, ,

Wishing Ted Bahr the best on the Bahr Gallery

Ted Bahr has the coolest art store on Long Island: The Bahr Gallery.

Ted is the “B” of BZ Media – and I’m the “Z.” We’ve worked together, off and on, since the early 1990s, beginning at Miller Freeman in San Francisco. We started BZ Media together in 1999, starting such iconic media properties as SD Times and the SharePoint Technology Conference. I left in 2013, and we’re in the process of winding the company down.

And now Ted (in the blue blazer) has opened the Bahr Gallery in beautiful Oyster Bay – ironically, only a few doors away from BZ Media’s first office space.

We don’t sell posters. We sell Art.

The late 1960’s hosted a unique utopian experiment where love, peace, music, free living and mind expansion opened up whole new worlds, and nowhere was this creative explosion more acute and more wild than in San Francisco.

The psychedelic posters created from 1966-1969 by masters like Wes Wilson, Stanley Mouse, Victor Moscoso, Rick Griffin, and Alton Kelley have become recognized and highly valued for their unique and creative expression of this utopian time in history, before, during and after the Summer of Love.

The Bahr Gallery promotes and sells this Art, placed in historical context, for you to put on your wall and enjoy. All pieces are beautifully hand-framed and matted with enhancement of the artwork in mind and behind the highest quality museum glass.

Certificates of authenticity and official quality grading documentation is included where available.

Virtually all pieces are first editions, printed before the concert occurred. Many are signed by artist and/or performers. Much of this art currently hangs in the Smithsonian, Metropolitan Museum of Art, MOMA, The Louvre, the deYoung and other leading museums and institutions all around the world.

The Bahr Gallery has several rooms featuring more than 60 psychedelic master works on rotation from the Big Five and other artists. Open hours vary with the season but generally we are open on weekends – we are also open by appointment, so please contact us for a private viewing.

Read an interview with Ted in the Long Island Herald, or follow the gallery on Facebook. And now you know where to shop next time you’re in the neighborhood. It’s totally groovy.

, ,

USC shows how AI can make cities smarter

The trash truck rumbles down the street, and its cameras pour video into the city’s data lake. An AI-powered application mines that image data looking for graffiti—and advises whether to dispatch a fully equipped paint crew or a squad with just soap and brushes.

Meanwhile, cameras on other city vehicles could feed the same data lake so another application detects piles of trash that should be collected. That information is used by an application to send the right clean-up squad. Citizens, too, can get into the act, by sending cell phone pictures of graffiti or litter to the city for AI-driven processing.

Applications like these provide the vision for the Intelligent Internet of Things Integration Consortium (I3). This is a new initiative launched by the University of Southern California (USC), the City of Los Angeles, and a number of stakeholders including researchers and industry. At USC, I3 is jointly managed by three institutes: Institute for Communication Technology Management (CTM), Center for Cyber-Physical Systems and the Internet of Things (CCI), and Integrated Media Systems Center (IMSC).

“We’re trying to make the I3 Consortium a big tent,” says Jerry Power, assistant professor at the USC Marshall School of Business’s Institute for Communication Technology Management (CTM). Power serves as executive director of the consortium. “Los Angeles is a founding member, but we’re talking to other cities and vendors. We want lots of people to participate in the process, whether a startup or a super-large corporation.”

As of now, there are 24 members of the consortium, including USC’s Viterbi School of Engineering and Marshall School of Business. And companies are contributing resources. Oracle’s Startup for Higher Education program, for example, is providing $75,000 a year in cloud infrastructure services to support the I3 Consortium’s first three years of development work.

The I3 Consortium needs a lot of computing power. The consortium allows the cities to move beyond data silos where information is confined to individual departments, such as transportation and sanitation, to one where data flows among departments, can be more easily managed, and also lets cities use data contributions from residents or even other governmental or commercial data providers. That information is consolidated into a city’s data lake that can be accessed by AI-powered applications across departments.

The I3 Consortium will provide a vehicle to manage the data flow into the data lake. Cyrus Shahabi, a professor at USC’s Viterbi School of Engineering, and director of its Integrated Media Systems Center (IMSC), is using Oracle Cloud credits to create advanced computation applications that apply vast amounts of processing needed to train AI-based, deep learning neural networks and use real-time I3-driven data lakes to recognize issues, such as graffiti or garbage, that drive action.

 

Read more about the I3 Consortium in my story for Forbes, “How AI Could Tackle City Problems Like Graffiti, Trash, And Fires.”

