to be.
As of the 25th of May, Klout was retired. This co-incided with the timing of the new European Union, General Data Protection Regulation (GDPR) laws. These came into force on the same date. So why did Lithium retire Klout?
It really boils down to return on investment. Lithium bought the people, intellectual property and the technology, to help them inprove their products. They specialise in creating products that improve your business customer service, via social media channels. Understanding the influence and pervasiveness of a brand, was crucial to their strategy, and Klout provided this service. This allowed Lithium to acquire talent and knowledge.
In addition, Klout does not provide an obvious or known revenue stream for Lithium, as it's a free tool. It's a similar problem that Facebook and Twitter had faced in the past, until they utilised advertising and promotion as a means of making revenues.
Finally GDPR is complex legislation with a heap of complexities associated with it. Let's provide some real examples using Klout:
Klout is used by millions of social media users around the world. A proportion of them live in the EU, which consists of 28 separate countries. That means Lithium would need to comply with the GDPR legisation. This would include some key investments in the Lithum business to comply with GDPR. Here are some examples:
The great news for social media influencers, like myself, is that there are 2 viable alternatives to Klout:
Kred appears to be better known and scores both influence and outreach using a publicly available algorithm. "Influence" measures the likelihood that someone will act upon the user's posts, and "Outreach" measures the user's tendency to share other people's content. Independent information around Kred is available here:
The way in which Kred scores a user can be seen the following screenshot which shows how it allocates the metrics for influence and outreach. This information is available when the user logs in and provides an audit trail of how the scores have been calculated:
Unfortunately I've not been able to log in to my Kred account. I wanted to check that these audit records are being created and validate that it provides transparency. I'm simply greeted with an OAUTH error every time I attempt to use my Twitter or LinkedIn accounts.
No response to emails but a very positive response via Twitter outlining to me and my fellow influencers, that they'll fix it in their new Kred 2.0 version to be released on 11 June 2018. Many of the influencers in the chat had similar error to myself. You can get check out the live chat here:
Another upside to Kred, is that there is open API integration into the platform. Which means third pary companies that wish to use the data, can do so. Here is a great example of how Kred is being used by Rise.Global to create social influencer charts. Unfortunately for me, my ranking was better with Klout than Kred:
Skorr although not as well known, really impressed me with the downloable Android app, that is a work of art in itself. Very easy to use. No problems with OAUTH or login and a few really awesome features in the app. My favourite is the chart which shows where you are in terms of score in relation to your fellow influencers. As you can see I have some catching up to do....
It also includes a really great FAQ that answers many of my questions, around how the app scores you. You can see the FAQ here:
I also really like the friendly introductory video on their site:
The only downside, seems to be from a developer perspective, as the APIs are not available for general use. This means it can't be used by 3rd parties. You could argue that is a good thing, if you don't want your score to be used autonomously in an app. Or a bad thing, if you want to see how you rate against other influencers in a 3rd party charting system. Overall I believe in open APIs, so I see this as a downside for the world of influencing.
Interesting in learning more about social media scoring, GDPR or cloud security, please feel free to check out my portfolio of cloud training courses at ALC Training:
And don't forget to follow my social media adventures on twitter:
The European Union EU) adopted a new law in 2016. It affects every company with customers residing in the EU. It comes into force on 25th May 2018, which is just over a week away. It is called the General Data Protection Regulation, or GDPR for short. But what does it mean, and should companies be worried?
Firstly it address a number of key areas around the privacy of data to EU citizens, in relation to the storage, processing and handling of personal data. Personal data includes data that can identify the individual directly. This can include the following:
I've simplified and summarised the key points of the GDPR legislation below:
The overall effect is to provide improved protection for EU citizens and to unify the laws across the EU. This puts onus on those businesses, including the cloud providers to ensure that data is processed fairly and in accordance with the law. There are a number of sanctions that can be enforced, depending on the nature of the breach:
So what should companies do? Firstly they need to seek legal advice from an expert in European Union law to understand the potential impacts and next steps. Next steps are to perform an audit of their business processes and how they store data to understand their current state. Then they need to perform some analysis on the law, with their legal expert to interpret the law and create a series of overarching requirements. These requirements then need to be solidified into a series of solutions.
