A cloudlet is a small-scale data center or cluster of computers designed to quickly provide cloud computing services to mobile devices, such as smartphones, tablets and wearable devices, within close geographical proximity.
The goal of a cloudlet is to increase the response time of applications running on mobile devices by using low latency, high-bandwidth wireless connectivity and by hosting cloud computing resources, such as virtual machines, physically closer to the mobile devices accessing them. This is intended to eliminate the wide area network (WAN) latency delays that can occur in traditional cloud computing models.
The cloudlet was specifically designed to support interactive and resource-intensive mobile applications, such as those for speech recognition, language processing, machine learning and virtual reality.
Key differences between a cloudlet and a public cloud data center
A cloudlet is considered a form of cloud computing because it delivers hosted services to users over a network. However, a cloudlet differs from a public cloud data center, such as those operated by public cloud providers like Amazon Web Services, in a number of ways.
First, a cloudlet is self-managed by the businesses or users that employ it, while a public cloud data center is managed full-time by a cloud provider. Second, a cloudlet predominantly uses a local area network (LAN) for connectivity, versus the public Internet. Thirdly, a cloudlet is employed by fewer, more localized users than a major public cloud service. Finally, a cloudlet contains only "soft state" copies of data, such as a cache copy, or code that is stored elsewhere.
The cloudlet prototype
A prototype implementation of a cloudlet was originally developed by Carnegie Mellon University as a research project, starting in 2009. The term cloudlet was coined by computer scientists Mahadev Satyanarayanan, Victor Bahl, Ramón Cáceres and Nigel Davies.
Continue Reading About cloudlet
A command, in this context, is a specific order from a user to the computer's operating system or to an application to perform a service, such as "Show me all my files" or "Run this program for me." Although Windows PowerShell includes more than two hundred basic core cmdlets, administrators can also write their own cmdlets and share them.
A cmdlet, which is expressed as a verb-noun pair, has a .ps1 extension. Each cmdlet has a help file that can be accessed by typing Get-Help <cmdlet-Name> -Detailed. The detailed view of the cmdlet help file includes a description of the cmdlet, the command syntax, descriptions of the parameters and an example that demonstrate the use of the cmdlet.
Popular basic cmdlets include:
Common Vulnerabilities and Exposures (CVE)
Common Vulnerabilities and Exposures (CVE)
Cómo detectar y mitigar técnicas avanzadas de evasión de malware
Cómo detectar y mitigar técnicas avanzadas de evasión de malware
por Nick Lewis
Mientras existan objetivos que explotar y dinero que hacer, el malware seguirá avanzando.
Para seguir siendo relevantes y recibir sus pagos,los autores del malware adoptarán técnicas de evasión avanzadas e incluirán nuevas características para satisfacer las peticiones de sus clientes, para que los ataques usando malware puedan ser más eficaces y rentables. Hay muchos casos de malware cada vez más sofisticado en los últimos meses, incluyendo a Zeus pasando de 32 bits a 64 bits y el avance del malware iBanking para apuntar a los dispositivos Android.
Además de las nuevas características de malware, hay una idea relativamente nueva en torno a "vivir de la tierra", donde los atacantes utilizan herramientas incorporadas o legítimas para evitar que sus ataques sean detectados por el software antimalware. El malware Poweliks es el más reciente ejemplo de esto.
En este consejo, voy a discutir los avances más recientes de malware y los controles necesarios en la empresa para detectarlos y controlarlos.
El TROJ_POWELIKS.A o Poweliks es un malware sin archivo diseñado para descargar otros ejemplares de malware que controlarán el sistema comprometido. Poweliks requiere un vector de infección inicial separado para comprometer el sistema local e instalar el malware, el cual, según se ha informado, es un archivo de Word malicioso. Después de la infección inicial, el malware se instala y se almacena en el registro como una librería de enlace dinámico (DLL) codificado que se extrae y se inyecta en los procesos dllhost.exe legítimos que corren en un sistema, el que luego lo ejecutará.
Si bien almacenar una DLL en el registro no es un método común de instalación de malware en un punto final, hace que sea más difícil detectar el malware, porque no todas las herramientas antimalware comprueban el registro. Sin embargo, para las herramientas que sí comprueban el registro, encontrar una clave de registro con una cantidad significativa de datos sin duda sería algo por lo cual emitir una alertar. El malware Poweliks también ejecuta comandos PowerShell para completar el ataque. Los comandos PowerShell podrían haber sido utilizados para evitar la detección usando herramientas legítimas, ya que PowerShell está instalado en la mayoría de sistemas y tiene la funcionalidad avanzada para interactuar con el sistema operativo que es necesaria para completar el ataque.