, , ,

14 ways to optimize your application’s real-world performance

Users care passionately about their software being fast and responsive. You need to give your applications both 0-60 speed and the strongest long-term endurance. Here are 14 guidelines for choosing a deployment platform to optimize performance, whether your application runs in the data center or the cloud.

Faster! Faster! Faster! That killer app won’t earn your company a fortune if the software is slow as molasses. Sure, your development team did the best it could to write server software that offers the maximum performance, but that doesn’t mean diddly if those bits end up on a pokey old computer that’s gathering cobwebs in the server closet.

Users don’t care where it runs as long as it runs fast. Your job, in IT, is to make the best choices possible to enhance application speed, including deciding if it’s best to deploy the software in-house or host it in the cloud.

When choosing an application’s deployment platform, there are 14 things you can do to maximize the opportunity for the best overall performance. But first, let’s make two assumptions:

  • These guidelines apply only to choosing the best data center or cloud-based platform, not to choosing the application’s software architecture. The job today is simply to find the best place to run the software.
  • I presume that if you are talking about a cloud deployment, you are choosing infrastructure as a service (IaaS) instead of platform as a service (PaaS). What’s the difference? In PaaS, the operating system is provided by the host, such as Windows or Linux, .NET, or Java; all you do is provide the application. In IaaS, you can provide, install, and configure the operating system yourself, giving you more control over the installation.

Here’s the checklist

  1. Run the latest software. Whether in your data center or in the IaaS cloud, install the latest version of your preferred operating system, the latest core libraries, and the latest application stack. (That’s one reason to go with IaaS, since you can control updates.) If you can’t control this yourself, because you’re assigned a server in the data center, pick the server that has the latest software foundation.
  2. Run the latest hardware. Assuming we’re talking the x86 architecture, look for the latest Intel Xeon processors, whether in the data center or in the cloud. As of mid-2018, I’d want servers running the Xeon E5 v3 or later, or E7 v4 or later. If you use anything older than that, you’re not getting the most out of the applications or taking advantage of the hardware chipset. For example, some E7 v4 chips have significantly improved instructions-per-CPU-cycle processing, which is a huge benefit. Similarly, if you choose AMD or another processor, look for the latest chip architectures.
  3. If you are using virtualization, make sure the server has the best and latest hypervisor. The hypervisor is key to a virtual machine’s (VM) performance—but not all hypervisors are created equal. Many of the top hypervisors have multiple product lines as well as configuration settings that affect performance (and security). There’s no way to know which hypervisor is best for any particular application. So, assuming your organization lets you make the choice, test, test, test. However, in the not-unlikely event you are required to go with the company’s standard hypervisor, make sure it’s the latest version.
  4. Take Spectre and Meltdown into account. The patches for Spectre and Meltdown slow down servers, but the extent of the performance hit depends on the server, the server’s firmware, the hypervisor, the operating system, and your application. It would be nice to give an overall number, such as expect a 15 percent hit (a number that’s been bandied about, though some dispute its accuracy). However, there’s no way to know except by testing. Thus, it’s important to know if your server has been patched. If it hasn’t been yet, expect application performance to drop when the patch is installed. (If it’s not going to be patched, find a different host server!)
  5. Base the number of CPUs and cores and the clock speed on the application requirements. If your application and its core dependencies (such as the LAMP stack or the .NET infrastructure) are heavily threaded, the software will likely perform best on servers with multiple CPUs, each equipped with the greatest number of cores—think 24 cores. However, if the application is not particularly threaded or runs in a not-so-well-threaded environment, you’ll get the biggest bang with the absolute top clock speeds on an 8-core server.

But wait, there’s more!

Read the full list of 14 recommendations in my story for HPE Enteprise.nxt, “Checklist: Optimizing application performance at deployment.”

Little spam boxes filled with cash

Little boxes, little boxes, all the same. If this spam has anything that makes it interesting, beyond the terrible grammar, it’s that the faux shipments are so detailed: 61x156x73m, with a capacity of 680 liters.

Of course, this is spam – the extra details don’t change anything. Delete such messages, don’t respond to them.

From: David Jim Brown email hidden; JavaScript is required
Subject: ATTENTION YOUR ABANDON BOXES
Date: June 12, 2018 at 9:18:18 PM MST
Reply-To: David Jim Brown email hidden; JavaScript is required

Dear owner,

I am David Jim Brown, Head Officer-in-Charge, Administrative Service Inspection Unit United Nations Inspection Agency in Harts field-Jackson International Airport Atlanta, Georgia. During our investigation, I discovered an abandoned shipment through a Diplomat from United Kingdom which was transferred from JF Kennedy Airport to our facility here in Atlanta, and when scanned it revealed an undisclosed sum of money in 2 Metal Trunk Boxes weighing approximately 130kg.

