ASD scraps Cloud Security Certification Program – Now What?

The Australian Signals Directorate (ASD) announced this week that the Cloud Security Certification Programme (CSCP) is being scrapped, and references to both the CSCP and Certified Cloud Provider List (CCPL) are being removed from the Information Security Manual (ISM) and other publications. So, what does this mean for government agencies, businesses and individuals who rely upon these artefacts?
 
When considering moving to the cloud, the onus has always been on the Cloud Customer (“Customer”) to ask the right questions and have their security and privacy requirements met in the contract with the Cloud Service Provider (“Provider”). The Cloud Security Alliance (CSA) referred to this in their previous artefact, The Treacherous Twelve, as Lack of Due Diligence. The corollary is that, if Customers do not ask, then they are consuming the default security and privacy offerings from the Provider. Unfortunately, many Customers race to consume cloud solutions and forget the contention between cheap, fast, secure – pick any two. Cloud is often chosen as a cheap and fast “quick fix”, with security often neglected.
 
So what now? Organisations will need to ensure that their information security professionals are trained up in understanding the most important points to consider when engaging a Provider. This will include jurisdictional issues, contracts, roles and responsibilities and ensuring service level agreements meet the needs of the Customer, not the Provider. According to a recent online Forbes article, Certified Cloud Security Professional (CCSP), a body of knowledge and certification offered through (ISC)2, is the fifth most sought-after certification. Cloud is also a topic in the four certifications ahead of it – CISSP, CISA, CISM and CRISC. The CCSP is a well thought-out body of knowledge that is relevant and meets the needs of today’s cloud customers and providers.
 
ALC has been at the forefront of cloud training across the Asia Pacific region, and our internal statistics show we have trained over 60% of information security professionals who hold the (ISC)2 Certified Cloud Security Professional (CCSP) in Australia and New Zealand. As the focus will increasingly shift to information security professionals within organisations to ask the right questions and demonstrate good governance, it is prudent to consider a solid basis and foundational level within many of ALC’s cloud, security and privacy training portfolio. Our CCSP trainers include the first person to be certified as a CCSP in Australia and the former lead cloud architect for a major service provider.
 
<a href=”https://www.freepik.com/free-photos-vectors/business”>Business photo created by kues1 – www.freepik.com</a>

Where to Start with Digital Transformation?

Digital Transformation is the ability of an organisation to remain competitive.  By using new technologies more effectively than their competitors, this leads to greater market share, lower price points, improved product and/or service quality and constant innovation for clients.  But where do you start?

This article is designed for medium to large organisations that want to know how to do this.  I’ll draw on my 20 years of experience as an enterprise and solution architect with DXC technology. I was fortunate enough to help a range of clients which I can now couple with my knowledge as a trainer, across the 12+ courses that I now run.

Click to open the infographic below to see a snapshot of the steps to take to perform a digital transformation successfully.

 

Here is my list of key steps in order:

Do you have questions with these steps?  Contact our awesome ALC Training team!

What is the Office 365 Security & Compliance Centre?

Believe it or not, Office 365 now contains 27 separate apps that are provided by Microsoft.   Many of these apps are provided with advanced security features.  Clearly managing these security features within each admin tool is a complex and onerous task.  So Microsoft have moved as much security as possible into the Office 365 Security & Compliance Centre.  This is now the central place to manage the majority of security functions in Office 365.

Click on the diagram below to link to the Microsoft TechNet article describing all the key Office 365 services:

You can augment this list by adding third-party apps that are available in the Microsoft AppSource app store.   You can also incorporate various Azure services that integrate with Office.  One service that is already included, is Azure Active Directory. 

Azure Active Directory or AAD, is a mandatory service that manages all the authentication and authorisations in Office 365.  It integrates with your existing corporate Active Directory, which probably lives in your data centre (on-premise), using a service called AAD Connect.  For companies that have very complex requirements around transferring data between your on-premise Active Directory and AAD, you can use the Microsoft Identity Manager product and the Active Directory Federation Service.

Here is a great link to a video that outlines some of the basics of Active Directory:

It becomes quite technical towards the end of the video, so just close it down, once you have the knowledge you need. 

