US Capital Building

What Happens to Your Cloud Data if the Government Wants It?

In the summer of 2011, Microsoft warned consumers that the U.S. Patriot Act could compel the company to hand over customer data to the United States authorities, without their permission. This data would extend not only to customer contact information, but also to any files stored in Microsoft Cloud Services. Additionally, this data transfer would be kept secret, violating the European Union Date Protection Directive. The directive requires organizations to inform users when personal information is disclosed. Since this news surfaced, concerns have been mounting about the access to personal data stored on cloud services. However, as this article will explain, there is minimal threat to cloud services.

The Patriot Act and Your Data

While Part II of the Patriot Act allows the FBI to petition courts for documents, including those in the cloud, the government has rarely used the Foreign Intelligence Services Act (FISA) order. In 2010, only 96 applications were made for business records.

Another part of the Patriot Act, the National Security Letter, could also impact cloud services. The National Security Letter enables the FBI to access subscriber information and electronic communications records. However, the scope is very limited, and they can’t view the actual message–just the transmission.

The idea of a safe haven from the U.S. Patriot Act, as promoted by some European companies, is misleading. If a suspected terrorist has data stored in a cloud outside the United Sates, the information can still be obtained, provided that country is an ally. The United States is not different from many countries in this regard. Likewise, if prosecutors in Europe needed data held in the United States for terrorism, the U.S. would likely seize that data.

Many countries have privacy challenges in their own right. For example, Internet Service Providers in the European Union must retain telecom customer data for between six and 24 months. Additionally, the European Union’s data-retention directive gives investigators access to information that may be deleted in other countries. Under this directive, police can access details such as IP address and the frequency of every email, phone call, and text message sent or received. Other regulations include the international transfer of certain kinds of data.

Keeping Your Data Safe

The safeguarding and protection of data ultimately resides in your hands. Business owners must make informed, calculated decisions before deciding whom to do business with.

When deciding on a cloud provider, business owners should ask themselves a number of questions:

  • How sensitive is the information being stored?
  • What is the risk if that information is leaked?
  • What role does jurisdiction play in that risk?

When people express fears about storing their data in the cloud, they are mostly afraid of the control they will lose when they hand over the storage reigns. Although data is stored securely in the cloud every day–even safe from the government’s eyes–those one or two stories you hear to the contrary are likely to stick in your mind. Just remember that most cloud computing companies are well-trained, have reliable backup systems and contingency plans in place, and employ a full staff of professionals to be sure disaster doesn’t strike.

Cloud storage icon

4 Tips for Backing Up Your Data in the Cloud

Every IT manager knows that backing up data is essential to protecting a company’s most valuable commodity. Backing up your data off-site is easier than ever, but you need to examine your needs in depth before choosing this important service.

As you examine your options, consider these four ways to backup your data in the cloud.

1. Consider how you will restore data

When you back up a system and all of its storage, you are protecting everything on that OS instance. This is useful if you find yourself needing to restore an entire environment using bare metal recovery scenarios. However, if you just want to protect a service, such as a database like Microsoft Exchange, you may want to restore only a specific mailbox. The point is to consider what you might want to restore, and then make a backup decision that will facilitate your goals.

Also keep in mind that Internet connectivity from the data source to the backup location plays a key role when it’s time to recover. If you have hundreds of gigabytes or more to restore, restoring from the Internet could take many more hours than you can afford. Consider local backup as a first line of defense. See item three!

2. Understand that hypervisor level backup may not be enough

Virtualization offers numerous capabilities, including the ability to perform backups at the hypervisor level of the virtual machines (VMs). However, this type of backup limits your restore to a VM-only level or to files within the VM. Consider running backup agents within the VM OS, rather just on the virtualization host, for the best restoration options, or use a tool that leverages both OS-level and VM-level backup.

3. View local protection as a first line of defense

Using the public cloud offers unlimited server and storage resources, and cloud storage is flexible and scalable. However, while the public cloud is a valuable step in securing your data, consider on-premise backup as your first line of defense for greater peace of mind. Using resources local to the systems and data often yields the best performance.

