Is Cloud Computing Safe?

What about Apple and iCloud – Is it Secure?

In the above video Raj gives some balanced perspective on the recent celebrity photo leak. However he doesn’t clearly answer the question, “Is data safe on the Internet?”

Tomorrow I’ll be speaking to business leaders in Bethesda MD on this subject:

Things to consider before moving into cloud, BYOD, and other transformational technologies.

There’s a lot of things to think about here, but the bottom line is, Data is Not “Safe” on the Internet.  It’s a matter of impact and likelihood; a graph I refer to extensively in some of my books.

Safety is never guaranteed – not while driving your car, and not in transmitting data. The question is, what’s the impact of certain things happening, and what is the likelihood of them happening. Before putting data on cloud services, or really any Internet connected computer, the data owner has to ask, what is the impact of certain potential events. It might be helpful to make a short list.

Data may be targeted by hackers like it was with Home Depot, or I might just lose connectivity to my cloud service like when my Internet connection goes down and I can’t make a land line phone call.  So what’s the impact of each thing I come up with?

Now, what’s the likelihood?

If I thought I might experience a deadly crash every time I got behind the wheel, I guess I’d stop driving.

As it stands, after over 50 years of incident free driving, I feel pretty good about taking my car rather than walking or riding my mountain bike. Yet the risk of a deadly accident still exists. The impact is high; the likelihood is low.

Cloud computing is complicated. As Raj explains, it’s not some mysterious technology. It’s simply someone else’s computer and I’m renting some space on it. Microsoft OneDrive gives me 1 TB for a reasonable monthly price, so I use it. However, I don’t think I’d be putting explicit photos of myself on it.  I’m okay with the idea that someone might expose a picture of me hiking through the woods with one of my kids.  So the impact is low, and since I can’t really see the Microsoft security set up, I don’t know what the likelihood is.  But I don’t really care that much.

The point here is, no one really knows how secure any given cloud provider is…it’s always a guess.

Now with my accounting data I might feel differently. It might be too sensitive to put in the cloud, or I might do some more research before placing my trust in Intuit or Amazon, or whoever hosts the accounting application I use.

If you do the research, it wasn’t iCloud that created this photo problem. It was social engineering. It almost always is in some way. No matter how good the security is, you can always talk someone into installing a bot or program to capture passwords (Key logger) as they’re entered in. And you can almost always put something together to run through the dictionary of likely passwords and simply guess. And it’s human nature to use a password that is both easy to remember and easy to guess.

So there’s no reason to sit around blaming Apple. It could have been any cloud storage with pictures. Next time it will be Dropbox or Google Drive…Cloud is not an ultra safe place to store explicit pictures or any other highly sensitive data.  And Internet connected servers aren’t much better. After all, that is what the cloud is…a bunch of Internet connected servers just like the ones sitting in your home or office.

© 2014, David Stelzl

P.S. Are you the trusted security advisor to your clients?  Make sure you don’t miss this upcoming workshop (Online) specifically for technology resellers selling security and managed services offerings!  

Save me a Seat  << Find out more and sign up for Sept 26th, 2014! It’s Free to Technology Resellers.

Home Depot In the Headlines

Expect This to be a Daily Thing Over the Next Several Weeks

How would your customers like to be Home Depot right now?

Who’s at risk? Remember Sound Bites? I talk about this extensively in The House & the Cloud. And the new edition has an entire chapter on how to effectively use sound bites, and how to not use them.

Home Depot is heating up and overtaking the stage from Target. The number might exceed 60 million identities on this one – up from 40 million with Target. The amount of time these hackers had access is certainly longer. Let’s look at some key sound bites coming to the forefront of this story…

