So... how do you prevent leaks of restricted from on-prem to cloud while permitting the movement of material which is legally allowed to cross the boundary.
The complexity of that alone should defeat any gains from cloudifying.
Airbus won't eradicate Microsoft Office from its entire user base after all it seems: the Defence, Space and Helicopters units will retain the on-premises version due to the "legal and national security implications" of storing sensitive data in the cloud. As revealed by The Register on 14 March, Airbus will start shifting its …
And you can't bring cloud on-prem?
They could, just not with G Suite. They could build an in-house OwnCloud setup, and run the cloud-enabled version of LibreOffice under it. Mail and chat, well that's probably workable too, just don't know much about it (if Ignatious were here he'd probably make some plug for CitadelUX).
As in try to work on a restricted document that either i) you have no permission to access or ii) outside of specific premises (or even closed off network within premises) and you’re out? The only attack vector for Airbus’s most sensitive material should really be spiked patches. Of course, if they really want to keep such data safe, they could always follow George RR Martin’s approach and use a computer too bloody old for t’internet (and Wordstar).
They hate users so much, they slurp all the data they can get, they try harder and harder, and even then the backslash is little and en mass people still use them.
Maybe we should make it not that hard for them to get rid of their users. /s
"They hate users so much, they slurp all the data they can get, they try harder and harder, and even then the backslash is little and en mass people still use them."
They are amateurs at data slurping compared to Google and because of that people hate Google more.
Be that as it may.
It's Google's job to do at least some slurping for the business model as an advertiser and giving away lots of "free" features.
Microsoft however is not supposed to be an advertiser, it has no obvious business model to slurp or watch my online behaviours and therefore should not be doing so. That is supposed to be one of the benefits of paying arm+leg for their "services".
Unluckily, Microsoft *was* not supposed to be an advertiser - Satan Nadella changed course, and decide MS has to go after the slurping business model of Google, although they're still amateurs for lack of experience and skills in slurping operations, more even so in the marketing side to make you believe they slurp in your own interest.
IMHO, it was utterly silly to move towards slurping operations, because they removed one advantage they had over Google. Letting customers to decide if the wanted to run on-site IT operations or offload them to cloud services (or even a mix of two) depending on actual needs would have been more appealing.
But it looks Nadella is able only to try to copy someone else's successful business, be it Google slurping, Amazon cloud, or Apple app store.
"IMHO, it was utterly silly to move towards slurping operations, because they removed one advantage they had over Google. Letting customers to decide if the wanted to run on-site IT operations or offload them to cloud services..."
Microsoft doesn't slurp their business customers, only consumers. For instance Corporate Windows 10 versions don't have Slurp capability enabled by default.
"But it looks Nadella is able only to try to copy someone else's successful business, be it Google slurping, Amazon cloud, or Apple app store."
So - come back Monkey Boy, all is forgiven?
At least he was a barrel of laughs in comparison.
Email already makes it incredibly easy to accidentally send confidential info off premises and directly to the wrong people.
I've had confidential info sent to me by customers and suppliers by accident more than once. Luckily nothing particularly sensitive or subject to GDPR, yet...
Outlook (among others) makes it quite difficult to realise the mistake, by hiding the actual email address chosen by autocomplete.
It's far more difficult to do that with something like G Suite, you have to explicitly copypaste the secrets, rather than just use the wrong "To" address.
"Email already makes it incredibly easy to accidentally send confidential info off premises and directly to the wrong people"
On a recent MoD contract we had our mail server set up to bounce any external emails back unless we put a specific string at the start of the subject.
Think along the lines of [EXTERNAL EMAIL AUTHORISED]
Without that our emails wouldn't make it out of the company.
Regardless of which platform you prefer, these kind of half measures will end up bringing the worst of both worlds. It _will_ make collaboration more difficult and information that shouldn't be in g-cloud will almost certainly leak into it.
And several someones on the side that's intending to move to g cloud will throw tantrums about the change being forced on them and will claim (rightly or wrongly) to have several MS office-specific processes they rely on, a vital macro or template or suchlike.