Otros malware también han seguido haciendo avances para seguir siendo rentables para los creadores de malware. El maduro malware Zeus continúa incorporando nuevas funciones; la funcionalidad más recientemente reportada agregada a él era un ataque de ingeniería social mejorado donde el malware parodiaba un mensaje de advertencia del navegador para conseguir que el usuario instalara el software malicioso. Del mismo modo, iBanking.Android ha añadido una nueva funcionalidad donde utiliza software de seguridad falso para conseguir que el usuario instale el software malicioso. A continuación, roba mensajes SMS utilizados en la autenticación de dos factores.
Controles empresariales necesarios para detectar y controlar malware avanzado
La detección de malware avanzado se puede hacer de muchas maneras diferentes. El malware de múltiples etapas, como Poweliks, y los ataques de varias etapas podrían dar a las empresas más tiempo para detectar el malware ya que cada paso requiere tiempo; sin embargo, cada paso podría no ser necesariamente detectado porque los pasos individuales por sí mismos podrían no ser maliciosos.
En el ejemplo de Poweliks, su aspecto de varias etapas puede ser difícil de detectar cuando pasa cada etapa individual, pero la correlación de todas las etapas y acciones puede ayudar a detectar y mitigar la actividad maliciosa.
Por ejemplo, mientras las secuencias de comandos de PowerShell son útiles para los administradores de sistemas o usuarios acreditados, pocos usuarios finales los desarrollan y utilizan. La detección de comandos PowerShell maliciosos es difícil porque hay muchos usos corporativos legítimos de las funciones de PowerShell. Sin embargo, para scripts de PowerShell utilizados por los usuarios finales, los administradores de sistemas pueden requerir que la secuencia de comandos sea firmada antes de la ejecución; esto ayudaría a bloquear la ejecución de scripts maliciosos por cualquier malware. Aunque esta política no detendría a un atacante dedicado, podría elevar el nivel lo suficiente para frustrarlos e impedir un ataque.
Aunque la detección del aspecto PowerShell del malware Poweliks puede ser difícil, detectar su infraestructura de comando y control y las conexiones de red podría ser más fácil. El blog de TrendMicro menciona una IP específica que puede ser utilizada como un indicador de compromiso para que una empresa pueda monitorear su red por cualquier conexión a la IP e investigar cada conexión. El monitoreo de las conexiones de red anómalas también podría ayudar a identificar un sistema comprometido que requiere investigación adicional. Esto podría incluir la observación de los registros NetFlow para ver qué sistemas son los más conversadores hacia IPs o sistemas externos con un importante número de intentos de autenticación fallidos.
El recientemente modificado malware Zeus y el malware iBanking.Android pueden ser identificados a través de pasos similares a los utilizados para identificar Poweliks, ya que dependen de la conciencia sobre la seguridad. La variante de Zeus puede ser detectada por el control de la red sobre conexiones hacia la IP de comando y control; iBanking.Android se puede detectar mediante el uso de una herramienta antimalware móvil que analiza el sistema en busca de archivos maliciosos.
Tenga en cuenta que la detección es solo una parte de un control efectivo de malware en la empresa. La respuesta rigurosa a los incidentes relacionados con el malware es fundamental para minimizar los efectos de un sistema comprometido.
No debe ser ninguna sorpresa que el malware seguirá avanzando y automatizando algunas de sus técnicas de ataque manuales más eficaces. Conforme las medidas de defensa de la empresa contra el malware se vuelven más sofisticados, el malware, inevitablemente, encontrará nuevos métodos para sortearlos. Esto requerirá una atención constante de las empresas con el fin de controlar y mitigar los ataques potenciales. Los controles y tecnologías de seguridad de las empresas tendrán que ser revisados constantemente para asegurarse de que son eficaces contra los ataques actuales. El cambio de programas y controles de seguridad cuando se descubren nuevos ataques o vulnerabilidades es esencial para permanecer delante de la curva.
También es fundamental para una empresa no solo evaluar la forma en que gestiona sus sistemas, sino también evaluar la gestión de sus sistemas para decidir si ciertas funcionalidades –tales como los scripts de PowerShell– pueden introducir potencialmente nuevos riesgos en su entorno y requerirán políticas adicionales orientadas a prevenir vulnerabilidades de ser explotadas.
