Is there a future in IT?

Lousy? I thought MCSE was the holy grail of certifications. Need to change my ways. Explain.

lol

I tend to discard CVs that have MCSE on them ;)


Minesweeper Champion, Solitaire Expert!
 
I just can't believe how willing companies are to put all their corporate intellectual property into someone else's computer.

Some companies I know of should have done it a long time ago. At least they then would have some sort of backup...
 
Lousy? I thought MCSE was the holy grail of certifications. Need to change my ways. Explain.

It's too easy to get and far too common. It also expires in 3 years, so if they don't keep up to date their certification lapses and isn't worth !#@#%#%

==
Assuming I didn't cheat:

I could study and pass in 3 months (I don't think i'm by any means exceptional and I know very talented people who've done it in a month).

Assuming I did cheat:
==

I think I could brain dump for 1-2 days and then go and write immediately.

Thus what we're getting at is its not worth all that much nowadays. It's a multiple choice test that's simply too easy to cheat.

I'd instead opt for something that requires real hands on knowledge. Something like Redhat where your exam is done on a LIVE terminal with a time limit - that's knowledge you can't fake. You either cut it or you don't.
 
Why are people so paranoid about cloud computing?

Companies like Amazon have work pretty hard to meet PCI-DSS requirements, they are running a CIA datacenter also btw.

I think this is all an excuse by some person who doesn't want to be out of job.
I trust my AES256 client side encrypted content stored in S3 above anything the bank stores.
Amazon can't get at that data and I know they sure as hell won't corrupt or lose it.

In fact I can almost guarantee that bank security would increase if they spent more time focusing on the right problems rather than spending money and time on running a data center and provisioning machines.

Every time I talk to someone that works for a bank I'm just glad that I'm ignorant of most of what goes on there.
Simple things like doing SSL properly seem to elude many financial institutions.

At least if they used Amazon they could just click a few buttons and have a certificate chain that is well setup and restricted cipher sets with updated software.

You aren't just paying Amazon to take care of your hardware needs, you are paying them for a product where they hired over priced people (admittedly with good skill sets) that spend their entire day debating the finer points of how best to salt a password.
Even well off financial institutions are going to find it hard to compete in that world.

If by storing your data in the cloud you think of it as "handing over" your data, you've lost the plot already.

I mean I can respect some minor amount of processing being done in house but really 99% of it should be worked with in such a form that a data leak is not a disaster.

My 2c.
 
Last edited:
Why are people so paranoid about cloud computing?

Companies like Amazon have work pretty hard to meet PCI-DSS requirements, they are running a CIA datacenter also btw.

I think this is all an excuse by some person who doesn't want to be out of job.
I trust my AES256 client side encrypted content stored in S3 above anything the bank stores.
Amazon can't get at that data and I know they sure as hell won't corrupt or lose it.

In fact I can almost guarantee that bank security would increase if they spent more time focusing on the right problems rather than spending money and time on running a data center and provisioning machines.

Every time I talk to someone that works for a bank I'm just glad that I'm ignorant of most of what goes on there.
Simple things like doing SSL properly seem to elude many financial institutions.

At least if they used Amazon they could just click a few buttons and have a certificate chain that is well setup and restricted cipher sets with updated software.

You aren't just paying Amazon to take care of your hardware needs, you are paying them for a product where they hired over priced people (admittedly with good skill sets) that spend their entire day debating the finer points of how best to salt a password.
Even well off financial institutions are going to find it hard to compete in that world.

If by storing your data in the cloud you think of it as "handing over" your data, you've lost the plot already.

I mean I can respect some minor amount of processing being done in house but really 99% of it should be worked with in such a form that a data leak is not a disaster.

My 2c.

Financial institutions are under a lot of regulatory scrutiny. If there is a material data leak and they haven't taken due care in ensuring their data is secure, the directors can be jailed - that means there is a high level of due diligence to ensure that the cloud provider has the right level of controls in place and that they are audited regularly.
There is also regulation stating how long they must keep different types of records so if any key records are stored with a cloud provider, the provider needs to provide details of offline backups and how these records can be accessed many years from now. Once again, failure to keep these records can result in a directory being jailed.

Putting all critical systems in the cloud is also concerning as if certain systems were hacked, they could result in massive losses (billions, if not 10s or hundreds of billions).

There are some valid uses for cloud in financial services - your example of client side encrypting with AES256 is a perfectly good one. If you need to deliver files, as long as they are client side encrypted with a sufficiently strong encryption is a perfectly good use case - you could even publish the files on your web site.
But moving all core applications (most of which were not built for cloud) - you can't encrypt all data on client side.

With banks, they have sufficient economies of scale to run their own internal infrastructure at a far lower cost and much better uptime than what the cloud providers can do.
 
Last edited:
Spoke to a couple of guys and many companies including the big banks have projects to move services into Azure, Google, Amazon. It seems like Microsoft started the revolution with Office365. So this is happening even in the Financial Sector.
 
information technology changes.

change with it.
 
