Monthly Archives: November 2015

Open Wi-Fi Means Open Season For Hackers: How To Secure Mobile Connections

By | November 25, 2015

The world’s Going Mobile: The Who’s song about life on the road has taken on a prophetic new meaning in the smartphone era; unfortunately, mobile networks are typically about as secure as a tent trailer. There are now over 7 billion mobile subscriptions, over 30% of those with smartphones, and global mobile data traffic grew by 69% last year. Indeed, Gartner predicts that by 2018, more than half of us will a mobile device our first option for online tasks. However the dark side to the mobile life is far greater exposure to cyber attacks and information theft due to weak, often non-existent network security at public Wi-Fi hotspots. But businesses needn’t fear Wi-Fi and attempts to squelch its use by employees are foolish. The mobile hotspot train has left the station, but unfortunately the typical connection is about as secure as an unlocked tour bus at a truck stop. The seedy side of the mobile life is far greater exposure to cyberattacks and data theft due to weak or nonexistent network security at public Wi-Fi hotspots. But businesses needn’t fear Wi-Fi and I explain why in this report. In fact, attempts to squelch its use by employees are unlikely to end well. A better bet is taking steps to educate and protect users.

Internet_Trends_2015_v3 page 11

By now, all IT pros and tech-savvy users should know that using open Wi-Fi is an open invitation to be hacked. Yet, based on the number of such people I regularly see at major technology events blithely using unsecured hotspots, it’s worth repeating the basics: open Wi-Fi, i.e. not secured by WPA2, is trivially easy to spoof, tricking victims into connecting with an attacker’s AP instead of the real thing. It starts with mobile clients prioritizing convenience over security. As< I wrote last year, virtually all Wi-Fi devices broadcast a radar-like ping searching for previously accessed networks. If an AP responds with a known SSID, the requesting client automatically tries to connect. On open hotspots, or a secured AP for which the client has cached the correct network password, this is automatic and hackers can easily exploit this implicit trust. The key lesson is to connect and then encrypt everything. 


Historically, enterprise VPNs have been all-or-nothing affairs that tunnel all client traffic to the data center, even that destined for the public Internet. This invariably annoys both users, which can’t access local resources like NAS shares or networked printers, and WAN admins which see their circuits clogged with superfluous traffic. The upside is that forced tunneling to a private VPN does thwart potential wireless MitM exploits and allows organizations to enforce content filters and network security policies for remote users, however there are better ways to manage data leakage and client security policies than by brute force. Instead, limit private VPNs for access to internal resources, not the Internet writ large.

Source: Cisco

Hairpin traffic from remote VPN clients destined for the public Internet needlessly loads enterprise WAN circuits. Source: Cisco

My full report takes a look at hotspot hacking, how businesses with mobile users can protect themselves and lays out things businesses should know, including:

  • There are nearly 6 million public Wi-Fi hotspots worldwide; most have weak or nonexistent network security./li>
  • The single best way to protect mobile employees against hacking on public networks is the use of a VPN.
  • VPNs are available as a service; managed remote access and VPN services are also available from carriers.

The iPad Pro As A Work Machine? Yes, But Apple Has Work To Do

By | November 24, 2015

In using the iPad Pro over the past week, it’s clear it’s different in kind, not just degree, from both other tablets and Mac laptops. This means that in order to fully realize its potential, developers can’t treat the Pro as merely a big iPad. However, the responsibility is on Apple and ultimately, Cook to ensure that doesn’t happen. It’s not enough to just talk about all the wondrous things an iPad Pro might do, Apple needs to actively work to make them a reality. Here’s what it must do.


The challenge is similar to that faced by the original iPad over five years ago. Many, myself included, initially saw the device as just a big iPod Touch: nice, but hardly revolutionary. Only after using it for a while and experiencing apps that took advantage its speed and generous screen area did it become apparent that the iPad actually represented something new. Yet success wasn’t a given. Had users been forced to live with upscaled, screen-wasting and pixelated iPhone apps, the iPad would surely have died after a couple iterations. Indeed, this situation still plagues Android tablets where too few apps are optimized for the larger screen leaving potential buyers seeing no compelling advantage over a phone. The iPad Pro faces the same app gap.