The consignment was abandoned because the Content was not properly declared by the consignee as money rather it was declared as personal effect/classified document to either avoid diversion by the Shipping Agent or confiscation by the relevant authorities. The diplomat’s inability to pay for Non Inspection fees among other things are the reason why the consignment is delayed and abandoned. By my assessment, each of the boxes contains about $4M or more. They are still left in the airport storage facility till today.

The Consignments like I said are two metal trunk boxes weighing about 65kg each (Internal dimension: W61 x H156 x D73 (cm) effective capacity: 680 L) Approximately. The details of the consignment including your name and email on the official document from United Nations’ office in London where the shipment was tagged as personal effects/classified document is still available with us. As it stands now, you have to reconfirm your full name, Phone Number, full address so I can cross-check and see if it corresponds with the one on the official documents. It is now left to you to decide if you still need the consignment or allow us repatriate it back to UK (place of origin) as we were instructed.

As I did say again, the shipper abandoned it and ran away most importantly because he gave a false declaration, he could not pay for the yellow tag, he could not secure a valid non inspection document(s), etc. I am ready to assist you in any way I can for you to get back this packages provided you will also give me something out of it (financial gratification). You can either come in person, or you engage the services of a secure shipping/delivery Company/agent that will provide the necessary security that is required to deliver the package to your doorstep or the destination of your choice. I need all the guarantee that I can get from you before I can get involved in this project.

Best Regards,

David Jim Brown
Head Officer-in-Charge

,

Wishing Cantor Barry Reich a wonderful retirement

Can you believe that Cantor Barry Reich has been with Peninsula Temple Sholom for 51 years? That’s an incredible tenure. He began at the Burlingame, Calif., synagogue as a liturgical singer who showed up on a motorcycle. He retires — well, becomes Cantor Emeritus – at the end of this month.

Barry and I have done lots of great projects together. Not only that, he oversaw the Bar Mitzvah of my son Michael, who also played in the Cantor’s band. As a recent story in the J Weekly writes,

Reich, 71, has the kind of background most cantors could only dream of. He represents the fifth generation of cantors in his family, raised in L.A.’s old Jewish neighborhood of Boyle Heights. Reich was a yeshiva kid until his father, Israel Reich, switched to the Conservative movement. The family moved around for a few years, and Barry Reich got his cantorial start as a child singing in overflow services at his father’s synagogue in Miami.

But by senior year in high school, the Reiches were in San Francisco, where Israel served as cantor at Congregation Beth Sholom. Barry was still a music student of 17 when he stepped in as a temporary cantor at PTS.

What happens next? Says, the J,

With retirement on the horizon, Reich has a few ideas for how he’ll be spending his time, although he’s keeping his options open. He plans to publish some of the choral music he’s written through the years, which means recording it as well, and he’s toying with the notion of working with Jewish summer camps. And his official title will be cantor emeritus as of July 1. But one thing he won’t be doing in the fall is singing on the bimah. “For the first time in 51 years, I’m going to take the High Holidays off,” he said.

Yasher koach, from strength to strength, dear friend.

,

Don’t play “Topper” with someone’s grief

It’s so easy to relate to someone’s sorrows by saying, “Oh yes, that happened to me too.” A friend lost a job; well, you lost a job once. A friend lost a pet; well, your Fluffy got cancer and died. And speaking of cancer… or losing a parent or other loved one. It’s happening to your friend now, and you’ve got powerful personal stories to tell that will show your friend that you’ve been there too, and you know what she’s going through.

Don’t. Just don’t go there. You don’t know what she’s going through, and frankly, she doesn’t care about your loss right now.

That’s something I learned during a course in pastoral training: You relate to the person in pain by active listening. Not by telling your own stories. Ask questions: Tell me about your plans to find another job. What was something funny that Fido did? Can you tell me a story about your relationship with your aunt? What worries you most about getting chemo?

Now is not the time to say, “I’ve been there.” The grieving friend doesn’t want to hear about your dead dog. He wants to talk about his dead dog, or at least, sit quietly with you while he mourns. Sure, if he asks, “Have you been there,” say “Yes,” and talk briefly. But this isn’t a conversation. It’s not a give-and-take, where you each share stories. No, you help by listening, not by talking.

