Friday, April 13, 2012

Luci! Stoned in Port Harcourt!!

I was sad to hear the sad news (or is it stale already) that Luciano was stoned in Port Harcourt. I had to revert to the Oracle - "Holy Google" to point me in the right direction and voila - it was true...  Jamaican Reggae Star- Luciano, Stoned in Port Harcourt

Before I start ranting, let me establish that I am a serious lover of reggae music. I have followed it from the 70's... during the Ska days with early Bands like Justin Hughs & The Domino, The Wailing Wailers, Mighty Diamonds, The Pioneers, Toots & The Maytals, etc. Even when early exponents pushed the envelope and wents solo - Eric Donaldson, Bob Marley, Eddy Grant, Jimmy Cliff, etc. So when my mates were "break dancing" and "electric shocking", I was listening to artiste like Denis Brown, Gregory Issac, Don Carlos, Lovingdeer, Tiger, Tippa, UB40, Third World, Yellow Man, et el... and as reggae music evolved from "drum and Bass" to Ragga, and Lovers rock, I was there. My life was shaped and characterized by these small but mighty bands. By the 1980s ragga had caught on and I was sold. In 1988 after a short spell in the UK, I threw my comb away and turned Natty! I kept my dreadlocks until 1994 when I finally succumbed to societal pressure and cut it.

All along, mot people around me could not understand why I loved this flavor of music - largely because they could not understand a word of what was been said. I lost a lot of girl friends who could not get rid of the "Ilapa lapa" cranking of my stereo. I called it exotic music because it was rare, one had to travel to get the Tapes, besides heavy weights whose hits had broken into main stream, there was no way to buy or hear authentic reggae in Nigeria. So real reggae was only known to a few - I remember my friends thought "House Call" (by Shabba Ranks featuring Maxi Priest) was trash until it became a party anthem.

Reggae has always appealed to me not just because it sounds good but like someone eloquently put it "they s[a]ng conscious tunes - songs that appeals to man's conscience". So much like Jazz, and Soul music it had a certain mood that is hard to explain - even allowing some artist to sing outside the musical scale, exploring the boundaries of their creativity, away from anything other genre could offer - take Papa San's Maddy Maddy Cry for instance. (if you don't laugh at this at some point, you are not normal!).

The Jamaicans had invented a sound that appealed to the conscious man across the world. Considering that they are descendants of slaved Africans, they often look unto Africa as home - Mama Africa's calling, has brought several African/Caribbean/Americans to our shores thinking they are welcome. But their euphoria is often greeted with a surprise... lets go back memory lane.

Jimmy Cliff came how to Nigeria and kissed the tar mark only to be thrown in Jail - on his return he sang a not so popular "Have you heard the news" and the popular "The Harder they come" expressing his disgust with the military government of Nigeria. Third World visited Nigeria in the early 80s and even after recording "Lagos Jump" in Nigeria but they had a rough time during their tour of the country. Brand Nubian came to Nigeria in the early 90's and was booed out of stage... several other musicians have come here only to be disgraced... 50 Cents, Ashanti, etc.

So why all this nonsense you ask? Well I guess it might be that the average Nigerian has a sweet tooth for a unique kind of music, but their promoters have yet to key into it. I don't agree with that notion - even though it took a while for us to enter the scene with our own blend of  music. Our so-called African-Hip-Hop is classified as Dancehall/reggae music (The same music Jamaicans are known for) and Nigerian artiste who are true to themselves like 2Face, Majek, etc will tell you their inspiration is Reggae.(This is not to say that there are no Rap or R&B Naija artiste). 

The big names in Nigeria who play our flavour are not known internationally. In fact CNN recently published a list of top African acts, and only 3 Nigerians made the list... If the hundreds of Nigerian musicians who cater to this flavour are not known internationally, why then do event promoters keep bringing their foreign counterparts here? Our fans do not understand that by  participating at such shows with big names, they are opening doors for the Nigerian artist. Tracy Chapman's fast climb to fame can be traced to her performance as an opening act for Tina Turner.

