You Urgently Need a Cloud Exit Strategy

Moving your software to a cloud vendor has always been an act of faith. You believe the vendor will honor their promises, fulfil the SLA and stay in business.

That’s why many are choosing the big names like Amazon, Microsoft and Google.

Gartner MQ IaaS Aug 2016
Gartner MQ IaaS Aug 2016

Oracle wants to extend its brand into Cloud computing as well, but they are not even on Gartner’s radar, and with their recent decision to double the cost of running Oracle on Amazon, they are not endearing themselves to customers.

No matter which cloud vendor you choose, make sure that you establish an exit strategy in advance. You need to be able to keep your systems running even if your cloud vendor suddenly folds. That means that you need to establish a procedure to continually transfer data from your cloud to a third part (or back to yourself). Don’t get stuck in the cloud.

Internet-connected Hair Brush

In my popular “Everything that’s wrong with IT” presentation, I use various technical gadgets as examples of the traps we tend to fall into when developing IT.

My favorite example of too much technology for technology’s sake has been my internet-connected socks. Unfortunately, these RFID-equipped wonder socks were discontinued after I started making fun of them. But I think I’ve just found a new favorite: A bluetooth-equipped hair brush.

hairbrush-kv

This brush is so advanced that it can’t even be called a brush – it is a “hair coach.”

Don’t over-engineer your solutions.

 

Locked, but not Secure

On a recent site visit, I went to the printer room to dispose securely of a draft of my confidential report. As expected, there was a container for confidential papers. As expected, it was locked. Unfortunately, the lock was only put through the bracket on the lid, not the container itself.

locked_but_not_secure

If I wanted to, I could have rummaged through all the departments’ confidential papers.

Much security is like this: Locked, but not secure. The organization suffers from all the impediments of spotwise strict security while overall security is still lacking.

The only way to build a secure IT infrastructure is to have someone regularly verify the security, including everything from the padlocks to the installation of vendor patches. This can be an internal compliance team or an external service – as long as the verification is not done by the people responsible for implementation.

 

 

Man vs. Machine

For as long as we’ve had computers, we have instigated competitions between the humans and the machines. In chess, world champion Garry Kasparov won over specialized chess computer Deep Blue in 1996, only to loose against an improved algorithm in 1997.

Many experts believed the game of Go, with its many more possibilities for each move, was unbeatable by a computer. However, dispensing with the brute force approach of earlier systems, the AlphaGo computer program beat the Go world champion.

Unfortunately, we are also facing less benign man vs. machine battles. Large parts of the internet were temporarily inaccessible to humans due to a DDOS attack  coming from large number of badly protected IoT devices like webcams, DVRs and printers.

You want to be part of the solution, not part of the problem. If you have the responsibility for computers, websites or IoT systems, make sure you have hardened them appropriately.

 

 

Side note: When I checked this site, I realized that my anti-spam protection worked, but I had neglected to restrict new user registration. I had 15,777 registered users (!) and had to install a bulk delete plug-in to get rid of them. So if you’ve commented on my posts in the past, I regret to inform you that you’ll have to re-register to comment again (now with Google reCAPTCHA)

Why I Won’t be Going into the Oracle Cloud Yet

After some persuasion, one of my customers was ready to experiment with the Oracle cloud. So I signed him up for a trial Database Schema Cloud service and built him a little APEX application to show how fast and easy it was to get rid of some spreadsheet-based business processes.

no_cloudThis morning, my customer called me to say that the service didn’t work. Indeed it didn’t. I had  neglected to put the expiry date into my calendar, and when your 30 days are up, Oracle will wipe out your instance. There is no warning email and your instance is gone without any possibility of restoring it.

So the demo was gone, and with it that potential Cloud customer.

My fellow ACE Director Tim Hall said recently on his blog:

Having used Amazon Web Services, Microsoft Azure and Oracle Public Cloud for quite some time I have to say that Oracle Public Cloud lags far behind the other two in user experience.

I fully concur with that opinion. Additionally, when your process for trials is to wipe them out without warning, you are making it really hard for even your most enthusiastic supporters to recommend you.

Oracle still has a lot of work to do on their cloud services.

If You Don’t Test, You Don’t Know

I’ve just started my Private Pilot’s License project, and the first order of business was to get a Class 2 medical. Being a triathlete and considering myself fairly healthy, I expected that to be a formality. To my surprise, the examiner detected that my blood pressure was too high, and I’ll have to work on getting it down before I can fly solo.

