8 Core Beliefs of Extraordinary Bosses
The best managers have a fundamentally different
understanding of workplace, company, and team dynamics. See what they
A few years back, I interviewed some of the most successful CEOs in
the world in order to discover their management secrets. I learned that
the "best of the best" tend to share the following eight core beliefs.
1. Business is an ecosystem, not a battlefield.
Average bosses see business as a conflict between companies,
departments and groups. They build huge armies of "troops" to order
about, demonize competitors as "enemies," and treat customers as
"territory" to be conquered.
Extraordinary bosses see business as a symbiosis where the
most diverse firm is most likely to survive and thrive. They naturally
create teams that adapt easily to new markets and can quickly form
partnerships with other companies, customers ... and even competitors.
2. A company is a community, not a machine.
Average bosses consider their company to be a machine with
employees as cogs. They create rigid structures with rigid rules and
then try to maintain control by "pulling levers" and "steering the
Extraordinary bosses see their company as a collection of
individual hopes and dreams, all connected to a higher purpose. They
inspire employees to dedicate themselves to the success of their peers
and therefore to the community–and company–at large.
3. Management is service, not control.
Average bosses want employees to do exactly what they're
told. They're hyper-aware of anything that smacks of insubordination and
create environments where individual initiative is squelched by the
"wait and see what the boss says" mentality.
Extraordinary bosses set a general direction and then commit
themselves to obtaining the resources that their employees need to get
the job done. They push decision making downward, allowing teams form
their own rules and intervening only in emergencies.
4. My employees are my peers, not my children.
Average bosses see employees as inferior, immature beings
who simply can't be trusted if not overseen by a patriarchal management.
Employees take their cues from this attitude, expend energy on looking
busy and covering their behinds.
Extraordinary bosses treat every employee as if he or she
were the most important person in the firm. Excellence is expected
everywhere, from the loading dock to the boardroom. As a result,
employees at all levels take charge of their own destinies.
5. Motivation comes from vision, not from fear.
Average bosses see fear--of getting fired, of ridicule, of
loss of privilege--as a crucial way to motivate people. As a result,
employees and managers alike become paralyzed and unable to make risky
Extraordinary bosses inspire people to see a better future
and how they'll be a part of it. As a result, employees work harder
because they believe in the organization's goals, truly enjoy what
they're doing and (of course) know they'll share in the rewards.
6. Change equals growth, not pain.
Average bosses see change as both complicated and
threatening, something to be endured only when a firm is in desperate
shape. They subconsciously torpedo change ... until it's too late.
Extraordinary bosses see change as an inevitable part of
life. While they don't value change for its own sake, they know that
success is only possible if employees and organization embrace new ideas
and new ways of doing business.
7. Technology offers empowerment, not automation.
Average bosses adhere to the old IT-centric view that
technology is primarily a way to strengthen management control and
increase predictability. They install centralized computer systems that
dehumanize and antagonize employees.
Extraordinary bosses see technology as a way to free human
beings to be creative and to build better relationships. They adapt
their back-office systems to the tools, like smartphones and tablets,
that people actually want to use.
8. Work should be fun, not mere toil.
Average bosses buy into the notion that work is, at best, a
necessary evil. They fully expect employees to resent having to work,
and therefore tend to subconsciously define themselves as oppressors and
their employees as victims. Everyone then behaves accordingly.
Extraordinary bosses see work as something that should be
inherently enjoyable–and believe therefore that the most important job
of manager is, as far as possible, to put people in jobs that can and
will make them truly happy.
What The Most Successful People Do Before Breakfast
BY Laura Vanderkam |
This article is written by a member of our expert contributor community.
are a great time for getting things done. You’re less likely to be
interrupted than you are later in the day. Your supply of willpower is
fresh after a good night’s sleep. That makes it possible to turn
personal priorities like exercise or strategic thinking into reality.
But if you’ve got big goals--and a chaotic a.m. schedule--how can you make over your mornings to make these goals happen?