Spoke to a couple of guys and many companies including the big banks have projects to move services into Azure, Google, Amazon. It seems like Microsoft started the revolution with Office365. So this is happening even in the Financial Sector.

Like I mentioned earlier, it makes sense to run certain things from the cloud - I don't think you'll find a single company that isn't doing this. Many of these services though are ones that were historically internet based (mail, company websites, client portals or non-critical business functions), but the notion they are going to move everything including core systems is a bit of a stretch.

If you look at Office365, the only "cloudy" bits really are Exchange and SharePoint services - delivering auto updates to an office client on a desktop is hardly "cloud".

I think what we will see more though is larger companies setting up private clouds for internal workloads and use a public cloud for internet facing workloads.

I have yet to see any company reduce any significant headcount by moving services to the cloud. This notion that moving to the cloud makes local IT people redundant is a fallacy.
 
Like I mentioned earlier, it makes sense to run certain things from the cloud - I don't think you'll find a single company that isn't doing this. Many of these services though are ones that were historically internet based (mail, company websites, client portals or non-critical business functions), but the notion they are going to move everything including core systems is a bit of a stretch.

If you look at Office365, the only "cloudy" bits really are Exchange and SharePoint services - delivering auto updates to an office client on a desktop is hardly "cloud".

I think what we will see more though is larger companies setting up private clouds for internal workloads and use a public cloud for internet facing workloads.

I have yet to see any company reduce any significant headcount by moving services to the cloud. This notion that moving to the cloud makes local IT people redundant is a fallacy.

I suppose it depends on the companies use of the products but in many that I've worked for I would definitely classify Exchange, Lync and Sharepoint as core business services that employs a significant amount of highly paid senior resources to architect, implement and maintain.

I think its going to take a few years for businesses to move the non-critical stuff to the cloud which will see people in companies switching roles but once the cloud providers begin to iron out all the problems I think business will then start weighing risk vs profit vs hassle and making the datacenter someone else's problem might just prove to be more rewarding...
 
information technology changes.

change with it.

I agree, for me it doesn't matter where the infrastructure is as my job function remains the same but I've spoken to a lot of guys that seem to be in denial insisting that this Office 365 and Cloud is just a fad...
 
I agree, for me it doesn't matter where the infrastructure is as my job function remains the same but I've spoken to a lot of guys that seem to be in denial insisting that this Office 365 and Cloud is just a fad...

I wouldn't call it a fad, but it is a hype right now. During a hype phase, people are still figuring out where the technology will fit in the mix and which problems it should solve. There is also a lot of confusion about what cloud really is and there are a number of different definitions that are being quoted.
Most vendors are jumping on the bandwagon to call anything cloud.

What muddies the waters further is that large software vendors like Microsoft and Oracle are pushing cloud sales to show a new company direction. Both companies have slashed commissions for onprem solutions and hiked commissions for cloud sales. If I'm not mistaken MS sales people get 4 times the commission for cloud vs onprem whereas Oracle is in the region of 7 times. These guys will really tell you anything to get you to buy anything cloud.
 
I wouldn't call it a fad, but it is a hype right now. During a hype phase, people are still figuring out where the technology will fit in the mix and which problems it should solve. There is also a lot of confusion about what cloud really is and there are a number of different definitions that are being quoted.
Most vendors are jumping on the bandwagon to call anything cloud.

What muddies the waters further is that large software vendors like Microsoft and Oracle are pushing cloud sales to show a new company direction. Both companies have slashed commissions for onprem solutions and hiked commissions for cloud sales. If I'm not mistaken MS sales people get 4 times the commission for cloud vs onprem whereas Oracle is in the region of 7 times. These guys will really tell you anything to get you to buy anything cloud.

I think its all about the 'lock-in' once you start consuming the SaaS types services switching to another Vendor might prove to be extremely difficult...
 
Financial institutions are under a lot of regulatory scrutiny. If there is a material data leak and they haven't taken due care in ensuring their data is secure, the directors can be jailed - that means there is a high level of due diligence to ensure that the cloud provider has the right level of controls in place and that they are audited regularly.
There is also regulation stating how long they must keep different types of records so if any key records are stored with a cloud provider, the provider needs to provide details of offline backups and how these records can be accessed many years from now. Once again, failure to keep these records can result in a directory being jailed.

Let's take AWS S3 as an example 99.999999999% durability.
They store your data in 3 geographically different locations (so they store 3 copies of your data in completely different data centers)
Not only that, they have invested heavily (and still do) on software the ensures this durability.
Many banks write data to a tape drive and call it a day.
Corruption of data on those drives would be invisible to them until they need to get the data.

You just simply cannot expect a bank with 10-50 people trying to backup data to compare to something like S3 with 1000+ employees working on one product that aims to store data reliably.

But if you wish to believe this, I guess that is your prerogative.

