AWS Bill Shock & Root Account Security

TLDR

1. Your AWS root account email must NOT point to a specific person email Id.
2. NEVER ever share your AWS root user credential to anyone.
3. Do NOT use root user for day to day operations.
4. DO Activate MFA (multi-factor authentication) on your root account.

P.S. There can be a dozen of reasons for a bill shock. The objective of this article is to fix some of the basic root account security anti-patterns (for beginners). I’ve focused on the Root Account security as most of the beginners tend to take its security for granted. As Root Account has unrestricted access any breach with root credentials will have large (yes, unlimited) blast radius!

Cloud Bill Shock

Google it & you may come across 100s of instances where cloud service accounts of various individuals/companies have been misused by new age cyber pirates (euphemistically called Crypto Miners / Bitcoin Farmers).

Without an iota of doubt, AWS offers you unlimited capacities protected with state-of-the-art security practices. However, consider your bank has an excellent security practice and a perfectly secured website but can it prevent your account from an online robbery if you go on sharing your internet banking Sign-in User-Id and Password with others?

Ignorance is Bliss?

May be that’s true to some extent in real life. However in online world ignorance will be punished sooner than later. Cybersecurity is only as strong as your weakest link - and the weakest link most of the time is YOU (& your employees). Bot exploits are quite common & reported on a regular basis where hackers are running bots to look out for Access Keys in repository hosting services.

From last few weeks, I started consulting a few startups & SMEs who have recently migrated to AWS or have newly created the account & are about to migrate. A few clients were more than willing to share their root user credential without a second thought.  A few are innocent enough to believe that as they're yet to deploy any of their assets (source code, data etc.) to the newly created account so there's no risk even if the credentials are compromised!

It seems not everyone is aware of the risk that their credentials can be misused by launching 100s of high-end virtual machines which can easily lead you to a staggering 5 figure bill within a day!

The security & compliance on AWS (or for that matter any cloud platform) works on the shared responsibility model. As per this model, the global AWS cloud infrastructure is secured by Amazon but OS level security, firewall configurations & more importantly the application level security is solely your responsibilities.

Security Anti-Patterns in AWS Account Management

(Yes! the most popular ones with the beginners)

1. Your root account email (i.e. AWS sign-up email) should not point to a specific person email Id.

Best Practice First & foremost, Sign-up AWS with an email alias – this disconnects the account from an individual user’s mailbox. The alias should point to a team distribution list addresses (i.e. multiple persons can receive alerts when Amazon is trying to warn you via email in case of a breach). Apart from being a security best practice; this arrangement also helps you when the employee (with root account email)quit the organization.

Although the root user eMail points to an alias (distribution list), at any point in time, only a single person should have the credentials to Sign-in. Others are simply receiving the emails and can inform the person responsible for root account handling in cases of an emergency.

2. Root account & other high privilege user accounts are NOT activated with MFA (Multi-factor Authentication).

3. Sharing root account credentials to a 3rd party or even to your own employees.

4. Having a single AWS account with unrelated teams (or business objectives).

5. Not setting up the AWS billing alerts.

6. Using a weak password for the Root Account.

6. Not using IAM at all.

7. Not applying an IAM password policy. This means that you'll definitely have many IAM users with weak passwords without any expiration.

8. Not following the principle of least privilege while assigning permission for IAM users.

9. Tying up the Root Account MFA to a personal mobile phone. (It’s a dependency. What if the person quits the company?)

So, what's the Best Way to Share your AWS Account with a Consultant?

For startups & smaller organizations, at times it may happen that you don't have the essential in-house competency to look into say why your billing has suddenly spiked (cost optimization) or whether your team is following the best security practices or you may have Scaling or Performance issues which you want to be sorted out with an external help.  Or simply, you may wish to go for a review of your overall AWS architecture and want to bring in an external partner or independent AWS consultant for the task. So, what's the best way to go ahead till the required trust is built between you and the consultant?

One way which most of you may suggest (& practice) is to present your AWS console via a screen sharing application (Skype / Hangout / TeamViewer / GoToMeeting etc.). Well, this can work out to some extent but it does have a few limitations like:

What if the consultant wants to refer the architecture/console again after the meeting? Also, this approach requires a lot of coordination between your team and the consultant as both need to be present at the same time (even if it is remotely done).

IMO, the simplest, most efficient and secure way to start working with an independent consultant is to:

1. Share a Read-Only Access - The consultant can look into your architecture but CAN NOT CHANGE anything over there. For you, It hardly takes 5 minutes to set up a Read-Only IAM user via AWS console.

Here's a simple stepwise article to follow if you've not done it before.