  • “U.S. states probe Home Depot breach, senators seek FTC investigation” – How about this for a headline? This should wake up just about any CIO. How would your customers like to have the FTC investgating.  It gets worse…(Read the entire article).
  • “Two senators asked the federal government to investigate a data breach on the payment-card processing systems,” – If the FTC isn’t enough, how about having senators and other governmental officials requesting more investigation. This makes it sound like Home Depot isn’t really on top of this.
  • “An Illinois customer sued Home Depot saying the company failed to properly safeguard customer data from hackers.” – The lawsuits are just starting…Home Depot didn’t properly safeguard the data? That’s  a due care issue and a serious one if they prove it.
  • “The news also caught the attention of credit ratings agency Moody’s, which said the attack is a “negative” factor.” – Credit ratings are taking a hit?
  • “If Home Depot failed to adequately protect customer information, it denied customers the protection that they rightly expect when a business collects such information,” the senators said in a statement. “Such conduct is potentially unfair and deceptive, and therefore could violate the FTC Act.” – speaking of  the two senators above.
  • “When asked if investigators had confirmed the attackers had been removed from the company’s network, Drake declined to comment.” – Translation; they don’t really know. If Home Depot’s networks is under control now, don’t you think they would be broadcasting that fact loud and clear?  This has to be bad for business.
  • “Home Depot shares fell 2.1 percent to $88.93″ – and of course a fall in stock price. Expect to see some numbers on how much this is going to cost the company.  It was 1.4 million last time I saw numbers on Target. Will this exceed that?

The Really Scary Part of this is that Home Depot did not Detect the Attack!

These hackers have been in the systems for at least 4 months according to WSJ reports, but it was the banks reporting fraudulent activity that brought this to light. In The House & the Cloud I discuss the need for detection – I point out that perimeter protection only keeps the honest people out. At least Target detected their attackers within weeks of the attack. This is a disaster.

How can shoppers go back to Home Depot if they’re not sure things are repaired. The company says card holders won’t be responsible for fraudulent charges. Will that be the case on debit card transactions too?  And what about those who don’t take the time to scrub through all of their cards and transactions? Will the bank notice a wrong transaction and call it to the consumer’s attention? Maybe, but maybe not.

What To Do With This…

This is the perfect time to create some sort of briefing! You have Target, Home Depot, Chip & Pin trends, PCI and compliance…was Home Depot PCI compliant? I didn’t see that mentioned, but I bet they were!  If that’s the case, what does that say about PCI compliance? Does compliance make a company secure?

Next week I’ll be speaking to CIOs in the DC area at a reseller lunch & learn. (Thanks to Check Point for sponsoring this event!) What are you doing to do with it? It’s not all about Home Depot – it’s about hackers, their tools, and the weak security programs these companies have in place.

If you provide security solutions and managed services, don’t just go in spouting off about Home Depot. Instead, consider the briefing approach. What trends are relevant right now? What mistakes are companies making? What does this have to do with PCI compliance? What tools, education, and processes, should be put in place to prevent this sort of thing. We can’t change the dates on Chip & Pin requirements, but we can show business leaders how to become a less attractive target for hackers.

© 2014, David Stelzl

P.S. Are you signed up for my session tomorrow on Making the Move From Vendor to Advisor?

Save me a seat!  << Get a seat now!

DO you have my special report?  Don’t Get Fired!!!!

Don’t Get Fired – Retool Yourself! << Download it!


Was Home Depot Hacked?

It sure looks that way…this video offers some great insights into the resale of stolen data. They even have a clip with someone trying to buy credit card data.  This clip is from 5 days ago – so what’s happening now?

The ABC Blog – 7 Hours Ago Reported…

“The huge hacking attack against Home Depot’s payment systems could turn out to be the biggest breach of any retailer’s data so far. The company confirmed the data break-in but did not say how many credit and data cards are affected. The total could be as much as 60 million”

In other words, yes, there’s been a breach.

The thing is, Home Depot is saying they are not aware of credit card data being taken. What does that mean?

It means they don’t have to tell us yet – but it doesn’t mean there’s not a problem. Since the breach, ““multiple financial institutions … are reporting a steep increase over the past few days in fraudulent ATM withdrawals on customer accounts.” We’re talking about 60 Million Card Numbers here.  That’s a lot of data – on the video you can see that this type of data is worth a lot of money as long as the consumers have not been notified. That means someone may be using my card right now and I would not know it.  Time to check my card charges online.

Chip & Pin Technology

If Chip & Pin technology had been in place, both Target and Home Depot would not have had this issue. The really bad news is that we have to wait until October 2015 before companies like Home Depot have this technology in place.

Will that stop hackers?

No – security is a long term play for technology providers. Every few months new technology comes out and new hacker strategies evolve. Actually, it’s the other way around. The hackers come up with something that works, and technology companies try to stop it. They then come up with the next thing. So while companies are scrambling to get the Chip & Pin thing going, hackers will be developing something completely different. They use this strategy as long as they can – then at the last minute switch to something completely new.