I’ve seen this first hand, in time I’ve spent with mourners — where the mourner feels trapped into listening to stories she doesn’t want to hear. This was never as well said as in a recent story, “The Mistake I Made with My Grieving Friend,” by Celeste Headlee:

A good friend of mine lost her dad some years back. I found her sitting alone on a bench outside our workplace, not moving, just staring at the horizon. She was absolutely distraught and I didn’t know what to say to her. It’s so easy to say the wrong thing to someone who is grieving and vulnerable. So, I started talking about how I grew up without a father. I told her that my dad had drowned in a submarine when I was only 9 months old and I’d always mourned his loss, even though I’d never known him. I just wanted her to realize that she wasn’t alone, that I’d been through something similar and could understand how she felt.

But after I related this story, my friend looked at me and snapped, “Okay, Celeste, you win. You never had a dad, and I at least got to spend 30 years with mine. You had it worse. I guess I shouldn’t be so upset that my dad just died.”

Read the story. And next time you’re tempted to share your own stories of loss with someone in pain… don’t.

Hillary Clinton isn’t Secretary of State — hasn’t been for some time

If writing parts of a message in ALL CAPS lent credibility, this spam might be believable. But really? How long has it been since Hillary Clinton was Secretary of State? Look at the email addresses, look at the names, look at the typos. It’s hard to believe anyone would be fooled by this type of spam.

From: “MRS SUSSAN RICE” email hidden; JavaScript is required

Subject: UNITED NATION AND EUROPEAN UNION OFFICIAL WINNING PAYMENT VALUED $8,300,000M

Date: June 6, 2018 at 12:45:08 PM MST

Reply-To: email hidden; JavaScript is required

THE UNITED NATIONS ORGANIZATION
LONDON UNITED KINGDOM
UNITED NATION PAYMENT APPROVAL
OFFICE Special Duties/Logistics Department
FOREIGN CONTRACT/WINNING PAYMENT BUREAU

Our Ref: CITIBANK/LONDON/CTB

Your Ref 25321/imf/us/011/014

UNITED NATION AND EUROPEAN UNION OFFICIAL WINNING PAYMENT VALUED $8,300,000M

The Review and Decision of the UN Ad-Hoc Executive Committee on Your Grant Payment;

THE EUROPEAN UNION & UNITED NATIONS ORGANIZATION do hereby give this Irrevocable Payment Approval Order with Release Code No: GNC/3480/02/00 in your favor for your Inheritance/Award Winning Payment with the EU/UN to your nominated bank account. Now your new Payment Approval No; UN5685P, White House Approved No: WH44CV, Reference No.-35460021, Allocation No: 674632 Password No: 339331, Pin Code No: 55674 and your Certificate of Merit Payment No : 103, Citibank Telex confirmation No: -1114433 ; Secret Code No:XXTN013. Having received these vital payment numbers,

In reference to the meeting held by the UN Ad-Hoc Executive Committee on Grant Award Payment in collaboration with US Government, which comprises of 10 adjudicators Teams, headed by the UN Executive Secretary, Ban Ki Moon, UN President Mr. Miguel d’Escoto Brockmann, Federal Reserve Bank Chairman,Ben Bernanke, Representative of Office of Citizen Services and Communications, U.S. General Services Administration Director Scott D. Burford , Central Intelligence Agency CIA, represented by the Office of the Public Affairs Mark Mansfield, The representatives of Federal Bureau Investigation FBI, Amy Gutmann, The United Nation US envoy and the International Monetary Fund IMF New York officials , The Interpol President and Secretary Ronald Noble and the Nat West Bank Plc,London, United Kingdom.

In this capacity, they presided as a result of non payment of US Citizen UN allocated Grant Fund, thus the outcome of the meeting was successful as you have been advised to CALL Rev. Kenneth Brown of International Monetary Fund Office in New York today on Phone: 1-214-613-9962 for the immediate release of your fund valued at US$8,300,000.00.

As a matter of fact, you are required to Deal and Communicate only with REV. KENNETH BROWN, INTERNATIONAL MONETARY FUND NEW YORK, which is our official Monitoring partner. The Committee on Foreign Payment Matters in EU/UN has look up to make sure you receive your fund valued $8.3Million. So i will advice you to get contact with: REV. KENNETH BROWN on his contact information, in NEW YORK; TELEPHONE : +1-214-613-9962 Fax:+ 1-206-984-3626 Also contact MR.SCOTT PETERS OF CITIBANK LONDON FOR IMMEDIATELY TRANSFER EMAIL : email hidden; JavaScript is required TELEPHONE:+44 703 594 2488 CELL Fax: +44 844 4435285 for immediate release of your Inheritance/Award Winning claim. Be informed that you are not allowed to correspond with any person or office anymore. You are required to send the only to the bellow information.