Additionally, if there’s an S3 bucket in your account which has confidential information then it’s recommended that you assign an explicit deny policy for that bucket for that IAM user.

P.S. Similarly, if you want to provide Billing Dashboard access to a consultant for cost optimization then you can follow the steps mentioned in this article.

2. Share a Cross Account Access - Setting this up is definitely NOT as simple as the first approach. It requires more effort and a little more understanding of the AWS console. In this approach, the consultant can Sign-in to his own account and can access your account from there without any need of sharing credentials. You can define whatever permission you wish to grant to the consultant.

Here's a stepwise guide from Amazon support.

Is security still an afterthought for your organization?

It should NOT be. Are you following any of the above anti-patterns? If yes, go ahead & fix it before it's too late. Make security a zero-day job - fix it now.

References

https://www.olindata.com/en/blog/2017/04/spending-100k-usd-45-days-amazon-web-services
https://www.youtube.com/watch?v=tzJmE_Jlas0
https://docs.aws.amazon.com/general/latest/gr/aws_tasks-that-require-root.html

Read More

SEMYOU Cloud SaaS - The Office of the Future is Right Here

Summary

SEMYOU	Cloud SaaS - All-in-one enterprise apps for your business.
Customer Segment	For business of any size - small, medium and large - Communicate, Collaborate & Manage your office in the cloud.
UI	Slick, Responsive. Admin module is not responsive.
UX	Overall intuitive. Needs a slight improvement at a few places.
Technology Stack	Microsoft
Business Model	Freemium SaaS. [Free 30 days Trial].
USP	All-in-one enterprise grade apps.
Support	Quick and meaningful
No. of Apps	30+
Tagline	The cloud office of the future
Limitations	See Details Section.
Conclusion	Recommended

What is SEMYOU 

Last week I came across a suite of cloud services from SEMYOU. It offers a wide range of apps that a business requires to function smoothly on a daily basis. Gone are the days when you were required to manage & maintain a few dozens of IT applications in-house under an IT department which often became white elephant. We are already into an era of off-the-shelf services which can be configured easily by the end users based on their requirement.

All the SEMYOU services are cloud based SaaS which apparently mean that you get all the inherent benefits of a cloud computing service.

What are the Benefits of SEMYOU?

A few of the many benefits:

1. Reduced Cost - CapEx Free, Pay as You Go.
2. Less worries - No long-term contract.
3. Increased Focus on Your Core Business.
4. You get more than a dozen of apps to choose from for your business and all-in-one central location. 
5. Increased Availability and Mobility.
6. Your location doesn't matter. It's always available on your desktop, mobile and tablet.
7. Increased Performance and Reliability.
8. It is green.

Are there any Prerequisites to Use SEMYOU?

Internet connectivity, a browser and a few configurations like adding your basic records - users, projects, holiday list etc. and you're ready to go. No extra infrastructure/hardware is required as there's no installation hassle!

Getting Started 

1. Signup for SemYou Cloud Office. [Credit card NOT required]
2. Verify your email Id.
3. The email Id used for the signup acts as an Admin.
4. Log on to Admin module from the link received in your mail.
5. Add users.
6. As per your requirement, choose the right set of apps for a FREE trial from APP-STORE.
7. Assign users to apps along with their appropriate privileges.
8. Are the apps right-fit for your business requirement?
9. If the answer to the above question is YES - go for an upgrade.

How Secure is the SEMYOU Cloud Office?

SemYou applies best in class industry practices to secure your privacy and data in the cloud. Apart from applying advance encryption standards & access controls, SemYou has implemented built-in security practices in core of every app to secure data at rest and data in motion.

SemYou's data center currently resides in Europe and operates under European Union Law.

What I Liked Most?

As far as I know there are very few services where you get more than 30 apps at one place!

Also, overall the UI/UX is intuitive and the trial run went smoothly without reading any of the documentation! But I think, a user who has no prior experience of using these kind of apps may require a little hand holding for a couple of hours before she understands the nitty-gritty of the apps.


Disclaimer - I am a full-time software developer and have also reviewed many apps in the past. My intuition may differ from an average user.

Available Apps - App Store

Glimpses of My Trial Run 

I was satisfied with my trial run results for SEMYOU apps. I tested the following apps:

• sem.Drive
• sem.AutoReminder
• sem.WorldClock
• sem.IssueTracker
• sem.Kanban
• sem.Mindmap

Here's a few of the screen shot for your reference. [Click the respective image for a larger view]

sem.Drive 

sem.AutoReminder

sem.WorldClock

sem.IssueTracker

Limitations

There are a few limitations I noticed while I was trying the cloud office. A few of the Administration Module's forms were not compatible with the latest Chrome, Firefox & IE. 