Sobre el autor: Nick Lewis, CISSP, es el ex oficial de seguridad de la información de la Universidad de Saint Louis. Nick recibió una maestría en ciencias en seguridad de la información por la Universidad de Norwich en 2005 y en telecomunicaciones por la Universidad Estatal de Michigan en 2002. Antes de incorporarse a la Universidad de Saint Louis en 2011, Nick trabajó en la Universidad de Michigan y en el Hospital de Niños de Boston, el principal hospital de enseñanza pediátrica de la Escuela de Medicina de Harvard, asícomo para Internet2 y la Universidad Estatal de Michigan.
Más noticias y tutoriales
TÉRMINOS DE GLOSARIO RELACIONADOS
Término relacionado de nuestro diccionario de informática en línea.
Posted by Margaret Rouse
A compliance audit is a comprehensive review of an organization's adherence to regulatory guidelines. Independent accounting, security or IT consultants evaluate the strength and thoroughness of compliancepreparations. Auditors review security polices, user access controls and risk management procedures over the course of a compliance audit.
Continue Reading About compliance audit
“Ahora el seguro médico ACME SA es el más 'seguro' del planeta. Nuestro sistema de información detecta en tiempo real los errores de prescripción y despacho de medicamentos, y le alerta sobre cualquier acción preventiva para evitar potenciales problemas… mejorando su calidad de vida. Esto es así gracias a la integración de 2 millones de componentes desarrollados por el DKW MEDICINE INSTITUTE OF HARVARD UNIVERSITY en el sistema informático de atención primaria, administración hospitalaria y farmacia.”
También hablamos de los tres ámbitos para sembrar la “semilla KW”: universitario, redes sociales y el B2B/B2C tradicional. El primero validará segundo y tercero. Muchas empresas financiarán el desarrollo en el ambiente universitario, creando una nueva cadena de valor que beneficiará a ambos.
Los estudiantes universitarios podrán elaborar sus tesis de grado construyendo contenidos HKW y DKW en vez de escribir sendos documentos que se volverán amarillos y obsoletos en la biblioteca de la Universidad. Las investigaciones en las cátedras serán 100% reusables, generando contenidos “marca registrada” que les prestigiarán y, ¿porqué no?, serán una fuente de ingresos legítimos y universales por derechos de copyright.
El Hogar Digital es un escenario de enorme fertilidad para la tecnología KW, quizás la que más rápido popularice y masifique su uso.
Lo interesante es que, para construir productos “KW Compatible”, los fabricantes utilizarán esta tecnología en sus propias líneas de producción y estrategias comerciales.
Cualquier mensaje “de venta” para la tecnología KW deberá estar centrada en el protagonismo posible que el Usuario Final tendrá con ella.
5 ways a Connection Broker Simplifies Hosted Environments
With all the moving parts to think about when moving resources into the data center, a connection broker might be the last thing on your mind.
Waiting until you've designed the rest of your data center to consider the connection broker can be detrimental to the overall usability of your system.
This is why we've created our new eBook, which outlines five scenarios where including a connection broker into your design from the get-go can future-proof and improve your hosted desktop solution.
Download our new eBook and learn about:
Please read the attached whitepaper
Posted by: Margaret Rouse
Content marketing is the publication of material designed to promote a brand, usually through a more oblique and subtle approach than that of traditional push advertising. Content marketing is most effective when it provides the consumer with accurate and unbiased information, the publisher with additional content and the advertiser with a larger audience and ultimately, a stronger brand.
On the internet, content marketing campaigns involve publishing custom content on specific destination sites the target audience respects and visits often. During the campaign, the advertiser creates custom content that is tightly aligned with the publisher’s website and editorial mission. The goal is to provide prospective customers with an integrated user experience (UX) that encourages engagement and interest in the brand. The challenge is to ensure the content is topically relevant and meets the audience's needs. If the content is simply a thinly veiled sales-pitch, it risks turning the buyer off.
Content marketing can be delivered through a variety of media, including television and magazines, and take a lot of different forms, including articles, infographics, videos and online games. The strategy may be referred to by several different names, including infomercial, sponsored content or native advertising. Whatever the label, content marketing is often integrated in such a way that it doesn't stand out from other material served by the host.
