雲端運算 大體上包含下列五個主要特點
(一) 隨需自助服務 (On-demand self-service) : 有許多的時候 大型企業是可利用這項服務: 例如 系統上線前, 需要使用資料來測試,但自己不想再花錢購買測試用的伺服器. 或新購機器, 已下訂單, 但廠商來不及交貨 (因為 logistics的問題) 對於雲端服務的廠商 均是商機
(二) 廣泛的網絡接入 (Broad network access) : 使用的人員會比以前傳統隱閉式較多, 因此認證的管理, 帳號的同步性and保留的機制, 與VPN 的規模可伸縮性 (scalability)
(三) 共享資源池 (Resource pooling) : 將資料中心的伺服器, 網路設備與儲存設備 共享資源, 一起使用.
有些產業的異質性高, 使用高數運算時間不盡相同, 雲端運算業務人員若能保握此特性, 對擴展商機, 不失為一個考量.
(四) 快速彈性 (Rapid elasticity) : 程式與系統重新部署靈活度與機動性. 程式系統要考慮舊資料的保存與刪除合法性
(五) 測量服務 (Measured Service) : 可被監控與量測的服務, 畢竟如果無法量測 便無法管理 ("If you can't measure it , you can't manager it".), 針對測量服務延伸出的KPI, 其共識形成亦是考量.
2011年4月29日 星期五
在雲端運算的服務平台 完整的資安考量
在雲端運算的服務平台 完整的資安考量
參考了Cloud Security Alliance 的說法與個人經驗, 完整的資安考量應包含下列幾點:
(一) 虛擬化 (Virtualization): 虛擬化設備的機器的資安機制, 和傳統的有哪些衝突?
(二) 認證與存取管理 (Identity and Access Management): 是否要增設使用人帳號, 新增&取消的機制又為何? 如何與現有的做整合?
(三) 加密與密鑰管理 (Encryption and Key Management): 雲端服務的廠商是否有權利 參與密鑰管理的設定? 廠商的設備是否支援加密的通訊協定? 這不是單純在伺服器, 還包含在網路設備與儲存設備.
(四) 系統程式安全 (Application Security): 在 Application Security architecture and Software Development Life cycle (SDLC) 的範圍下, 針對 (IaaS, PaaS, SaaS) 又有哪些不同作法? 雲端服務的廠商可否參與系統開發的測試, 測試資料是虛, 還是真實的? 保密協定的簽核?
(五) 安全事件反應 (Incident Response): 雲端服務的廠商是否有能力提出事前防禦和事後補救? 它有扮演 Security Operation Center 的功能與角色嗎?
(六) 機房中心營運與管理 (Data Center Operations): system availability, performance, network latency 是否與服務層級協議(Service Level Agreement;SLA)相符合? 貨櫃式機房中心的創造、保留、到銷毀的整個過程,如何加以管理?
(七) 營運持續管理(BCM) 與災害復原服務(Disaster Recovery Services): 廠商的服務層級協議(Service Level Agreement;SLA) 是否在接受範圍內? 多久操練過一次?
(八) 雲端可攜與互通描繪準則(Portability and Interoperability): 可攜式介面, 應用程式介面, 管理介面是否有共通標準?
(九) 資料生命週期管理(Information Lifecycle Management): 企業從資料的創造、抓取、保留、備份、到銷毀的整個過程,如何加以管理,雙造的責任與義務又為何?
(十) 法規遵循的目標與稽核 (Compliance and Audit): SAS 70 Type II, Health Insurance Portability and Accountability Act (HIPAA), even 個資保護法規, 如何精實的予以呈現?
(十一) 電腦鑑識 (Legal and Electronic Discovery): sys log and audit log 的保存期限? 檢調需要查證時, 可否完整提出證明?
(十二) 公司治理與完整風險分析 (Governance and Enterprise Risk): 應採取那一項業界的標準?
參考了Cloud Security Alliance 的說法與個人經驗, 完整的資安考量應包含下列幾點:
(一) 虛擬化 (Virtualization): 虛擬化設備的機器的資安機制, 和傳統的有哪些衝突?
(二) 認證與存取管理 (Identity and Access Management): 是否要增設使用人帳號, 新增&取消的機制又為何? 如何與現有的做整合?
(三) 加密與密鑰管理 (Encryption and Key Management): 雲端服務的廠商是否有權利 參與密鑰管理的設定? 廠商的設備是否支援加密的通訊協定? 這不是單純在伺服器, 還包含在網路設備與儲存設備.
(四) 系統程式安全 (Application Security): 在 Application Security architecture and Software Development Life cycle (SDLC) 的範圍下, 針對 (IaaS, PaaS, SaaS) 又有哪些不同作法? 雲端服務的廠商可否參與系統開發的測試, 測試資料是虛, 還是真實的? 保密協定的簽核?
(五) 安全事件反應 (Incident Response): 雲端服務的廠商是否有能力提出事前防禦和事後補救? 它有扮演 Security Operation Center 的功能與角色嗎?
(六) 機房中心營運與管理 (Data Center Operations): system availability, performance, network latency 是否與服務層級協議(Service Level Agreement;SLA)相符合? 貨櫃式機房中心的創造、保留、到銷毀的整個過程,如何加以管理?
(七) 營運持續管理(BCM) 與災害復原服務(Disaster Recovery Services): 廠商的服務層級協議(Service Level Agreement;SLA) 是否在接受範圍內? 多久操練過一次?
(八) 雲端可攜與互通描繪準則(Portability and Interoperability): 可攜式介面, 應用程式介面, 管理介面是否有共通標準?
(九) 資料生命週期管理(Information Lifecycle Management): 企業從資料的創造、抓取、保留、備份、到銷毀的整個過程,如何加以管理,雙造的責任與義務又為何?