The Next Edition of The House & the Cloud…

The best thing you can do is get ready with the updated House & the Cloud.  I just finished the edits and the artwork. I have one more chapter coming to me from an expert in managed services to bring this all together…so by the end of this month we will be printing copies.  I know it’s taking longer than expected, but it’s really close now. Stay tuned…

In the mean time, check out my latest report on How to Upgrade Your Sales Position and Not Get Fired!

“Don’t Get Fired!”  << Special Report for Technology Resellers!

© 2014, David Stelzl

What Questions will get the CIO’s attention?

The better you know what it means to be a CIO, the better chance you have of making it through a meeting with one. 

If you know something about information security – you’re in luck.  It’s time to strike. With Target in mind and Home Depot in question, Rachael King writer for the WSJ tells us, board members are asking lots of questions. I suspect the CIOs don’t have the answers. How could they?

In a recent interview, John Stewart, chief security officer at Cisco Systems was asked, “What questions are being asked?” So maybe its less about asking the CIO questions and more about knowing the questions CIOs are being asked – questions they don’t have answers to. This is the heart of what I call Predictable Messaging.

If you know what CIOs are being hit with – if you know the questions they’ll be asked, and that they probably don’t have answers to,…and you know how to get answers, you might become one of their most valuable assets.

Here are three questions reported this week by the WSJ (from Stewart’s Interview):


  1. “Do you have a set of security controls that are provably in place, are measurable and are actually effective for the state of business and all the business types you’re currently operating? Even if the answer is no, Mr. Stewart said that he hopes this question starts a conversation in the business about how cybersecurity needs to be approached.”
  2. “Have you ever had any material breaches that have or have not been reported to the board and should have been?”
  3. “With regard to cybersecurity is there anything else I should know right now?”

Chances are the CIO won’t give you answers to these questions…however, knowing what they’re being asked for is the key. Can you help them answer these questions? Going back to an earlier post – do you know the top 3-5 threats, how likely they are to hit this company, and how the company is trending with security – up or down…how do we know. These are all things the board wants to know.

Do you want to be the chosen technology and risk advisor for the companies you call on?  Check out my most recent report on staying relevant in the technology sales industry…

Download the Report << Click to Get it!

© 2014, David Stelzl

P.S. Join me on 9/11 for a live online workshop where I will be discussing key strategies for working with top level executives in the technology world. Specifically Designed for Technology Resellers.

Save me a seat!  << Read more and register…


Do your clients refer to you as a vendor or their advisor?

A couple of weeks ago Cisco announced a large cut coming up; about 6000 people. This includes sales people! As I mentioned in my post, What Skills Should You Invest in Right Now, this is not a sign of a shrinking technology market, but rather a lack of effort on some people’s part to stay relevant and valuable to the companies they work for.

There’s a lot of change out there, and there are a lot of things to keep up with…it’s not easy to be on top when you work in a field that changes every day. Nothing we do today looks anything like the technology I went to school for (Computer Science). We were just getting off of punch cards, working with 8″ floppy disks, and the Internet was strictly research and government.  There was no World Wide Web, Smart Phones, or even Laptops!  (I did have a Mac 128 in 1984).

Next week on 9/11 I’ll be presenting some important stuff as part of my From Vendor to Advisor programs. You might already have my book, From Vendor to Advisor, or perhaps you’ve attended my workshop, “Making the Move From Vendor to Advisor.” Either way, I have some exciting announcements coming up – and next week I’ll be sharing some great material – Lessons I Learned While Working on Multi Million Dollar Projects w/ PWC.”

If you know my story, in 1995 I worked with three other guys to start a very successful reseller business in the Southeast.  Many of the things we did were born out of this Multi-Million Dollar Experience. I called it The Accenture Alternative…

So two things you can do:

Join us for the upcoming Webinar Training <<<Register Here

Once Signed Up, I’ll send you my New Special Report on Making the Cut, and a link to view the session. If for some reason you can’t make it, you will still want the report, and I promise to send a replay link!

Looking forward to it!

clockWhat Skills Should You Be Investing In Right Now?

Will You make the cut?

Cisco is laying off another 8% of its workforce. That’s about 6000 people – it’s not the first time. And they’re not the only ones making cuts.  Microsoft reported a cut of 18,000 jobs in July and HP has had its share as well. Is the technology market dying?

