Monthly Archives: May 2014

  • 0

The Traditional IT Department – Your Business’ Blind Spot

Hey, CEO!

Is your organization still pursuing a non-Cloud strategy? If I’d ask you why I bet you won’t be stuck for an answer. You or your CIO would tell me that Cloud Computing doesn’t meet your requirements in terms of security for example. It’s your valid decision and that’s fine by me. But may I ask another question? Do you apply exactly the same standards you used to define your Cloud investigation criteria for your current IT operational concept? Really?

So, let’s stick at security as I guess it’s one of your main concerns regarding Cloud. Usually, Cloud security concerns cover all aspects related to a Cloud Reference model. Mostly the Cloud Provider has to undertake that the IT Infrastructure is secure and that the tenants’ data are protected. In order to ensure this demand on security the Cloud Provider has to implement several defensive controls that detect and prevent attacks and also reduce the impact of attacks. It’s about reducing the overall attack surface and Cloud Providers need to be pretty good in this discipline – not least because they are constantly in the public eye. Cloud Providers who want to continue to exist have to face up to each security concern.

Now I ask you again. Does your traditional IT meet the same level of security that you have set to evaluate Cloud Computing or do you have double standards? I see, you have firewalls, backup, desaster recovery, antivirus, data encryption and so on – so why bother. I’ll tell you why bother. All these security thingies are firstly just tools and guidelines. But did you ever consider who operates this? Of course your IT department, or spin-off, maybe assisted by external workers. But do you really know what they do or do you rather implicitly trust them? In the latter case the IT department is in a blind spot from business perspective. Quite foggy, right? Fog… Cloud… Frankly speaking you should consider your IT department as a separate attack surface, perhaps it’s the weakest link in your security strategy.

First of all, in order to reduce this risk you should get in touch with your “IT crowd”, not just the CIO. Your business relies on these gals and guys. They are in a key position to proverbially shutdown your business. Listen to them carefully, be thankful and be willing to reward them. Maybe you’ll realize that you need a change in your organization’s culture if you will. Go ahead! Invoke a cultural movement driven by the management. At the end of the day it should be possible for any person to give any person a bit of one’s mind regardless of the hierarchy or command structure, because exactly the opposite leads to vulnerability. Think it over.

From a technical perspective, ironically, your IT department can benefit from the lessons learned in Cloud Computing. Here’s an example. Since this blog is mainly about Windows PowerShell I take the liberty and draw your attention to Just Enough Administration (JEA) (Download Whitepaper). It’s based on technology you should already have in place and helps your organization “reduce risk by restricting operators to only the access required to perform specific tasks”.

Regards
Frank Peter Schultze


  • 0

Updated: PowerShell Subversion Module

Tags :

Category : Windows PowerShell

Yes, I know, these days Git is king of the hill. Anyways, I shared my PowerShell module for Subversion at PoshCode.org (see below) Microsoft TechNet Gallery. The module exposes a bunch of functions and aliases:

  • The function Update-SvnWorkingCopy is a wrapper for “svn.exe update” and brings the latest changes (HEAD revision) from the repository into an existing working copy.
  • The function Publish-SvnWorkingCopy is a wrapper for “svn.exe commit” and sends the changes from your working copy to the repository.
  • The function Import-SvnUnversionedFilePath is a wrapper for “svn.exe import” and commits an unversioned file or directory tree into the repository.
  • The function New-SvnWorkingCopy is a wrapper for “svn.exe checkout” and checks out a working copy from a repository (HEAD revision).
  • The function Get-SvnWorkingCopy is a wrapper for “svn.exe status” and returns the status of working copy files and directories
  • The function Add-SvnWorkingCopyItem is a wrapper for “svn.exe add” and puts files and directories under version control, that is scheduling them for addition to repository in next commit.
  • The function Remove-SvnWorkingCopyItem is a wrapper for “svn.exe delete” and removes files and directories from version control, this is scheduling them for deletion upon the next commit. (Items that have not been committed are immediately removed from the working copy.)
  • The function Repair-SvnWorkingCopy fixes a working copy that has been modified by non-svn commands in terms of file addition and removal. The function identifies items that are not under version control and items that are missing. It puts non-versioned items under version control, and it removes missing items from version control (i.e. schedule for deletion upon next commit).

Furthermore, it alters PowerShell’s Prompt function in order to display some information about the state of a SVN working copy


  • 0

Notes on PowerShell Summit NA 2014 #PSHSummit

Fortunately I was able to attend the community-driven event PowerShell Summit 2014 at the Meydenbauer Center in Bellevue. I’m back at home and really glad to see the back of 20+ hrs travel time. Before the jet lag kicks in again, I want to share impressions and notes with you…

If you like Windows PowerShell and normally no one understands what the heck you’re talking about the PSHSummit is the right place for you. It’s like being for three days in the epicenter of PowerShell knowledge. It’s about both the great sessions and the chance to meet up with people you may know from twitter, blogs, including some members of the PowerShell Team and not least the godfather of PowerShell Jeffrey Snover. So, if you ever wanted to get in touch with PowerShell-minded folks, go ahead and check PowerShell.org for details about the the next PSHSummit. By the way, PowerShell.org has a great monthly marketing-free newsletter.

The bottom line from my perspective is that PowerShell, although mature, is still about to revolutionize how Microsoft-centric IT infrastructures are built, configured and (securely) administered in future. J.Snover kicked the event off with a session on “JitJea. Just In Time/Just Enough Admin. A PowerShell toolkit to secure a post-Snowden world.” – from the high level perspective the JitJea approach enables admins to perform functions at a given timeframe without giving them admin privileges directly. The PowerShell Team showed in some lightning demos that they put huge effort in evolving DSC into an agile operations or DevOps toolkit including cross platform support. It was a great moment to see DSC in action how it configured a shell profile on a CentOS machine. For those who were asking why DSC leverages OMI, MOF and these strange things: now you have the answer. PowerShell goes Open – slowly but surely!