In this column, I detail the shortcomings, which are mostly in software and thus easily fixed, but conclude that the iPad Pro is closer than some detractors admit to being a work machine for the masses. The most pressing issue is to aggressively encourage and incentivize developers to add full multitasking support, particularly for iOS 9 Split View, to all iPad apps. I also believe Apple should encourage an ecosystem of Pencil-like styli. The bigger problem, which will take both a change in executive mindset and more engineering, is adding support for mouse cursors and trackpads to iOS. The touchscreen interface is just too inefficient when using a keyboard.

iPad Multitasking

As the column explains, with a few evolutionary tweaks, it has the potential to push more people into an utterly post-PC existence and fulfill the vision of a new platform for a new generation of professionals and their apps.

Cloud Price Wars: Have We Hit Bottom or Are AWS, Others Just Hitting Pause?

By | November 9, 2015

A version of this article originally appeared in TechTarget SearchAWS as Cloud cost comparison foggy at best

News of continued price cuts were noticeably absent at AWS re:Invent and scarce in 2015. Have we hit bottom and what does it mean for enterprises?

Buying cloud services used to resemble shopping for sweaters right before Christmas: the longer you wait, the better the deals. While they lasted, the tit-for-tat cloud price cuts by AWS, Google and Microsoft were as predictable as the pre-OPEC gas price wars when filling up the sedan meant also outfitting your kitchen with another set of glassware. Despite continued declines in the cost of data center hardware — the price for a popular 500GB SSD has dropped 30% in the last six months, while even a relatively new 8-core Xeon Haskell (v3) goes for 10% less than it did a couple months ago, cloud price cuts have slowed. Indeed, over a year ago Google’s head of cloud infrastructure noted that prices haven’t been keeping up with Moore’s Law: instead of dropping 20-30% per year, public cloud prices have gone down only about 7% annually.


Spot price of a popular SSD

Chart: Google-cloud-pricing-v-Moore
Comparative IaaS Pricing

Yet Google’s chart is misleading since cloud price cuts have been far from linear. As of January, AWS had cut prices 44 times in the past year, however there have been reductions on only two services in the last six months. Still, by some measures AWS remains the price leader. An analysis by Wall Street analyst Mark Mahaney used a metric of average monthly cost per GB of RAM across various compute workloads to show that

AWS was by far the cheapest service: 22% below Google and IBM Softlayer, 26% less than Azure and less than half the price of VMware (vCloud Air). From October 2013 to December 2014, Mahoney’s metric showed average AWS (EC2) prices had dropped 8%, versus -6% for Google and -5% for Azure.

Source: RBS research by Mark Mahaney

Source: RBS research by Mark Mahaney

A more recent head-to-head analysis by RightScale, a specialist in multi-cloud management software, found Google to be the value leader over AWS. As we found when doing a full-stack cloud price comparison earlier this year, it’s difficult to make apples-to-apples comparisons due the different price models employed by AWS and Google, however RightScale found that across standard compute instance types, Google was over 25% cheaper for all but the most memory-heavy instances.

Source: RightScale

Source: RightScale

Prognosis and Analysis

As evidenced by Amazon’s surprisingly strong earnings reports the last two quarters, each showing impressive profit, not just revenue growth within AWS, the company shows a newfound commitment to profits and margins over unrelenting and capital-intensive expansion. At AWS this manifests as a shift from price-driven growth to service-driven, long-term enterprise commitments that lead to sustainable profits. We agree with RightScale’s conclusion that “Over the past nine months, AWS seems to be shifting its focus to differentiate based on features vs. costs … but it’s yet to be seen whether the company will try to undercut Google prices or go for a ‘close enough’ strategy.”