(十) 法規遵循的目標與稽核 (Compliance and Audit): SAS 70 Type II, Health Insurance Portability and Accountability Act (HIPAA), even 個資保護法規, 如何精實的予以呈現?
(十一) 電腦鑑識 (Legal and Electronic Discovery): sys log and audit log 的保存期限? 檢調需要查證時, 可否完整提出證明?
(十二) 公司治理與完整風險分析 (Governance and Enterprise Risk): 應採取那一項業界的標準?
2011年4月22日 星期五
汽車IT系統與雲端運算結合
汽車IT系統與雲端運算結合
這幾年, 移動性科技 (mobility) 大幅度運用在筆電與手機上, 造成很大的商業效果. 很多公司在研發雲端運算的, 希望運用到其他產業, 汽車產業可否是個選項呢?
根據最新的消息, 豐田汽車將與微軟合作, 透過 Microsoft Azure 平台, 處理汽車系統內的: 導航, 娛樂, 與能源管理功能. 透過車內的系統, 遙控家中的電器產品. 其實, 這也帶來幾個考量的項目:
(一) 使用人的認證:是否仍使用傳統認證機制(聲音, 指紋, 臉部影像)? 真的是汽車主人, 而非別人? 會不會駕駛人汽車被偷了, 連家中東西也保不住?
雲端運算可否在每次汽車啟動時 立刻做駕駛人資料更新 並與資料庫內的駕駛人行為資料實施交叉分析? 亦為另一類驗證機制 (當然這是 background check 不能花太多時間)
(二) 無線訊號的干擾與竊聽:這無線訊號的傳遞, 將因這些智慧型汽車的加入, 而更加熱鬧起來了. 無線訊號加密的技術, 可能因更大 (更多) 的使用量, 而更加擴大(如IPv4 到 IPv6)?
(三) 隱私權(privacy)的問題: 那些傳輸的資料是屬於 "個人資料"保護法所制定的? 汽車IT系統如何來過濾與保護這些資料?
(四) 智慧型汽車, 有沒有可能也可採用"on-demand” 的機制,需要用到的 "服務"可透過, "雲端"將程式下載下來? 減少汽車IT系統本身的loading? 而且, 透過這樣的改變, 或多或少, 可否讓汽車的”價格”降低, 但”價值”持續提升呢?
(五) 火燒車的避免:汽車溫度過高, 而導致起火, 產生火燒車事件, 絕非突然發生的. 在汽車行進間, 是否可傳送相關的資訊到雲端網路資訊中心, 再由那資訊中心判定相關數值的緊急性, 適時連絡駕駛人, 警察或義警, 並在汽車預測行進路線, 由警察或義警予以勸導與協助, 避免公共安全事件.
(六) 再來, 交通管理單位可否也藉由雲端運算的技術, 對汽車使用人與汽車本身提供更大的安全性管理, 監督? (如失竊車 報廢車)
===
這幾年, 移動性科技 (mobility) 大幅度運用在筆電與手機上, 造成很大的商業效果. 很多公司在研發雲端運算的, 希望運用到其他產業, 汽車產業可否是個選項呢?
根據最新的消息, 豐田汽車將與微軟合作, 透過 Microsoft Azure 平台, 處理汽車系統內的: 導航, 娛樂, 與能源管理功能. 透過車內的系統, 遙控家中的電器產品. 其實, 這也帶來幾個考量的項目:
(一) 使用人的認證:是否仍使用傳統認證機制(聲音, 指紋, 臉部影像)? 真的是汽車主人, 而非別人? 會不會駕駛人汽車被偷了, 連家中東西也保不住?
雲端運算可否在每次汽車啟動時 立刻做駕駛人資料更新 並與資料庫內的駕駛人行為資料實施交叉分析? 亦為另一類驗證機制 (當然這是 background check 不能花太多時間)
(二) 無線訊號的干擾與竊聽:這無線訊號的傳遞, 將因這些智慧型汽車的加入, 而更加熱鬧起來了. 無線訊號加密的技術, 可能因更大 (更多) 的使用量, 而更加擴大(如IPv4 到 IPv6)?
(三) 隱私權(privacy)的問題: 那些傳輸的資料是屬於 "個人資料"保護法所制定的? 汽車IT系統如何來過濾與保護這些資料?
(四) 智慧型汽車, 有沒有可能也可採用"on-demand” 的機制,需要用到的 "服務"可透過, "雲端"將程式下載下來? 減少汽車IT系統本身的loading? 而且, 透過這樣的改變, 或多或少, 可否讓汽車的”價格”降低, 但”價值”持續提升呢?
(五) 火燒車的避免:汽車溫度過高, 而導致起火, 產生火燒車事件, 絕非突然發生的. 在汽車行進間, 是否可傳送相關的資訊到雲端網路資訊中心, 再由那資訊中心判定相關數值的緊急性, 適時連絡駕駛人, 警察或義警, 並在汽車預測行進路線, 由警察或義警予以勸導與協助, 避免公共安全事件.
(六) 再來, 交通管理單位可否也藉由雲端運算的技術, 對汽車使用人與汽車本身提供更大的安全性管理, 監督? (如失竊車 報廢車)
===
2011年4月21日 星期四
在雲端服務時代, ITSM 的實踐, 應該考慮哪些項目?
在雲端服務時代, ITSM 的實踐, 應該考慮哪些項目?
Service Strategy
(一) 公司的IT 服務策略, 應隨著公司本身的營運方向和目標 (revenue, market share, ROI, and profit) 有所不同.但不會因是否採用雲端運算, 而有差別.
