Archive

Monthly Archives: May 2010

Your Cloud, My Cloud, Security in the Cloud

May 28, 2010
Cloud Speak
1 Comment

I had a great conversation the other night while at the Seattle Web Analytics Wednesday (#waw) with Carlos (@inflatemouse) and a dozen others.  @inflatemouse brought up the idea that an analytics provider using the cloud, increases or at least possibly increases the risk of security breach to the data.  This is, after all a valid point, but because of the inherent way web analytics works this is and is not a concern.

Web Analytics is Inherently Insecure

Web analytics data is collected with a Javascript Tag.  Omniture, Webtrends, Google, Yahoo, and all of the analytics providers use Javascript.  Javascript is a scripting language, which is not compiled, and stored in plain text in the page or an include, or passed into the URI when needed.  This plain text Javascript is all over the place, and able to be read merely by looking at it.  So the absolute first point of data collection, the Javascript tags, is 100% insecure.

The majority of data is not private.  So this insecurity isn’t a huge risk or at least should not be.  If it is, you have larger issues before you even contemplate using an on-premise and cloud solution to bump up your compute and storage capabilities.  Collecting data that needs to be secure via web analytics is an absolute no.  Do NOT collect secure, private, or other important pieces of data this way.  If you have even the slightest legal breach in this context, your entire analytics provision could have this data scraped, possibly used in court in a class action suite, or in other ways even.

For the rest of this write up, I will assume that you?ve appropriately encrypted, or enabled SSL, or otherwise secured your analytics or data collection in some way.

Getting that Boost on Black Friday

eE-commerce has gotten HUGE over the last decade.  The last Black Friday sales and holiday season saw the largest e-commerce activity in history.  Omniture, Webtrends, and all of the other web analytics providers often see a ten fold increase in web traffic over this period of time.  Sometimes, for some clients, this traffic is handled flawlessly by racks and racks of computers sitting in multiple collocation facilities around the world.  However, for some clients that have exceedingly large traffic boosts, data is lost.  (yes, ALL the providers lose data, more so during these massive boosts)  The reason is simple, the machines can?t process in time or handle the incoming traffic because the extra throughput isn?t available to scale.

Enter the cloud.  The cloud has vastly more scalability, almost an infinite supply by comparison, to any of the infrastructure available to the analytics providers.  Matter of fact the cloud has more scale available than all of the analytics providers.  This is actually saying a lot, because Webtrends (and maybe some of the others) I know does an amazing job with their scalability and data collection, arguably more accurate and consistent than any of the other providers (especially since many of them just sample and "guess" at the data).

So when you extend your capabilities to the cloud for web analytics do you really increase your security vulnerability?  Most of the providers of web analytics have their own array of security measures, that I won’t go into on levels of security.  However, does introducing the cloud change anything?  Does it alter the architecture so significantly as to introduce legitimate security concerns?

Immediately, from a functional point of view, assuming good architecture, intelligent system design, and good security practices are in use already, introducing the cloud should and is transparent to clients.  For the provider it should not increase legal concerns, functional concerns, or otherwise pending the aforementioned items are taken care of appropriately.  But that is just it, every single current provider has legacy architecture, various other elements that do not provide a solid basis for a migration to the cloud for that extra bump of power and storage.

So what should be done?  What if a provider wants that extra power?  Can the technical debts be paid to use the awesome promises of the cloud?  Is the security really secure enough?

Probably not.  Probably so.  But . . .

This provides a prospective opportunity for a new solution for web analytics to be provided.  It provides a great opportunity for a modern cloud based solution, that provides more than just a mere Javascript tag and insecure unencrypted data to be collected for analysis.  It provides the grand opportunity to design an architecture that could truly lead the industry into the future.  Will Webtrends, Omniture, Unica, or someone else step in to lead the analytics industry into the future?

At this point I’m not really sure, but it definitely is an interesting thought and a conversation that I have had a lot of people at #altnet meetings, cloud meetups, and with cloud architects, engineers, and others that have similar curiosities.  I await impatiently to see someone or some business take the lead!

Cool Places, Things, and Groups in Seattle So Far?