Signatories to this Decision Are:

Susan Rice: United States Mission to the United Nations

Hillary Rodham Clinton: US Secretary of State

Timothy Geithner: US Secretary of the Treasury

Janet Napolitano: Secretary of Homeland Security

Eric Holder: Department of Justice Attorney General

Direct Citibank Telephone No :+44-704 572 8348
MOBILE TELEPHONE, +44 703 594 2488
FAX NUMBER:+44 844 4435279
Email:scottpete89658@gmail.com

for immediate release of your contract/inheritance/Award Winning claim Be informed that you are not allowed to correspond with any person or office anymore, You are required to send bellow information for your transfer.

1)YOUR FULL NAME:
2)ADDRESS,CITY,STATE AND COUNTRY.
3)PHONE,FAX AND MOBILE
4)COMPANY NAME(IF ANY) POSITION AND ADDRESS
5)BANK DETAILS,
BANK NAMES,
ACCOUNT NO,
ROUTING NO,
SWIFT CODE
BANK ADDRESS.
6) PROFESSION,AGE AND MARITAL STATUS
7) COPY OF YOUR INT’L PASSPORT/DRIVERS LICENSE

NOTE: YOUR PERSONAL CONTACT/COMMUNICATION CODE WITH CITIBANK CODE IS(511),YOU ARE ADVICE TO SEND YOU FULL BANKING INFORMATION TO THE CITIBANK OF LONDON INTERNATIONAL REMITTANCE DIRECTOR HEADED BY MR SCOTT PETERS AND MAKE SURE YOU SPEAK WITH HIM, WITH YOUR NEW PAYMENT CODE FOR RELEASE OF YOUR PAYMENT AND SEND HIM ALL YOUR BANKING INFORMATION NOW. CONTACT CODE(511)

OFFICER:MR SCOTT PETERS
POSITION:DIRECTOR,INTL,REMITTANCE CITIBANK LONDON.
TELEPHONE OFFICE/BANK:+44-704 572 8348
MOBILE TELEPHONE, +44 703 594 2488
FAX NUMBER:+44 844 4435279
EMAIL: email hidden; JavaScript is required

MRS SUSSAN RICE

(CHAIRMAN COMMITTEE ON FOREIGN CONTRACT/AWARD WINING PAYMENT UNITED NATION AND USA GOVERNMENT)

, ,

How not to fail at GDPR compliance

You wouldn’t enjoy paying a fine of 4 percent of your company’s total revenue. But that’s the potential penalty if your company is found in violation of the European Union’s new General Data Protection Regulation (GDPR), which goes into effect May 25, 2018. As you’ve probably read, organizations anywhere in the world are subject to GDPR if they have customers in the EU and are storing any of their personal data.

GDPR compliance is a complex topic. It’s too much for one article — heck, books galore are being written about it, seminars abound, and GDPR consultants are on every street corner.

One challenge is that GDPR is a regulation, not a how-to guide. It’s big on explaining penalties for failing to detect and report a data breach in a sufficiently timely manner. It’s not big on telling you how to detect that breach. Rather than tell you what to do, let’s see what could go wrong with your GDPR plans—to help you avoid that 4 percent penalty.

First, the ground rules: GDPR’s overarching goal is to protect citizens’ privacy. In particular, the regulation pertains to anything that can be used to directly or indirectly identify a person. Such data can be anything: a name, a photo, an email address, bank details, social network posts, medical information, or even a computer IP address. To that end, data breaches that may pose a risk to individuals must be disclosed to the authorities within 72 hours and to the affected individuals soon thereafter.

What does that mean? As part of the regulations, individuals must have the ability to see what data you have about them, correct that data if appropriate, or have that data deleted, again if appropriate. (If someone owes you money, they can’t ask you to delete that record.)

Enough preamble. Let’s get into ten common problems.

First: Your privacy and data retention policies aren’t compliant with GDPR

There’s no specific policy wording required by GDPR. However, the policies must meet the overall objectives on GDPR, as well as the requirements in any other jurisdictions in which you operate (such as the United States). What would Alan do? Look at policies from big multinationals that do business in Europe and copy what they do, working with your legal team. You’ve got to get it right.