(二) Financial management: 公司的IT 服務項目/程序, 會因採用雲端運算/服務, 會被重新歸類. 公司的IT 服務成本希望也有調整的空間
(三) Service value: 可否藉這個雲端服務的IT 觀念 再一次釐訂, IT服務的價值 (value) 與定位?
Service Design
(一) 雲端運算/服務, 當設計雲端運算/服務時, 仍因公司商業目標為最高指導原則, 而不是只單純考量, 現在這些虛擬的技術, 可以做到哪些事情.
(二) 服務廠商的遴選: 是要和舊的廠商管理制度雷同, 還是要訂定新的, (對有些企業而言, 這可能是少數直接接觸 國際大廠的機會).
(三) 現有的服務廠商, 是否已可提供這樣的設計工具, 並直接mapping 到雲端 支援範圍到那裏.
Service Transition
(一) 當我們在扮演”專案經理” 或 “產品經理”時, 我們嚴格考慮三個因素: 時間, 成本, and 品質. 在移轉到雲端, 也是一樣的道理.
(二) 服務移轉的過程, 是否夠透明化, 同時間是否有別的客戶, 也在upgrade 資料在同一台機器上? 廠商的人的素質與機動性等, 均應加以考慮.
(三) 雲端服務移轉過程, 兩造雙方的角色與職權 (role and responsibility)是否清楚, 完整?
(四) 當公司有新的程式開發完, 要上線時. 雲端運算/服務廠商是否要參予測試作業, 保密條款的簽訂, 是否另有資安的考量.
Service Operation
(一) Service 判定的五個要項: availability, performance, risk, security, and, of course, customer satisfaction
(二) 針對 資安驗證, 隱私性資料, 存取記錄, 是否有完整監控的機制?
(三) System log 保存多久? NOC/SOC 資料整合與資訊相互依存的關聯性在哪裏?
Continual Service Improvement
(一) Service life cycle 的程序, End of service的定義.
(二) 災難復原計劃 (Disaster Recovery Plan) 的完整度.
(三) 災難復原操演的記錄.
另外 公司內部的同仁 是否也準備好這樣的變化 (我們常常在講的 culture readiness) ?
Service Strategy
(一) 公司的IT 服務策略, 應隨著公司本身的營運方向和目標 (revenue, market share, ROI, and profit) 有所不同.但不會因是否採用雲端運算, 而有差別.
(二) Financial management: 公司的IT 服務項目/程序, 會因採用雲端運算/服務, 會被重新歸類. 公司的IT 服務成本希望也有調整的空間
(三) Service value: 可否藉這個雲端服務的IT 觀念 再一次釐訂, IT服務的價值 (value) 與定位?
Service Design
(一) 雲端運算/服務, 當設計雲端運算/服務時, 仍因公司商業目標為最高指導原則, 而不是只單純考量, 現在這些虛擬的技術, 可以做到哪些事情.
(二) 服務廠商的遴選: 是要和舊的廠商管理制度雷同, 還是要訂定新的, (對有些企業而言, 這可能是少數直接接觸 國際大廠的機會).
(三) 現有的服務廠商, 是否已可提供這樣的設計工具, 並直接mapping 到雲端 支援範圍到那裏.
Service Transition
(一) 當我們在扮演”專案經理” 或 “產品經理”時, 我們嚴格考慮三個因素: 時間, 成本, and 品質. 在移轉到雲端, 也是一樣的道理.
(二) 服務移轉的過程, 是否夠透明化, 同時間是否有別的客戶, 也在upgrade 資料在同一台機器上? 廠商的人的素質與機動性等, 均應加以考慮.
(三) 雲端服務移轉過程, 兩造雙方的角色與職權 (role and responsibility)是否清楚, 完整?
(四) 當公司有新的程式開發完, 要上線時. 雲端運算/服務廠商是否要參予測試作業, 保密條款的簽訂, 是否另有資安的考量.
Service Operation
(一) Service 判定的五個要項: availability, performance, risk, security, and, of course, customer satisfaction
(二) 針對 資安驗證, 隱私性資料, 存取記錄, 是否有完整監控的機制?
(三) System log 保存多久? NOC/SOC 資料整合與資訊相互依存的關聯性在哪裏?
Continual Service Improvement
(一) Service life cycle 的程序, End of service的定義.
(二) 災難復原計劃 (Disaster Recovery Plan) 的完整度.
(三) 災難復原操演的記錄.
另外 公司內部的同仁 是否也準備好這樣的變化 (我們常常在講的 culture readiness) ?
2011年4月19日 星期二
使用雲端服務 對傳統 IT (MIS) 部門的衝擊
使用雲端服務 對傳統 IT (MIS) 部門的衝擊
愈來愈多的現象顯示, 企業的IT功能, 將慢慢的轉到提供雲端服務的廠商, 對傳統 IT (MIS) 部門會造成那些衝擊呢?
(一) Service catalog: 隨著導入ITIL (ITSM), 大多的 “IT 服務項目” 都可清楚定義與標示, 而且也可用量化表示出來, 並與 KPI 搭配.
對於一般IT服務使用單位, 有沒有搬到雲端, 對它們而言, 應該沒有差別. 但對IT同仁, 他們必須再次深思這些 ”IT服務項目,” 是否要重新被定義? 搭配的 KPI 有無修改的必要性, 是否可藉風險轉移的工具, 促使KPI達成值比以前更提高, 表示作業的效率性 (operational efficiency)?
(二) 管理機制: 雲端服務帶來其中之一的效果就是作業的效率性. 是否會有同仁專責在做此類數值的記錄, 移轉前是怎樣? 移轉後又進步了多少? Capability management 是否有適切的準備?