In sem.AutoReminder it is practically expected that reminders are also delivered via SMS apart from the current eMail delivery.

Looks like a few of the apps are still under construction, example semDB.

A few places require explicit alerts, information as it might help a new user.

Bottom-line

Signup, pick your apps and go for a trial run. Recommended.

Writer's Note: "This post was sponsored but the views are unbiased and are correct to the best of my knowledge".

Read More

Cloud Management Technologies: Four Key Trends in 2015

The cloud market is changing. As adoption becomes mainstream, more and more providers are jumping on board to provide a range of services — once Amazon's bailiwick, Tech Target notes that the retail giant is now under challenge from players like Google, IBM and HP while new entrants such as Chinese giant Alibaba look to make their mark. 

All this cloud interest means there are a host of new management technologies in development; here are four key trends to watch this year:

Vertical SaaS

The Software as a Service (SaaS) market continues to grow, and according to Enterprise Irregulars global SaaS revenues are set to reach $106 billion by 2016. However, as discussed by Information Management, there's a shift happening: As-a-service tools are starting to go vertical. Through 2015, expect that all the familiar standards — CRM, ERP, analytics — will continue to see strong growth, but chances are that vendors will take a more focused approach to SaaS moving forward as a way to target specific verticals. These include finance, health care, law and even manufacturing; public and private clouds have matured enough that this kind of specialization is now possible. What's more, the price war between Google, Amazon and other vendors is helping to make these kind of focused deployments even more affordable for companies just starting their transition to the cloud.

Turnkey Migration

According to a recent Search Cloud Computing article, another key trend in cloud management is migration. At a basic level this includes app migration — tools and approaches developed to make moving legacy apps a simpler and more streamlined process. This also extends to migration as a whole; providers are now willing to invest in making cloud migration a “turnkey” process, eliminating the need for lengthy deployments and uncertain timelines. In many cases the success of this trend rests with specialized vendors, for example, hosted PBX providers, which have developed solutions to work across a variety of cloud deployments and legacy systems. The sophistication of cloud infrastructure now makes it possible to deliver solutions which combine easy migration and use.

Off-Site Innovation

Another key trend to expect this year? More off-site innovation. As noted by Forbes, the nature of research and development (R&D) is changing. Companies are no longer dependent on in-house IT professionals to innovate the apps and platforms from end to end; it's now possible to leverage work done by other IT shops to form the basis of new computing solutions. Through 2015, expect the speed and sophistication of this innovation to increase, allowing companies to devote more of their IT budget to refining mission-critical apps and developing niche feature sets rather than starting from scratch with each new software tool.

Security at Scale

The last key trend for 2015 lies with security. Always a hot-button topic around the cloud, Information Age suggests that it's now possible for cloud vendors to get ahead of the security discussion and provide consumers with a new level of confidence. Bottom line? Cloud providers have the scale of resources, depth of knowledge and breadth of skill to create best-in-class security solutions. As more vendors take a proactive approach to cloud security, expect to see this market diversify and innovate, prompting a shift in IT security thinking as a whole. In effect, the right management strategy here can turn the supposed liability of cloud security into an asset, since the scale of provider technology makes it possible to offer much more robust, end-to-end protection.

2015 should be a banner year for management technologies as vendors spend on innovation and companies commit IT budgets to the cloud. Four large trends are already on the horizon: Vertical SaaS, turnkey migration, off-site innovation and an evolved security landscape.

  

This is a Guest Post.

About the Author

Sheldon Smith is the current Senior Product Manager for XO Communications.  In addition to his experience heading up the Hosted PBX and Conferencing products divisions at XO, he also has over 10 years of Department and Process Management experience.

Read More

Your SaaS May Not be Multi-tenant–But Why Should You Care?

Over the past couple of years, single-tenant vs. multi-tenant SaaS debate has been creating loads of buzz in the technology circles. Let me ask you a few questions:

 

1. Does multi-tenancy matter if you are a SaaS provider?

•  
• 2. Does multi-tenancy matter if you are a SaaS subscriber - do you need to care if your SaaS is a single-tenant or multi-tenant?
•  
• If you are curious to know an instant and short answer, it’s an emphatic - YES, it matters! Either you are a SaaS provider or a SaaS consumer multi-tenancy matters to you. To simplify your decision making process let me tell you convincingly that if it’s not multi-tenant it’s not a true SaaS in the first place!

