The Absurdity of Cloud Computing and Hosted Services

I’ve seen some crazy things in the IT world in the last 5 of my 20 years of experience in the field, but the push to move to cloud computing and hosted services has got to be the craziest thing I have seen so far. Please let me explain.

Times are bad right now, and companies are making hard decisions about their IT staffing and services. Somehow in the last 5 – 10 years or so, IT support seems to have gone from a mission critical status to being considered overhead. As other departments have had to do, significantly reduced IT departments are now supporting more devices, services and people with fewer staff.

As with other departments, older IT staff members have been “encouraged out the door” and replaced with fewer, lesser experienced staff. I have seen Unix server administrators put in charge of administrating Windows servers, even though they had no experience supporting them. Not sure of the executive thinking there – they are both servers, so they must be the same?

I have seen a high end Windows cluster server administrator who kept the executive and top engineering clusters of a major corporation running for years, be moved to be the sole support person for the corporate wide NAS servers. Though he had little to no experience with the NAS servers themselves, the storage group was dissolved beforehand and the one person remaining that he was replacing had already been placed in a new position, so there would be no training available. He was handed a user manual and told – “Good luck”.

I have seen a half empty building that was once full of corporate IT support staff. This was after several other buildings that were full of IT support staff were dissolved and consolidated into the one building. One part of the support staff that remained was told that their work week would be changing to a swing shift. They would be working 2nd shift for part of the week and 3rd shift for the remained of the week. The supervisor had the audacity to tell these former 1st shift workers that the new schedule would be better for their families.

I was told once by a distraught IT Director that he was informed by the corporate executives that the acceptable level of IT staff to employees is now 1 to 300. With all of these employees using computers or mobile devices, what happens when more than one critical system goes down at the same time? What happens to the quality of support when IT staff is flooded with requests and “emergencies”?

These are just a few things that I have seen or heard in the last few years, trust me there are many more. But what does these cutbacks and shifting of unqualified staff to critical positions have to do with cloud computing and hosted services?

Many companies are turning to online services to help cut costs and restore some level of IT support to their organizations. But what truly makes you think that these online services are not going through the same internal cutbacks and employee changes to cut costs of their own? How secure will your information really be with them? Your level of support?

If you can’t support your own IT, and who knows your business better than you, why would you think that external services can really do a better job? Don’t get me wrong, cloud computing and hosted services aren’t necessarily a bad thing. But making the decision solely for additional profit is not a wise move. Executive level decision makers really need to talk with (and listen to) their senior IT leadership to see if the move to hosted services would truly be a benefit or detriment to their company.

Advertisements

The Importance of Changing your Password

Many businesses are becoming more security conscience. They are making sure their systems are patched and updated, anti-virus is up to date, some are even regularly scanning their systems for vulnerabilities. This is a good thing, but many times they are overlooking something very obvious – regularly changing your password.

In my 20 years of IT support I have seen some crazy things. One company that was religious about updates, network security, account protection and scanning for vulnerabilities overlooked one major thing. They used the same simple domain admin password in their Windows network that they had been using since it was an old Novell Netware based system.

For about 15 years, they used the same main password.

Just think, with IT staff coming and going, consultants coming in, etc, about how many people knew that password? Oh, and did I mention that it was also the local admin password used on the desktops?

People get attached to passwords and tend to use them on several systems. It is important to change your passwords over time, schedule it if needs be. Also, do not use the same password for multiple accounts. Something as simple as using long complex admin passwords will go a long way in protecting your systems.

Security Tips for Large Corporate Businesses

Security issues on large networks are different than on small office or home office businesses. The main reason is size.

The majority of hackers are looking for targets of opportunity. This is one area where large and small organizations face similar risk. A small company with a mis-configured web server is just as enticing to opportunity hackers as a large one.

Where large organizations are at greater risk is targeted hackers. These Hackers are determined to penetrate a certain company for several reasons including corporate espionage, intellectual property theft, or sabotage. A company with thousands of servers offers a huge attack surface. They are also more susceptible to social engineering attacks.

Some of the areas of attacks are:

Social Engineering

Problem: Large corporate employees many times will have LinkedIn pages and social networks profile pages, these offers a treasure trove for social engineering hackers.

Solution: It would be wise for executives to limit the amount of information that they give away on their profile pages.

Developmental Servers

Problem: Large corporations will use developmental servers to try out new software packages and programs. Many times they will have Domain Admin passwords on them, even though they are not as secure as production servers.

Solution:  Use different Admin passwords on these less secure development systems.

Security Updates

Problem: Automated security update systems don’t always update every server even though in the security system log it may say the updates were sent.

Solution: Once a server is set as a production server, in many companies rarely do admins go back and check individual servers to make sure the systems are really being updated. Nor do they have time to do so. Policy must be put in place to do some sort of verification check on servers.

Secure Accounts

Problem: Unbelievably, admins are still using simple passwords for administrator accounts on new systems that they are building.

Solution: Preach and enforce strong passwords for accounts with privileges and make it a policy to change the domain admin password on a constant schedule.

This is by no means a complete list, but it does cover some of the more common security mistakes made in large corporations. If server team managers enforce stricter security policy to employees deploying new systems, the company will be much more secure against penetration attempts.