I hear the Port Harcourt fans wanted the likes of Ras Kimono, Daddy Shokey, and Peter & Paul to play tunes they were used to, They could not understand what Luciano was saying... so they booed Luciano Out. Hear Luciano - Poor Simple 

"I know, l know... and you should know,
 It is better to be poor and simple, and your conscience set you free,
 than to be rich and living in agony,
 It is better to be poor and simple, and your mind is free,
 than to sell your souls for vanity,
 some all they want is silver and gold, diamonds and pearl the things of this world,
 they will do anything, they say anything, just to live the life of a king" - Luciano
 Some will say to be is a crime, but its better to be poor than rich with a filthy mind,
 becos of their crave and lust for vanity, they have no time and love for humanity...
 They are blind and can not see, what is ... when they are face to face with destiny
 but its better to be poor and simple... " - Luciano
Luciano is one of Jamaica greatest, he mellow gospel-reggae genre is not that kind of music Nigerians, let alone the Port Harcourt crowd listen to. Its like calling El Klugh to play at an Ajegunle show. Which Nigerian wants to hear things like that? What morals has this Christifarian got to preach to them on stage. They may be right though, in a society where money is worshiped, and evil and immoral people hold sway, why should they allow someone they paid to entertain them to preach to them - because preaching is what Luciano does. All his songs are gospel ragga. So I put the blame on the promoters and his manager - why should a promoter arrange such a gig and carry it to the masses.

In conclusion, Nigerians have to open up and look towards globalization - always doing things the Naija was does not work out well in the long run. Our ambassadors often disgrace us out there because they feel the world thinks with a "Naija" brain, they often can't communicate because they speak Naija English, we cant eat their food because it has no taste, we cant drive abroad because there is a whole set of International standards we are not aware of. While other nations think about practical ways of solving problems, we rely on gods and deities to rise and tackle our problems. I wrote a two part article about these wrong applications of standards in Nigeria - I titled it Nigeria, Majoring the minor. I believe these problems are all hinged on misconceptions, miscommunication, wrong applications of theories and they all lend their small quota to making Nigeria financially and socially unattractive to the rest of the world.

Monday, April 2, 2012

Government Institutions VS the Cloud

Executive Summary
Cloud computing is the new buzz word on the internet and seen as the key to the future of IT services. Because it is still an emerging trend, its definition is still a bit hazy, however the cloud is simply a virtual data center shared by several organizations. Cloud applications involve multiple customers sharing application, even though they only have access to their own data.

No doubt, there are several business intelligence advantages derivable from operating in the cloud that allows for powerful combination of high-assurance remote serve integrity and cryptographic protocols that are consistent with policies, whether within the enterprise or in the cloud. To the most part, they mostly lend themselves to small and medium scale corporations who want to save money and infrastructure. Yet these advantages do not at this point in the maturity matrix of cloud sourcing, out-weight the inherent dangers of adopting such an emerging trend for public regulatory institutions such as Central Banks.

These inherent dangers underscore the well documented fear of being at the “Bleeding Edge” of technology. Complications experienced by early adopters of emerging trends in IT are well documented. Cloud computing has unique attributes that are fraught with security risks, smart customers should err on the side of caution and reappraise their dream of being on the Cloud.

This paper explains in simple terms, the idea of the Cloud sourcing, the advantages accruable to implementing it, against the backdrop of recent developments and Federal Governments desire to adopt a portal service hosted on the cloud. It also details the pit falls and explains why other public and government institutions have shied away from doing the same.

Cloud computing has unique attributes that require risk assessment in areas such as data integrity, At the forefront of this challenges is that of the security of sensitive data and information stored in countries where we have no legal jurisdiction on how these data is used or managed.

There is no better cautionary statement to set the tone like

“I am nervous to host corporate information on someone else’s server? Yes, even if its Google” – Shukry Tiab. There are several reasons experts’ advice caution in moving to “cloudosphere”. Some identified risks include;
  • Loss of service if your provider has downtime or goes out of business.
  • Regulatory problems when critical data is stored internationally.
  • Security concerns when users lose control of how their data is protected.
  • One-sided service agreements that give clients little redress in the event of a calamity, acquisitions, etc.
  • Lock-in dependency on proprietary cloud applications.
Early on in the evolution of any new technology, there are concern about how it will be used. These concerns are what is termed “Privacy Hump” – they represent a barrier to the acceptance and adoption of a potentially intrusive technology… if the business case for the technology is strong, the hump may fade over time – that time has not come yet for Cloud sourcing and the Government Institutions.

