As the cloud buzz is getting louder with every passing day you are tempted to take the big leap into the cloud but may have restrained yourself paranoid by ad infinitum cloud security discussions floating on the web. No one can deny the fact that your data is the lifeblood your business. So, undoubtedly its security is of paramount importance for survival of your business.  As cloud computing is a paradigm shift from the traditional ways of using computing resources, you must understand its practical security aspects.

Is Cloud Computing Safe?

There can’t be a binary answer (Yes or No) to this question. But with my experience and as an authority on the subject I can tell you that technologies enabling Cloud services are not in any way less secure than the traditional or on-premise hosting model.  Also, with the evolution of technology, the cloud providers are getting matured and almost all the providers are offering built-in security, privacy, data backups and risk management as a part of their core service.If you are not a big IT company then you must ask yourself:

·         Can an on-premise solution or a traditional hosting provider match the same level of standard security and privacy requirement as provided by the specialist cloud provider whose core competency lies in providing state of the art security and privacy?

Another blanket article about the pros and cons of Direct to Consumer (D2C) isn’t needed, I know. By now, we all know the rules for how this model enters a market: its disruption fights any given sector’s established sales model, a fuzzy compromise is temporarily met, and the lean innovator always wins out in the end.

That’s exactly how it played out in the music industry when Apple and record companies created a digital storefront in iTunes to usher music sales into the online era. What now appears to have been a stopgap compromise, iTunes was the standard model for 5-6 years until consumers realized there was no point in purchasing and owning digital media when internet speeds increased and they could listen to it for free through a music streaming service.  In 2013, streaming models are the new music consumption standard. Netflix is nearly parallel in the film and TV world, though they’ve done a better job keeping it all under one roof. Apple mastered retail sales so well that the majority of Apple products, when bought in-person, are bought at an Apple store. That’s even more impressive when you consider how few Apple stores there are in the U.S. (253) compared to big box electronics stores that sell Apple products like Best Buy (1,100) Yet while some industries have implemented a D2C approach to great success, others haven’t even dipped a toe in the D2C pool, most notably the auto industry.

What got me thinking about this topic is the recent flurry of attention Tesla Motors has received for its D2C model. It all came to a head at the beginning of July when a petition on whitehouse.gov to allow Tesla to sell directly to consumers in all 50 states reached the 100,000 signatures required for administration comment. As you might imagine, many powerful car dealership owners armed with lobbyists have made a big stink about Elon Musk, Tesla’s CEO and Product Architect, choosing to sidestep the traditional supply chain and instead opting to sell directly to their customers through their website. These dealership owners say that they’re against the idea because they want to protect consumers, but the real motive is that they want to defend their right to exist (and who wouldn’t?). They essentially have a monopoly at their position in the sales process, and they want to keep it that way. More frightening for the dealerships is the possibility that once Tesla starts selling directly to consumers, so will the big three automakers, and they fear that would be the end of the road for their business. Interestingly enough, the big three flirted with the idea of D2C in the early 90’s before they were met with fierce backlash from dealerships. I’m sure the dealership community has no interest in mounting a fight like that again. 

To say that the laws preventing Tesla from selling online are peripherally relevant would be a compliment. By and large, the laws the dealerships point to fall under the umbrella of “Franchise Laws” that were put in place at the dawn of car sales to protect franchisees against manufacturers opening their own stores and undercutting the franchise that had invested so much to sell the manufacturer’s cars.  There’s certainly a need for those laws to exist, because no owner of a dealership selling Jeeps wants Chrysler to open their own dealership next door and sell them for substantially less. However, because Tesla is independently owned and isn’t currently selling their cars through any third party dealership, this law doesn’t really apply to them. Until their cars are sold through independent dealerships, they’re incapable of undercutting anyone by implementing D2C structure.

Millions of people experienced the frustration and failures of the Obamacare website when it first launched. Because the code for the back end is not open source, the exact technicalities of the initial failings are tricky to determine. Many curious programmers and web designers have had time to examine the open source coding on the front end, however, leading to reasonable conclusions about the nature of the overall difficulties.