Understanding Active Directory is key to understanding the fundamentals of how the Office 365 Security & Compliance Centre works, so check out my 2 day course where we cover all the basics, in non-technical language, so that anyone can start security their Office 365 tenancy:

Not only do we cover AAD, but we also run through:

Let’s pick out a couple of my favourite Office 365 services…Flow.

Flow is a product that allows you to integrate various cloud services, providing a platform for automating many of your tasks.  It’s a competitor to IFTTT.com, which stands for If This Then That, which provides a similar set of services.  For example, if an email comes into your inbox from a customer, there may be a series of manual tasks that need to be undertaken to start servicing that customer.  This can be automated and free up your time to focus on talking with customers, rather than having to do repetitive manual tasks.

Click on the graphic to be taken to a video outlining potential uses of the tool:

Now, let’s look at some of the key features of Data Loss Prevention

If want to know more about Office 365 services, please reach out to me on Linkedin.  Click on the image below to see my profile and start reaching out….

What is a Value Stream?

It may not be obvious, by the concept of a value stream is one of the most important concepts in a digital transformation.  Why?   Because once you understand a value stream, you start to truly understand your business and you’re on a clear path to improving customer experience.  Exceptional customer experience is your key business differentiator in the world of digital disruption and needs to be the core focus of any digital transformation.

Let’s define a value stream.  I’ll use what I consider, to be the best sources of knowledge reference. 

First from Scaled Agile.  

If you click on the image it will take you to the Leading SAFe 2 Day course I run at ALC Training.

Second from the TOGAF certification, written by the Open Group:

And here is a picture of a sample value stream map for an online purchase:

And here is another, outlining an emergency hospital admission:

As you can see it’s a simple overview, usually shown in 5-9 stages, of how a product or service starts life and is delivered to the consumer. 

As you can see, the business processes beneath can vary in complexity.  With an online purchase, the process is relatively simple.  With say intensive care, the process can be extremely complex and there are probably 1000’s or paths, depending on the type of care required.

It can also be known as:

Clearly, there are many values streams and they are quite different between industries.

Once we understand our value stream, we can then consider decomposing each component into systems and people.  An example of this is from Scaled Agile, where they define two types of value streams:

You’ll notice that the operational value stream is the one that is focused on the customer.  Whereas the development value stream is aligned to delivering systems in an agile manner.  In fact, these are development value streams are also known as a CI/CD pipeline:

So what we’ve now done, is to understand our business in the context of delivering value through software.  We cover this in our DevOps Foundation course:

Any questions on Scaled Agile or DevOps concepts, as always please reach out via twitter – @MusicComposer1 or find me on LinkedIn:

Governments Could Fall If Digital Transformation is not Successful

There are a number of examples in history, of how governments have fallen.  Either through the ballot box, through a coup d’etat or via a civil or military war.  But have you ever stopped to think that a lack of progress in a digital transformation, could be a fourth reason?

Let me back up a bit…and outline what I believe are the reasons we have a government.  Why does it exist and why we need one.  There are five:

Here is a great video that provides some more information on what government is?

Failure by governments to maintain those outcomes and deliver great customer experiences will result in disruption.  We’ve already seen this movie before right:

But hey, they’re all commercial examples.  Have you got anything that is relevant to government?  Sure:

Here is a great video explaining Brexit:

You can also extend that to local government, such as Queensland in Australia:

I talk about digital disruption and governments in the latest #AskTheCEO discussion here:

The same forces that have helped Uber, Netflix, Google and especially Apple become commercial disrupting forces, are the same for the government:

So what is the solution.  Well it’s important to understand what needs to transform in government and then do so, quickly.  Using the latest Lean-Agile and DevOps principles, along with great talent, is how Spotify undermined their competition, so government needs to do the same.  Here are three examples:

Interesting in learning more about digital transformation.  Check out a range of courses that I run at ALC Training:

DevOps Foundation

Cloud Security

Cloud Computing

Scaled Agile

Enterprise Big Data

 

What is Microsoft Azure and why should I use it?

Microsoft is one of the world leaders when it comes to cloud computing services.  In the last comparison of revenue streams from the cloud giants, back in Feb 2018, it seems that Microsoft was just ahead in front of AWS.

