Posted by Joe Franscella, 3-5-2010:

Again, I had an excellent, educational experience at the RSA Conference. I run into editors, bloggers and analysts I know from time to time at the show and always ask them the same question, anything new, exciting or cutting-edge? Invariably, I get yes and no responses but this year I think I heard more say they were excited about the fact that innovation is starting to creep back into the game. At around 11 Tuesday night, I ran into Richard Stiennon crossing Howard Street, he was with an MSP friend of his and during our brief conversation he mentioned a few of the more “interesting” vendors he had come across. I look forward to reading his complete thoughts on them when he publishes.

Again, I had the privilege or shooting video during the Executive Women’s Forum party at the W Wednesday night. This year I had the chance to interview three of some of the world’s most well known players in the Cloud and Cloud security game. On camera, each were asked what is the Cloud and can it be secured? The answers were stunning, I got back a technical, business and metaphoric description — I’m pleased to be able to say that my hours of research have paid off as the definitions weren’t far from my own conclusions I had made prior to talking with them. Next week, I will be posting the video.

Rake Narang of Info Security Product’s Guide visited two Trainer Communication’s clients’ booths at RSA, Secure Passage and PacketMotion. Each did an excellent job at quickly and comprehensively telling their company’s stories:

Click here to view the embedded video.

Click here to view the embedded video.

Anyone who’s ever brought a client in front of Mike Rothman for a briefing knows two things: 1.) Prepare the client to tell the truth; 2.) Prepare the client to hear the truth. Although a lot of times clients don’t realize it at first, the toughest briefings — which may leave them rattled — often end up being the most productive as they not only provide (pardon me) “insight,” but also a good indication regarding the true level of resonance that their messages are having. Prior to going to eIQ, when Rothman was still taking briefings, I had an opportunity to bring a couple clients in front of him, while the clients didn’t necessarily exit walking on sunshine, they were forced to reconsider at least a couple bullet points and then recraft them to be more aligned with reality as opposed to hype (which paid off in subsequent briefings). My hope is that Rothman will again take vendor briefings and continue to provide the same sharp-witted insight as he has in the past — the truth, as harsh as it may sometimes be, does everyone a favor.

I am glad to see Alan Shimel continues to go strong on his blog, now AShimmy, when he announced he had left Still Secure I was left to wonder if he’d continue to post his thoughts and opinions on the tech industry, to my delight he continues to go strong. Many of my It security marketing and PR plans start off with a trip to Alan’s blog to find out what he’s saying about “it,” to understand how he’s breaking “it” down or to find out if I am really planning around something “new” (note to security PR pros: when Dan Kaplan at SC says publicly that Alan’s blog is one of the sites he looks at for potential ideas, checking it out on a regular basis isn’t a bad idea).

Alin posted an interesting link to an I.B.M. Cloud commercial aired during Monday night’s NFL game. I don’t disagree with him that taking the Cloud into the pop culture main stream may signal the demise of it’s media sexiness, however, my observations were on the quality of the commercial itself and what a valuable learning tool it was for those of us pitching technology full time. Watch the commercial:

Click here to view the embedded video.

I.B.M. does a nice job of quickly defining what the Cloud is from a technology perspective and then goes heavily into what the business and consumer benefits it offers are. This format is a good lesson for anyone pitching a technology story — go light on tech and heavy on practical benefit. A lot of times it’s hard to get client’s to understand that a lot of the writers you speak with, unless they’re techy bloggers, don’t have time to become engineers, what they write about are the practical benefits a technology provides over its really cool code.

Reading Brad Stone’s piece in the New York Times on new eTailer Glyde.com got me thinking, what’s the return policy? If I buy a used — often very cheap –  game at Game Stop I can return it within seven days for a full refund and it won’t cost me $2.50 (see Glyde.com return policy). New DVD’s are so cheap to buy at stores like Walmart and to rent at RedBox in the supermarket it doesn’t seem to make any sense to buy something used on an online venue. It will be interesting to see where this company heads and what the future holds for this Web site, surely the profitability plan can’t be based around consumers selling used games and DVD’s to one another, there has to me more coming in the future.

Back in August, the New York Times published an article written by Ellen Messmer out of IDG’s Network World, titled: Security Start-Up Rohati Extends Access-Control Gear to the Cloud.
In it, she says that John Burke of  Nemertes Research stated:

….Nemertes in its research has found that fewer than 5% of organizations today have any type of funded cloud initiative.

Interesting to see how fast that’s going to change. In only a couple short months analysts have predicted that spending on cloud services will account for 10 percent of IT budgets by 2013, making up a whopping $44.2 billion in total IT spend (not that the $9 billion to be spent this year is chump change). This was pointed out by Dave Rosenberg on his CNET blog ‘Software Interrupted, where he wrote:

If public cloud services will be 10 percent of all IT money spent [by 2013], that represents a blisteringly fast growth rate. And while we certainly don’t wish the recession to continue, it’s interesting to see how companies have adapted their IT plans to take advantage of services that require far less capital expenditure.