4. View cloud protection as a second line of defense

In the event of a disaster, cloud-based backup protection can literally save your company. So, if local protection is your first line of defense, then cloud protection should be a necessary second. Prioritize the servers and data that need offsite disaster recovery protection by identifying key business processes that are critical to your company’s day-to-day operations, and don’t forget to include the dependencies of those services, such as databases and middleware.

Software license audit feature img

How to Prepare for a Software License Audit

It’s an interesting time for software audit licensing, and companies are, all too often, finding themselves in the storm of an audit. Perhaps it is due to the fact that licensing use rights are being applied to increasingly complex IT environments that have changed beyond the terms of their former software agreements. Or, maybe it is because revenue for new software licenses is down, forcing vendors to focus more on licensing audits to recover some of the lost income.

Whatever the reason, IT organizations need to be diligent if they are audited. And, taking some simple steps to avoid an audit in the first place wouldn’t hurt, either.

Staying Compliant with Software Licensing

The best way to handle a license audit is to stay out of trouble in the first place. While sometimes easier said than done, you can take a few steps to stay in the clear.

  • Maintain robust software asset management (SAM) processes.
  • Make software licensing a core part of change management.
  • Consider how normal IT actions, like upgrading servers, will affect your software licenses and address any issues at the time actions are taken.
  • Don’t just rely on spreadsheets for compliance management — look into how an automated solution might help you stay on top of things better.
  • If you discover a licensing issue, admit to it. It can be advantageous to pursue proactive remediation to possibly avoid punitive costs and other consequences of an audit.
  • Don’t look the other way if there are unlicensed copies of software being used in your organization. Ensure that your written policies and procedures are consistent with your actual policies and procedures, and make sure your employees, consultants, and vendors understand the rules.

Preparing for the Software License Audit

If, despite your best efforts to remain compliant, you find yourself being audited, take these steps to make the process go as smoothly as possible.

  1. Contact the vendor to find out the scope of the audit because audit procedures vary by provider.
  2. Begin an internal audit so you can learn more about the problem and discover any additional shortfalls.
  3. Get all your ducks in a row: Make sure all communications between your team and the vendor are appropriate, and ensure that the process includes an opportunity to review findings prior to settlement. Also, validate that the auditor has included all licenses to which you are entitled.
  4. Along that same vein, make sure your company clearly understands the audit rights by reviewing the provider agreement. Within reason, push back against anything you do not believe is mandated.
  5. If the audit proceeds, manage the process with a proactive mindset. Do not sit back and wait for instructions — find out what you need to do, and just dive in.
  6. Approach settlement talks as a negotiation. Don’t just accept the initial settlement demand as carved in stone. If your company’s non-compliance was inadvertent, or otherwise reasonable, consider a counter-offer based on achieving and maintaining future compliance instead of back-dated compensation, retributory list pricing, and other punitive actions.
  7. If you know you will have to pay punitive costs, have in mind a dollar value settlement before going into talks. The cost will vary based upon the provider and the situation, but a reasonable target settlement amount is the estimated supplementary costs had your company remained in compliance. Expect to pay something, but use any leverage as a customer (current and future) that you might have to come to an agreement.

Whatever you do, don’t be passive and simply accept the audit terms, process, and results. Admit whatever fault may be yours, but stand your ground when it comes time to work with auditors and, especially, when it comes time to work out a settlement agreement.

Virtual network image

PCs vs. DaaS: A Total Cost Analysis

Several years ago, IT managers and companies realized that they could drastically slash their IT budget by virtualizing much of their server architecture and infrastructure. The benefits were clearly and quickly apparent. After all, running servers in-house is expensive: from the physical costs of having a climate-controlled server room to the price of energy consumed to the cost of keeping maintenance staff on hand, the expenses can add up.