 

Yes, The National Institute of Standards and Technology (NIST), The European Network and Information Security Agency (ENISA), Cloud Security Alliance (CSA) and many other authorities have already mentioned multi-tenancy as one of the essential (or at least desired) characteristics of a Cloud SaaS.

 

Disclosure: Many SaaS architectural considerations and the term multi-tenancy have been (over)simplified in this article for the sake of understanding.

Who/what are tenants?

In plain English, Tenants are subscribers (consumer/customer/client) of a service. For a B2B or Line-of-Business application like a CRM, a tenant can be a company with 100s of users. Examples: Salesforce.com and Google Apps for Business.

Similarly for Consumer oriented or B2C SaaS, individuals like you and me (yes, general public) can be tenants. A few examples could be Facebook, Twitter, Dropbox etc. But it’s important to note that though these services started themselves as a consumer oriented apps, of late they are trying to diversify themselves in to the B2B segment as well. Gmail is a true consumer oriented SaaS.

 

I must add here that in most of the cases, B2B services require more sophisticated architectural considerations and development efforts in comparison to the consumer oriented applications.

 

What is a Multi-tenant SaaS?

Do you know how a traditional web application is developed and deployed? It’s generally designed, developed and deployed keeping in mind the requirement of a single client. Simply speaking, it’s like developing and deploying different code base and different database instances for each client. So, if you have 100 clients this translates to 100 code bases (builds) and 100 databases to be deployed and maintained!

See figure# 1 below for a graphical representation:

Multi-tenant SaaS architecture, in plain English, is an application that is designed/architected in such a way that it maintains only one code base and possibly (though not necessary) one database for all the clients. So, all your 100 clients now may use a single code base and a single database instance! See figure# 2 below for a graphical representation:

How does it Benefit the SaaS Provider?

Reduced Support and Maintenance: It’s indeed no-brainer, as maintaining a single code base and database is far easier than maintaining and releasing patches for 100 code bases! Also, if you are upgrading your code or infrastructure it’s simply a onetime effort at one place rather than updating it in 100 different versions at many places.

Cost Efficient – Sharing of resources (development and maintenance effort, infrastructure etc.) almost always converts to cost savings. Although a multi-tenant SaaS may require more time and effort initially yet it definitely pays in the long run once you’ve increased subscriber volume. In most of the scenarios, new subscriber’s signup and onboarding process can be automated for a low or no touch sales and support.

 

A provider with single-tenant service can’t continue to provide the service at an affordable price point and hence may find it difficult to compete, hence may become financially unviable.

 

Security – You don’t need to worry about the security of every client’s applications anymore. Implement state-of-the-art security features in your single code base and database and deploy it with an infrastructure (IaaS) provider having good track record of security and uptime. Peace of mind!

 

How does it Benefit the SaaS Consumer?

All the points mentioned above would obviously lead to make a provider as an efficient SaaS player who can in turn pass on the extra benefits to her/his subscribers. An efficient service may attract higher number of subscribers and as SaaS is all about economies of scale, you have a better chance of getting the service at an affordable price point. Also, as the provider is managing all her/his subscribers from a single code base and database instance s/he will put her/his best effort to offer a quality service.

Bottom-line

 

Multi-tenant SaaS is like sailing together on the same boat with everyone else. There are indeed some cons as well like even a minor hiccup can affect every subscriber (not in the scope of this article). However, on any day the pros of a multi-tenant SaaS far outweigh its cons hence do enquire about it before you sign up for your next SaaS. Is your SaaS multi-tenant?

Read More

Is Cloud Telephony the Future?

[Guest Post]

Businesses that are on the rapid path of expansion often want to upgrade their systems to meet the contemporary communication needs. Companies that switch over to latest communication system always try to look for solutions that will not only meet their present but also their future needs. This often leads to over-specification where the companies want to play safe by buying a technology cover for the coming years. Now, all this eventually leads to heavy capital expenditure, which might deter many companies from trying out latest technologies. Cloud telephony is a one stop solution for this problem and this is why it has turned out to be the preferred telecom technology for the smart companies around the world.

So is cloud telephony the future?

Well, cloud based business telephone solutions is the future of business telephony services around the world. Cloud telephony is the latest technology that has evolved out of cloud computing; the basis of cloud based telephone solutions. There are several advantages of this latest technology and strong reasons are there for making it the future of all telecom technology. Businesses prefer this technology to others because they have realized that it is not only the cheapest available in the market but also the most efficient solution.

Companies are opting for unified communication because they want to integrate the various communication channels and tools on a single platform and what better way to accomplish this than migrating to cloud telephony. Cloud based telephone solutions are easier to manage and users are free of any maintenance costs. The use of IP phones has further boosted the chances of cloud telephony because these can be plugged to the central system from anywhere around the world and used.