Putting all critical systems in the cloud is also concerning as if certain systems were hacked, they could result in massive losses (billions, if not 10s or hundreds of billions).
Financial institutions already have massive security problems. (Both VISA and Mastercard have had massive hacks)
I can gaurantee you local banks have also, they just try keep it quiet but when you dig you'll find articles where people have lost money which was reversed by the bank.

They hire a small team of people and expect that team to keep the underlying hardware up to date, the software patched and up to date, etc.
All the while trying to keep the budget small.

Again, compared to cloud where you have an entire business unit dedicated simply to something like a network layer.
The cloud company is throwing engineers and money at the problem.

A Bank engineer needs to worry about OpenSSL versions, dealing with credentials, setting up load balancers and keeping them secure.
With a single click I do the same on AWS.
The load balancer and instances gets its credentials securely, managed by a policy document.
Just the effort of that part alone is years spent on development and maintenance.

The economies of scale are simply against you if you go this alone.

There are some valid uses for cloud in financial services - your example of client side encrypting with AES256 is a perfectly good one. If you need to deliver files, as long as they are client side encrypted with a sufficiently strong encryption is a perfectly good use case - you could even publish the files on your web site.
But moving all core applications (most of which were not built for cloud) - you can't encrypt all data on client side.
If you move data without using either SSL or encrypted data. Your application is insecure.
There is simply no way around it.

This is the number one reason so many of these large corporations get hacked.
It is such a easy mistake to think your inner network is safe.

You store data encrypted at rest and you communicate with SSL.
Those are the simplest principles of security.

It blows my mind to think that in 2016 people still believe in things like "secure" networks where non-SSL, unencrypted data, plain text this and that, etc. are ok.

With banks, they have sufficient economies of scale to run their own internal infrastructure at a far lower cost and much better uptime than what the cloud providers can do.
I really don't see how they can have better uptime.
Economies of scale, for a bank, again doubtful but at best it will be really close
 
Last edited:
I think its all about the 'lock-in' once you start consuming the SaaS types services switching to another Vendor might prove to be extremely difficult...

PaaS is also a lock in.
Once you move to a large Cloud Provider you will inevitable need to spend a lot of development time migrating.

That or you do everything by hand and never automate.
 
PaaS is also a lock in.
Once you move to a large Cloud Provider you will inevitable need to spend a lot of development time migrating.

That or you do everything by hand and never automate.

At least with that you can still get your data out if you need it, SaaS might be a bit more difficult.
 
Let's take AWS S3 as an example 99.999999999% durability.
They store your data in 3 geographically different locations (so they store 3 copies of your data in completely different data centers)
Not only that, they have invested heavily (and still do) on software the ensures this durability.
Many banks write data to a tape drive and call it a day.
Corruption of data on those drives would be invisible to them until they need to get the data.

You just simply cannot expect a bank with 10-50 people trying to backup data to compare to something like S3 with 1000+ employees working on one product that aims to store data reliably.

But if you wish to believe this, I guess that is your prerogative.

Firstly, don't confuse high availability with disaster recovery. The replications for your main data storage should not be used for backups and retention. This was the very problem with Code Spaces who had all their data and backups on AWS and it was all wiped in a hack - they had no offline backups for disaster recovery so they went under:
https://threatpost.com/hacker-puts-hosting-service-code-spaces-out-of-business/106761/

A lot of institutions are moving to disk based backups which would use a set of servers where the primary serves regular backups and ships to the secondary, but where deleting the data on the primary would not remove old backups from the secondary.
Even with this, they still often use tape backups to ensure there is a completely offline copy somewhere. No critical data would be backed up on only 1 tape. Usually it'll be stored online for 18months - 36months and would be on a full backup every month so there would be a number of tapes that could be recovered. Furthermore, it is standard practice to spot check tapes to ensure recovery.

Financial institutions also need to deal with different data sovereignty and legal issues which means it's usually not allowed to store data on all locations available from the vendor. For example, no data can be stored on US based servers due to their legislation around jurisdiction and ownership of data.
 
Last edited:
If you move data without using either SSL or encrypted data. Your application is insecure.
There is simply no way around it.

This is the number one reason so many of these large corporations get hacked.
It is such a easy mistake to think your inner network is safe.

You store data encrypted at rest and you communicate with SSL.
Those are the simplest principles of security.

It blows my mind to think that in 2016 people still believe in things like "secure" networks where non-SSL, unencrypted data, plain text this and that, etc. are ok.

I was suggesting that relying on SSL and the internal cloud encryption is insufficient. The problem is that the cloud provider stores both the encrypted data and the key. This means that if a user account is hacked (like in the case of the iCloud hack) then the data is exposed.
If a financial institution were to share data, I would advocate for a no knowledge type setup where the data is encrypted on the client. Then SSL and everything else becomes irrelevant and even if a user account is hacked, the hackers will not be able to read the data.
 
Top
Sign up to the MyBroadband newsletter
X