In furtherance of its mandate to provide support to the Board of an apex regulator through the monitoring of the decisions of the Board and assurance of the highest level of oversight for internal and public complaints and managing, (from creation to archival), all their documents. The Department that manages the Board recently launched a portal service for the Board.

This portal designed by messers Digital Board Book Limited is accessible via the internet to all members and accords them the ease of collaborating with other members regardless of where they are in the world.

While these may be laudable objectives, we are of the opinion the regulator may have inadvertently by coerced into approving the deployment of sensitive Board decisions to the Cloud. The paper tries to draw the attention of the regulator to the huge risk associated with the cloud and government sensitive information. More especially as the President of the federation has recently directed that a similar portal be developed for the Federal Executive Council (FEC) for the Government.

What is the Cloud?
Ostensibly, most people think the cloud is the same as the internet. The name cloud is inspired by the cloud symbol often used to represent the internet in diagrams and workflow, but that is where the similarity ends… it is more complicated than that.

The definition of the cloud is still hazy, but the Guardian defined it as “a means of putting more of your materials out ‘there’ and the less on you PC or Server” while the US National Institute of Standards and Technology defined it as “a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction”.

These services are broadly divided into three categories;
  • Infrastructure-As-a-Service (IaaS),
  • Platform-as-a-Service (PaaS), and
  • Software-as-a-Service (SaaS)
Early on in the life of any technology, there are concern about how these technologies will be used. These concerns are what is termed “Privacy Hump” – they represent a barrier to the acceptance and adoption of a potentially intrusive technology… if the business case for the technology is strong, the hump may fade over time – that time has not come yet for Cloud sourcing and the Government Institutions.

Who is the Cloud meant for?
It is perhaps too easy to start using a cloud service – that’s exactly how it is designed to be. It is easier to setup a Yahoo, Gmail, or American Online account than installing and running an exchange server. However, while the later is more expensive to maintain, it can be easily controlled to protect sensitive data for an enterprise. – Cloud sourcing easily lends itself to small, medium companies who do not wish to incur, waste or underutilize resources, be it monetary or otherwise.

Presently cloud computing is been embraced by private businesses as a means of saving cost on computer hardware. Cost saving has been identified as the single most important factor for cloud computing services. Most public institutions are slow in embracing the technology as there has to be a strong case of cost savings aligned to security of sensitive data.

What is preventing its early adoption?
Security of sensitive data remains the major concern for public institutions the world over. One myth that cloud computing is sold on is that though it is a shared service, it can be implementation independent. But in reality, due to the “Openness of the Internet” and its inscribed transparency, industry regulatory compliance is another kettle of fish. The following section summarizes the challenges of adopting Cloud sourcing.

Current Concerns
The question is, can multi-tenant services ever be as secure as your own server? Concerns are beginning to grow about just how safe an environment the cloud is for holding sensitive data and information. Analysts warn that the cloud is becoming particularly attractive to cyber crooks. Reformed hacker, Michael Calce agrees that trouble looms ahead if companies fail to apply the right security measures.

Standards & Regulations
There are No Regulations and Standards when using or implementing cloud computing due to lack of long-term experience. This exposes other unique challenges such as follows:-

Privileged User Access.
Sensitive data that is processed outside the enterprise brings with it an inherent risk that it may fall into the “wrong Hands”. The most prominent issue in cloud services is security of user data as the user has no control over its business data files containing valuable information. This is because a proper security model for cloud computing has not yet been developed.

Contractual Obligations
Managing problems with another companies infrastructure is not practical due to a mis-alignment of interests. I cite Amazons “Non-Assertion” terms of reference. Other contractual gaps are:-

  1. Dependency:
    Cloud services make the user totally dependent on the Cloud Service Provider. The user is denied control on quality and maintenance issues and plays no role in back up and disaster recovery activities. They level of dependency is so high that the user existence is tied to the financial health of the cloud service provider. If the CSP goes under, the user’s business goes with it. This lack of control means that if a user decides to terminate his contract with the service provider, there is no way the user will ensure the provider does not retain his data in his database.
  2. Data/Information Location
    Another security issue is that physical location of hardware and software is unknown making site inspections and audits difficult.
  3. Cost and Flexibility:
    There is presently no customization of product as the whole essence is for many businesses to store data within the same environment. There is also the likelihood of hidden cost such as compliancy regulations, backup, restore, disaster recovery and problem solving costs been introduced by the CSP.
  4. Legislation:
    Users of cloud services don't know where their information is held which raises the question of loyalty by the Cloud Service Provider. The danger this poses can be highlighted by considering the America laws such as the US Patriot Act which empowers government and other agencies to access information including that belonging to companies as long as this information is held by companies operating within the United States. A subpoena or legal action can compel a cloud provider to give up sensitive information/data. This is further exuberated by the widespread use of freedom of information acts in the west.