Although native advertising might not look like marketing, the content should explicitly state that it was provided by the advertiser. The Federal Trade Commission (FTC) guidelines for all advertising emphasizes transparency and includes stipulations that advertising claims must be truthful and supported by evidence. The more content marketing is similar in format and topic to the publisher's editorial content, the more important a disclosure is, in order to prevent deception.
Joe Pulizzi explains how large enterprise organizations implement content marketing:
Copyleft is the idea and the specific stipulation when distributing software that the user will be able to copy it freely, examine and modify the source code, and redistribute the software to others (free or priced) as long as the redistributed software is also passed along with the copyleft stipulation. The term was originated by Richard Stallman and the Free Software Foundation. Copyleft favors the software user's rights and convenience over the commercial interests of the software makers. It also reflects the belief that freer redistribution and modification of software would encourage users to make improvements to it. ("Free software" is not the same as freeware, which is usually distributed with copyright restrictions.)
Stallman and his adherents do not object to the price or profit aspects of creation and redistribution of software - only to the current restrictions placed on who can use how many copies of the software and how and whether the software can be modified and redistributed.
The de facto collaboration that developed and refined Unix and other collegially-developed programs led the FSF to the idea of "free" software and copyleft. In 1983, the FSF began developing a "free software" project that would both demonstrate the concept while providing value to users. The project was called GNU, an operating system similar to a Unix system. GNU and its various components are currently available and are distributed with copyleft stipulations. Using GNU components, the popular Linux system is also issued with a copyleft.
RELATED GLOSSARY TERMS: Hardy Heron (Ubuntu 8.04 LTS Server Edition) , high-performance computing (HPC), Open Directory Project (ODP), LiveDistro, Yellowdog Updater, Modified (YUM), BSD (Berkeley Software Distribution) , shell, Free Software Foundation (FSF) , Tcl/Tk (Tool Command Language), open source beer
This was last updated in September 2005
Copyright is the ownership of an intellectual property within the limits prescribed by a particular nation's or international law. In the United States, for example, the copyright law provides that the owner of a property has the exclusive right to print, distribute, and copy the work, and permission must be obtained by anyone else to reuse the work in these ways. Copyright is provided automatically to the author of any original work covered by the law as soon as the work is created. The author does not have to formally register the work, although registration makes the copyright more visible. (See Circular 66, "Copyright Registration for Online Works," from the U.S Copyright Office.) Copyright extends to unpublished as well as published works. The U.S. law extends copyright for 50 years beyond the life of the author. For reviews and certain other purposes, the "fair use" of a work, typically a quotation or paragraph, is allowed without permission of the author.
The Free Software Foundation fosters a new concept called copyleft in which anyone can freely reuse a work as long as they in turn do not try to restrict others from using their reuse.
EditPros, an editing and marketing communications firm, has allowed us to reprint below an article about copyright as it applies to the Internet.
Are You Violating Copyright on the Internet?
The Internet, inarguably one of the most remarkable developments in international communication and information access, is fast becoming a lair of copyright abuse. The notion of freedom of information and the ease of posting, copying and distributing messages on the Internet may have created a false impression that text and graphic materials on World Wide Web sites, postings in "usenet" news groups, and messages distributed through e-mail lists and other electronic channels are exempt from copyright statutes.
In the United States, copyright is a protection provided under title 17 of the U.S. Code, articulated in the 1976 Copyright Act. Copyright of a creative work extends 50 years beyond the lifespan of its author or designer. Works afforded copyright protection include literature, journalistic reports, musical compositions, theatrical scripts, choreography, artistic matter, architectural designs, motion pictures, computer software, multimedia digital creations, and audio and video recordings. Copyright protection encompasses Web page textual content, graphics, design elements, as well as postings on discussion groups. Canada's Intellectual and Industrial Property Law, Great Britain's Copyright, Designs and Patents Act of 1988, and legislation in other countries signatory to the international Berne Convention copyright principles provide similar protections.
Generally speaking, facts may not be copyrighted; but content related to presentation, organization and conclusions derived from facts certainly can be. Never assume that anything is in the "public domain" without a statement to that effect. Here are some copyright issues important to companies, organizations and individuals.
