Data Protection Day: Shot in the Arm or a Waste of Time?

privacy It’s Data Protection Day next Thursday if you hadn’t noticed, and you’re forgiven for not doing so. I only remembered about it after researching an analysis piece today for Infosecurity Magazine.

The idea is to raise awareness among consumers to think twice about leaving a bigger digital footprint online than they already have, and to try and get businesses to take data privacy more seriously.

On both counts it’s a challenging prospect, according to many of the experts I spoke to.

David Gibson, vice president of strategy at Varonis, told me that improving privacy protection all comes down to better monitoring of fraud abuses.

“The proof that traditional methods don’t work is in the increasing frequency and magnitude of data breaches related to unstructured data,” he argued.

“Not only is there more data to worry about, but it’s containing more sensitive and valuable information and it’s getting easier for attackers to exfiltrate that data since it’s typically not monitored. If what you’re trying to steal isn’t being watched, you have a much better chance of getting away.”

Rackspace senior director of legal, Lillian Pang, admitted that firms still don’t prioritise data privacy at a board level, and this needs to change if things are to get better for consumers.

“Only then will firms start taking it seriously and filter down the privacy compliance needs to the ground level of its business. In some respects, you could say that privacy needs to be led from the top level of any business and administered from the ground level,” she told me.

“Many firms pay lip service to the importance of data privacy but few really understand or recognise that a robust data privacy program in a firm solidifies its information security and helps to further safeguard the firm’s business.”

The EU General Data Protection Regulation could be the push that many firms need to start taking the issue seriously, according to Gemalto data protection CTO, Jason Hart.

“The EU Data Protection Regulation is set to be finalised later this year, but companies need to start taking the steps to change how they protect their data now, otherwise they could find themselves subject to compliance penalties, and also put their reputation and consumer confidence at risk,” he warned.

“As the reporting requirements of the new EU regulation make data breaches more visible, we can expect the economic and business consequences of a breach to continue to escalate, so businesses need to start taking steps to ensure they are prepared for when new regulation comes into force.”

So are awareness raising exercises like Data Protection Day even worth the effort? Well the general consensus is that anything like this is probably a bonus, although the jury’s out on how effective it can be.

“Although Data Privacy Day is a great opportunity to raise awareness of the issue, understanding the importance of protecting data needs to be an all year round initiative,” said Hart. “Businesses need to realise the importance of the data they hold in their systems and how the loss of this can impact their customers.”

Data Protection Day (Data Privacy Day in the US) is on 28 January.

Advertisements

It’s finally time for governments to get all cloudy eyed.

cloudI’ve just finished a piece for a client charting the progress of cloud computing projects in the public sector around the world and I’ve got to say, it makes pretty miserable reading for the UK.

Despite the launch, to great fanfare, of the G-Cloud project a couple of years ago, awareness among public servants seems pretty low still and sales not exactly setting the world alight – G-Cloud vendors brought in £217m in July, rising to just under £250m the month after.

That said, we’re a small country, and things are looking up. The technology is mature enough and use cases are starting to spring up all over the place, which will speed adoption. However, long term outsourcing contracts are still impeding the development of cloud projects, according to Nigel Beighton, international VP of technology at Rackspace – a G-Cloud vendor.

“The public sector’s move to the cloud is still in its infancy, and I applaud what Liam Maxwell and the whole G-Cloud team are trying to do. But it will take time,” he told me via email.

“Over the past few years the cloud has matured and grown, and is now able to do just about everything you need it to do. For public sector agencies that are yet to make the move to the cloud, one of the main benefits is that it offers great flexibility and that they won’t be locked into one provider. There are also many parts of the sector that are hit with large peaks in their service at certain times of the year, and they could really benefit from a pay as you go, or utility, cloud-model.”

Over in China there is no such reticence, mainly because many public sector bodies have no existing legacy contracts/infrastructure to encumber them. I remember EMC’s Greater China boss saying as much a couple of years ago in Hong Kong and it’s still true, according to Frost & Sullivan’s Danni Xu.

She said the central government threw RMB 1.5bn (£150m) at public sector cloud development in the five major Chinese cities in 2011. Then local governments – many with more money than some countries – followed suit: witness Guangzhou Sky Cloud Project, Chongqing Cloud Project, Harbin Cloud Valley Project and Xian Twin Cloud Strategic Cloud Town Project. An ecosystem similar to that which has grown up in the UK, US and elsewhere, has developed around this new investment, she told me.

“The formation of a more complete cloud ecosystem has benefited local enterprises and local government in many ways. With plenty of cloud offerings available in the market, the public sector itself has also emerged as an important spender for cloud services, among the various vertical sectors,” Xu said.

“For instance, the Ningxia municipal government works with AWS on building a large-scale data center in the region. Meanwhile, it will also leverage Amazon’s platform to deliver e-government services in the future.”

Forrester analyst Charlie Dai counselled that most public sector projects in China are still private cloud based, at least when it comes to SoEs.

“The government is also trying to strengthen the control and regulate the market,” he added.

“The China Academy of Telecommunications Research of the Ministry of Industry and Information Technology (MIIT) launched official authorisation on trusted cloud services (TRUCS) for public cloud early this year.”