Because I write about time management frequently, I’ve gotten to see
hundreds of calendars and schedules over the years. From studying
people’s morning habits, I’ve learned that getting the most out of this
time is a five-part process. Follow these steps, though, and you’re on
your way to building morning habits that stick.
1. Track Your Time
Part of spending your time better is knowing how you’re spending it
now. If you’ve ever tried to lose weight, you know that nutritionists
tell you to keep a food journal because it keeps you from eating
mindlessly. It’s the same with time. Write down what you’re doing as
often as you can. Use my spreadsheet, a Word document, or a pad and pen.
While measuring your mornings, try tracking your whole week. The
reason? The solution to morning dilemmas often lies at other times of
the day. You may be too tired because you’re staying up late. But if you
look at how you’re spending your nights, you’ll notice that you’re not
doing anything urgent. The Daily Show can be recorded and watched earlier--possibly while you’re on the treadmill at 6:30 a.m.
As for the mornings themselves, you can be organized but still not be
spending them well. Question your assumptions. You may believe that “a
man who wants to keep his job gets into the office before his boss”
because that’s what your father did, but your boss may be disappointed
that he doesn’t get the place to himself for an hour first! If you
decide that something is a top priority, do it, but understand that we have to do few things in life.
2. Picture the Perfect Morning
After you know how you’re spending your time, ask yourself what a
great morning would look like. For me, it would start with a run,
followed by a hearty family breakfast. After getting people out the
door, I’d focus on long-term projects like my books. Here are some other
ideas for morning enrichment:
For personal growth:
Read through a religious text: Sacred texts can teach us about human
nature and history, even if they’re not from a religion you subscribe
to. If they are, pray or meditate and get to know your beliefs in a
Train for something big: Aiming to complete a half-marathon, a
triathlon, or a long bike ride will keep you inspired as you take your
fitness to the next level.
Do art projects with your kids:. Mornings don’t have to be a death march
out the door. Enjoy your time with your little ones at a time of day
when you all have more patience.
For professional growth:
Strategize: In an age of constant connectivity, people complain of
having no time to think. Use your mornings to picture what you want your
career and organization to look like in the future.
Read articles in professional journals: Benefit from other people’s
research and strategic thinking, and gain new insights into your field.
Take an online class: If a job or career change is in your future, a self-paced class can keep your skills sharp.
3. Think Through the Logistics
How could this vision mesh with the life you have? Don’t assume you
have to add it on top of the hours you already spend getting ready or
that you’ll have to get to work earlier. If you fill the morning hours
with important activities you’ll crowd out things that are more time
intensive than they need to be. Map out a morning schedule. What time
would you have to get up and what time do you need to go to bed to get
enough sleep? As for the mornings themselves, what would make your
ritual easier? Do you need to set your easel next to your bed? Can you
find a more cheerful alarm clock or one you can’t turn off so easily?
It’s easy to believe our own excuses, particularly if they’re good
ones. Come up with a plan and assemble what you need, but whatever you
do, don’t label this vision as impossible
4. Build the Habit
This is the most important step. Turning a desire into a ritual
requires willpower. Use these fives steps to optimize your routine:
- Start slowly: Go to bed and wake up fifteen minutes earlier for a few days until this new schedule seems doable.
your energy: Building a new habit takes effort, so take care of
yourself while you’re trying. Eat right, eat enough, and surround
yourself with supportive people who want to see you succeed.
- Choose one new habit at a time to introduce: If you want to run, pray, and write in a journal, choose one of these and make it a habit before adding another.
- Chart your progress: Habits
take weeks to establish, so keep track of how you’re doing for at least
thirty days. Once skipping a session feels like you forgot
something--like forgetting to brush your teeth--you can take your ritual
up a notch.
- Feel free to use bribery: Eventually
habits produce their own motivation, but until then, external
motivations like promising yourself concert tickets can keep you moving
forward. And keep in mind that your morning rituals shouldn’t be of the
self-flagellation variety. Choose things you enjoy: your
before-breakfast ritual has the potential to become your favorite part
of the day.