Handling of External Links
Even though links are addresses and are not subject to copyright regulations, problems can arise in their presentation. If your Web site is composed using frames, and linked sites appear as a window within your frame set, you may be creating the deceptive impression that the content of the linked site is yours. Use HTML coding to ensure that linked external sites appear in their own window, clearly distinct from your site. Incidentally, you may wish to disavow responsibility for the content of sites to which you provide links.
Work for Hire
While copyright ordinarily belongs to the author, copyright ownership of works for hire belong to the employer. The U.S. Copyright Act of 1976 provides two definitions of a work for hire: 1. a work prepared by an employee within the scope of his or her employment; or 2. a work specially ordered or commissioned for use as a contribution to a collective work, as a part of a motion picture or other audiovisual work, as a translation, as a supplementary work, as a compilation, as an instructional text, as a test, as answer material for a test, or as an atlas, if the parties expressly agree in a written instrument signed by them that the work shall be considered a work made for hire. U.S. Copyright Office documentation further states, "Copyright in each separate contribution to a periodical or other collective work is distinct from copyright in the collective work as a whole and vests initially with the author of the contribution."
Just as making bootleg tapes of recorded music and photocopying books are illegal activities, printing and distributing contents of Web pages or discussion group postings may constitute copyright infringement. And companies may be liable for such activities conducted by their employees using company computing or photocopying equipment. However, the law does not necessarily prohibit downloading files or excerpting and quoting materials. The doctrine of fair use preserves your right to reproduce works or portions of works for certain purposes, notably education, analysis and criticism, parody, research and journalistic reporting. The amount of the work excerpted and the implications of your use on the marketability or value of the works are considerations in determining fair use. Works that are not fixed in a tangible form, such as extemporaneous speeches, do not qualify for copyright protection. Titles of works, and improvisational musical or choreographic compositions that have not been annotated, likewise cannot be copyrighted. Names of musical groups, slogans and short phrases may gain protection as trademarks when registered through the U.S. Patent & Trademark Office.
Protecting Your Own Works
Although copyright automatically applies to any creative work you produce, you can strengthen your legal copyright protection by registering works with the U.S. Copyright Office. Doing so establishes an official record of your copyright, and must be done before filing an infringement civil lawsuit in Federal district court. Registration costs $20. For information, visit the Copyright Office Web site or call (202) 707-3000; TTY is (202) 707-6737.
If you appoint an independent Web developer to create and maintain your Web site, make sure through written agreement that you retain the copyright to your Web content.
Place a copyright notice on each of your Web pages and other published materials. Spell out the word "Copyright" or use the encircled "c" symbol, along with the year of publication and your name, as shown in this example:
Copyright 1998 EditPros marketing communications If you're concerned about copyright protection in other nations, add: "All rights reserved."
How to Stay Legal
If you'd like to share the contents of an interesting Web page with your company employees, describe the page and tell them the URL address of the Web site so they can look for themselves. And if the latest edition of a business newspaper contains an article you'd like to distribute to your 12 board members, either ask the publication for permission to make copies, or buy a dozen copies of the newspaper. Retention of value through sales of that newspaper, after all, is what copyright law is intended to protect.
The United States Copyright Office contains an explanation of American copyright basics and a list of frequently asked questions, as well as the complete text of the United States Copyright Act of 1976. Topics include copyright ownership and transfer, copyright notice, and copyright infringement and remedies. The site is maintained by the U.S. Library of Congress.
Most of the material in this definition/topic was reprinted from an EditPros newsletter with their permission. EditPros is a writing, editing, and publishing management firm in Davis, California with their own Web site.
RELATED GLOSSARY TERMS: FERPA (Family Educational Rights and Privacy Act of 1974),Electrohippies Collective, Carnivore, lawful interception (LI), cypherpunk, Information Awareness Office (IAO), lifestyle polygraph, Electronic Signatures in Global and National Commerce Act (e-signature bill), cyberstalking, I-SPY Act -- Internet Spyware Prevention Act of 2005 (H.R. 744)
This was last updated in September 2005
Posted by Margaret Rouse
Cowboy coding describes an undisciplined approach to software development that allows individual programmers to make up their own rules.
Cowboy coding is programming lingo for an approach tosoftware development that gives programmers almost complete control over the development process. In this context, cowboy is a synonym for maverick -- an independent rebel who makes his own rules.
An organization might permit cowboy coding because there are not enough resources to commit to the design phase or a project deadline is looming. Sometimes cowboy coding is permitted because of a misguided attempt to stimulate innovation or because communication channels fail and there is little or no business stakeholder involvement or managerial oversight. An individual developer or small team might be given only a minimal description of requirements and no guidance regarding how these objectives should be achieved. They are free to select frameworks, coding languages, libraries, technologies and other build tools as they see fit.