Absolutely not!

The problem is one of skill sets. In 2007, in my book The House & the Cloud I warned technology people not to get too comfortable with their networking and VoIP skills. People got angry at me when I told them security would continue with strong growth over the next 10 years, VoIP would not. Technology is not going away, however it is constantly changing. It’s easy to get caught in a rut if you’re not peeking out over the horizon to see what’s next. Technology products commoditize, while disciplines like security and operational efficiency improvements using technology do not.

Even sales people, if you focus too hard on the technology will be cut. Develop the skills that make high performance sales possible and you’ll find your company working overtime to reposition you with new technology.

So Who Will Make the Cut?

So, which tech skills are in demand? The Wall Street Journal interviewed several high-level managers to see what they’re looking for and reported in this morning’s CIO Journal. Here are  few sound bites worth noting:

1. Bobby Patrick, vice president marketing at Hewlett Packard: “The cloud skills gap is the single biggest barrier to the future adoption of cloud infrastructures.”  So do you really understand cloud technology to it’s fullest? The article goes on to state that, “cloud tech workers are the hardest to find because IT workers in cloud environments must balance being  technology brokers, cloud integration specialists, service architects and user experience designers.” It’s not just the storage available in Dropbox, of the Applications from

2. Adriana Karaboutis, global CIO for Dell: Says, finding people with “Big Data and analytics skills is toughest because Big Data professionals have a good understanding of information virtualization, data mining, collaboration and business domain analysis – skills that can drive revenue, margin and market share.” Again, it’s not just technology, but the business application of technology.

3. Chris Belmont, vice president and CIO for M.D. Anderson Cancer in Houston:“Analytics and Big Data” – top of the list.

4. Tim Arthur, the CIO for Alltech: Looking for technology people that also possess strong character and human skills. I suspect he’s seen his share of technology people lacking communication skills and the ability to really work with the business side people.

5. Dr. Freeman Hrabowski III, president for University of Maryland Baltimore Campus: Looking for people who are “well-read, ask good questions and come with strong communication, teamwork and analytical skills.”  Again, he sees technology people lacking the ability to relate to business and business people.  People who can take technology and apply it to today’s business problems. People who read and continue to learn…

6. Adecco North America HR Team: Called soft skills such as communication, critical thinking, creativity, “The most significant skills gap in the U.S.”  This is right. In my training classes and coaching programs I spend a lot of time helping people learn to present technical information to executives. This is why lunch & learn events fail to convert prospects to buyers, and it’s why the assessments rarely lead to remediation projects.

7. Eric J. Sigurdson, the CIO Practice Leader at Russell Reynolds: Looking for people with “Deep cyber security experience, combined with excellent interpersonal skills and executive presence.” Here it is – security. Cisco is ramping up security right now, so is HP. In fact, they’ll be hiring more people once they make the cut. In 2000 I saw the writing on the wall. I was knowledgeable on networks, but not security. The first thing I did was go out and study for my CISSP. A year later I was “The Security Guy.”  I paid for it out of my own pocket!

Here’s the big surprise!

The number of open info tech jobs grew 19% over the past 12 months! So they’re cutting jobs – but 19% growth is amazing growth. The resources are out there – the problem is, most people are unwilling to fund their own continuing education. You can’t sit still and expect to be successful in the long run.

© 2014, David Stelzl

Here’s an opportunity to get some training for free!  I’m re-running my Turning Prospects into Clients training this Friday…sign up right here is you are a technology reseller, and it’s free << REGISTER HERE


Ramon Baez HPIf You’re Going to Call on CIOs,

You’ve got to Understand Them…

What is Ramon Baez, CIO of HP, saying about Successful CIOs? Why do You Care?


In my book, From Vendor to Adviser, I have an entire chapter devoted to accessing power – getting to the decision makers as well as highly influential people; people who will move the organization to action. This morning’s CIO Journal (WSJ) had an excellent article discussing CIOs and what makes them successful. If you plan on meeting with CIOs, and working to become an advisor at the executive level, it’s essential that you understand what they are up to. Ramon Baez, CIO of HP, offers some great wisdom on this subject.

