A new beginning…

Mantis Consulting Pte. Ltd. is taking a leave of absence. Thanks for all who believed in us and helped us getting started. Life is a great journey and we learned to get better from our successes and failures. It is now time to take stock and reflect on the future. There are projects in the pipeline and activities continue on the background.

We look forward to returning to active status. In the meantime, you can enjoy the beautiful images of our sister site Photoanimalium.com which remains active.

Thanks for the ride and see you soon.

Risks of the cloud

I came across an interesting research released on Monday by the Gartner research group focusing on the future of digital storage in the cloud. Only 31% felt safe storing personal documents online.

During my time as risk manager in a major Swiss bank, I’ve had more than once thoughts about the topic. My conclusions were always the same: no way we can afford the risk of using such things. The risk involved in losing data in the wild is way too important and in the banking business you must be safe, there is no place for sorry. Once the data is out, it is out. And regardless the sensitivity of the data, it will damage you: if you loose unimportant things, people will think  “sure it was ok, but next time: will it be my data that’s out”.

The reputation dilemma is actually not different for non-banking corporation. Every large company is hit hard when their security fails so that third parties can access confidential data. And when they are safe, people complain — rightfully — about their privacy rights.

I have however evolved in my thinking. Most major companies, bank or not, are in fact using the cloud already. Many have centralized database which are accessed from other locations, other countries. Even if they “own” the cloud and its infrastructure, a database hosted in the US and accessed from a branch in Singapore is no less than a cloud. In certain instances, companies are not allowed to keep certain data abroad, for instance Singapore or Hong Kong based banks must keep their client data within the same country. It however does not prevent them to have non-client or anonymized client data sitting in other locations. They are using the cloud.

So basically the question for corporation is answered by default, most of them are in fact using a cloud: their own. And think about it, they are exposed to similar risks as they would have when using a third party cloud provider. If technically this is similar, what is very different is the question of liabilities. When corporation are managing their risks, if they fail and loose data they eventually take a hit or even die, managers will have a vested interest to find the best people and do their best to protect the company that feeds them. On the other hand a third party cloud provider will still do its best to protect their clients and grow but if they fail, they might not be big enough to compensate for the damage that occurred to their client, eventually they go under and their client too. Clearly it is a worst case scenario and in real life they might just be badly hurt or not at all. From a decision point of view, I think corporation are better off not relying on third party providers or use providers that are large enough with sufficient resources for financial compensation in case of catastrophic failure.

Small and Medium sized companies have more a dilemma, because relying on cloud computing can represent both a significant increase in productivity and a significant decrease in IT cost. Their issue is that losing certain data would not just damage them but kill them, so they better ensure that they keep such data in systems under their control, in particular for their client’s list or their R&D data.

Now how to efficiently and safely benefit from the cloud for small and medium sized companies? Well, by fragmenting and diversifying risks. Using several providers based on their strength and using compartmentalized accesses. Using iCloud for Personal Information Data makes sense, so that employees can synchronize their data such as calendar, address book, etc across their devices, of course that requires having apple devices. For collaborative data, using services like Dropbox makes also a lot of sense, especially with their new group features. However in the case of dropbox, I would recommend to segregate the accounts by topic. For instance an account per project. In case the account gets compromised, the security breach is limited to the project. The same spirit can be followed with other service providers.

A crucial security element here is: people. It is difficult to enforce security policies (well forcing to change a password every 3 months is not a policy. A 12345678 password will just become a 87654321 or another variation…) but it is easier, though it require time and investment, to train your people so that they understand the risks and know what to do. Because, regardless of the implemented security (in-house or third party), your weakest link will always be with people.

Individuals: well accident happens. Your apartment can be burglarized, generally according to signs of wealth. I believe with internet it is the same. Unless you are a celebrity, you are unlikely to be targeted. But if you fail to lock your door, burglars are likely to have a look inside if there is anything of value. It is the same with everything you have in the cloud. For individuals, it starts by ensuring you are using strong and unique password. Don’t rely only on one strong password, which you use everywhere. How many times, have I received an email confirmation after registering to a site with my password showing in clear in the email, together with my username! Don’t reuse password! There are apps which help to do that, my favorite is 1Password which exists with many devices and can use dropbox for synchronization.

Then when you store data in the cloud, if it is sensitive, encrypt it (again with a different password). If someone gets to the file, it might just be worthless without the password. Well think again though… sometimes you should make sure that your password is unreasonably strong (like 30 characters or so). Because what is uncrackable today, might be trivial to crack in 10 or 20 years. If the information you need to protect is short lived, it does not matter, but if it will remain sensitive for decades, be sure not to forget that technology evolves too.

So, is it too risky to use the cloud? Well for most people it is not riskier as driving a car or walking down the stairs. It is a matter of knowing and understanding the risks to effectively mitigate them.

Am I using the cloud? You bet I do!

 

WWDC 2012 – after keynote

Well this year WWDC keynote was impressive. It was the most solid set of announcement from Apple since a few years.

Refreshed laptops and a new generation MacBook Pro that seems simply stunning with its retina display, its thinner profile and its lighter weight, all this with high performance components. I think it shows where we are going, compared to the first MacBook Air which were at best good as auxiliary machine, typically what an iPad can be used for now, the new models now are very usable as main machine for a lot of activities (I’m using a MacBook Air end-2011 for development). When more muscles are required, for video or photo, the new generation MacBook Pro are the ones to look at. Who will ever want to buy a PC?

That should give some thoughts to big corporations, as to which machines should be given their employees. In my professional career I’ve only worked with wintel machines, an Apple computer has never really been an option for a bank, but now things are changing and big corporation should start to seriously look at Apple as a viable option for them.

On the software front, most rumors have been confirmed with iOS 6. Siri is coming to iPad, though not on first and second generation, iOS receives a new killer app: a refreshed Map app, and Facebook is integrated. Mostly these are consumer oriented features, though they can also have interest for the corporate world they are not really mainstream. I’ll have to dive into the developer APIs to see the details of the changes, what seems to be missing at this stage is the Siri API and that is a disappointment, we will have to wait to develop apps that are natively interacting with Siri.

This is going to be an exciting year again (Yes for some years go from one WWDC to the next one…)

WWDC 2012

This week is WWDC ’12. A lot of rumors are floating around, most will be confirmed at tonight’s keynote. Beyond refresh for new macs (which is not very relevant as most banks are still using wintel machines) the highlight will be iOS 6. There will (might) be interesting updates such as new maps or Facebook integration which should please the consumer market. For the productivity angle, I expect a lot of potential with Siri for iPad and, as developer, having access to the Siri API. We already have a couple of projects for Siri and we’re pretty excited at the opportunity to work directly with Siri APIs. Finally an enhanced iCloud should enable developers even more than today.

I won’t list all rumors already published by tech bloggers, what however I reflect on is that our vision of having tablet formats completely replacing desktop computers for senior to mid-level management in the next 3-5 years is becoming more and more reachable. We just need to figure out how to effectively replace the keyboard and the mouse in innovative productivity apps. And that is only a matter of imagination…