CNET Graphic Showing Cloud Computing IT Spend by 2013

Evolution of the “Cloud” – 1.) Buzzword, 2.) Chris Hoff is snatched up by Cisco, 3.) Obama open’s Cloud store, 4.) $44 billion by 2013, 5.) Reality

Other thoughts recently thunk: I thoroughly enjoyed Forbe’s Lee Gomes’ led coverage of the next Silicon Valley God Rush – Virtualization. I especially enjoyed the Nemertes contribution from Andreas and John: The Virtualized Desktop. As a PR guy with a special interest in the intrigue of digital security, I also enjoyed Andy Greenberg’s piece: Virtualization’s Real Security Problem: Sprawl.

Couple new blogs I’ve added to my roll lately:

Gary’s Blog (Nimsoft CEO Gary Read)

Tales from the Si Valley Front (Ken Rutsky)

Posted by Joe Franscella –

Read an interesting blog post by Larry Dignan at ZDNet Between the Lines blog this morning, IBM targets Google Apps for business, undercuts pricing and touts reliability. One paragraph really caught my attention:

The LotusLive iNotes launch, set to be announced on Monday, pushes reliability in a big way. Taking a jab at Google’s outages, IBM said it’s imperative that cloud computing “is ready for the enterprise when it’s designed for the enterprise, by the enterprise, and of the enterprise.” Word of IBM’s iNotes move began to surface late Thursday and Big Blue has had a LotusLive iNotes site live for days.

It begs a couple questions: 1.) Who measures reliability? Do you leave that to that to the vendor or should you use a third-party app to provide a neutral perspective; 2.) What about seurity? How is access being managed, monitored and audited? (Note to Larry – Take a look at my email offer to provide some perspective – please, please, please!)

“There is hacking,” says Legge. “Hackers are coming after the electrical grid all the time.” (Ed Legge is pokesman for the Edison Electric Institute (EEI), an association representing about 70 of the largest utilities which generate the bulk of the nation’s electricity through complex swatches of eastern- and western-distribution grids and management and control points called Independent System Operators)

What the security vendors said:

“The whole grid going down is the hardest one to believe,” says Eric Knight, senior knowledge engineer at Log Rhythm, noting the Wall Street Journal article lacked sufficient information “about why we should be panicking, per se.”

“This should come as a surprise to no one,” says Patrick Peterson, chief security researcher at Cisco, adding, “The truth is slowly coming out.”

Shane Buckley, CEO at Rohati, says he’s worries that “a number of utilities outsource development to Eastern Europe, Russia and China,” and cyberspy attacks could originate through outsourcing. (Disclaimer: I represent Rohati).

These stories hit hard and fast but I doubt they are over. It will be interesting to see how this plays out.

Network World’s Tim Greene launched his Cloud Security Alert newsletter today with a look at What is a cloud? Wrote Tim:

“So the cloud is a physical place, perhaps owned and controlled by some other entity, and it contains computing resources that are available pretty much on demand for a price. Simple enough, but there are plenty of variations.”

He goes on to explain it further, leaving the reader with a basic deffinition, something of value in today’s (excuse me for this nest description) “foggy cloud environment.”

In terms of cloud deffinitions, I also like the one in Gartner’s 2008 paper: Tutorial for Understanding the Relationship Between Cloud Computing and SaaS

In the paper, Gartner defines cloud computing as: a style of computing where massively scalable ITenabled capabilities are delivered as a service to external customers using Internet technologies. One IT-related function can be a software application. If the software application is written in such a way that it is “massively scalable,” then SaaS is considered a form of cloud computing (SaaS).

Posted by Joe Franscella

Just this week Network World writer Tim Greene announced he’d be switching his newsletter focus to Cloud Security. In yesterday’s NAC newsletter, at the end he wrote: Not so for this NAC newsletter. Starting next week it becomes the Cloud Security newsletter, addressing security of cloud services as well as cloud-based security services.

Also this week, a number of thought leaders, with corporate backing, announced the formation of the Cloud Security Alliance. Ellen Messmer did an informative piece on it in Network World: Cloud Security Alliance formed to promote best practices.

We already know from early looks at the hot RSA Conference topics this year that Cloud Security is going to be a barn burner, wrote Greg Masters in an SC Magazine article earlier this month:

“We have quite a few sessions lined up to discuss cloud computing,” says Tim Mather, vice president and chief security strategist for RSA Conferences. “From an excitement perspective, it’s probably the single hottest topic.”

I know a lot of us are looking forward to some final definitions with regard to the space and a more cohesive understanding of exactly what it means. Developments like these may start to provide some answers.

Posted by Joe Franscella