Investments In Corporate Software Technology

Did you ask yourself: "for how long time the XYZ company will be supporting our favorite ABC tool (technology)?" This is very interesting issue involving money and (more important!) time investments.

Let's say you choose the "platform" for it is "popular" and "easy to use". Popular - you can find qualified personnel NOW. "Easy to use" - you can build your 1-st beta product QUICKLY. Sounds good, right? But wait, didn't you see any pitfall there? The difficulties are everywhere in software life cycle and we should be aware of them ahead. On the picture with "popular and easy to use" ideas we ignored the word NOW. And we have forgot that we make real "money and time" investments in the future. OK then, what we should consider before we make our investments? The answer is: the future value of the chosen tools and platforms.

Lets see who uses two similar technologies: Microsoft.Net and Oracle Java. Both have robust tools and ecosystems. Both have fans and critics. But in real life large enterprises that love Microsoft Windows (for they depend on Windows apps) will choose Microsoft.Net (and rather C#) then Oracle Java. New small companies, city governments and Internet companies and startups will choose Oracle Java (or Open JDK) for 1) no license fees and 2) broadly set of free tools to build and test the software project. Besides feelings money meters. Who does support Microsoft.Net (and C#) now? It is clear that almost Microsoft (on Windows) and Xamarin (Microsoft.Net is partially supported on some operating systems). Also it is good to recall the facts that Microsoft killed tools like J#, old Visual Basic, Visual FoxPro. In contrast today Java is being supported by Oracle (uh!), IBM, Google (Android, GWT...), Apache foundation and by the large software community. You can see that Java has the clear future and it is very important for your investments. But can you give your own head for Microsoft.Net? I doubt. Yes, Java is under some pressure from other languages but Java API is open and fully portable (and Microsoft.Net?). And all that was said mean you can love Windows (or other OS and you corporate apps built for that OS) but better look at Java SDK for your new killing-feature corporate app, because Java powered software solutions have proved to have longer lasting life cycle and vendor - neutral technology.

Truly Private Cloud – New Traps And Old Solutions

Do you think that your personal information in your electronic messages belongs only to you? Do you still think that your enterprise data is safe in widely advertised “cloud” infrastructure because you keep you login & password in safe? You might be deadly wrong if...

1. your personal information once have got on the Internet without your-only-know private encryption key; PGP signature is a good example of that key.
2. you do not encrypt with a personal encryption key your personal files in the “cloud”.
3. you encrypt your personal or enterprise data and keep the encryption key on the same server / cloud or you do not have root privileges in your server.

As you may see the encryption has the key importance in all these “clouds”. SSL can make your conversation with the “cloud” private to some degree only. With SSL your private passwords and logins may prevent 3-rd side intrusions (hackers) in your e-mail box or e-banking. But can you be sure that the data in the “cloud” servers?

Every IT professional can confirm that “cloud” services without private encryption that provided for personal use is fully opened to the “cloud” company. All unencrypted files and messages are accessible by “cloud” system administrators. Pictures and all that stuff you upload. There is no need to invite advanced hackers. System administrators in the “cloud” company have access to the company's servers and they have 'root' passwords and privileges.

More over: the opened by Edward Snowden NSA scanning shows that private “cloud” data and world information communications (including enterprise top secrets and non-US government private phone talks) are not private anymore. Now you may think that it is impossible to build a unbreakable walls for your data in these “clouds”. Partially this is the truth. To some degree and to some degree you can keep your data secured. That is why Google is taking steps to shut down the door for NSA to Google server-to-server data communications. And there are some simple but very important steps you can make to protect your private (or enterprise) data:

1. Always use PGP encryption for your sensitive e-mails; it is easy to install and use:
   Wikipedia article: http://en.wikipedia.org/wiki/Pretty_Good_Privacy
   Open source PGP tools (MacOS, Windows, Linux/Unix): http://www.pgpi.org/
   Symantec commercial tools: http://www.symantec.com/products-solutions/families/?fid=encryption
2. Encrypt your data in the “clouds” (DropBox, iCloud etc.) with strong encryption algorithms and password. You can encrypt a large file and use it as “cloud” drive without problems and worries:
   Wikipedia on TrueCrypt open source tools: http://en.wikipedia.org/wiki/Truecrypt
   Open source TrueCrypt tools for MacOS, Windows and Linux/Unix: http://truecrypt.org/
3. Have “root” password to your enterprise servers and change the password often. The “root” user (Administrator in Windows systems) is the real owner of your server and the data in it. If you do not own “root” rights – you do not own your server system.
4. Keep you passwords (e.g. root passwords, encryption keys) away from your ”cloud” servers and e-mails. Other highly secured server, USB flash drive in the safe or private peace of plain paper are OK.
5. In case you need instant messengers for private communications then avoid all these fancy Skype/WhatsApp/Viber/Hangout/Facebook etc. messenger applications. These apps work with “clouds” and nobody but you can protect your sensitive messages. Set up your own instant messenger service like open source “ejabberd” service (http://en.wikipedia.org/wiki/Ejabberd and http://www.ejabberd.im/) on your own secured server (see 3 and 4 above). Use open source instant messengers only (Xabber for Android OS for example).

You might think that all these things are not worth the time and money you must spend to make them “up and running”. It may be so if you do not have any private information or enterprise secrets. Hire good system administrator (open source fan is the best choice), set the task and get the feeling that your data in the “clouds” is truly yours.