(三) IT同仁: 內部的IT同仁, 會被更要求對公司的核心產品/營運活動的認識與要求 甚至有些更積極的公司, 還會要求預測IT服務的能力. 因為內部的IT同仁不僅只扮演技術的功能角色, 他們同時也是 “公司內部同仁” 與”外部雲端服務廠商”的對話窗口, 有點類似 business relationship management.
(四) IT組織會更佳的扁平化: 過去十餘年 我們看到很多商業購併的現象, 一但兩家 (或數家)公司合在一起, 類同功能的後勤單位也會合併, 資訊長也只有一位.
同樣的道理, 即使公司只是使用私有雲, 把數個單位 (政府 軍方 教育 等機關) 資源合在一起時, 高階的IT主管數應該會因資源再度整合 工作職掌有所調整.
愈來愈多的現象顯示, 企業的IT功能, 將慢慢的轉到提供雲端服務的廠商, 對傳統 IT (MIS) 部門會造成那些衝擊呢?
(一) Service catalog: 隨著導入ITIL (ITSM), 大多的 “IT 服務項目” 都可清楚定義與標示, 而且也可用量化表示出來, 並與 KPI 搭配.
對於一般IT服務使用單位, 有沒有搬到雲端, 對它們而言, 應該沒有差別. 但對IT同仁, 他們必須再次深思這些 ”IT服務項目,” 是否要重新被定義? 搭配的 KPI 有無修改的必要性, 是否可藉風險轉移的工具, 促使KPI達成值比以前更提高, 表示作業的效率性 (operational efficiency)?
(二) 管理機制: 雲端服務帶來其中之一的效果就是作業的效率性. 是否會有同仁專責在做此類數值的記錄, 移轉前是怎樣? 移轉後又進步了多少? Capability management 是否有適切的準備?
(三) IT同仁: 內部的IT同仁, 會被更要求對公司的核心產品/營運活動的認識與要求 甚至有些更積極的公司, 還會要求預測IT服務的能力. 因為內部的IT同仁不僅只扮演技術的功能角色, 他們同時也是 “公司內部同仁” 與”外部雲端服務廠商”的對話窗口, 有點類似 business relationship management.
(四) IT組織會更佳的扁平化: 過去十餘年 我們看到很多商業購併的現象, 一但兩家 (或數家)公司合在一起, 類同功能的後勤單位也會合併, 資訊長也只有一位.
同樣的道理, 即使公司只是使用私有雲, 把數個單位 (政府 軍方 教育 等機關) 資源合在一起時, 高階的IT主管數應該會因資源再度整合 工作職掌有所調整.
2011年4月18日 星期一
臉書(Facebook)雲端運算 server/data center 的技術
臉書(Facebook)公佈, 雲端運算 server/data center 的技術設計, 各位可到 http://opencompute.org/ 看一下
Before adapting Cloud Computing services, something to think about it:
Before adapting Cloud Computing services, something to think about it:
It is obvious that moving into cloud computing services is not avoidable in IT practice and adjustable in finance figures. Nevertheless, information security remains a chief concern before any official action is willing to be taken. As a cloud service subscriber, there are a few things it might want to think about it:
(1) The corporate Information Security Policy: Is there any needs to amend the corporate Information Security Policy? Some of my earlier engagement involved composing the corporate Info Sec policy. To ensure the integrity of such documentation, I spent time in understanding the company itself and identify the risks showing in the risk profile. In moving to Cloud computing service, since our data is going to be located in other domain which the subscriber may, or may not, have direct access control. Nevertheless, the policy amendment has its necessity to fully address latest situation, followed by appropriate security practices.
(2) Security controls: When we talk about information security, we focus on the following three categories: confidentiality, integrity, and availability. With the latest virtualization technology, we are able to minimize the utilization of server/networking /storage devices. However each security control device i.e. wireless security, e-mail spam, anti-virus, is committed on its originally configured functions. Is the current technology in those security controls able to “virtualize” them together? If not, would the service provider still provide such security controls, but continue to charge us the rack fees which a subscriber thinks it would save?
(3) Availability: By adapting cloud computing service, the subscriber is taking advantage of additional connectivity, which might be faster in speed and obtain better customer satisfaction. However, are you aware the physical data center location of your service provider? Are you comfortable about their decision in locating their data centers? In the past two years, we have been experiencing certain negative impact from mother-nature in Asia, as well as the uncertain political condition in Middle east. These real instances shall address the importance of such concerns.
(4) Regulation compliance: Many high tech manufacturing companies here in Taiwan are providing ODM/OEM services. We are extremely proud of our achievements in this type of business operations. In order to build closer business relationship with other big brand companies is USA/Europe, many ODM/OEM companies are required to pass certification and/or external auditing, before some business contracts could be signed. Information security is one of the items, heavy emphasized during past few years, basing upon my prior experience. In moving to cloud computing, would the service provider also be comfortable or qualified, to meet such requirements, not causing any problems in this type of auditing?
It is obvious that moving into cloud computing services is not avoidable in IT practice and adjustable in finance figures. Nevertheless, information security remains a chief concern before any official action is willing to be taken. As a cloud service subscriber, there are a few things it might want to think about it:
(1) The corporate Information Security Policy: Is there any needs to amend the corporate Information Security Policy? Some of my earlier engagement involved composing the corporate Info Sec policy. To ensure the integrity of such documentation, I spent time in understanding the company itself and identify the risks showing in the risk profile. In moving to Cloud computing service, since our data is going to be located in other domain which the subscriber may, or may not, have direct access control. Nevertheless, the policy amendment has its necessity to fully address latest situation, followed by appropriate security practices.