Leadership – Re-engineering HP’s IT

If you’re watching the IT news, you know HP has struggled.  There have been some really bad reports on this company over the past few years. One report even talked about trash piling up in the office and spoiling as HP cut corners to save money. People were leaving in droves, and the facilities were shutting down right around 5 PM to conserve energy, regardless of the individual workers’ schedules and deadlines.

Over the past two years Whitman, Baez, and other HP leaders have been working hard to recreate this company. One dramatic effort I’ve been watching is the emerging security play. HP’s tried this before, but not under this leadership team. As far back as I can remember, HP’s been trying to get into the security game. But it looks like they are really serious this time. In fact they’ve hired many of my friends from companies like Blue Coat, Kaspersky, Symantec, and others.  This would be a great thing for HP if they can make it work this time.

They are also moving into the cloud…Baez, in a move to make this company more responsive and ready to serve today’s market, has migrated about 400 applications to a private cloud. Baez tells the Journal, “What previously took five weeks to deploy, now takes about an hour.” Talk about operational efficiency.  By the way, this is a great sound bite – can you deliver this kind of ROI to your customers? Here’s a CIO quote with some substance from a credible source. The Journal report goes on to tell us that HP plans to “invest more than $1 billion over the next two years to develop cloud computing software and tools.”

This is the kind of thing CIOs should be doing for their companies. Can you help them get there?

Advice to CIOs and Sales People Looking to Advise

Baez’s article is really about CIOs and what they need to be doing to stay on top. His message is a good one, but it also serves as direction for the sales person who wants to peer at that C-Level. In his article he provides several important tips which I will summarize here…

1. Bring in people who think differently. He’s referring here to new hires who are bringing in new ideas as he works to overhaul HP…ideas that will help HP make the dramatic changes necessary to stay alive and thrive. Every company needs this. Every company needs something to propel it forward. That’s the role of the trusted advisor.  It’s what the Challenger Sale is all about (Matthew Dixon.) The question I pose in my From Vendor to Adviser book is, “Can you advise?” In other words, are you doing the things that make you smarter and wiser, and well equipped to be an advisor to today’s business leaders. Most sales people are not.

2. Talk Like a CEO. This is an interesting one. Again, Baez is writing to CIOs, not sales people. He’s telling them, if they want to be successful, they need to sound like CEOs, not technical people. That means they understand the business side, the profitability, the strategy, and the vision. But that’s what trusted advisors sound like. This is why companies like Deloitte and KPMG have offices on the nice floors of the enterprise accounts you call on. IT and the technical sales people are meeting down the hall from the data center – with no decision makers in the room.  How can you upgrade yourself to this level? By reading, studying, and observing. By becoming that trusted advisor.

3. Look Like a CEO. When I started in this business, I was in IT. I worked for McNeil Consumer Products – and I remember a few of the guys in the group always dressed like professionals. It caught my eye. From there I worked for Bank of America. Again, we all dressed for work. In 1995, when a group of us joined together to build an integration company, we dressed like bankers – we dressed for business. Some of technical guys complained. They didn’t understand.  Somewhere along the line, casual dress become the “in thing”. I have nothing agains business casual. But there’s a big difference between the CEO / CIO wardrobe Baez is describing, and that of the average technology sales person. Faded, logo-polo shirts will never impress the CIO.  It definitely gives the message,  “I work with IT.”

4. Get training. This is my favorite one. On my free training webinar yesterday I made a point of this. The reseller industry is terrible when it comes to training. Companies like Cisco and HP are spending more than your company makes in revenue in a year on sales training initiatives. I know because I’ve been hired more than once by these companies to train their sales people on meeting with executives to discuss technology.

But look at the resellers. Most of your training comes from the manufacturer – and it’s all product. It’s not the kind of training manufactures give their sales people. So while they are investing millions internally to ramp up sales, they are giving you “non-sales training” – product training.

But don’t blame them. It’s not there responsibility to make you into a great sales person. They expect you to be great. From there they can equip you with the technical details and assume you’ll sell it.

Not only does Baez recommend training, he also encourages these executives to attend conferences, and hire a coach. He has a coach!  Why? Because coaching works.

If you want to ramp up your game – take note. You need training, conferences, books, and coaching.  Even if you pay for it. If it’s good training, you’ll double your money in no time. If not, find a better program and continue to invest. You’ll get your money back when you hit the right program.

© 2014, David Stelzl