Here is a great example of how market-leading SaaS cloud provider Xero, are approacing their GDPR obligations in relation to their financial accounting package:
It's so important in all this work to ensure that the IT, security, legal and business departments are all working together closely to work through the issues and implement the solutions.
Want to know more about how you can secure your data and ensure you are following the latest best practices? Consider taking a Certified Cloud Security Professional certification, leading to an ISC2 examination. I'd be glad to coach you through your questions and help expand your knowledge of all things security:
8/3/2018 0 Comments
I’m a huge fan of utilising the latest and greatest disruptive technologies. Not just because they improve competition between businesses, but usually because they offer a lower price point and some form of additional value.
Let’s take Netflix - ~$12AUD per month and I tend to watch 6-8 films per month, mainly with my kiddies. Compare that to a cinema where a film costs ~$20AUD, however it is on a big screen with surround sound, but it’s expensive to take the kiddies. Or compare with a video rental of around ~$5AUD per film when you could actually rent DVD videos from Blockbuster Video….that’s another story in itself on Wikipedia:
Another example is Uber - $22AUD per trip into the Brisbane CBD, compared to $35AUD for a taxi ride. Uber’s are cheaper, cleaner, don’t smell and the drivers are friendlier.
Here is a quick glance of a range of new disruptive companies that have emerged over the past few years. Important to note that they don’t actually own the product that is consumed by the customer, they utilise 3rd parties to provide the products as part of their value stream.
So…. does this pattern hold true for all disruptive technologies?
Let’s look at Blockchain technologies, specifically the purchasing of Bitcoin. This one is a little different, because it’s yet to fully disrupt, displace or compete with the Australian Dollar (AUD) or the ASX share market.
Is it cheaper…difficult to compare as price is not relevant here…. does it provide more value…?....not really, if you consider that I can’t spend Bitcoin in many places, unlike my credit card or cash which is accepted everywhere. Both in Australia, online and abroad.
Maybe comparing Bitcoin against my credit card and cash is non-sensical. Maybe it’s really an investment, maybe it’s like shares. I think the best way to find out, is to buy some Bitcoin. A small amount to help me understand the technology….so where do I start?
For me…the best place to start with any investment is to talk with my financial advisor….and this is where the problems started. Where can I buy Bitcoin, I asked and be confident that I’m receiving what I asked for…..ermmm…. nowhere.
Why is that?
Well…. if you go into the ANZ Bank and you want to buy currency…they have safeguards in the form of a specific financial legal acts that ensure you’ll get real currency and any charges are transparent. Currency is also easier to see, as it’s physical.
When you go to a Bitcoin merchant, they’re not covered by any specific financial legal acts, so you can’t be 100% sure you are getting what you paid for. Also Bitcoins are virtual. It’s true you can see them in your virtual wallet, but there are no guarantees that you won’t be duped either in buying the Bitcoins or selling them.
But if you assume that it’s more like shares, does that help. Well shares are listed on a stock exchange and are regulated by various acts in that country. The most well-known is the Sarbanes-Oxley ACT (SOX) which covers the listing of shares on the US stock exchange. Unfortunately for Bitcoin, it’s not covered by the same safeguards.
So, what do I conclude…well I can buy Bitcoins from several merchants…but it’s difficult to assess what safeguards are in place, should I make a lot of money from the transaction.
Anyhow…I’m happy with using my credit card and cash for purchases and I’m happy to continue investing in a balanced portfolio of shares, as well as using Netflix for kiddies’ films and Uber for rides into the city.
Did I tell you about the time I discovered the Amazon Kindle and Agile Principles…….?
This blog has been verified by Rise: Ra7540c712fcd526f20707909c6599ba8
Paul Colmer is a digital coach for ALC training and consulting, with a real passion for learning and applying disruptive technologies. Paul has responsibility for building and delivering ALC's digital architecture strategy and the development and execution of a number of cloud courses, including Cloud Security (CCSP), Amazon AWS, DevOps, Microsoft Azure and Office 365.