The Cloud: Do your Homework

So this raises the question.  How scared should the average business owner be about moving to the cloud?  Of course it’s a complex question.  If you look at it completely academically, you’ll need to value assets, calculate risk and all the rest.  But let’s cover a few practicalities here.

It’s very common for small businesses (and some large ones) to have an attacker inside their systems for months if not years before anyone notices.  When they do notice, there is seldom a competent forensic investigation to determine what has happened and for how long.  Actually, what usually happens when there is a security incident is the sysadmin or IT provider does his/her best to patch it up and move on.  

So would you rather have someone directly inside your systems, or just have a bit of your data in a large pile of other data that a random person may or may not ever go through or use against you? Don’t get me wrong, I’m not saying “a compromise is going to happen anyways so don’t worry about it”.  What I am saying is that you have to evaluate how critical your data is, and how much you want to protect it.  If you are really worried, build your own solid protection mechanisms.  If you aren't worried, then why would the cloud worry you any more or less?

While I predict there will be several large scale cloud compromises in the next year, the usual attitude of “I don’t need security, nobody would target me, and security consultants and products are too expensive” won’t position you any better.  If you are using security as a reason not to move to the cloud, make sure you’re doing it better.

Somehow, given the aforementioned rationale I doubt most businesses a capable of doing it better. Look closely at your data and how much it means to the bottom line. What if your database were wiped tomorrow and your backup failed. I imagine heads would roll if not total business collapse. 

Bottom line.....do your homework and have people that know the total picture advise on the best course of action.

Social Indexing: An Overview

Search sites could take your friends' opinions into account when you look for restaurants. Newspaper sites could use their knowledge of what's previously captured your attention online to display articles you are interested in. Fundamentally, the Web would be better if it were more oriented around people. To bring this idea to fruition, Facebook is creating a kind of social index of the most frequently visited chunks of the Web.

Many sites have tried to personalize what they offer by remembering your past behavior and showing information they presume will be relevant to you. But the social index could be much more powerful because it also mines your friends' interests and collects information from multiple sites. As a result, the index can give websites a sense of what is likely to interest you even if you've never been there before.

This ambitious project gets much of its information from the simple "Like" button, a thumbs-up logo that adorns many Web pages and invites visitors to signal their appreciation for something—a news story, a recipe, a photo—with a click. Facebook created the concept in 2007 at FriendFeed, a social network that pre-dated Facebook, but was acquired by Facebook in 2009. Back then, the button was just a way to encourage people to express their interests, but in combination with Facebook's user base of nearly 600 million people, it is becoming a potent data-collecting tool. The code behind the Like button is available to any site that wants to add it to its pages. If a user is logged in to Facebook and clicks the Like button anywhere on the Web, the link is shared with that person's Facebook friends. Simultaneously, that thumbs-up vote is fed into Facebook's Web-wide index.

That's how the Wall Street Journal highlights articles that a person's friends enjoyed on its site. This is what lets Microsoft's Bing search engine promote pages liked by a person's friends. And it's how Pandora creates playlists based on songs or bands a person has appreciated on other sites.

This method of figuring out connections between pieces of content is fundamentally different from the one that has ruled for a decade. Google mathematically indexes the Web by scanning the hyperlinks between pages. Pages with many links from other sites rise to the top of search results on the assumption that such pages must be relatively useful or interesting. The social index isn't going to be a complete replacement for Google, but for many types of activity—such as finding products, entertainment, or things to read—the new system's personal touch could make it more useful.

Google itself acknowledges this: it recently rolled out a near-clone of the Like button, which it calls "+1." It lets people signify for their friends which search results or Web pages they've found useful. Google is also using Twitter activity to augment its index. If you have connected your Twitter and Google accounts, Web links that your friends have shared on Twitter may come up higher in Google search results.

Another advantage of a social index is that it could be less vulnerable to manipulation: inflating Google rankings by creating extra links to a site is big business, but buying enough Facebook likes to make a difference is nearly impossible. Social activity provides a really authentic signal of what is authoritative and good. That's why Hunch and other services, including an entertainment recommendation site called GetGlue, are building their own social indexes, asking people to record their positive feelings about content from all over the Web. If you're browsing for something on Amazon, a box from GetGlue can pop up to tell you which of your friends have liked that item.

A social index will be of less use to people who don't have many online connections. And even Facebook's map covers just a small fraction of the Web for now. But about 10,000 additional websites connect themselves to Facebook every day. 

With what appears to be an almost casual global data mining frenzy, there is a nefarious side of the Web's voracious appetate for your data. Privacy in business and for the casual web user could be the next casualty in this exponential information explosion. More on this topic can be found in part II of this series.