"Hardly an hallelujah moment since they are switch to Google..."
As many have pointed out of other threads, GS is in general a vastly inferior solution compared to O365 and - as Airbus has clearly stated - they are only deploying GS to shake things up a bit.
Airbus will still be needing MS Office for circa half their users whatever. Hence they will likely drop GS after a few years once the impact has been achieved and once it's many limitations become apparent - it will after all be an obvious cost saving for the next CFO! It will be another Munich - something that sounded a good idea at the time but was crap in practice and eventually Microsoft's superior product suite capabilities and integration will win out.
"I've tried both and think GS is far superior to O365 as a collaboration suite and raises productivity because of that."
I have both now. They are roughly equivalent for shared editing type collaboration but the O365 unified comms and meeting collaboration is away ahead. Gsuite is as a general office suite and an enterprise product not in the same league as O365. Its limited and awful in many aspects.
>>Lots of other people feel the exact opposite.
>>I've tried both and think GS is far superior to O365 as a collaboration suite
It's an office software suite. Collaboration is a small part of what it does. And these days it really isn't any better at that - in fact O365 is ahead on collaboration in several ways. But anyway, the point is that as an office suite there simply is no contest - O365 is miles ahead.
As many have pointed out of other threads,
Excellent points up to 'superior' then disbelief set in, dance with fairies from then...
The 'hardly a halelujah' was for switching from MS to Google - not exactly a leap into enlightenment - Googles office solution seems too minimal and MS office has always included too, offering way too many attack surfaces and encouraging users to over-depend on it.
As several have already commented, having systems with access to both "secure" and insecure infrastructure is going to cause leakage into the cloud from day 1.
Unless, of course, they are running a secure operating system which will allow you to move documents up a classification (Google to Windows) but not the other way. Even with copy and paste.
This is looking like a two part process. After about a year it will be obvious that everything is in the cloud even though it shouldn't be. Cue a "that was then and this is now" moment with a push to ditch Office.
Concerning that they say that this is part of a strategy to change user behaviour. What can users not do under Google that they can do in Office? First obvious thing is massive complex spreadsheets. Perhaps they hope to stop new ones being developed. I can't see them prising Excel from the cold dead hands of those with mission critical spreadsheets; at least, not without an enormous development team to reimplement them. Non-trivial. Just look at the UK Government IT failures trying to replace old, complex systems which are continually evolving.
Typically classified and unclassified are separated by air gapped networks. Potentially with 2 stations on the same desk.
If that wasn't the case now, and say you wrote to either the classified or unclassified CIFS / Sharepoint then you'd have the same sort of mixups now...
>>Typically classified and unclassified are separated by air gapped networks. Potentially with 2 stations on the same desk.
Good luck looking at Google Suite documents on a proper air gapped network. This is a major failing of Google Suite - it doesn't have the DRM and encryption management features of Microsoft Office. There is no secure format to send documents around in. The best you can do is forward an ACL controlled URL pointing at the internet. Which obviously doesn't work on a secure network.
Good thing to purge them, really.
If they were written by someone halfway competent, they wouldn't be in a language built for quick what-if hacks by keyboard warriors.
If they're that business-critical, leaving them as undocumented piles of excelment that can't even be maintained by their users (their authors having long fallen to the Peter Principle) is a recipe for disaster.
"What can users not do under Google that they can do in Office? "
Integrate with local business software / data sources ? Run Addins? Create documents that look the same to external recipients? Pivot tables? Power BI? Enterprise Telephony ? Advanced Threat management? Script based user account attribute changes? Privileged Identity Management? etc. etc. etc. etc.
Could Google provide G suite servers 'in a box' and Airbus have it's own on premises localised cloud storage? For a large company with many 'seats', this might work if they are sure that G Suite provides compelling advantages over the Microsoft offerings.
Goggle would not be selling G Suite software, just allowing the relocation of an image of it to suit a major customer with no deep level access by the customer.
Almost certainly but the price would spike and it wouldn't solve all the problems: some of the data also has to stay in a particular country.