(2) Security controls: When we talk about information security, we focus on the following three categories: confidentiality, integrity, and availability. With the latest virtualization technology, we are able to minimize the utilization of server/networking /storage devices. However each security control device i.e. wireless security, e-mail spam, anti-virus, is committed on its originally configured functions. Is the current technology in those security controls able to “virtualize” them together? If not, would the service provider still provide such security controls, but continue to charge us the rack fees which a subscriber thinks it would save?
(3) Availability: By adapting cloud computing service, the subscriber is taking advantage of additional connectivity, which might be faster in speed and obtain better customer satisfaction. However, are you aware the physical data center location of your service provider? Are you comfortable about their decision in locating their data centers? In the past two years, we have been experiencing certain negative impact from mother-nature in Asia, as well as the uncertain political condition in Middle east. These real instances shall address the importance of such concerns.
(4) Regulation compliance: Many high tech manufacturing companies here in Taiwan are providing ODM/OEM services. We are extremely proud of our achievements in this type of business operations. In order to build closer business relationship with other big brand companies is USA/Europe, many ODM/OEM companies are required to pass certification and/or external auditing, before some business contracts could be signed. Information security is one of the items, heavy emphasized during past few years, basing upon my prior experience. In moving to cloud computing, would the service provider also be comfortable or qualified, to meet such requirements, not causing any problems in this type of auditing?
2011年4月17日 星期日
採用外包的雲端服務時 幾個要考慮的項目
相信很多的公司, 目前在考慮採用外包的雲端服務,但是在正式啟動之前, 還是有些事情需要考慮的:
(1) 資安政策是否需要調整? 有很多單位在建置資訊安全管理制度information security management system (ISMS) 時大張旗鼓, 花了很多時間, 等做完後 是否有定期再回去看看資安政策是否需要調整? 搬到 雲端服務時 由於範圍增加 其資安政策是要修改的!
(2) 雲端服務廠商的資安設備: 資安的三大要素 (保密性confidentiality, 完整性integrity, and 可用性 availability). 透過雲端運算, 我們需要的伺服器/網路交換器/以及儲存設備都變少了, 但是資安設備呢?
資安設備是用來維護公司資料的保密性/完整性). 別忘了, 我們根據某些現象採用的是不同的資安設備 (無線網路安全 內容過濾 郵件安全 防毒) 而這些設備可透過虛擬化整合嗎? 你的雲端服務廠商都有提供嗎? 費用呢?
(3) 雲端服務廠商的可用性: 採用外包的雲端服務, 可以提高資料使用的可用性, 亞洲這幾年的確有些天災, 中東地區不乏政治因素騷動, 造成社會不安. 妳的雲端服務廠商是否這些風險因子 提出適當的解決方案, 而他們的做法, 是可讓你安心滿意嗎?
(4) 外部認證: 台灣有很多高科技公司, 是以ODM/OEM服務的形態出名的, 在與這些歐美大廠簽合作協議時,為了拿到訂單,台灣廠商被要求做相關的認證. 這些認證單位有時是買方本身, 有時是第三方公正團體, 更有些時候是來自歐美政府機關(如 海關). 這幾年由於科技發達, 資安愈來愈受重視, 當我們使用外包的雲端服務, 你也要注意, 廠商是否可以提出相關文件,稽核時應答是否完整?
--
(1) 資安政策是否需要調整? 有很多單位在建置資訊安全管理制度information security management system (ISMS) 時大張旗鼓, 花了很多時間, 等做完後 是否有定期再回去看看資安政策是否需要調整? 搬到 雲端服務時 由於範圍增加 其資安政策是要修改的!
(2) 雲端服務廠商的資安設備: 資安的三大要素 (保密性confidentiality, 完整性integrity, and 可用性 availability). 透過雲端運算, 我們需要的伺服器/網路交換器/以及儲存設備都變少了, 但是資安設備呢?
資安設備是用來維護公司資料的保密性/完整性). 別忘了, 我們根據某些現象採用的是不同的資安設備 (無線網路安全 內容過濾 郵件安全 防毒) 而這些設備可透過虛擬化整合嗎? 你的雲端服務廠商都有提供嗎? 費用呢?
(3) 雲端服務廠商的可用性: 採用外包的雲端服務, 可以提高資料使用的可用性, 亞洲這幾年的確有些天災, 中東地區不乏政治因素騷動, 造成社會不安. 妳的雲端服務廠商是否這些風險因子 提出適當的解決方案, 而他們的做法, 是可讓你安心滿意嗎?
(4) 外部認證: 台灣有很多高科技公司, 是以ODM/OEM服務的形態出名的, 在與這些歐美大廠簽合作協議時,為了拿到訂單,台灣廠商被要求做相關的認證. 這些認證單位有時是買方本身, 有時是第三方公正團體, 更有些時候是來自歐美政府機關(如 海關). 這幾年由於科技發達, 資安愈來愈受重視, 當我們使用外包的雲端服務, 你也要注意, 廠商是否可以提出相關文件,稽核時應答是否完整?
--
其他文章: 喬治六世二次大戰演說稿《王者之聲:正義宣言》(The Kings Speech)!
I had an opportunity to see the move of “The King’s Speech” last month. It focuses on how the King George VI of Britain received treatment from a therapist and how the King fought back certain challenges facing in his life as well as duty.
As you probably are aware that King’s speaking difficulty came from his childhood, for example, some mistreatment from his older brother. A simple word or misbehavior could bring extreme negative impact to one’s life, which is something always beyond our imagination. For those individuals who are raining young children, it makes me to believe this is a potential situation we all need to be more careful.
In the end of the move, the king is addressing to his people. The following is collected from Internet. I know a lot of people here in Taiwan spend significant amount of time learning English. Maybe reading someone’s speech is another way to enhance the level of knowledge. Try to read that to yourself to see whether you could be encouraged.