Quelle Surprise.

What is obvious, in China as in the UK and elsewhere, however, is that we’re only at the beginning of a very long journey. Whether it takes 10 or 50 years, the cloud is ultimately where governments around the world will look to in order to work more productively and deliver public services more efficiently.


OpenStack: the open source cloud project taking Asia by storm

openstack summit logoCan you guess which city has more OpenStack contributors in it than any other on the planet?  Well, it’s Beijing.

That may come as something of a surprise given the heritage of the open source cloud computing project – NASA and US hosting/cloud giant Rackspace.

However, it’s certainly not a one-off, with several other cities in the PRC also boasting significant numbers of acolytes, including Shanghai which also ranks in the global top ten.

I learnt this and rather a lot more about the project at the OpenStack Summit in Hong Kong this week. It was a conference heavy in symbolism for the OpenStack Foundation – its first ever outside the US and the first since the release of Havana – its eighth major release for building public, private and hybrid clouds.

Having slogged my way around IT conferences for more years than is healthy for a person of my age, the summit was a first for me in many ways.

First up the new announcements from vendors were kept very much in the background – barely mentioned at all in the keynotes and not publicised heavily elsewhere at the event.

Now that could be the fault of the event PR team but I’d like to think it’s because the Foundation are trying to send a message of inclusivity to the community – that no one vendor should be allowed to use the platform to market its wares so blatantly to a captive audience of over 3,000 enthusiasts.

That’s not to say there was no news, of course, or that the major vendors weren’t using the show to meet customers, get their message out, etc, but it was certainly toned down from the all-guns-blazing razzmatazz of some  industry events I’ve been to.

Part of that no doubt lies in the fact OpenStack Summit is really about bringing the community together to share ideas and best practices on implementations and, quite literally, to sit down and draw up a roadmap for where it is headed next.

It is still very early days for OpenStack versus, say, Amazon Web Services, and there is a certain amount of tension still in the community about whether it should be seeking to emulate the cloud leader or take a separate path of innovation – “letting a thousand flowers bloom”, according to Canonical founder Mark Shuttleworth.

The Rackspace private cloud VP Jim Curry and CTO John Engates I chatted to admitted feature parity isn’t at the same level as AWS yet, but also claimed that itself is a bit of a red herring as few people use all the features in Amazon anyway.

In the end one of the more eloquent and passionate speeches on the open source project came from Red Hat consulting engineer Mark McLoughlin – one of the top OpenStack contributors in the world if rumours are to be believed

“Does anyone think we’re just going to add a handful of new projects in 2014 and then stop? I really don’t think that’s realistic,” he said. “I think it’s going to continue to expand and become a broad umbrella of projects. We need to embrace the collaboration that’s happening under this OpenStack umbrella.”


How cloud computing will let loose the Asian dragon

chinese dragonAsia’s unique combination of large numbers of entrepreneurs and software developers offers tremendous opportunities for dynamic cloud growth, while European and Australian companies continue to lag in the shadow of the US.

That’s the view of Nigel Beighton, VP of technology and product, for managed hosting-cum-open cloud company Rackspace, who was in Hong Kong this week to discuss how the “sleeping software giant” of Asia will soon awake.

He argued that European and Australian firms are 18 months to 2 years behind their US rivals and suffer from the same issues around legacy infrastructure.

“Asia is fascinating because it doesn’t track what happens in the US. It has its own culture and personality and if you think about software development in Asia it’s different. Even the code they write looks different. The way people think about mathematics and structure and architecture is different,” he said.

“Cloud enables business to be agile and Asia is very good at that – at being entrepreneurial. At the same time it’s cool to be a software developer here and cloud is enabling software developers to do what they want to do immediately.”

The US market, while it still has a “degree of creativity”, is very much in a phase of consolidation at the moment, dealing with legacy infrastructure and looking at changing business models, Beighton argued.

To an extent, Europe and Australian firms are in a similar boat – held back by a large legacy application estate going back 10-15 years which makes it difficult to scale vertically in the cloud, he added.

However, there aren’t many examples of cutting edge cloud innovation in the region – he gave China’s indigenous search engine companies led by Baidu as one – because it’s still early days. As a result, education remains an important part of the cloud provider’s role.

It’s worth bearing in mind here that even though it now has a successful enterprise business, Rackspace began life serving entrepreneurial SMB-type companies, which is why the firm is always keen to enthuse about this end of the market. It’s also part of the reason why it located a regional datacentre in Hong Kong rather than rival IT hub of Singapore which is geared more towards servicing larger financial organisations, according to Beighton.

“For us the entrepreneurial aspect of Hong Kong was really interesting, and how that would work in conjunction with China,” he said, adding that public cloud capabilities from the datacentre would be available in Q4 this year.

Rackspace is not the only cloud provider waxing lyrical about the huge potential in the Asia region. EMC Greater China president Denis Yip argued at a conference in Hong Kong last summer that China is actually trumping the US and the rest of the world at the cutting edge of cloud computing deployments.

However, despite huge building projects by local government in China, there is a real risk datacentre capacity will lie idle because not enough thought has gone into working out what to use it all for and how to generate profits once the infrastructure is completed.