We created this infographic for Orange Business Services because there is so much confusion around the term Cloud computing: to some people its apps, to others its servers, to others it just means “on demand”.

The truth is that is all these things and more.

The boffins in Orange Labs see a multitude of Clouds emerging so we want to show this vision, but also trace it’s history.  Cloud computing is not a revolution as such as you can trace emergence back to the first days of the internet. It’s really a story about how IT has evolved.

It was first published on the Orange Business Live blog here and there is a really cool version on Slideshare here. It interesting to compare the two formats.

Thanks to the designers who worked on the different formats, Rose Zgodzinski and Mark Jaeckel.

So how did social media fare in 2009, and what can we look forward to in 2010? If Facebook could be considered a bell-weather for social media, then 2009 was an important year, because it broke through 300 million users and became cash-flow positive for the first time. Although this of course doesn’t mean that it is profitable – yet.

Analyst Gartner reckons that Facebook will actually strengthen its position in the future, because it will help different social networks operate with mechanisms such as Facebook Connect. In fact, Gartner believes that interoperability will be the most important trend in social networks over the next two years.

All business sectors embraced social media in 2009. Look at newspapers; criticised by Gartner in early 2009, the vast majority of newspaper sites now have social media widgets to help their readers share information. The Telegraph, for example, has a ‘retweet’ button, which handily counts the number of times readers have retweeted its articles.

Away from the mainstream, social media turned up in all sorts of places. It aimed to stop the spread of swine flu, got jurors into trouble in court and even saw an innocent man hauled down the police station to be questioned about terrorism offenses.

So what for next year? Well Forrester’s Josh Bernoff believes that 2010 is the year when marketers will focus less on fuzzy social media metrics and look for proper measureable marketing metrics. Getting followers and friends is all very well, but if businesses don’t use these networks or connections for any obvious end, then the money is wasted. In fact it can be counterproductive if the connections get bored or disillusioned with the enterprise’s business.

What do you think?

Judging from some of the news stories circulating online recently, you might be forgiven for thinking so. Researchers keep discovering flaws in the way that it works. Worryingly, these are not simply execution flaws. Rather, they are basic design flaws, which raise significant problems when it comes to mitigation.

Most recently, PhoneFactor, a company specializing in authentication using telephones, discovered a fundamental design flaw in SSL, a key technology designed to protect online web sessions from being hacked. 18 months ago, Dan Kaminsky, director of penetration testing at security consulting firm IOActive, discovered a flaw in the way that the Internet resolves web addresses. And shortly after he made his announcement, another pair of researchers announced yet another flaw, this time in the border gateway protocol [BGP], which is a key Internet technology designed to exchange information between different networks.

The most worrying thing about flaws such as these is that they render almost everyone using the Internet open to potential security attacks. For example, the flaw that PhoneFactor found lies with the secure socket layer [SSL], which is used to encrypt information passing between a website and a browser. It enables an attacker to inject their own data into the communication stream between the user and the website — even when that website is using encryption technology. This partly invalidates the padlock that you will see in your browser when surfing supposedly secure websites. Perhaps even more worryingly for enterprise users, it also potentially affects users of smartcards, which could render your whole two factor authentication system for remote employees [if you use one] vulnerable to attack.

Because SSL is a foundational technology which protects so many other things online, this design flaw is particularly worrisome. For example, others have pointed out that SSL is commonly used to protect database queries sent from one computer to another. If an attacker can inject their own commands into an SQL database query, they could turn something fairly innocuous — such as a request for a single customer’s details, for example — into something more malicious, such as a instruction to delete all of your customer records [assuming that the database granted such permissions].

Security problems have also been found in MD5, an encryption mechanism that has been traditionally popular on the Internet, and was used by some certificate authorities [the companies that create digital certificates designed to identify organizations and people, and authenticate them online].

Even so, not everyone believes that the Internet is fundamentally broken. Leslie Forbes, technical services manager at F-Secure, which sells software and services designed to make people more secure online, argues that it is the way we use it that is inherently flawed. “It is the model we used to trust [or not] the services offered across the medium that is broken,” Forbes says. “So, based on the premise that the Internet is supported by software, and software will have bugs — some never dreamed over the time of coding — there will always be fixes to be made.”

One of the biggest problems when such flaws are discovered is the remediation process. Fixing deployment errors is bad enough, but it generally only involves passing a piece of software or firmware and then distributing it online. But when the security problem involves a basic mistake in the design of a protocol, then this entails a potential change to a standard, which can be a much more complex task. Standards bodies move at a glacial pace, meaning that it can take years to alter existing documents to account for a design problem. In the meantime, companies must find workarounds that at least prevent an attack from happening in the interim.

Unfortunately, the general consensus is that such design flaws will keep cropping up as we become more adept at finding them [and hopefully do so before the Internet criminals]. “Any complex system will be difficult [or time-consuming] to analyze empirically, so it will continue to be both possible, and likely, that while there are Internet protocols, there will be serious flaws,” warns Martin O’Neal, managing director of security consulting firm Corsaire.

Not only must these companies work together, but they must do so largely in secret, so that they can find the solution to the problem before malicious attackers do. To this end, a group of companies including Microsoft formed the Industry Consortium for Advancement of Security on the Internet [ICASI]. ICASI focuses on working together to try and find solutions to security problems affecting the broader Internet and not limited to any one vendor.

Unfortunately, such efforts do not otherwise result in a fix before attackers exploit such basic vulnerabilities. For example, the SSL flaw that PhoneFactor discovered was kept secret until it was independently uncovered in a discussion forum. Shortly after that, security researcher Anil Kumas used it to engineer an attack against the Twitter micro-blogging service that would enable any attacker to authenticate themselves as another user.

Alternately, the question of whether the Internet is broken maybe too simplistic. The online world is never that binary. After all, you are still reading this article online — something that is miraculous when we consider that the web didn’t exist 20 years ago. However, thanks to increasingly sophisticated attackers online, we are finding the Internet in a continuous state of disrepair. This is the nature of the medium. It is chaotic, disjointed, and always in flux. Perhaps the best that we can do is to secure systems as best we can by applying the most up-to-date patches, and then protecting all of our valuable data by increasing his, and applying multiple layers of defense to thwart any single attack. Internet may not be broken, but that doesn’t mean we shouldn’t do our best to try and fix it.

Further info

PhoneFactor SSL flaw discovery http://www.phonefactor.com/sslgap/

BGP flaw – http://www.zdnet.com.au/news/security/soa/Flaw-in-BGP-net-protocol/0,130061744,339291643,00.htm?omnRef=1337

Twitter hack http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html

Kaminsky DNS flaw news http://www.orange-business.com/en/mnc2/footer/news/enterprise_briefing/september2008/industry_watch.jsp

ICASI http://www.icasi.org

This blog was contributed by Danny Bradbury, one of Futurity Media’s international network of writers