The cowboy approach to coding typically focuses on quick fixes and getting a working product into production as quickly as possible. There is nodocumentation or formal process for quality assurance testing, as required by continuous integration and other Agile software developmentmethodologies. Instead of producing lean, well-written code, cowboy code often has errors that cause failures upon deployment or make it difficult to maintain over time. Integrating the various components of the code may also be a challenge since with cowboy coding there are no agreed-upon best practices to provide continuity.
Continue Reading About cowboy coding
Creating and Testing Your IT Recovery Plan
Creating and Testing Your IT Recovery Plan
Regular tests of your IT disaster recovery plan can mean the difference between a temporary inconvenience or going out of business.
Testing at least once per month is important to maintain engineering best practices, to comply with stringent standards for data protection and recovery, and to gain confidence and peace of mind. In the midst of disaster is not the time to determine the flaws in your backup and recovery system. Backup alone is useless without the ability to efficiently recover, and technologists know all too well that the only path from “ought to work” to “known to work” is through testing.
A recent study found that only 16 percent of companies test their disaster recovery plan each month, with over half testing just once or twice per year, if ever. Adding to the concern, almost one – third of tests resulted in failure.
The reasons cited for infrequent testing include the usual litany of tight budgets, disruption to employees and customers, interruption of sales and revenue, and of course the scarcity of time. This survey covered mostly large enterprises, and the challenges are even greater for smaller firms. According to the survey findings1
Yet new systems have arrived that allow daily automated testing of full recovery, putting such assurances in reach of every business. Backup without rapid recovery and testing will soon be as obsolete as buildings without sprinklers or cars without seatbelts.
Please read the attached whitepaper.
Not Creating a Disaster Recovery Plan Could Cost You Everything
Disaster recovery planning is a very large topic, with just one part being about backing up and recovering your data. To give you a real life example of what I mean by saying that data backup and recovery is just part of an overall disaster recovery plan, I will refer to a recent posting on Reddit. The post talks about how the System Admin gets a ticket saying that the power is out in their office in Kiev and that the UPS battery is down to 13%. In response, the technician at the office simply shuts down the gear. The next day they received a news report that basically stated that the entire building, that was once their Kiev office, was no longer functional as fire and collapsed floors had completely devastated it. The System Admin ends his post by asking how is your disaster recovery plan, and have you tested it.
When you start thinking about planning out your disaster recovery plan, you need to think about completely unrealistic disasters, along with the normal types of disaster crisis scenarios. If you have a disaster recovery plan already in place, does it take into account what happens if the office is completely destroyed or is inaccessible? How about multiple points of connectivity? When was the last time that your disaster recovery plan was actually tested?
When to Test Your Disaster Recovery Plan
It is a good practice to update and test your disaster recovery plan whenever large changes are made. What happens when you have everything set the way you want it and nothing huge has changed? My suggestion is to treat it like your smoke detector; twice a year when the time changes and you change the batteries in your smoke detectors, test your entire disaster recovery plan. Testing that plan should include asking yourself questions and exploring “what if” scenarios like: what happens if Bob, the main System Admin goes missing or dies by the proverbial bus that hunts down System Admins, or what happens if the building is on fire and everything inside is gone, or what happens if the cloud service you rely on for production/backup/disaster recovery suddenly closes its doors. All of these things needs to be accounted for along with many other scenarios in order to be able to recover from a disaster and continue running your business.
Not Making Time for Disaster Recovery Could Cost You
It seems like one of the hardest things to do is to make the time to either create or test your disaster recovery plan. Most of the time it seems like it comes down to time, and not having enough time is the biggest excuse given for not creating or testing a disaster recovery plan. This issue of time almost always comes down to priorities. When creating or testing your disaster recovery plan is too low on your priority list, it simply never gets done.
One of the best ways to go about pushing up the priority of disaster recovery is simply to think about how much each minute, hour, day, and week of downtime will cost the company. For instance, say an hour of downtime on the company website costs the company $3000 in lost e-commerce revenue. Now multiply that over hours or even days and your talking about huge potential losses that could have been avoided. Plus, that is not even factoring in the potential revenue loss of new customers who may not even consider your company after not being able to read about your company/products or the negative affect it has on the company image. The costs, even in this small scale disaster scenery, add up quickly.