Good luck and enjoy this movie.
Thank you
=================================
喬治六世二次大戰演說稿《王者之聲:正義宣言》(The Kings Speech)!
"In this grave hour, perhaps the most fateful in our history, I send to every household of my peoples, both at home and overseas, this message, spoken with the same depth of feeling for each one of you as if I were able to cross your threshold and speak to you myself.
For the second time in the lives of most of us we are at war. Over and over again we have tried to find a peaceful way out of the differences between ourselves and those who are now our enemies. But it has been in vain. We have been forced into a conflict. For we are called, with our allies, to meet the challenge of a principle which, if it were to prevail, would be fatal to any civilised order in the world.
It is the principle which permits a state, in the selfish pursuit of power, to disregard its treaties and its solemn pledges; which sanctions the use of force, or threat of force, against the sovereignty and independence of other states. Such a principle, stripped of all disguise, is surely the mere primitive doctrine that might is right; and if this principle were established throughout the world, the freedom of our own country and of the whole British Commonwealth of Nations would be in danger. But far more than this - the peoples of the world would be kept in the bondage of fear, and all hopes of settled peace and of the security of justice and liberty among nations would be ended.
This is the ultimate issue which confronts us. For the sake of all that we ourselves hold dear, and of the world's order and peace, it is unthinkable that we should refuse to meet the challenge. It is to this high purpose that I now call my people at home and my peoples across the seas, who will make our cause their own. I ask them to stand calm, firm, and united in this time of trial. The task will be hard. There may be dark days ahead, and war can no longer be confined to the battlefield. But we can only do the right as we see the right, and reverently commit our cause to God. If one and all we keep resolutely faithful to it, ready for whatever service or sacrifice it may demand, then, with God's help, we shall prevail. May God bless and keep us all"
As you probably are aware that King’s speaking difficulty came from his childhood, for example, some mistreatment from his older brother. A simple word or misbehavior could bring extreme negative impact to one’s life, which is something always beyond our imagination. For those individuals who are raining young children, it makes me to believe this is a potential situation we all need to be more careful.
In the end of the move, the king is addressing to his people. The following is collected from Internet. I know a lot of people here in Taiwan spend significant amount of time learning English. Maybe reading someone’s speech is another way to enhance the level of knowledge. Try to read that to yourself to see whether you could be encouraged.
Good luck and enjoy this movie.
Thank you
=================================
喬治六世二次大戰演說稿《王者之聲:正義宣言》(The Kings Speech)!
"In this grave hour, perhaps the most fateful in our history, I send to every household of my peoples, both at home and overseas, this message, spoken with the same depth of feeling for each one of you as if I were able to cross your threshold and speak to you myself.
For the second time in the lives of most of us we are at war. Over and over again we have tried to find a peaceful way out of the differences between ourselves and those who are now our enemies. But it has been in vain. We have been forced into a conflict. For we are called, with our allies, to meet the challenge of a principle which, if it were to prevail, would be fatal to any civilised order in the world.
It is the principle which permits a state, in the selfish pursuit of power, to disregard its treaties and its solemn pledges; which sanctions the use of force, or threat of force, against the sovereignty and independence of other states. Such a principle, stripped of all disguise, is surely the mere primitive doctrine that might is right; and if this principle were established throughout the world, the freedom of our own country and of the whole British Commonwealth of Nations would be in danger. But far more than this - the peoples of the world would be kept in the bondage of fear, and all hopes of settled peace and of the security of justice and liberty among nations would be ended.
This is the ultimate issue which confronts us. For the sake of all that we ourselves hold dear, and of the world's order and peace, it is unthinkable that we should refuse to meet the challenge. It is to this high purpose that I now call my people at home and my peoples across the seas, who will make our cause their own. I ask them to stand calm, firm, and united in this time of trial. The task will be hard. There may be dark days ahead, and war can no longer be confined to the battlefield. But we can only do the right as we see the right, and reverently commit our cause to God. If one and all we keep resolutely faithful to it, ready for whatever service or sacrifice it may demand, then, with God's help, we shall prevail. May God bless and keep us all"
其他文章: Love Letter
Love Letter
“love” is probably the most common topic we have been discussed on a daily basis. You might have a different opinion, but, after realizing the number of audience were chasing the final result of a famous TV series (犀利人妻) last week, then my point should easily obtain your attention.
No matter what your current romantic relationship is, either love someone, been loved, or pursuit an individual that you should not, anyway, you all have my blessing. However, I believe you all had an opportunity to write love letters, in addressing how you feel to the one you are fallen love with. (maybe you are doing that as we speak.)
Nevertheless, have you had a chance putting your heart to the one(s) you had written before, to find out the wording being described under certain circumstances? And do you still remember what that would be? In addition, have you had a chance to read other people’s love letter, to see how they express their feelings? Via the web link of http://www.links2love.com/love_letters_4.htm, I was lucky enough to find out Beethoven’s love letter. If you are available, take a look it. We all have been enjoying his music, but, could we learn from his words?
Good luck to you, may God bless you all.
===
Beethoven to His Immortal Beloved
Letter 1
July 6, in the morning
My angel, my all, my very self -
Only a few words today and at that with pencil (with yours) - Not till tomorrow will my lodgings be definitely determined upon - what a useless waste of time -
Why this deep sorrow when necessity speaks - can our love endure except through sacrifices, through not demanding everything from one another; can you change the fact that you are not wholly mine, I not wholly thine -
Oh God, look out into the beauties of nature and comfort your heart with that which must be -
Love demands everything and that very justly - thus it is to me with you, and to you with me.