Want to learn more about Azure?  Well, there are options.  There is a great free resource from Microsoft that covers Azure fundamentals here:

https://docs.microsoft.com/en-us/learn/paths/azure-fundamentals/

Or, if you’re looking for more a hands-on 1 Day Azure Technical Quickstart to understand how to provision resources, you can check out our 1 Day course here:

https://alctraining.com.au/course/microsoft-azure-technical-quickstart/

You can also reach out to us, for customised Azure and Office 365 courses.

Azure is classed as an Infrastructure-As-A-Service (Iaas) and Platform-As-A-Service (PaaS) in the cloud computing world.  IaaS services are designed for system engineers, where you can set up and build servers, networks, and storage, and then install your apps on top.  If you’re in the software development business, then the PaaS services are designed for writing, testing and managing code, and target developers.  

Some important PaaS services that developers will need include:

Below is a brief snapshot of just the Compute services:

By combining together these services, you can create a rich tapestry of solutions.  It’s very similar to the age of analog electronics, where you could select oscillators, diodes and specific electronics components, to create solutions like creating a home radio.  

In Azure you can create very complex business solutions.  Below is an example of how you might integrate a complex corporate environment with Azure services, in a model known as hybrid cloud:

There are some very important services that are available in Azure, that align nicely to medium to large clients that have to comply with complex regulation.  Clients involving in banking, government, healthcare, and defence, need to maintain a level of corporate and regulatory governance, as well as a high level of cyber security protection in their cloud services.  Tools such as:

The diagram below shows an example of the types of recommendations that the Azure Advisor can provide:

Feel free to reach out anytime with your Azure of Office 365 questions or queries?

 

Why Governments will be Disrupted?

Digital transformation is the process of cultural,  technological and thought leadership innovation, that is required to ensure businesses remain competitive, relevant and able to survive.  Let’s break that down and explain what I mean.

Click on the image below to see ALC’s range of courses that can help with your digital transformation journey:

Cultural Innovation

This means allowing people within a business to develop and grow, by learning in a safe environment.  We often call this Failing Fast.  This helps to foster a culture within an organisation, that moves away from:

And move towards:

You can only innovate when you allow people to take risks.  But in concert, you need to provide tools and an environment for continual fast feedback.  This includes:

All these concepts and learnings appear again and again in many of the cultural change courses I run:

Click on the picture below to watch an awesome video from our DevOps Foundation course, covering Spotify Engineering Culture:

Technological Innovation

This means adopting the latest technological innovations, to help business leaders learn and act quickly.  There are many examples:

It’s no surprise that at ALC, we’re focusing on these key technological innovations:

Click on the diagram, below to see an awesome video from the Enterprise Big Data Professional course on why we use Hadoop over SQL when dealing with Big Data:

Thought Leadership

This is the most critical.  Leaders are the people in a company that pave the way for new things.  Just like in music, they are the avant-garde, breaking new ground, failing fast and leading by example.  They are skillful coaches that bring all their people with them on the journey.  They lead through:

You’ll find these leadership traits are exemplified in the following courses for leaders:

The diagram below shows you the Scaled Agile Framework, of SAFe for short.  Click on it and you’ll be taken to the FREE clickable version on their website:

Government

If you have ever worked in a government department or a local council, there are very few examples of these digital successes.  Why?  I believe many leaders of governments, whether they be the lord mayor of a council or the elected minister, fundamentally do not understand digital disruption.  They believe it is a phenomenon that only affects commercial entities and is not relevant to them. And the ones that do try and embrace digital disruption, don’t focus on cultural change, with leaders not leading by example.

Unfortunately, it is extremely relevant.  I believe governments will be disrupted, just like every organisation in the world will be disrupted.  Charities, councils, regulatory bodies, none of them are immune.  In fact, they are the entities that are most at risk of being irrelevant.  Why?

Because for every government service, there is are much better ways of delivering, by adopting the key tenants above and embracing digital transformation.  This means, if enough people do not see the value in government services, they will protest, they will resist taxes and want to live in a place where the services are incredible. 

We’ve seen trailers of this movie before:

Click on the diagram to show you how you digitally transform your government organisation using SAFe:

Check out my latest conversation on “Navingating Digital Disruption” on the New York hit show, #AskTheCEO with Avrohom Gottheil:

HitchHikers Guide to Cloud Computing?

This blog is going to explain, in non-technical jargon, two things:

I was inspired to write this article after ALC Training released a FREE 20 minute Cloud Computing Mini-Course last week, where I personally take you through a fun and engaging cloud journey.  It’s aimed at a non-technical audience, where you’ll learn the basic knowledge needed for all industry recognised cloud computing courses:

Why Use the Cloud?