Lack of End to End Collaboration
The website was developed with multiple contractors for the front-end and back-end functions. The site also needed to be integrated with insurance companies, IRS servers, Homeland Security servers, and the Department of Veterans Affairs, all of whom had their own legacy systems. The large number of parties involved and the complex nature of the various components naturally complicated the testing and integration of each portion of the project.

The errors displayed, and occasionally the lack thereof, indicated an absence of coordination between the parties developing the separate components. A failed sign up attempt, for instance, often resulted in a page that displayed the header but had no content or failure message. A look at end user requests revealed that the database was unavailable. Clearly, the coding for the front end did not include errors for failures on the back end.

Bloat and the Abundance of Minor Issues
Obviously, numerous bugs were also an issue. The system required users to create passwords that included numbers, for example, but failed to disclose that on the form and in subsequent failure messages, leaving users baffled. In another issue, one of the pages intended to ask users to please wait or call instead, but the message and the phone information were accidentally commented out in the code.

While the front-end design has been cleared of blame for the most serious failures, bloat in the code did contribute to the early difficulties users experienced. The site design was heavy with Javascript and CSS files, and it was peppered with small coding errors that became particularly troublesome when users faced bottlenecks in traffic. Frequent typos throughout the code proved to be an additional embarrassment and were another indication of a troubled development process.

NoSQL Database
The NoSQL database is intended to allow for scalability and flexibility in the architecture of projects that will use it. This made NoSQL a logical choice for the health insurance exchange website. The newness of the technology, however, means personnel with expertise can be elusive. Database-related missteps were more likely the result of a lack of experienced administrators than with the technology itself. The choice of the NoSQL database was thus another complication in the development, but did not itself cause the failures.

Another factor of consequence is that the website was built with both agile and waterfall methodology elements. With agile methods for the front end and the waterfall methodology for the back end, streamlining was naturally going to suffer further difficulties. The disparate contractors, varied methods of software development, and an unrealistically short project time line all contributed to the coding failures of the website.

In programming, memory leaks are a common issue, and it occurs when a computer uses memory but does not give it back to the operating system. Experienced programmers have the ability to diagnose a leak based on the symptoms. Some believe every undesired increase in memory usage is a memory leak, but this is not an accurate representation of a leak. Certain leaks only run for a short time and are virtually undetectable.

Memory Leak Consequences

Applications that suffer severe memory leaks will eventually exceed the memory resulting in a severe slowdown or a termination of the application.

How to Protect Code from Memory Leaks?

Preventing memory leaks in the first place is more convenient than trying to locate the leak later. To do this, you can use defensive programming techniques such as smart pointers for C++.  A smart pointer is safer than a raw pointer because it provides augmented behavior that raw pointers do not have. This includes garbage collection and checking for nulls.

If you are going to use a raw pointer, avoid operations that are dangerous for specific contexts. This means pointer arithmetic and pointer copying. Smart pointers use a reference count for the object being referred to. Once the reference count reaches zero, the excess goes into garbage collection. The most commonly used smart pointer is shared_ptr from the TR1 extensions of the C++ standard library.

Static Analysis

The second approach to memory leaks is referred to as static analysis and attempts to detect errors in your source-code. CodeSonar is one of the effective tools for detection. It provides checkers for the Power of Ten coding rules, and it is especially competent at procedural analysis. However, some might find it lagging for bigger code bases.

How to Handle a Memory Leak

For some memory leaks, the only solution is to read through the code to find and correct the error. Another one of the common approaches to C++ is to use RAII, which an acronym for Resource Acquisition Is Initialization. This approach means associating scoped objects using the acquired resources, which automatically releases the resources when the objects are no longer within scope. RAII has the advantage of knowing when objects exist and when they do not. This gives it a distinct advantage over garbage collection. Regardless, RAII is not always recommended because some situations require ordinary pointers to manage raw memory and increase performance. Use it with caution.

The Most Serious Leaks

Urgency of a leak depends on the situation, and where the leak has occurred in the operating system. Additionally, it becomes more urgent if the leak occurs where the memory is limited such as in embedded systems and portable devices.

To protect code from memory leaks, people have to stay vigilant and avoid codes that could result in a leak. Memory leaks continue until someone turns the system off, which makes the memory available again, but the slow process of a leak can eventually prejudice a machine that normally runs correctly.

Related:

The Five Principles of Performance

In Demand IT Skills