Sill, Airbus already has these kind of problems to deal with with factories in America and China that it has to secure against government agencies.
Sill, Airbus already has these kind of problems to deal with with factories in America and China that it has to secure against government agencies.
Against state-grade actors, Airbus (and any other large corporate) don't stand a chance. In the unlikely scenario that the government agencies can't hack systems with their limitless resource and extensive inventory of vulnerabilities and malware, they'll subvert employees or even put their own people inside, as well as the more old school non-IT forms of industrial espionage.
It might not be de rigueur, but it is punny. BAE Systems (a successor to British Aerospace, aka BAe) has had its own association with Airbus. The reference in the headline implies that this software migration might be similarly messy.
...probably means that the average user of those 130.000 has stored emails of their last 15 years, at a rate of around 50 mails a day, without ever deleting anything, and Enders thinks there might be a little storage space saved there.
What Airbus appears to be saying is they'll give users a chance to forget all of this junk, and possibly extract and save those mails that actually still have any significance. Say the one with the cookie recipe, the one that has Fred's address in it that the user never learned to copy into their own contacts, and the one with that specific detail about project XY the user wanted to remember, or use as a template. Then again, don't quote me on this.
I would consider a bet that this is a risk management exercise. I assume that their current MS systems are all on-premise, otherwise that secret data is already 'in the cloud'. How long before they would be forced to ditch the on-premise MS stuff and move to the cloud based offerings?
Bringing in Google now means they get a head start on any mitigation activities they would be forced to undertake later. This exercise would highlight issues with where their secret data is stored and how to access it, giving them time for a properly developed solution.
Despite many wishes and protestations, Excel is not a proper database, especially in the hands of most office staff. This on it's own probably justifies having a shake up of the organisation.
I don't have a crystal ball, so what software will we be using in two years time? Anyone?
"otherwise that secret data is already 'in the cloud'.
Al least with Microsoft's cloud you can control the data location and encrypt it with keys that only you have access to.
"How long before they would be forced to ditch the on-premise MS stuff and move to the cloud based offerings?""
As Office 2019 is already announced and will likely be supported for circa 10 years, not anytime soon unless they want to.
"except I don't use the cloud vendors approach but encrypt it on premises before it is uploaded."
That only works as a vault or for homogenous database encryption. If you want dynamic encryption then you need to use a cloud provider solution. And the Microsoft one with Thales HSMs is the only one I have seen that offers a decent level of assurance, regional lock down - and full real time key access logging.
Version control and preventing data duplication is going to be a nightmare in this scenario. I REALLY hope Airbus knows what it's doing and has a good PDM system in place to keep track of stuff over both systems simultaneously, because this sounds like an accident waiting to happen.
(based on previous working experience for Airbus)
For CAD Data, they have very good PDM systems. Although they change it pretty much every program (causing its own problems).
For Documents, etc. unless things have changed significantly since I was there - PDM systems? Not on your life!
Ok so Gsuite > O365
Microsoft Cloud has Data Protection equivalance (Google don't)
Sheets < Excel Online (not even on prem)
Docs < Word Online
Slides < Powerpoint Online
Hangouts < Skype For Business/Teams
Calendar/mail < Exchange/Outlook.com
Keep < OneNote
Jamboard\sites < sharepoint online
O365 allows on prem where you need it
O365 doesnt require mass format changes
O365 can handle cloud-onprem hibridisation nativley (Azure AD)
Airbus using the cloud?
"Hmm, this should do" says the operative working for [insert the name of a belligerent country here] whilst reaching for a copy of Hacking for Dummies.......
By comparison HP (EU) are bringing everything back in-house, moving away from the cloud. They obviously know something Airbus doesn't.
"Getting staff in different countries and parts of the organisation woking together was the main rationale for choosing Google over alternatives including Microsoft Office 365, Hennekens told us on 15 March."
Monsieur Hennekens should have had a Heineken before embarking on this - he would then have realised that non-cloud office solutions reaches the parts of the company that cloud solutions do not reach
Biting the hand that feeds IT © 1998–2019