Second: Your actual practices don’t match your privacy policy

It’s easy to create a compliant privacy policy but hard to ensure your company actually is following it. Do you claim that you don’t store IP addresses? Make sure you’re not. Do you claim that data about a European customer is never stored in a server in the United States? Make sure that’s truly the case.

For example, let’s say you store information about German customers in Frankfurt. Great. But if that data is backed up to a server in Toronto, maybe not great.

Third: Your third-party providers aren’t honoring your GDPR responsibilities

Let’s take that customer data in Frankfurt. Perhaps you have a third-party provider in San Francisco that does data analytics for you, or that runs credit reports or handles image resizing. In those processes, does your customer data ever leave the EU? Even if it stays within the EU, is it protected in ways that are compliant with GDPR and other regulations? It’s your responsibility to make sure: While you might sue a supplier for a breach, that won’t cancel out your own primary responsibility to protect your customers’ privacy.

A place to start with compliance: Do you have an accurate, up-to-date listing of all third-party providers that ever touch your data? You can’t verify compliance if you don’t know where your data is.

But wait, there’s more

You can read the entire list of common GDPR failures in my story for HPE Enterprise.nxt, “10 ways to fail at GDPR compliance.”

, , ,

The public cloud is part of your network — but it’s not entirely

The public cloud is part of your network. But it’s also not part of your network. That can make security tricky, and sometimes become a nightmare.

The cloud represents resources that your business rents. Computational resources, like CPU and memory; infrastructure resources, like Internet bandwidth and Internal networks; storage resources; and management platforms, like the tools needed to provision and configure services.

Whether it’s Amazon Web Services, Microsoft Azure or Google Cloud Platform, it’s like an empty apartment that you rent for a year or maybe a few months. You start out with empty space, put in there whatever you want and use it however you want. Is such a short-term rental apartment your home? That’s a big question, especially when it comes to security. By the way, let’s focus on platform-as-a-service (PaaS) and infrastructure-as-a-service (IaaS), where your business has a great deal of control over how the resource is used — like an empty rental apartment.

We are not talking about software-as-a-service (SaaS), like Office 365 or Salesforce.com. That’s where you show up, pay your bill and use the resources as configured. That’s more like a hotel room: you sleep there, but you can’t change the furniture. Security is almost entirely the responsibility of the hotel; your security responsibility is to ensure that you don’t lose your key, and to refuse to open the door for strangers. The SaaS equivalent: Protect your user accounts and passwords, and ensure users only have the least necessary access privileges.

Why PaaS/IaaS are part of your network

As Peter Parker knows, Spider Man’s great powers require great responsibility. That’s true in the enterprise data center — and it’s true in PaaS/IaaS networks. The customer is responsible for provisioning servers, storage and virtual machines. Not only that, but the customer also is responsible for creating connections between the cloud service and other resources, such as an enterprise data center — in a hybrid cloud architecture — and other cloud providers — in a multi-cloud architecture.

The cloud provider sets terms for use of the PaaS/IaaS, and allows inbound and outbound connections. There are service level guarantees for availability of the cloud, and of servers that the cloud provider owns. Otherwise, everything is on the enterprise. Think of the PaaS/IaaS cloud as being a remote data center that the enterprise rents, but where you can’t physically visit and see your rented servers and infrastructure.

Why PaaS/IaaS are not part of your network

In short, except for the few areas that the cloud provider handles — availability, cabling, power supplies, connections to carrier networks, physical security — you own it. That means installing patches and fixes. That means instrumenting servers and virtual machines. That means protecting them with software-based firewalls. That means doing backups, whether using the cloud provider’s value-added services or someone else. That means anti-malware.

That’s not to minimize the benefits the cloud provider offers you. Power and cooling are a big deal. So are racks and cabling. So is that physical security, and having 24×7 on-site staffing in the event of hardware failures. Also, there’s click-of-a-button ability to provision and spool up new servers to handle demand, and then shut them back again when not needed. Cloud providers can also provide firewall services, communications encryption, and of course, consulting on security.

The word elastic is often used for cloud services. That’s what makes the cloud much more agile than an on-premise data center, or renting an equipment cage in a colocation center. It’s like renting an apartment where if you need a couple extra bedrooms for a few months, you can upsize.

For many businesses, that’s huge. Read more about how great cloud power requires great responsibility in my essay for SecurityNow, “Public Cloud, Part of the Network or Not, Remains a Security Concern.”