Do Cloud telephone systems have a future?

Cloud based telephone system is the future of telecom and ten years from now it is will be as common as the PSTN telephone systems were. There are obvious reasons behind believing in the bright future of this technology.

• The increase in the number of communication channels and tools is a huge challenge for any company to manage. Thus, business communication systems will fast switch to the unified communication system, which inadvertently is based on the cloud telephony. There is immense growth in the field of mobile technology and companies that want to stay ahead of their competitors are bound to choose unified communication.

• Flexibility is the USP of cloud based telephone solutions and this is the reason why it can accommodate all the legacy communication systems. Thus, companies that used to have their PSTN telephones can make use of the cloud with simple changes to their existing infrastructure.

• In terms of scalability, there is no other technology that can beat cloud telephone solutions because users can upgrade and downgrade their subscription packages at will. An increase in operations would mean adding more telephone lines and this can be accomplished with a few clicks when using cloud telephony.

• Mobility at workplaces is the future move in every industry and this can be easily achieved by migrating to cloud. Majority of the bigger companies are now contemplating the use of BYOD (Bring Your Own Device) and CYOD (Choose Your Own Device) and cloud telephony is the technology that can promote and accommodate both the trends.

Businesses that have their eye on the future are certainly in favour of VoIP and cloud telephony. Communication is no more limited to making or receiving calls or a voicemail, it is all about integrating all on a single platform. Cloud telephony has been created to meet the future communication needs of businesses and it is here to stay.

About The Author

Michelle Patterson is an avid technology blogger and writes extensively about IP/VoIP and Unified Communication. She works with some leading companies to understand the trends of these modern communication technologies.

Read More

Can a Call Center Be Taken To The Cloud?

--Guest Post

So many business applications are being taken to the cloud these days. You might even wonder if a large call center can be treated that way, and if so, then what some of the pros and cons of such a thing might be.

In at least one way, it is possible to take a large call center to the cloud: You can re-task some of your qualified agents to answer customer questions via SMS text message. This will allow your customers to feel as if they have more control, and can get their answers quickly, rather than being on endless hold, listening to the same looped music.

SMS messaging is actually a preferred mode of communications for many people, simply due to its immediacy, ease-of-use, and convenience. Over 275,000 SMS messages a second are sent worldwide — that's over a billion a minute. It only makes sense, then, for a business to leverage that power to communicate with their customers. By doing so, they will be rewarded with better response rates. Reports show that more than 90 percent of SMS messages are opened, most of them within three minutes of receipt.

Pros of SMS systems:

• Automatic responses can be configured for certain situations or questions
• Text conversations can transition easily to a live agent
• History of an SMS conversation can be viewed, giving an agent context
• One trained agent can handle multiple conversations simultaneously, thereby lowering customer frustration levels and wait times.

Cons of SMS systems:

• SMS messages are prone to delivery failure. Your messages might not get through, thereby angering the customer.
• Space must be allocated in the SMS message for user to opt-out at any time.
• SMS messages are just that — short. 160 characters is all that will send at any one time; anything longer will have to be broken up, which can often be clunky and difficult to read.

Is there Another Way of Taking the Call Center to the Cloud?

Yes, there, is. The savvy business owner doesn't have to invest in a brick and mortar building any more, along with all the overhead associated with it. Nor do they have to limit themselves to hiring the talent available in only that one geographical area, because let's face it — people will travel only so far for a job, no matter how good it is.

Another way of taking your Call Center to the Cloud is by making it virtual — in other words, having a central piece of hardware that can exist anywhere; your geographically dispersed agents (who typically work from home) call into it using their own phones, Web connections, and computers. This central hardware acts as a connection point that routes incoming calls with available remote agents.

So what are some of the benefits of doing business this way?

• Dramatically reduced overhead can be repurposed for other corporate uses
• The Virtual Call Center (VCC) model offers a company a greater pool of talent, across the country or even internationally
• This model also allows a company to build a better skilled team
• Agents who work at home are less prone to stress and frustration, therefore are more satisfied with their jobs. Thus there is usually less turnover in these positions.
• VCCs also offer greater availability and continuity of service. Agents can be hired to break barriers to work that couldn't be broken before, such as language, time zone, or cultural differences.

There are a few cons, however:

• Monitoring, management and evaluation of agent performance can be quite a challenge when staff is scattered across multiple locations, and may not be there at the same time.
• Ongoing training on new products and services, policies, campaigns and promotions, etc., is difficult to provide.

The bottom line is that a business must decide, based on a candid evaluation of its needs, which model of call center is suited best to their way of working.