    It also entails that critical information could be moved across boundaries without the knowledge of the user. Legal implications of data and applications being held by a third party are complex and not clearly understood. Potential risk of giving up sensitive data due to transparency.

    Contractual commitments to obey local privacy requirements across international jurisdiction is a burning issue for providers of sensitive information.
  5. Long-term Viability:
    Moose law suggests the fast pace of technological development, with cloud in its infancy, and there are little known information about the requirements and conditions for implementing and managing service level agreements contracts with CSPs. This hands the advantage to CSPs and exposes the user in case of disagreements in SLA. chances are that CSP will increase, small providers maybe bought over by new ones, leaving clients with few options.
  6. Provider Espionage:
    Espionage may not seem like a threat to a public regulatory institution, But it is however expedient that confidentiality and availability of the data and information be assured at all times.
    Data in the cloud is typically in a shared environment with other customers. Enforcing encryption across such a complex terrain is impractical considering that other customer may want avoid it due to its disruptive nature.

    Auditability of a distributed and dynamic application spread all over the globe is not practical and may not satisfy auditors that data is properly isolated and cannot be viewed by the wrong persons. One popular audit guideline is tha SAS 70 – it defines guidelines for the assess internal controls over processing of sensitive information. Other guidelines like the SOX and HIPAA. US government agencies are mandated to follow these guidelines.

    There have been well publicized accounts of cloud outages, down time of critical applications and services. When compared to traditional forms of investigative support, forensics in the cloud face huge difficulties if even possible. The scale of the cloud and the rate at which data is overwritten is of concern due to the logging and data for multiple customers often co-located and spread across an ever changing set of host and data centers.
Suggestions on The way forward:
The Board Book Portal Project has come a long way, a compelling business need that justifies its creation are well noted, however it is clear that the proper project initialization processes have not been followed leading to the unwitty decision to host on a public cloud. It is therefore expedient that a more detailed look is taken at the portal to ensure that sensitive board decisions are protected. This is even more crucial as the Presidency has muted its desire to adopt the same portal service for the Federal Executive Council of Nigeria.

We therefore recommend as follows: The legal and IT departments of the regulator conduct a due diligent exercises; Read and fully understand the legislation, reasonability and terms of both providers and users in case of loss of sensitive data.

Create Internal/Private Clouds or utilities:
The quest to use the Cloud is on for several public institutions, Most countries opt for a private cloud with more consistent and controlled governance to mitigate the identified risk enumerated above.

The UK government is setting up its own cloud to make savings of up to £3.2bn – a 20% reduction in costs. The UK government is working to build its own secured cloud called GCloud while the US government is working to build its own cloud called GovCloud. Both governments are avoiding the commercial environments primarily because of security concerns. Both governments have also identified savings of over $3b in computer hardware and software purchases over the next few years.

According to the analyst Gartner – the first step before committing to cloud source is to Seek security assessment from a neutral third party to assess the security risks associated with the present CSP. An external IT audit may signal how secure these cloud providers facilities are, and will no doubt suggest how trivial information should be published on the portal.

Proper project initiation processes be followed for all strategic projects such as this. This will ensure that all stakeholders are carried along and properly enrolled, as it has a significant impact on the quality of the project execution.

Government should determine security and privacy requirements, develop standards, gather data, and benchmark costs and performance against risks and trust.

Cloud computing technologies have not reached maturity. Users are at the mercy of their cloud service providers for the availability and integrity of their data. Presently cloud computing is been used mostly by private firms, while public sector explores creating private Cloudscapes to protect sensitive government information.

In order for government institutions to embrace cloud technology, there is need to determine the business needs and benefits of cloud services and its fit with our policies, processes and legislation.

Thank You.