Indeed, one economic analysis concludes that “large scale public cloud computing is a natural oligopoly” where the “cost position gained from economies of scale provide a significant ‘moat’ for incumbent large scale cloud providers, representing significant barriers to entry and putting a natural limit on the number of big players in this elite club.” No one wants to become a monopoly and risk customer and regulatory blowback, so given the relative financial (if not market) parity among major players, price wars generally only lead to lower profits, not increased share. “Price is the one lever on which it does not pay to compete, since in most cases moving price leads to less total profit. The (economic) model would suggest that we would continue to see substantial non-price competition in the form of more and more wonderful services being layered on top of the core offering.”

Reading the reInvent Tea Leaves

The focus on enterprise services at reInvent, where corporate developers, not independents, were the target demographic. Although reInvent has always been a developer-centric event, the emphasis this year was on those working within large organizations requiring a myriad of enterprise services and tight integration to external systems. This shift from indie cloud natives to corporate cloud advocates marginalizes the importance of raw pricing.

Source: AWS reInvent 2015 presentation

Source: AWS reInvent 2015 presentation

As AWS moves up the value chain it’s much harder to do price and TCO comparisons. We first noted this in our full-stack cloud pricing analysis, but the reasons are simple:

  • there aren’t always one-to-one matches for a particular service across cloud providers
  • comparing the cost with a DIY approach is even harder to estimate due to the cost of software, the complexity of configuration and administration tasks and variability in admin overhead efficiency and pay.

This means that the cloud make-buy decision will soon no longer be a simple matter of measuring the price of a VM using amortized hardware costs. For enterprises trying to optimally allocate cloud budgets between AWS and other public cloud providers, we see several implications:

  • Google will continue trying to be the price leader with innovative billing models and application services that cater to startups and developers.
  • Azure will battle a now-distracted VMware (see Dell-EMC merger and resulting confusion around VMware’s future) by focusing on existing enterprise customers with a strong hybrid cloud portfolio that provides a consistent infrastructure and management stack across shared public and dedicated private clouds.
  • AWS will pursue Greenfield cloud-native workloads in every market, with particular emphasis on large enterprises updated and/or repurposing workloads from private data centers to the cloud. AWS will build on its already rich set of services with integration tools to ease data migration and facilitate communication and data-interchange between legacy on-premises applications and new cloud-native apps.


Public or Private, Multi-Cloud is the Future. How Will You Manage It?

By | November 5, 2015

A version of this article originally appeared in TechTarget SearchCloudApplications as Managing application deployments in a multiple-cloud enterprise

original_personalised-multi-cloud-baby-mobileAny conversation about cloud services usually begins with AWS, but for most organizations, it won’t end there. Whether to fight vendor lock-in, increase the diversity of available services, arbitrage price disparities or maintain control over particularly sensitive information an increasing number are adopting multi-cloud strategies that include both public and private components. While it’s a sound strategy, they quickly run into another problem: managing applications and infrastructure configurations across cloud stacks that don’t share a common API and have very different service definitions and billing models. It’s a seemingly complex task, but hardly a showstopper, with a number of mature software and SaaS options available to automate deployments across a variety of cloud stacks.  Yet all the automation tools rely on a common conceptual framework: treating cloud resources as abstract objects that can be configured, run and managed as software code. Hence, the overlap with DevOps methodologies and organizational models.

The multi-cloud imperative

Think multi-cloud is only for hyper growth cloud-native startups or multinational enterprises? Think again. According to the RightScale 2015 State of Cloud Report, 58% of respondents use both public and private clouds. Furthermore 14% have a multiple public cloud strategy with another 55% working towards a hybrid mix of public and private. Lest you dismiss RightScale, which is a leading provider of cloud management software, of stacking the deck in favor of its product thesis, Forrester Consulting comes up with similar data. It found that 52% of large firms already use more than one public cloud vendor with a third running on three of more.

Source: RightScale State of Cloud 2015

Source: RightScale State of Cloud 2015

Continue reading