Author’s Bio

Michelle Patterson is an avid technology blogger and writes extensively about IP/VoIP and Unified Communication. She works with some leading companies to understand the trends of these modern communication technologies.

Read More

5 Reasons Why your Business should Adopt Google Cloud Services

[Guest Post]

Google has become a part of our everyday lives, without a shadow of a doubt. Not only do most of us use their search engine daily for all manner of things - whether it be to look up goods, services, useless facts and trivia, or just to check the spelling of a word. However, they’re much, much more than just a search engine nowadays, and their products are as numerous as they are ingenious.

 

 

Many of us now have Google Mail (Gmail) accounts for all of our emailing needs, use Google Maps to look up directions, and even use Google’s office software as opposed to Microsoft or Apple’s own ones. There’s also the Android operating system which power many of our smart-phones (any of us who own a Samsung, for example).

In this blog post we aim to outline five of the things you should know about Google and how their products can benefit your business, and we’ll also talk about the extent of their influence over the modern technology and communications markets.

Google are quite rightly very proud of the fact that they keep it real, as it were. The working environments within their offices are famously kept very open and informal - employees wear their own clothes and often hold meetings with their shoes off as they sit on comfy chairs. Many start-ups mimic Google’s office culture, as it helps to stimulate their staff and their creativity.

However, no matter whether your business is a start-up which mimics the Google atmosphere (like so many do these days) or has a more traditional approach to the office set-up and atmosphere, their products can help you go about your business much better.

1. Google Drive cloud storage

As you may have noticed, there has been a buzz about cloud storage which has become increasingly loud recently. This is all down to the various advantages it brings to both individuals and businesses alike, making everyone’s life much easier. Many businesses are now switching to cloud technology, as it can cut their operational costs and also free up some space in many an office (and this is putting it very crudely).

When you store all of your business documents on the Google Drive, you can grant access to those within your organisation who will need to access it whenever and wherever they want to. It really does allow for a paperless office. Of course, there will be certain things now and then which will need to be printed off for one reason or another, but you will be spending much less money on paper than you were before.

Not only is this paperless aspect good for your operational costs and overheads, but it’s also great for the environment - and the more businesses that get involved in this, the better.

Anyone can access the Google Drive as long as they have their login details and a device which can access the internet. You will be able to do your work from anywhere in the world (literally), and communicate easily with colleagues and customers who are based on the other side of the world.

2. Google Docs

A fantastic alternative to the Microsoft Office package, Google Docs lets you write documents which can be shared instantly and edited simultaneously by numerous different people on different devices.

The word processor is extremely easy to use - certainly no more difficult than Microsoft Word itself is, and you have a range of fonts to choose from. After a day or so of using it, you and your staff will be fully acquainted with it and won’t ever look back.

You can also of course create spreadsheets and presentations using Google Docs, which are essential in the modern business age. Again, like the word processor, they are very easy to use even if you’re new to them.

Google Docs items are all stored in the cloud, which means that you don’t have to worry about saving your files on the computer itself or a pen drive or anything like that - you can just log into your account from anywhere and access your documents that way.

3. Gmail

When it was first set up, Gmail dazzled the market by offering 1GB of storage capacity (free) per user (the normal amount of initial storage offered by other email providers was between 2MB and 4MB).

Now, Gmail is said to be the most popular email provider on the internet, which is definitely not hard to believe. It is extremely easy to navigate around and organise generally, and is perfect for pretty much any business.

Ed. Note: Google Apps for business is a better solution for business users. Gmail should be used only for personal email accounts.

4. Google+

Apparently the second biggest social network in the world, Google+ is yet another illustration of Google’s impressive ability to enter into any market and succeed. It is also referred to as an ‘identity service’, meaning that it associates content with its author.

It works rather like Facebook in that users have a profile which includes a picture of themselves, an ‘about’ section, school and work sections, and the ability to updates their ‘status’. Many people within businesses use Google+ as one of their social networks, as they can not only post and seek out insightful content, but they add an element of personality to their account as well. It links directly with a user’s Gmail account, and allows them to become much less ‘faceless’ on the web.

5. Connectivity

The major advantage to all of Google’s products is the accessibility of them all - in terms of where you can access them. Unlike many traditional office software and email platforms, ones powered by Google can be accessed anywhere in the world as long as you have access to the internet. This can be absolutely invaluable as sometimes circumstances will arise which dictate that staff will not be able to come into the office, or in a business which has a lot of employees working from home. The fact that Google’s apps can be accessed from anywhere means that you will be able to better facilitate work and productivity within your organisation.