May 27, 2010
Social Space
Leave a Comment

I am new to Seattle from the "I live here" perspective.  I have travelled here and visited more than a few times.  The last week or so I have been wandering a bit and checking out various groups such as Web Analytics Wednesday and possibly will check out the Startup Drinks Group in Ballard this Friday.  All in all I’m happier with my move from Portland to Seattle than I originally thought I’d be (because Portland is seriously awesome too).  Seattle is surprising me in a few ways that I actually didn’t expect, one of them is the tech scene presence is a little bit better than I originally thought it was (good job tech scene pplz).

There are a few points I am still curious about.  Maybe some readers could help me out with the following:

  1. Where and when do the people interested in Saas, Cloud Computing, and similar topics get together, hang out, have drinks, or otherwise?  I haven’t found too much going on around these topics.
  2. Ok, I have found a number of awesome coffee shops to hang out at on those days were I don’t go into the office.  So does anyone else have any suggestions for cool places to pull out the laptop and crank on some code and such?
  3. I really dig hearing about all the awesome startups in Seattle, which Seattle 2.0 is pretty awesome in relating, but is there anything else I should check out?

That’s my burning curiosities at the moment, so if any of your dear readers have any thoughts on these things, or know of anything please do leave a comment or three.  : )

I moderate, so if they don’t show up immediately it will eventually.  Thanks!

Cloud Tidbits I Feel Compelled to Mention

May 20, 2010
Cloud Speak
Leave a Comment

Just a few links for today.  I am still hustling together some code for the Kata that I am working up related to real world testing – ala TDD.  In the meantime, check out some cloud tidbits.

More Cloud News

May 19, 2010
Cloud Speak
Leave a Comment

Recently Amazon jumped into the relational database cloud competition with Microsoft.  Up until the 6th of this month, Microsoft had the only cloud with a real dedicated relational database offering in SQL Azure.  Now Amazon has their Relational Database Service heating up the competition.

In other news, Google finally joined the storage party with their recent launch announcement at the I/O Conference.  So now we have Amazon, Microsoft, and Google as the big companies on the block throwing down on the storage offerings.  Stay tuned for more!

In other news I have been working through the katas setup for TDD practice.  They’re actually a lot of fun and would suggest anyone out there interested in TDD or just unit testing to just go out and give one a test drive.  : )

Currently I am working on a code kata putting together ideas from Roy Osherove‘s The Art of Unit Testing and what one needs to know for testing in enterprise environments, abstracting the appropriate code to take into account web services, files, I/O, architectural issues, and other elements of coding.

Seattle #altnet

May 17, 2010
Conferences, Social Space
Leave a Comment

Just a few of the key points brought up during the #altnet meeting on Saturday this weekend.  There were a number of other topics, but these stuck in my mind as something I am more interested in.

  • katas | How to transition the learning from katas into the more elaborate testing realm of fakes, mocks, stubs, and such.
  • Smells |  ViewModels, testing WPF and Silverlight.  How to test for latency,
  • Upfront versus down the road costs.  How to decide when something should be learned at a macro level.
  • UI Testing | What is a good method or practice to use to keep the testing time to a minimum.

These four points bring me to my current story list of code to write.

  • Knock out a kata or two, and elaborate on the katas so that they have a more real world use for Enterprise (and other) Developers that have lots of abstracted layers and other parts to move through.
  • I really need to get back to my Silverlight and WPF skills.  Somehow I need to bring these skills into my daily Azure Cloud work, which should be relatively easy, I just have to do it.
  • Not sure I will have time, but I would like to write up some cost analysis (not just $,  but in time, effort, and other costs) associated with certain up front design and up front testing versus testing or design after the fact.  Of course this entire discussion point is very relative, but I am sure I can dig up some information somewhere.
  • UI Testing.  It was an interesting topic at ALT.NET, but doubtful I will touch on it much until I get more dedicated WPF/Silverlight/Web UI Work.  Right now there just isn’t enough value it it for me (kind of based on the aforementioned topic).
Follow

Get every new post delivered to your Inbox.

Join 3,273 other followers