Similarly, I’m sure that Delta Airlines considered their data center fairly healthy. Unfortunately, they did not test. So when the power supply disappeared, they discovered that 300 out of 7,000 devices were not properly connected to backup power. And 2,000 planes were grounded.

If you don’t test, you don’t know.

Ostrich Syndrome – IT Putting the Business at Risk

IT suffers from Ostrich Syndrome: The belief that if you put your head in the sand and refuse to face facts, nothing bad will happen. Real ostriches don’t do this, of course – that would soon make them extinct. But IT does.

Finding the right amount to spend on all elements of IT (security, testing, fault tolerance etc) requires proper risk analysis. This is taught in Project Management 101, but recent events show that not everybody in IT understands this.

For example, the Democratic National Committee apparently thought that nobody would bother to attack their systems. After all, it just contained boring political emails, right? Wrong.

Boeing_767-332ER,_Delta_Air_Lines,_Amsterdam_-_Schiphol_(AMS_-_EHAM)_23.01.10Similarly, Delta had apparently forgotten to attach about 300 computers to their uninterruptible power supplies, making their system very interruptible indeed. The had to cancel more than 2,000 flights.

Last month, it was Southwest Airlines who cancelled 2,000 flights, supposedly because a router went down. Talk about single point of failure…

Network segmentation, security patching, high availability, and disaster recovery all costs money. But being hacked or down also costs money. Did DNC, Delta and Southwest make the right call? I don’t think so. Maybe it’s time you looked at your risk analysis. Because you do have one, don’t you?

Five Minutes That Will Make Users Happy

My kitchen has a very nice range hood over the cooktop. It has a powerful  fan and beautiful brushed steel finish. And it has a user experience like most IT systems: Lousy.

Let’s think about what a range hood does. It has two main functions:

  1. Start the fan to extract grease and fumes
  2. Turn on the light over the cooktop

Because of the shape of a range hood, the buttons to operate it are typically placed in a row. A row of buttons has two good, easily found positions:

  1. To the far left
  2. To the far right

range_hood_1000

Two primary functions, two good button locations. It would not take five minutes of thought to allocate functions to buttons. Unfortunately, the engineers at ATAG did not spend those five minutes. Instead, they placed the button for the light 5th from left, 3rd from right. And what did the use the good right-hand position for? The rarely-used feature of resetting the filter cleaning warning. A button I press every three months at most.

Most IT project do not spend these five minutes of thought either. Large, professional organizations have a team of UX professionals, like the people I work with at Oracle. But even if you don’t have professional UX designers, every developer can spend five minutes thinking about the task the user wants to achieve.

Most IT systems are like my range hood: Just inconvenient enough to make users slightly annoyed every time they have to concentrate on an operation that should have been easy and obvious.

Next time you build a system, spend a little while thinking about your users before you code. They’ll love you for it.

What is the Future of Oracle SOA?

I spend much of my time advising people on Oracle software, and someone just asked me on Quora.com about the future of Oracle SOA.

I told him that the future of Oracle SOA is bright, but within a much bleaker future for SOA in general.

SOA in general has over-promised and under-delivered to such an extent that it now considered legacy and poor practice. While a few organizations have gotten SOA right, most haven’t and have little to show for their multi-million dollar SOA projects.

For the people who still belive in a Service-Oriented Architecture (mainly public sector and large, slow-moving organizations), the Oracle SOA product is a very strong offering. As is to be expected of a product from the largest enterprise software vendor in the world, the Oracle SOA suite contains everything you need and carries a corresponding price tag.

Is Oracle SOA right for you? Send me a mail and let’s discuss it.

Complexity Will Kill You

IT projects fail when the complexity of your organization exceeds your capability to manage it. Large and complicated software systems must necessarily be built by large teams in order to deliver in a reasonable time. There are two approaches to managing the complexity of large organizations: Managing the development approach and managing the interfaces.

Managing Complexity

You can get developers to understand the need for common interfaces, so the difficulty of managing a large set of interfaces will level off once you have developed an approach that works for your team. But with increasing team size, you will get an increasing number of mavericks refusing to follow common development standards.

Simply standardizing the interfaces between teams harvests 80-90% of the integration benefits without the drama of forcing developers to work in a way they don’t want.

There is more about this in this weeks Technology That Fits newsletter.