This Guest post was written by Rachel Jensen, on behalf of Cloud Technology Solutions

Read More

Testing Cloud - It’s Time to Clear the Fog

A reputed company launches the beta version of its web chat and net meeting application which is hosted on the company’s own cloud infrastructure, let us assume it was called ‘CloChat’ . On deployment ‘CloChat’ fails miserably in meeting customer expectations resulting in the company’s cloud portfolio suffering irrefutable damages and also delaying the scheduled release of ‘CloChat’. 

The scenario explained above can be one of the worst nightmare of any cloud vendor. What exactly would have gone wrong in these cases? Considering that ‘CloChat’ was a product of a reputed company it must have gone through its regular testing cycles.

On investigation it was found that the testing team did not or rather could not emulate the actual scenarios that ‘CloChat’ faced once deployed in the “real” network. This “real” network is actually an assimilation of thousands or millions of users, who are unique in their actions and usage patterns.

All this actually points to the need of testing cloud or cloud based applications during pre-deployment by simulating realistic user scenarios. Generic applications testing can never ensure or predict application behavior post-deployment.

Fig. Simulating the faceless users is a key challenge in cloud testing

Testing Cloud or its applications in pre-deployment can be classified in a few broad categories:

Scalability Testing: How scalable is my cloud application is a million dollar question. Having an answer to this during pre-deployment can save a lot of heart burns later. It is a realistic indicator of whether the hardware and software infrastructures are under provisioned for the targeted number of customers. A few Cloud as a Service (CaaS) and Infrastructure as a Server(IaaS) vendors regularly skip apparently costlier scalability testing and choose to over provision their hardware resources instead, but this can never be a long term or a profitable business model. This apart any non-scalable network application risks the same fate as ‘CloChat’.

Security Testing: The security threats in cloud can be broadly classified into the ones arising due to known/unknown vulnerabilities and Distributed Denial of Service (DDoS) attacks. Understanding and closing some of these gaps at pre-deployment phase can actually prevent major data losses and system downtimes later. Moreover a robust and well secured Cloud provides the assurance to the skeptical customers who are not yet used to the idea of their data being stored in shared storage locations.

Data Integrity: If the Cloud Service providers are to be looked as banks then the costliest assets that they store is “data”. This data is susceptible to attacks, malformations, dirty writes and several other kinds of software and hardware distortions. It is very important to ensure that the underlying infrastructure of network and disks is “always” transferring and storing the same data as written by the user. Modern age user’s will have very low tolerance to any kind of data distortion and loss.

Quality of Experience (QoE): This is an umbrella term and all the above mentioned testing processes can come together to ensure the customers QoE. A test scenario where one thousand users are trying to login to their profiles at the same time can be a part of scalability testing but the average logging-in time of the thousand users actually form’s the users “Logging-In” QoE, similarly QoE should be calculated for separate user actions like chat, voice, video, mix of all etc. Apart from scalability, data integrity and security testing can also be related to QoE. A test scenario where customer gets integrity errors while downloading a file of enormous size can negatively impact Customer’s QoE. Likewise service continuity and seamless user operations during crisis situations like DDoS attack or multiple Server failures can contribute to a higher QoE.

Cloud is evolving and we will see more players operating in this space in coming years. As with any other services, developing user loyalty will be crucial to business continuity and growth. Keeping this in mind, the ones who manage to build a robust testing and development model that helps them adhere to their published SLA’s will enjoy maximum traction. And for the others, they might not see their user base increasing beyond the “free” ones, because with so many players in market, the customers who mean business will not hold on to a particular service just to be their beta testers.

This guest post was written by Amritam Putatunda - Technical Marketing Engineer at Ixia.

Read More

Cloud Cartoons, Humor - The State of Cloud Computing in 2011

A picture is worth a thousand words – cartoons worth even more :-) Here’s my first attempt at creating Cloud Computing Cartoons - the year that went by...

The common man was still searching – may be confused due to information overload.

Top Global IT players were racing ahead with their Cloud Services. There was an exception too – cloud strategy went in wrong direction. The competition claimed: The cloud is not a box.

Training Institutes jumped to cash in on the cloud buzz – promising almost anything to anyone. 

Cloud Data Privacy and Security issues.

Govt. around the world heard the Cloud Computing buzz! And we heard their funny excuses.

IaaS providers were smiling all the way! Now they are considered a magic pill.

Most of the PaaS were in Beta phase, finding it hard to convince developers to join them. Will 2012 change this? Hope so.

Yet another cloud blogger! croak-croak-croak.

Many IT companies tried to join the exclusive Cloud Club - masquerading as Cloud Service Providers.