But you forget so easily that I must live for me and for you; if we were wholly united you would feel the pain of it as little as I -
My journey was a fearful one; I did not reach here until 4 o'clock yesterday morning. Lacking horses the post-coach chose another route, but what an awful one; at the stage before the last I was warned not to travel at night; I was made fearful of a forest, but that only made me the more eager - and I was wrong.
The coach must needs break down on the wretched road, a bottomless mud road.
Without such postilions as I had with me I should have remained stuck in the road.
Esterhazy, traveling the usual road here, had the same fate with eight horses that I had with four - Yet I got some pleasure out of it, as I always do when I successfully overcome difficulties -
Now a quick change to things internal from things external.
We shall surely see each other soon; moreover, today I cannot share with you the thoughts I have had during these last few days touching my own life -
If our hearts were always close together, I would have none of these.
My heart is full of so many things to say to you - ah - there are moments when I feel that speech amounts to nothing at all -
Cheer up - remain my true, my only treasure, my all as I am yours.
The gods must send us the rest, what for us must and shall be -
Your faithful LUDWIG
==========
“love” is probably the most common topic we have been discussed on a daily basis. You might have a different opinion, but, after realizing the number of audience were chasing the final result of a famous TV series (犀利人妻) last week, then my point should easily obtain your attention.
No matter what your current romantic relationship is, either love someone, been loved, or pursuit an individual that you should not, anyway, you all have my blessing. However, I believe you all had an opportunity to write love letters, in addressing how you feel to the one you are fallen love with. (maybe you are doing that as we speak.)
Nevertheless, have you had a chance putting your heart to the one(s) you had written before, to find out the wording being described under certain circumstances? And do you still remember what that would be? In addition, have you had a chance to read other people’s love letter, to see how they express their feelings? Via the web link of http://www.links2love.com/love_letters_4.htm, I was lucky enough to find out Beethoven’s love letter. If you are available, take a look it. We all have been enjoying his music, but, could we learn from his words?
Good luck to you, may God bless you all.
===
Beethoven to His Immortal Beloved
Letter 1
July 6, in the morning
My angel, my all, my very self -
Only a few words today and at that with pencil (with yours) - Not till tomorrow will my lodgings be definitely determined upon - what a useless waste of time -
Why this deep sorrow when necessity speaks - can our love endure except through sacrifices, through not demanding everything from one another; can you change the fact that you are not wholly mine, I not wholly thine -
Oh God, look out into the beauties of nature and comfort your heart with that which must be -
Love demands everything and that very justly - thus it is to me with you, and to you with me.
But you forget so easily that I must live for me and for you; if we were wholly united you would feel the pain of it as little as I -
My journey was a fearful one; I did not reach here until 4 o'clock yesterday morning. Lacking horses the post-coach chose another route, but what an awful one; at the stage before the last I was warned not to travel at night; I was made fearful of a forest, but that only made me the more eager - and I was wrong.
The coach must needs break down on the wretched road, a bottomless mud road.
Without such postilions as I had with me I should have remained stuck in the road.
Esterhazy, traveling the usual road here, had the same fate with eight horses that I had with four - Yet I got some pleasure out of it, as I always do when I successfully overcome difficulties -
Now a quick change to things internal from things external.
We shall surely see each other soon; moreover, today I cannot share with you the thoughts I have had during these last few days touching my own life -
If our hearts were always close together, I would have none of these.
My heart is full of so many things to say to you - ah - there are moments when I feel that speech amounts to nothing at all -
Cheer up - remain my true, my only treasure, my all as I am yours.
The gods must send us the rest, what for us must and shall be -
Your faithful LUDWIG
==========
2011年4月16日 星期六
電子媒體社交工具帶來的工作機會
電子媒體社交工具帶來的工作機會
現代的人, 同時間擁有很多電子媒體社交工具 (如網誌, 臉書等). 這些電子媒體社交工具, 可以幫助我們建立個人品牌行銷, 幫助我們找到 (或找回)老朋友, 甚至開拓更多的商業機會. 但是, 隨著新興社交工具的產生, 我們會狂熱的使用新工具 (因為我們的時間愈來愈少), 而忘了維繫較舊的. 因此, 以後可能會有一種新興的工作機會 (或許已有人在從事了) 專門幫客戶去做所有電子媒體社交工具的品牌整理, 甚至訊息回覆, 以確保個人形象維持. 這樣的需求應不只限定在 政治人物 or歌星, 一般老百姓可能也會需要.
An article from last month’s New York Times, titled “The Great Rush Forward”, written by Anita Patil, indicates that “Yet speed seems to govern modern life, and many of us feel there are no chances to slow things down.” She even uses the fact that people nowadays prefer to post short message in facebook, instead of write articles in blog, since the later one takes a little bit longer time.
During past few years, as a result of leading edge technology, we have all experience number of new social media for communication. All of those applications are clear examples of cloud computing service. Many people use that platform to build his/her own personal brand, re-connect to friends who lost in touch for a long time, and even expose numerous business opportunities. Those social media are developing, updating on a continuous way, where an individual might lost in the sea what he has, even had before. In the near future, there probably would be a new career to help an individual to coordinate, even re-build a personal image via those alive social media. This type of request shall not only limited politicians or movie star, a regular citizen might present such needs as well.
現代的人, 同時間擁有很多電子媒體社交工具 (如網誌, 臉書等). 這些電子媒體社交工具, 可以幫助我們建立個人品牌行銷, 幫助我們找到 (或找回)老朋友, 甚至開拓更多的商業機會. 但是, 隨著新興社交工具的產生, 我們會狂熱的使用新工具 (因為我們的時間愈來愈少), 而忘了維繫較舊的. 因此, 以後可能會有一種新興的工作機會 (或許已有人在從事了) 專門幫客戶去做所有電子媒體社交工具的品牌整理, 甚至訊息回覆, 以確保個人形象維持. 這樣的需求應不只限定在 政治人物 or歌星, 一般老百姓可能也會需要.
