What do Windows 3.1 and The Cloud have in common you ask? To most people probably not much. But for me, the last few months and ‘the cloud’ has been a deja vu back to my Windows 3.1 and DOS days.
Windows 3.1 was released when I started High School. Prior to this, I had spent a great deal of time, learning to code on my own in Basic, then Pascal, and eventually C. I was the resident ‘computer support guy’ for family, friends and neighbours. One individual I supported was my uncle who was a Chartered Accountant. He ran his own business (I am actually in what was his office as I write this post) supporting small and medium size businesses with Accounting services. All his clients were running DOS with a accounting program called Bedford. My uncle would set them up on this software. Customers would use it to manage their accounting, and bring him updated backup files from Bedford on Floppy for him to provide the accounting services they required. He was a very successful entrepreneur. I held him in high regard and had much respect for him. My uncle was not one for change however. He would change, but only at the last possible minute when all other options were exhausted.
As soon as Windows 3.1 came out, I had it installed and was figuring it out, using it and working with it. My uncle on the ohter hand wanted nothing to do with it. He’d been using and known DOS for years. The idea of a graphical interface, a mouse, ‘clicking’ and ‘double-clicking’ were just silly when he could do everything from a keyboard (I agree with his mouse opinion though, I don’t like them to this day). Eventually, Bedford came out with a Windows version and his clients wanted to upgrade their systems. He kept as many of them as he could on DOS for as long as he could. It was stressful for him. He would often talk to me about it and I would try to convince him to be more open to it, showing him how to do different functions on Windows, helping him with issues, but for months he resisted. One Saturday morning, he was in one of his moods, saying that DOS based was fine, and he “wasn’t going to Windows.”. I tried a different approach. I responded by saying “You are going to Windows Uncle Larry, it is not your decision.” Anger flashed across his face (To this day, I remember that look, where he was standing, what he was wearing. Staring at his little ‘punk’ teenage nephew who was telling him what was going to happen). “It is my decision!” he responded. “No, Uncle it isn’t. Microsoft and Bill Gates have decided everyone is going to Windows 3.1. You have no choice. You are going. The only choice you have is how long you can resist, but you are going.” I remember him being really mad at me. The result was an argument. It didn’t last long and a few days later, it was as if it didn’t happen. Our relationship was pretty strong. He eventually did migrate himself and all his customers to Windows 3.1. When Windows 95 and Windows 2000 came along, he migrated his business and everyone much quicker. I think DOS to Windows 3.1 represented a big change for him. He didn’t like situations he couldn’t control and this was one of them.
So how does all this tie into the Cloud? Many of my recent interactions around Cloud and platforms as a service have been reminding me of the Windows 3.1 interactions I had with my uncle. I see four basic types of behaviours in response to virtualization and cloud services. First are those that don’t want these changes period and view it as a threat. I find they are not the majority, but there are many more than I would have guessed. Next, there are the passive-aggressive types. While the agree in principle, they throw up road blocks, and issues to try and stall or make the transition as unpleasant as possible. This category seems to be the majority. Third, are those who have accepted it sort of, but want to control it, keep it contained. I find these are usually people that were originally in the passive-aggressive category and have realized that the changes are not stoppable. As a result, they have softened their position but still do not like the change. Finally, there are a few that actively embrace it and even promote the change.
I believe that virtualization, Software/Platform/Infrastructure/Security as a Service (*aaS) is here to stay. Like my uncle, we don’t have a choice of ‘if’, it is just a question of how long you want to resist. If you are involved in these services in your organization, which category are you in? Do you feel that they are a fad? Ddo you embrace and promote, or are you somewhere in between? What category does your organization fall under?

I recently read an article forwarded to me by a respected colleague called
Lately, I have been hearing from vendors that offer services to companies permitting them to use cloud services securely. With the explosion of the cloud and the economics it provides, businesses that in the past refused to put their sensitive data on a third party provider are reconsidering. The key is determining how to do so in a secure fashion. What is considered ‘secure’ is by no means standard, rather it depends on the type of information, the regulatory policies that apply (if any), and the risk of the data being exposed either accidentally or maliciously. In order to assess the risk, companies are starting to look at three main areas. Technology that cloud providers offer to secure data, external providers that offer services to secure your data in the cloud, contractual discussions between parties and the responsibilities of all parties should a breach occur.


I came across a post by Stu Dunn entitled
Anonymity and traceability are completely different concepts. I can be anonymous but yet traceable. What I mean by traceable in the context of this post is that should someone wish, and with the right level of authorization they could determine your identity, effectively negating any anonymity you created. If you want true anonymity, then you have to also ensure there is no traceability. This may seem like an obvious statement, yet I find that when it comes to the use of tools to enable privacy or anonymity, many people feel their identity could not be discovered when if fact it can. Whenever you are being anonymous in the digital world, you have to look at all the technology involved and ask yourself if it would be possible for a 3rd party (criminal, company, law enforcement, government) to trace back and reveal your identify if they wanted to and had the appropriate resources.
A recent paper entitled Protocol Level Hidden Server Discovery, by Zhen Ling, Kui Wu, Xinwen Fu and Junzhou Luo. Paper is starting to be discussed in the Tor community. From my perspective, it is a nice attack to reveal the IP address of a hidden service. It would require resources to actually implement effectively, but for Law enforcement trying to shutdown and arrest owners of illegal websites selling drugs, weapons, or child pornography and are hiding behind Tor, it is an option. Of course that also means the capability to find anyone that might be doing something a government or large entity does not agree with. The paper is 