Stories by Thomas J. Trappler

  • NASA's cloud audit holds value for all

    NASA's Office of the Inspector General (OIG) recently audited and evaluated the efficacy of the space agency's efforts to adopt cloud-computing technologies. The resulting report, "NASA's Progress in Adopting Cloud-Computing Technologies," includes six recommendations "to strengthen NASA's IT governance practices with respect to cloud computing, mitigate business and IT security risks and improve contractor oversight." While the recommendations are specific to NASA, their underlying concepts can be leveraged by any organization that wants to more effectively adopt cloud-computing services.

  • Software licensing in the cloud

    Someone at my seminar in Los Angeles last month asked about challenges that the cloud poses for software licensing. That's such a broad and complex topic that it could warrant an entire seminar of its own. But this column can at least provide an overview of the issues.

  • Your cloud contract needs to look beyond renewal time

    So you've done all the right things in selecting your new cloud vendor. You went through a competitive bidding process, evaluated the bells and whistles offered by each vendor, identified the service that best meets your needs, got a great price for the first year, trained your staff on the new service, and mothballed your old in-house solution. A whole lot of work, wasn't it? Don't want to go through that again soon, do you? Well, if your contract doesn't effectively address the terms under which you can continue to use the service, then the cloud vendor may have you over a barrel at renewal time.

  • In the Cloud, a data breach is only as bad as your contract

    Loss of control is one of the main things that gives people pause when they think about putting their data in the cloud. We've all seen how painful a data breach can be, and it can seem almost like asking for trouble to put your data in the hands of someone else. It's hard enough to prepare for a breach when you're in control. How do you do it when you put someone else in charge?

  • When your data's in the cloud, is it still your data?

    When your data resides on a cloud provider's infrastructure, your ownership rights could be compromised. For example, what's to prevent the cloud provider from deciding to access your data and use it for its own purposes? That's why any contract for cloud services should include language clearly affirming your ownership of your data.

  • Where there are clouds, there's lightning (and other cloud disaster tips)

    They say that lightning doesn't strike twice, but apparently a single bolt of lightning can take out two cloud provider data centers at once. At least that's what initial reports cited as the cause of <a href="">concurrent outages</a> at the Dublin data centers that serve as Microsoft's and Amazon's major cloud computing hubs for Europe. These reports serve as a good reminder of why it's a good idea to consider disaster recovery and business continuity when contracting with a <a href="">cloud</a> computing provider.

  • Why physical security matters, even in the cloud

    At the Business of Cloud Computing Conference, I caught a presentation by Marlin Pohlman, who noted that No. 3 on the <a href="">Cloud Security Alliance</a> 's "Top Threats to Cloud Computing" list is malicious insiders. This serves as a good reminder that old-fashioned physical security issues require a lot of attention when you're considering a <a href="">cloud</a> service provider.