An article from last month’s New York Times, titled “The Great Rush Forward”, written by Anita Patil, indicates that “Yet speed seems to govern modern life, and many of us feel there are no chances to slow things down.” She even uses the fact that people nowadays prefer to post short message in facebook, instead of write articles in blog, since the later one takes a little bit longer time.
During past few years, as a result of leading edge technology, we have all experience number of new social media for communication. All of those applications are clear examples of cloud computing service. Many people use that platform to build his/her own personal brand, re-connect to friends who lost in touch for a long time, and even expose numerous business opportunities. Those social media are developing, updating on a continuous way, where an individual might lost in the sea what he has, even had before. In the near future, there probably would be a new career to help an individual to coordinate, even re-build a personal image via those alive social media. This type of request shall not only limited politicians or movie star, a regular citizen might present such needs as well.
雲端運算的時代 Data Center管理人員的角色: Uncertainty in today’s global economy
雲端服務講的是 “on-demand” services, 有使用到, 才需要付錢.
但相對的, 一旦重大天災人禍發生時, 雲端服務的廠商, 資源也有限, 不是每一個客戶的服務要求都接受, 到時候, “on-demand” 的決定權可是在, 廠商身上吧.
但相對的, 一旦重大天災人禍發生時, 雲端服務的廠商, 資源也有限, 不是每一個客戶的服務要求都接受, 到時候, “on-demand” 的決定權可是在, 廠商身上吧.
Uncertainty in today’s global economy
Uncertainty in today’s global economy
In the wake of Japan’s cascading disasters, indicators of Information Technology changes might dramatically occur.
September 11, 2001 was one of the darkest days to the USA, as well as the global economy. I was in New Jersey then, serving my IT duties at a telecommunication company over there. We all were extreme scared. After 9-11, quite a few IT openings were closed. Some people believe this is a negative impact coming from economic loss. However, as a result of that incident, a few financial institutions were quickly building new data centers in southern states. By doing so, if a similar situation occurs, at least, their business function could continue. This type geographic re-location program, of course, eliminated some job openings, brings more people applying for unemployment benefit.
Japan’s last month earthquake broke our heart. Although Japanese are well educated to manage and survive once this type disaster happens. Nevertheless, we were still seeing a lot of manufacturing facilities could not resume normal functions as they would like to be. Building a disaster recovery facility, both in manufacturing and IT function probably would be required to do so. And I believe this type of needs shall apply to most of the Asia countries, instead of some of them. As a result, to provide the leasing or renting a cloud computing “data center/facility” might quickly be an emerging business opportunity for those hardware provider(s). This should increase the speed of hardware providers to release their products in the market sooner, not later though.
2011年4月15日 星期五
雲端運算的時代, 資訊安全人員的角色
在過去這一年來,雲端運算毋庸置疑的,是個熱門的話題,這篇短文想稍微談一下在雲端運算的時代,資訊安全人員工作的職責角色,是否有無重大改變。
在傳統的電子資料中心 (或公司的 IT/MIS 部門) 資安人員可能只是個兼職的角色 (主要的工作可能是網路或系統工程師,也有可能程式設計師, 甚至在導入完ISMS 團隊就解散了) 。在雲端運算時代 由於很多的資源,會從傳統的資料中心轉到,專責的雲端運算,所以資安的工作可能會更加的減少了。
而我們將場景轉到專業的雲端運算服務的廠商,由於它的工作就是提供這樣的專業服務,所以會搭配非常專業的人員, 資安人員也不例外。也因為如此,資安人員可更專心在它們的工作上,對應該採取的補救措施,也會更努力。再來因為我們是在虛擬的環境,所有的 "病毒掃描及弱點測試(Virus Scanning and Vulnerability Testing)” 甚至系統補丁 (patch), 安全稽核 (security audit) 都可以在較完整,高同質性的系統平台,且比以前更快的速度下完成。
當然 凡事都是一體兩面的 以前 DDoS 的攻擊可能只針對單一的伺服器。但在虛擬的環境裡, 類似的攻擊會打到在一部實體設備上所有的作業系統與應用程式 (如 customized application package, ERP, mail等)。在 ITSM incident management制度下, 本來只有一張incident紀錄, 現在變成多張, 而多張incident紀錄, 所導出的 KPI 會不會對從業人員的考績也有影響呢?
以上乃個人淺見 尚請各位先進指導。
雲端運算的時代 Data Center管理人員的角色
在現在電腦資訊設備廣泛運用的今天,我相信大家對於 Data Center管理與專業人員的重要性,自有相當程度的見解。隨著使用單位的商務要求,與各公司的預算,各個公司所擁有的 Data Center 大小與人員配置自有所不同。
自金融海嘯以來,很多公司都面臨很大衝擊,有的公司到今年才慢慢喘一口氣來。不管貴公司去年賺幾個股本,EPS創新高,大多的IT營運費用,仍會被要求降低。而在雲端運算的時代,不可否認的,不管是公有雲,私有雲,貴公司的那朵雲慢慢會從你的頭上,飄移到更專業的服務廠商。既有的資訊人員,工作會降低。也因為有些設備,移到專業的雲端運算機房內,過去我們半夜要到機房維修,甚至週末待命的工作自然減少。若是整個雲端運算機房服務費用,又和現行作業人員有比價空間時,專業人員縮編與汰換,可能是無法避免的。至於能留下來的IT 人員,被要求的職責將日益增加。可能要統包 “伺服器” “作業系統” “儲存” “網路” “資安” 等等,所以工作量是質變的擴大。
訂閱:
文章 (Atom)