Posts

I spent a mind-stretching few hours yesterday at the Cloud Security Conference organised by The Cloud Circle.

Summing up the whole day into a few points is hard, but these were the key things I took away:

• Security for the Cloud is mostly “just” security, with a few new architectures and contract models
• Know what data you collect and use, and the associated risks
• Know where your data goes, how it gets there and how it might be exposed
• Cloud delivery usually gives you less control
• But sometimes less control is also less risk
• Different landscapes give you different control & risk profiles (IaaS / PaaS / SaaS)
• The importance of knowing about data location and what jurisdictions apply – remember services are often composites from many sub-providers
• if it’s important to you, talk about it with the vendor and get it in the contract – and involve the legal advisors early
• But don’t expect a custom contract for 5p/hr computing bought on a credit card!
• The importance of standards (but this is still an immature market, so not everything has a standard)
• Plan for something to fail, because it will
• Cloud makes you ask questions you should already be asking

I can say with absolute certainty that I am not doing full service to the depth of presentations – I recommend looking for the slides on The Cloud Circle’s website.

Key References

Some key reference sources cited by one or more speakers

• Security Guidance for Critical Areas of Focus in Cloud Computing v3 published by Cloud Security Alliance
• European Network and Information Security Agency
• Secure Development Lifecycle
• ISO27001, SSAE-16, Vericode
• Fifteen Mobile Policy Best Practices
• Google Apps Security

This blog turned ten years old a couple of weeks ago. Looking back at how I used to blog back then I see that it was mostly comment on current events. My first post was about a book – How the Mind Works by Steven Pinker. I think I still have that book somewhere, although it may have been one of the many that I parted company with during the course of four house moves since that time.

Image via Wikipedia DevOps There’s quite a lot now on the internet about “devops” – combining development and operations work to increase flow and reduce problems Google search for Kanban + Devops Links I’ve tagged “devops” One of the key features of this approach is the idea that above a certain threshold of estimated duration, all operations work has to be included in the kanban board for visibility and flow management.

Joe Dager (@business901) has posted a video interview with Dr. Michael Balle, the Gemba Coach at the Lean Enterprise Institute about Kaizen Teams without Kaizen Events, or Can Kaizen be part of Standard Work? [slideshare id=8394746&doc=kaizenpartofstdwork-110623020735-phpapp01-video] Summary Balle makes some key points: Standard work is about routine v non-routine, prescribed v non-prescribed Standards are not the same as saying everything the same for everyone everywhere Standards = a scientific process

Image via Wikipedia I’m coaching a cross-functional team working across IT operations, application support and development, using Kanban to manage everything larger than the most immediate support requests. They already appreciate the importance of reviewing their work and process, so we’ve been trying to make this into Standard Work. Our first attempt is the 30 Minute Review and Retrospective Review (max 10 minutes total) Look at every story completed this week, for each (so ~1 min per story):

This is a follow on from UML Profile for Benefits Realisation Management – 1. In that post I described the basic UML profile I have created for modelling project benefits in line with [Bradley][2] and [Ward & Daniels][3] Having started to apply the profile successfully, I wanted to extend it to model measures, These were modelled by meta-classing Class Extending Benefits Model with Measures As can be seen from this diagram, I have added a number of tagged values (which are modelled as attributes in the UML profile) to cover off the typical data that needs to be captured in relation to a measure.

I wrote yesterday about using a general purpose UML modelling tool to create project Benefit Maps. In that post I described using Enterprise Architect’s ability to create custom UML profiles to create the beginnings of a custom modelling language for project benefits management. In this article I walk through the basics of that UML profile. Classes The first task was to model the core objects of the benefits model – Objectives, Benefits, Disbenefits, Business Changes and Enablers.

Benefits Realisation Management is one of those classic programme / project disciplines that “everyone” agrees is a great idea, which in my experience is more overlooked than observed. The main sources in the literature I’m aware of are books by Bradley and Ward & Daniels. I’ve also had the privilege of learning directly from Gerald Bradley, so my own approach is very much influenced by his work. A key tool is the use of visual maps, both interactively with stakeholders to discover benefits, and then as a way of presenting and communicating the complex causal links between an IT investment and the benefits it allegedly supports.

I’ve been using variants of the Getting Things Done (GTD) technique for a few years, and I find it’s a safe haven when work is turbulent. The simple rules of the GTD workflow help create forward motion on the most overwhelming of days. As I posted recently, after many attempts at finding the right tool support, I have now settled on one that works for me. But there are days when I have cleared a block of time, and I just need to plough through work, and if I’m not careful my GTD list can become just one more challenge to single tasking.

<dd class="wp-caption-dd zemanta-img-attribution" style="font-size: 0.8em;"> Image by <a href="https://www.flickr.com/photos/79538062@N00/4407962892">jypsygen</a> via Flickr </dd> </dl> I’ve been using variants of the Getting Things Done (GTD) technique for a few years, and I find it’s a safe haven when work is turbulent. The simple rules of the GTD workflow help create forward motion on the most overwhelming of days. My invaluable assistant in this is Nozbe – Michael Sliwinski and his team have put together a highly-functional product that I couldn’t work without.