Because that is the technology that powers how mobile apps work…..and it powers the entire app ecosystem:

And it also powers the largest social media platforms work:

It’s also how online shopping works:

And now it’s how core productivity apps work.  I mean your Word, Excel and Powerpoint apps are all cloud-based:

And it also powers the biggest email systems:

You can store files:

It can also update software in cars:

In fact, it all started with web site hosting, at the birth of the internet, for most people, in the late ’90s:

Here is the first web site, created by Tim Berners-Lee…and yes…it’s still live.  Click to the picture to visit:

What is Cloud Computing?

In simple terms it’s a new way of doing business, enabled by technology.  Not just business, business, but also personal business.

It’s accessible via a store, or via a web browser, which provides lots of benefits:

In fact, every form of communication known to man, you can post somewhere using an app, and other people can view and interact with it.

But what really is the cloud?

In the technology world, we call it a platform.  A foundation for hosting apps.

There are 3 types of cloud:

If you found this article interesting, and want to take your cloud knowledge to another level then check out my course.  In partnership with ALC Training, I offer a 2 Day Cloud Foundation course for non-technical or semi-technical people.  It’s a classroom-based environment where interaction, games, and fun are key learning tools. 

Are you an entrepreneur, a project manager, an auditor, a talent acquisition specialist, a human resources professional, a marketing whizz….in fact anyone with a strong interest in the cloud….then this course is a good fit for you.

The best part is that it leads to an industry recognised certification, backed by APMG International……which shows up as a digital badge on your LinkedIn profile.  Perfect for showing that your current employer is serious about cloud computing.

Interested in attending…..check out the dates, by clicking on the image below:

If the dates are not suitable, please reach out to our awesome team at ALC Training, and we can customise the course to your needs and bring to your location.

I hope you enjoyed this blog article.  Have a great week.

P

 

 

 

 

Revolutionise your Career…..Learn Cloud Computing

Cloud Computing is the latest skill, that is moving into employment market today.  It supersedes a time where businesses relied  on IT professionals, typically between 1985-2008.  This is referred to as the client-server model era.

These IT professionals were employed to ensure that services were designed, deployed and run in a highly efficient and highly reliable manner.  Apps and data were run on servers, in a data centre at best…at worst it was hosted inside a cupboard.  Services could include:

Today, Cloud Computing has changed this landscape forever. It started to really mature and become used by businesses around 2008, Microsoft Hotmail and AWS being pionerring spirits, through to the present day. 

Below is a solution architecture, showing the services that are available instantly through AWS:

 Already we’re 10 years in,  and only within the last 3 years has cloud become common:

No longer is a $100,000 loan necessary, to buy infrastructure when starting a business.  You just need a credit card to buy the cloud services as you need them.  This means anyone can start a business and scale services with just 1 employee.  This accounts for the explosion in entrepreneurs, particularly females, who often have to balance income with kids.

Understanding Cloud Computing is not just for IT professionals, it’s for anyone who uses Cloud and wants to learn more.  

I’ve created a simple and engaging cloud computing mini-course, courtesy of ALC Training, for everyone to use, for FREE.

It’s highly interactive and includes a set of questions to test your knowledge.  Go on…have a go….and have some fun:

https://www.alc-group.com/introduction-to-cloud-computing/?utm_source=PaulColmer&utm_medium=Shared%20Post&utm_campaign=PC_ALCAd_Jan19

I would love to hear your feedback.  Please reach out on the channels below:

LinkedIn
www.linkedin.com/in/paulcolmer/

Twitter
twitter.com/musiccomposer1

Instagram
www.instagram.com/paulcolmer/?hl=en

Why should Enterprise & Solution Architects take TOGAF Parts 1 & 2?

Because…….Part 1 (TOGAF Foundation) only covers the theory, whereas Part 2 (TOGAF Certified) covers the practical, hands-on knowledge and experience required for real enterprise and solution architects.  If you want to learn how to really use TOGAF, you need to do both….here is why?

