My presentation at Interop tomorrow is called “Compliance in the Cloud – Unfiltered and Unplugged”. I will present a picture of how regulations affect cloud environments and what customers should know about compliance and security.

The Reuters storyline today has a lot of doom and gloom about cloud in an article called “Sony Woes May Cause Some to Rethink Cloud Computing”:

“Nobody is secure. Sony is just the tip of this thing,”

I would love to agree, as it’s great for business, but let’s be honest. It’s not a great surprise. It’s not a tip. It’s more of the usual. When you look at a high-risk operation with valuable assets and poor security practices you can’t stand up and say “nobody is secure”. That’s like watching someone blow their arm off after lighting a stick of dynamite by hand and saying “nobody can prevent that”. We know what has to be done.

Sony could have done a much better job protecting themselves. I am limited in what I can say about the details, but let me also just be circumspect and say that the security industry also can do a better job protecting Sony.

The lesson here is far less of a giant leap of faith or transformation and more about management learning to truly accept the basic tenets of compliance — “wax on, wax off” routine practices — rather than adopting x or y technology.

“You would have thought a big time reputable company like Sony would be running up-to-date, patched software with an appropriate firewall,” he said. “If Sony didn’t do this, which other big, reputable companies aren’t doing this?”

I gave numerous examples at RSA 2011 in SanFrancisco of why this is a fallacy. Anyone who attended my presentation would not have thought that.

“There’s nothing from the government or regulatory industry that says anything about how to run a shop,”

Not true. Tomorrow you will see a more accurate representation of the status of compliance in the cloud. I will present, in my usual contrariwise style, the opposite view of this Reuters article and explain how the government and regulatory industries say a lot about how to run a shop. In other words, come hear how the Sony and Amazon incidents are catalysts of compliance.

Although I have said before that the cloud has to catch up to compliance, I recently have had to confront the fact that auditors and assessors tend to make five major mistakes when looking at cloud environments. Tomorrow I also will explain why and how to improve the quality of cloud audit.

Maybe you’re sitting and wondering what to do with your old windshield wiper blades. You’ve already decided against hooking it up to an old electric toothbrush to make a lockpick. Maybe just a decorative simple Bogota Toolset would be fun instead.

…used by many locksmiths and covert entry specialists. Due to the highly polished finish, these tools glide through the lock but are NOT for the heavy handed user. The handle end of each piece doubles as a tension wrench, so you only need to carry these two tools to be prepared to open nearly any pin-tumbler or wafer lock you encounter.

You can learn how at the May 15th, 2:00pm meeting of The San Francisco Chapter of The Open Organisation Of Lockpickers

join us to learn about the history, styles, features, and techniques for using Bogota wave rakes. This meeting focuses on the unique characteristics and effectiveness of Bogota tools. Christina Palmer will demonstrate both picking and how to make your own set of Bogota rakes from stainless steel windshield wiper blade inserts.

Recycle your wipers and if you’re lucky you can meet some local undercover law enforcement at the same time; ask them to show you their Universal Handcuff Key.

I often get asked about market trends and why VMware would buy Mozy and Sliderocket. I don’t usually like to indulge the speculation. However, take a look at today’s announcement on the vCenter Orchestrator Plug-in for Microsoft Active Directory and you have to see how security tools help build the foundation of a new user platform.

The VMware vCenter Orchestrator plug-in for Microsoft Active Directory allows organizations to automate the management of directory services tasks, particularly as they pertain to cloud provisioning use cases. For instance, the plug-in enables the automatic provisioning of vCloud Director organizations based on data retrieved from Active Directory.

It just became a little easier to run your office in a provider environment. You can stand up some of your own apps or use provider managed productivity apps like SlideRocket and Zimbra in a handy vCloud environment with credentials already under your control.

The new capabilities also bring to mind new risks, which I am happy to speculate about and will discuss next week in my presentation at Interop.