The reality is, if you think data loss won’t happen to your company think again. 74% of companies have experienced data loss at the workplace and 32% of companies take several days to recover from the loss of data. The scary truth is 16% of companies that experience data loss never recover. When you think in terms of the potential cost to the company, it should help you prioritize your disaster recovery planning and testing along with justifying the costs of both the planning, infrastructure, and testing.
I think Benjamin Franklin said it best when he stated “If you fail to plan, you plan to fail.” When it comes to disaster recovery, failing to have a plan is a sure-fire way to set the company up for failure in the event of a disaster, and it could cost the company everything.
If you liked this post, subscribe to our RSS feed
Creative Commons (COPYRIGHT)
Part of the Open source glossary:
Creative Commons is a nonprofit organization that offers copyright licenses for digital work.
No registration is necessary to use the Creative Commons licenses. Instead, content creators select which of the organization's six licenses best meets their goals, then tag their work so that others know under which terms and conditions the work is released. Users can search the CreativeCommons.org website for creative works such as music, videos, academic writing, code or images to use commercially or to modify, adapt or build upon.
The six categories of licenses offered are:
This was last updated in July 2013
Contributor(s): Emily McLaughlin
Please read the attached handbook.
¿La solución para la rápida entrega de aplicaciones para móviles? Es una prueba de crowdsourcing
Crowdsourced Testing es una plataforma web que conecta empresas especializadas en desarrollo de software y sitios web con una red internacional de profesionales del aseguramiento de calidad (testers) que pueden probar sus productos para encontrar fallas y reportarlas de forma rápida y expedita para facilitar su corrección, donde el cliente son las empresas que pagan por este servicio y el usuario el grupo de testers encargado de las mejoras. Los testers de Crowdsourced Testing son trabajadores independientes que trabajan desde su casa, todos con experiencia previa en aseguramiento de calidad de productos informáticos.
The solution to speedy mobile app delivery? It's crowdsourced testing
Sometimes you just need a lot of users playing with your app to find out how it's really working. Enter crowdsourced testing. It's the latest strategy to speed up your mobile dev.
At a time when the pressure to develop, test and release mobile apps quickly has never been more intense, the idea of crowdsourced testing is growing in popularity. The concept is simple: A crowdsourced testing company can offer thousands of testers in different locations around the world a wide swath of devices, and by literally throwing a "crowd" at the problem, testing that might take weeks with a small internal team can be done on a weekend, said Peter Blair, vice president of marketing at Applause. And it's an idea that has apparently caught hold. According to data from market research firm Gartner Group, there were 30 crowdsourced testing companies operating at the end of last year, offering fully vetted (qualified) testers, up from just 20 companies in 2015.
Priyanka Halder, director of quality assurance at HomeMe, is no stranger to crowdsourced testing. She participated in a number of "bug battles" at uTest, a software testing community that also offers crowdsourced testing opportunities. So when she joined the small startup HomeMe she immediately began thinking about a crowdsourced testing solution.
"We're a pretty small company and we needed a larger number of people looking at our app and on a tight budget," she said. "This is the perfect model for us because we can't afford a big team on our site."
People just do things that no system, no automation and no engineer could ever predict they'd do."
Peter Blairvice president of marketing, Applause
With crowdsourced testing it is all about the big team. Blair said Applause has over 250,000 fully vetted testers, most of whom are QA professionals with full-time jobs who do this on the side. These testers are located around the world, and are paired with "pretty much every mobile device you can think of," he said. So a crowdsourced customer wouldn't have to worry about having access to every single version of an Android phone, which Blair said is a huge selling point.
But the biggest issue, he said, is that companies are hungry to see how real users actually interface with their products. "People just do things that no system, no automation and no engineer could ever predict they'd do," he explained. "Customers who've used us just to augment their teams many times end up staying on because they like seeing the results of our exploratory testing," he said, and they can't get that information easily any other way.
Halder said she looked at a number of crowdsourced testing options before settling on Applause. The biggest plus for her was how easy it was to get the testing feedback and how mature the company's process was. "It can be a nightmare to coordinate how to get the information back from the testers. This ended up being a way for us to get more people actually using our app for less money and get all the feedback we need."
Customer Journey Map
Mapa de viaje del cliente
D (DATA CENTER)
D (OPEN SOURCE)