TOGAF is a framework for developing complex solutions.  By complex solutions, I mean solutions that involve many different components and involve more than 20 people to develop.  Examples include:

Here is a good link showing TOGAF being used in an Aviation Case Study:

https://kipstor.com/case-studies/aviation-case-study/

It is used by IT architects, to make sure that nothing in the solution has been overlooked.  Companies working in financial services, healthcare, manufacturing, mining, consumer technology, aerospace, government and industries that are highly regulated, all require architects to be TOGAF Certified.  This means both Part 1 and Part 2.  

There are 2 levels are outlined below:

  1. Part 1 – TOGAF 9 Foundation
  2. Part 2 – TOGAF 9 Certified

TOGAF Foundation (Part 1)

This is run as a 2 day course and includes all theory.  It includes:

 

TOGAF Certified (Part 2)

This is run as a 2 day course, immediately after the 2 day Foundation course.  It covers exercises on how to apply the theory in Part 1, and includes:

Here is one view, of the TOGAF meta-model, (copyright Open Group):

Interested in learning more about completing both parts of TOGAF.  Check out our courses here:

https://alctraining.com.au/course/togaf-9-level-1-2-certificate-course/

If you want to learn more about TOGAF and understand what is included in the latest TOGAF 9.2 course, check out my blog article here:

https://www.paulcolmer.com/blog/whats-new-in-togaf-92

And here is a special flashcard quizlet I created for you to use for FREE:

https://quizlet.com/315748007/togaf-92-the-open-group-architecture-framework-paul-colmer-diagram/

 

TOGAF® is a registered trademarks of The Open Group. 

What are the Benefits of using the Scaled Agile Framework?

The Scaled Agile Framework, known as SAFe for Lean Enterprises, is a large knowledge base of proven, principles, practices and competencies, that integrates cultural change practices for Lean, Agile and DevOps. The diagram below, shows the latest full version (v4.6) of the framework:

By proven, I mean that all the work contained within the framework, has been demonstrated to bring success to all types of businesses.  The success is clearly measured by the number and breadth of case studies that are available on their website.  These case studies, have been written by SAFe clients, in their own words, showing the true power of the successes they have achieved. 

Let’s step through 3 specific examples below:

Australia Post

https://www.scaledagileframework.com/case-study-australia-post/

The following information is taken from the SAFe case study and outlines the case for action, or as we say in SAFe, the burning platform….

“Australia Post has invested in its technology, people, and culture to change the way it works to focus on customer experiences and continuous innovation. To help achieve this change, Australia Post selected and adopted the Scaled Agile Framework® (SAFe®) not only as an operating model but as a tool for change. With SAFe, the organization aims to describe, communicate, and build an understanding of how to leverage Lean and Agile principles across the organization.”

Key Benefits:

Westpac

Upon launching a new online banking platform back in 2015, there was a real need to deliver additional features at breakneck speed.  Even though the launch was highly successful, winning at least one aware, the organisation needed to embrace some form of cultural change to accelerate feature delivery.  After looking at a number of cultural change methods, they decided that SAFe would be the best method.  Particularly as the methods and practices are proven and scalable, across small and large organisations.

Key Benefits:

Fitbit

Key Benefits:

 

If you’re interested in learning more, check our Leading SAFe courses:

  

Also check out Paul Colmer’s blog post on Leading SAFe, as he our Leading SAFe trainer.  He outlines the short story from NASA:

https://www.paulcolmer.com/blog/real-business-benefits-from-using-the-scaled-agile-framework

How Does Modern Musical Composition Echo The Trend of Big Data

I was very fortunate in 2011 to be awarded a Leading Edge Forum Grant to perform distinguished research on In-Memory Data Grid technologies (IMDG).  At the time, the term Big Data had not been coined, or at least I had never heard of it.  The 3 months of intensive study and research for the CSC Leading Edge Forum, now known as DXC Technology, lead to a path of self-discovery and a realisation of what was really happening in the data space.  Here is a link to the brochure showcasing my work: 

www.slideshare.net/CSC/csc-grants-via-leading-edge-forum

Big Data is now defined as the problem space, relating to the cleaning and analysis of huge data sets, resulting in a series of recommendations, a roadmap and/or defined business outcomes.  It’s further described by using the 4 V’s:

Based on my research, and because of my classical / jazz composition background, I see Big Data slightly differently.  You see when I studied musical composition at the University of Wales and the London College of Music, I learnt that the most talented composers and performers had been using the same system for around 500+ years. 