Hot on this success, many in the IT and managed services field began experimenting with taking virtualization to the next level with DaaS: Desktop as a Service. With DaaS, companies could, in theory, cut costs even more drastically than with virtualized servers. After all, most companies have significantly more PCs than servers in operation. Unfortunately, desktops and the infrastructure required to support them is significantly different from servers, and many of the cost offsets seen in server virtualization simply aren’t available when switching to DaaS. Fortunately, there are still plenty of savings to be found in using desktop virtualization, even if some of them are only apparent on a longer timeline.

Before moving into discussions of savings offered by DaaS, it’s important to quantify the total actual costs of your current fleet of PCs. A VMWorld white paper recently estimated that the costs of running a traditional PC run to roughly $1,281, with the vast majority of those costs being year-over-year management costs per computer per user, including power and IT labor. Another white paper by Citrix agrees, putting the yearly cost at $960. These yearly costs include maintenance just on the PCs themselves, and not costs on the networks and infrastructures that keep them operating. Included are things like physical relocation and adjustments, patching and upgrading software, reimaging drives and resolving issues, and back-ups and other preventative maintenance.

On top of the yearly costs is the price of the desktop itself. A full office desktop can cost anywhere from $150 for a barebones repurposed/refurbished model to $300 and up for new units. These costs can grow significantly if you have some employees that require specialized workstations. A desktop for a graphic artist, video editor, high-end developer, or data-analyst can easily run to over $1000, especially since few companies order enough of these specialty units to get large volume discounts. Additionally, if you DO virtualize some desktop functions, but do so in-house, you run the costs for server hardware and maintenance.

Enter DaaS. Much like SaaS (Software as a Service), the principle is that you outsource infrastructure and physical management, and instead manage only the software used on a pay-as-you-go model. Unlike more traditional desktop virtualization setups, you manage only the users and the desktop image which you use, instead of managing the users, the desktop image, and the physical servers and infrastructure. According to the VMWorld white paper, this has a huge impact on your management costs year over year. Whereas a traditional PC runs around $950 per year, a VDI (traditional virtual desktop service) will cost about $650. DaaS services manage to beat both, coming in at just over $300 per year in management costs. When viewed in a per user per desktop basis over a longer time-period, that savings of over $600 per year adds up to a much smaller IT budget.

On top of the savings from IT staff costs, DaaS also has a significant advantage in physical endpoint costs. Whereas typical PCs can cost hundreds of dollars, DaaS gives you the option of using thin clients, desktops that not only cost significantly less money than traditional PCs (between $50 to $100 per unit) but also require significantly less power and cut down on energy costs. A DaaS platform can also allow you to implement a safe, secure BYOD policy, cutting computing costs even more drastically. Since all work is done in a virtualized environment inside of a sandbox, the typical security worries involved with BYOD are greatly minimized.

All in all, DaaS is quickly turning into the future of computers in the office, and it’s clear why. A DaaS setup can cut total costs per user per PC by at least 30% in many organizations, and more for ones that did not have the most efficient PC management policy in the first place. While the technology is still young, it shows a lot of promise for drastically reducing IT budgets. Is it right for your company? Hard to say. It definitely will be in the next year or two, as the technology matures. But those who wait have to factor in losing out on a year or more of savings by early adopters.

iPhone 5

Top 6 iPhone 5 Complaints

The iPhone 5 hit the shelves earlier this fall, and the complaints hit social media soon thereafter. From aesthetics to navigation, users voiced their gripes with Apple’s latest iteration of its hyper-popular smartphone.

As time went on, the list of iPhone 5 gripes grew as long as the lines of consumers waiting outside an Apple store on release day. Here are the top 6 complaints about Apple’s iPhone 5.

1. Screen problems

Users have reported problems with their iPhone 5 screen, including a weird flickering that won’t go away. Others are saying that their screen appears to have an air bubble, as you can see in this video.

2. Light Leakage

Another widely reported issue with the iPhone 5 is light leakage from various points on the device. Some users see light through the gaps around the device’s antenna and power button. While the leak is only visible in low light, it’s still a problem for such a pricey device.