SaaS - Viral Customer growth! But where is the elusive Break-Even Point?

Hope a few of these Cloud-toons made you smile. Please spread the word: +1, Tweet or Like. [Check left column]

P.S: eToons created using ToonDoo Maker tool [toondoo.com]

Other Interesting Posts:

• What IRCTC can Learn from redBus Cloud Implementation?
• Discussions, CEO Interviews & Featured Articles

Read More

Cloud Based SaaS Help Desk – Freshdesk Founder and CEO Girish Speaks

Mr. Girish Mathrubootham is the Founder and CEO of Freshdesk, a Cloud based SaaS Help Desk company based in Chennai, India.

Prior to Freshdesk, Girish was Vice-President of Product Management at ZOHO Corporation. Very passionate about customer service, usability and making products that give the biggest bang for the buck, Girish has easily been the Product Manager with the happiest set of customers.

• With talk of double-dip recession looming ahead for major global economies, how relevant is the talk of Cloud Computing implementation in India specifically for SMBs/SMEs?

If you look at the US retail scenario in 2008 – 2009 (post Lehman collapse) you will see that Walmart was seeing strong growth where many other players were failing. Companies do not stop doing business because of a recession. They look at how they can save costs. Similarly cloud vendors who offer significant cost savings will see strong growth.

• Despite being a start-up, Freshdesk is getting significant attention, most of it positive. It seems you’ve really refreshed the helpdesk. What’s your USP (Unique Selling Proposition) vis-a-vis Assistly, Zendesk, Remedy and other help desk software/services?

Our USP is very simple to understand. We offer the best value in the Cloud help desk market. We keep it simple and focus on doing 3 things well:

1. Offer the best user experience in Customer Support software.
2. Be responsive and offer fast and accurate Support to our Customers. 
3. We listen to our customers and constantly focus on improving Freshdesk based on their feedback.

• Freshdesk is now available in 11 international languages. Any plans to add any Indian language in 2012?

It is easy for us to add an Indian language but we have not seen any of our customers ask for it till now.

• Most of the Cloud SaaS are using services of one of the IaaS providers. Which IaaS is used by Freshdesk?

We use Amazon EC2 via Engine Yard.

• Data Security and Privacy are the two most important concerns for SaaS based applications. How are you addressing this at Freshdesk?

If tomorrow you go to your bank and find some money missing in your account, will you trust the bank and continue to do business with them? As a SaaS company we know that we are finished in business if we do not invest in Data Security and Privacy of our customer’s data. We have implemented security at every level of our application and the infrastructure. All our payments are processed by a PCI compliant payment provider and customer credit card information is stored in a PCI compliant vault.

• Another SaaS related concern from a customer’s point of view is a sudden and perhaps unreasonable price hike. As Freshdesk is also a subscription based SaaS, what assurance can you offer to your customer against this sudden inflation? Or is it inevitable?

I know how I will feel if my telephone company or my phone company increases prices on me. We will never do an unreasonable price hike for our customers. In fact we hope we will never do a price hike for any of our customers. If there is an unavoidable situation, then I think we will explain the situation and ask our customers on the best way forward.

• Social media can be a double-edged sword for businesses. Many companies have a genuine fear of customers bashing their business, even for a minor miss, and consequently damaging the business's reputation and brand. This fear leads to a preference for the old eMail/phone method of communication with customers one to one. Your suggestions?

Whether you like it or not, your customers are already talking about your Product online. By not responding to a customer complaint you are allowing your brand image to take a massive hit. If you are seen as being responsive and trying to help resolve the problem, then that sends a positive signal to your prospective customers.

• We are yet to find an Indian product firm in $1 Billion annual revenues club. In your opinion, which of the India based cloud/product companies are poised for rapid growth in the next three to five years?

Zoho and Flipkart come to mind. We are also poised to grow pretty quick but we will worry about a Billion dollars when we hit 100 M :)

• The list of corporate showdowns in the IT sector now has one more pair: Apple vs. Microsoft, Oracle vs. SalesForce, Google vs. Microsoft, Microsoft vs. SalesForce and recently, Freshdesk vs. Zendesk. I appreciate your deft handling of the situation, and I must say it was a fitting response from you. What was the lesson learned?

Before posting anything (negative) about anyone on social networks make sure you think twice and do your homework. Being trigger-happy on Twitter can be dangerous.

Thank you Girish for sharing your views with Techno-Pulse readers. Good Luck to you and Freshdesk team for future endeavors.

Featured CEO Interviews and Discussions at Techno-Pulse

--------------------------------------------------------------------------------------------------------

Read More