Sounds remarkable, that a single system would pervade for so long, but it’s true.  We call it tonality, or in laymans terms we use keys and scales in music.  When we learn to play a musical instrument we learn all the different scales and all the different keys.  Examples include C Major, D minor, B flat major or C# minor.  This is why there is much emphasis on practicing scales and chords.  This system is called the tonal system and is still strongly used in pop music culture, especially in the pop music charts.

Now…at the turn of the century, between 1900 and 1925 a group of composers emerged, that are now called the Second Viennese School.  And what they did was remarkable.  They pretty much started to reject the use of the tonal system, that had served mankind well for 500+ years and created a new form of music called serialism.  Simply put, that is music that does not have a tonal centre, a key or is not strictly part of a scale.  We describe this as atonalism.  To the untrained ear, it would appear that the notes seems to be random and dissonant.   This is what atonal music, using serialism composition can look like.  

You’ll see that every note on the top stave is never repeated and every note on the bottom stave is also never repeated.  This ensures that no note takes precedence and stops us perceiving any form of tonal centre, or tonality.  Below is a short video explaining serialism, if you’re interested in learning more.  

www.youtube.com/watch?v=c6fw_JEKT6Q

This new school of serialism, led by Schonberg, Webern and Berg, was mirrored in the art and fashion worlds, through the abstract art movement, with Jackson Pollock being the most famous.  Below is an example of Pollock’s work:

So what the hell does this have to do with Big Data, I hear you cry?

Well Big Data is a great analog of this short history lesson in modern musical composition theory.  We’ve been using relational datastores for 30 years, and apart from the emergence of a few exceptions, the most popular datastores have been SQL based, conforming to relational database theory.  These datastores are commonly known as relational database management systems or RDBMS.  Think of relational database theory as musical tonal theory.  It’s worked for a long time, so why change it?  Examples of RDBMS include Microsoft SQL, Oracle and SAP.  With a relational datastore, we store data in tables and these tables all relate to each other in a schema.  Below is a simple example:

There are other rules that need to be implemented in order for a relational datastore​ and these include following the ACID principles, and rationalising the structure using normal forms.  Here is a good article outlining relational database theory:

en.wikipedia.org/wiki/Relational_database

Then companies decided to rethink the storage of data, to help solve new, complex problems.  The challenge with relational datastores is that they are great at storing customer information and financial information, but are not very good at processing and storing millions of records, that are unstructured, with 1000s of additional unstructured data items being thrown into the mix per second, with varying levels of data quality.  Basically relational datastores are not built to cope with Big Data.  They tend to be much slower, reliant on ACID principles, and are not optimised for handling unstructued or semi-structured data.  The diagram below outlines ACID principles in an RDBMS architecture:

The first well known company to use non-relational datastores en-mass was Napster.  They created a peer-to-peer music sharing network in the early 2000’s and used distributed hash tables to link up the data via central servers.  A distributed hash table is essentialy a key value store, which links a key (name of the song and artist), with a value (a link to the mp3 file).  This means it’s super fast and able to reference unstructured data very efficiently.  This provided a very successful, timely and ground-breaking music streaming  service, similar to Spotify today.  In those days Napster was later shown to be an illegal service, which has since reached agreements with record companies and artists.  Click on the diagram below to view a short video outlining how Peer to Peer networks operate:

In parallel we see Google invent Apache Hadoop technologies to deal with vast quantities of indexing material for search engines and the Big Data ecosystem grows expotentially from there.  We now have NOSQL datastores, In-Memory Data Grids and the list goes on.  Here is an article that best describes the key differences between the most common types of technology:  NOSQL, RDBMS and Hadoop:

www.datasciencecentral.com/profiles/blogs/hadoop-vs-nosql-vs-sql-vs-newsql-by-example

Be aware that there is huge complexity and variation between different types of Big Data products.  The diagram illustrates this point, by outlining the current Hadoop suite of software tools, that can be utilised in a Big Data initiative.

Unfortunately we haven’t had enough time to cover Artificial Intelligence, Machine Learning and Deep Learning, which I’ll save for another blog post.  But these techniques, methods, approaches are all part of the Big Data movement.

If you’re interested in learning more about Big Data technologies, check out our new Enterprise Big Data Professional course:

www.alctraining.com.au/courses/cloud-computing/