3. Scratches easily

Apple is known for creating products that are functional and beautiful. So, concerns about durability are especially surprising. However, many users have reported that their new iPhone 5 came out of the box with scuff marks. This iFixIt video shows how much more easily the iPhone 5 gets scratched compared to the iPhone 4.

4. Device is "too light"

This complaint is a bit odd, but it is a common gripe among users. One of the selling points for the new phone – according to Apple – is that it’s the lightest smartphone ever. But one of the points of frustration – according to consumers – is that it’s too light. Apparently heft = well-made in the eyes of iPhone users. Perhaps they fear the device is cheap and toy-like, even though Apple hoped its lighter weight would be a benefit.

5. Lightning Connector

Sometimes even technophiles don’t like change. Longtime Apple users have complained about the smaller connector port, called Lightning, on the iPhone 5 and new iPods. Now, users need new power cords, and the new devices won’t connect with older speakers and other accessories. Customers can buy Apple’s new $29 and $39 legacy docking solutions, which add a 7.8-inch wire – but many are irked that they have to purchase these extras at all.

6. Maps

One of the biggest complaints with the iPhone 5 is with its Maps app. The problems center around 3D and satellite images that look off (with bridges looking wavy, for example), navigation directions sending people to the wrong location, and outdated information on local businesses. Unlike Google Maps, Apple’s Maps app lacks transit directions, too.

Have you experienced any problems with the iPhone 5? What are your top six complaints (or praises) about your new smartphone?

How to Create an IT Outsourcing Contract

As outsourcing becomes the norm, many companies are working to incorporate the outsourcing process into their regular operations. Part of this process includes contracting employees and adhering to those contracts.

IT consulting and outsourcing companies usually work under a contract for a specific length of time, or until a project is completed. This contract is an agreement to perform services for a predetermined cost, and the service level agreement (SLA) outlines the details of this work.

Here is a guide for creating this basic, yet very important, document for IT outsourcing.

1. Specify the cost and scope of work

Contracts specify in plain terms what you will be paying for and how much you will pay for it. But, the actual contract doesn’t have to be too specific; save these details for the service level agreement. For ongoing services, you will likely pay a monthly rate for a defined period of time. Include a benchmarking provision, especially in a long-term contract, to be sure you are hitting goals. This provision will come in handy if you suspect that costs for already-contracted services have dropped below prior rates (something that happens often as technology improves); at this point, you can have rates evaluated by a third party.

2. Define how you will monitor work (work governance)

The contract should include provisions that state what will happen if service level requirements are not met, as well as how requirements will be monitored. However, having a contract in place does not mean you are off the hook for clear, regular communication. Communicating with your IT provider, or with your client, will help you avoid future headaches.

3. Make a plan to disengage

Expect the best, but prepare for the worst. Implementing the disengagement plan is the worst-case scenario, but you still need to create it. If you find you are no longer able to work together and need to terminate the contract, you will be glad you have this plan to refer to. This element is especially important in IT where a contractor has access to your information and infrastructure. Include ownership rights, transfers, and any other security concerns you might have. If your contract is large in scope or involves complex licensing issues, you may wish to have an attorney review it.

4. Document the Service Level Agreement

The SLA is the nuts and bolts of the transaction, specifying all the details that the contract doesn’t. This document should be specific and include concrete information such as how many hours a day the helpdesk will be available, or which days of the week service will be provided. If it is important, make sure it goes into the SLA.

A note about foreign outsourcing:

If you plan to outsource IT services to a foreign company, you need to be aware of certain legal issues. Since these providers are based overseas, U.S. contract law may not apply to some provisions. If you are a smaller company looking for helpdesk support, this issue may not concern you. However, if you are a larger company outsourcing data storage, you can expect to encounter foreign regulations at some point. It can be helpful to have an attorney review these types of contracts as well so you can be sure you are crystal clear on what you are contracting into.