5. Tune Up as Necessary
Life changes. Sometimes we have to regroup, but the goal is to
replace any rituals that no longer work with new ones that make you feel
like every day is full of possibility.
That is ultimately the amazing thing about mornings--they always feel
like a new chance to do things right. A win scored then creates a
cascade of success. The hopeful hours before most people eat breakfast
are too precious to be blown on semiconscious activities. You can do a
lot with those hours. Whenever I’m tempted to say I don’t have time for
something, I remind myself that if I wanted to get up early, I could.
These hours are available to all of us if we choose to use them.
So how would you like to use your mornings? This important question
requires careful thinking. But once you decide, small rituals can
accomplish great things. When you make over your mornings, you can make
over your life. That is what the most successful people know.
Secure Flash Drives Lock Down Your Data
Hollywood makes secure flash storage look easy. If the bad guy steals a thumb drive, it either blows up or some secret counterintelligence agency marshals the nation's resources in a no-holds-barred data hunt--most likely with Bruce Willis or Tommy Lee Jones working the streets. If the good guy steals the drive, it goes to a special-needs, special-deeds sidekick in a basement somewhere who cracks the code in 5 minutes.
That's the Hollywood treatment, but--exaggerations aside--it contains some elements of truth. Flash drive security is readily available, and some of it is free. Ease of use, however, is another matter.
Secure flash drives give security-conscious users a great way to transport sensitive information. And you can work directly off of such drives so that their top-secret data never resides in another location--except on a secure online backup service, of course.
Hardware vs. Software
The three basic approaches to securing data on a flash drive involve using software, hardware, or a combination of both.
The simplest, least expensive way to secure your data is to use a program such as 7-Zip to create encrypted archives on your flash drive. The obvious drawback of this method is that you must have the appropriate decryption software on any PC that you want to access the data from. (A portable version of 7-Zip is available, however.)
A slightly more elegant solution is Encrypt Stick, which also resides on the flash drive as a portable application but is designed solely for secure storage.
Easier yet is a secure flash drive that, upon being inserted into a PC's USB port, automatically runs software by tricking the operating system into thinking that you've inserted a CD. This software resides on a small CD emulation partition; the rest of the drive is used for storage. Variations on this approach run the gamut from simply providing access to the encryption program (as with the CMS Vault OTG) to hiding the data partition until you've run its control panel and entered a password to enable it (which is the method that IronKey Personal S200 uses).
A hardware-only product has special appeal to businesses and other security-conscious organizations that don't want and won't allow users to insert any type of executable file from a flash drive into their systems. Any type of software on a flash drive is vulnerable to tampering.
Hardware-only options include the Lok-It drive from Systematic Development Group, which requires the user to enter a PIN, using the buttons on face of the drive. Though it's a nice product, Imation's Defender F200 is the hands-down winner for cool, softwareless ease of use. The drive has a biometric finger scanner on top, which requires no software intervention when used alone. The F200 also uses the CD trick, but only for the configuration software or for additional password protection.
How Many Bits Are Enough?
No matter which hardware or software product you choose, it pays to know what type of security the item uses.
Any number of programs offer AES 128, 192, or 256. AES (Advanced Encryption Standard) is a symmetrical ciphering system--which means that it uses the same password or key to encrypt and decrypt data--and 128, 192, and 256 represent the number of bits in the key. The greater the number of bits, the larger the number of possibilities a cracking program must try to ensure that it will come up with the right one.
Because of the current choice between 32-bit and 64-bit computing and operating systems, you may know that an unsigned 32-bit binary number can be anything up to about 4.3 billion (4G, and an unsigned 64-bit number can be up to about 18.4 quintillion. It follows that 128-bit, 192-bit, and 256-bit numbers areimmense, and they have names you've probably never heard of.
Though computers are fast, they aren't fast enough to crack numbers at those sizes in a reasonable amount of time. At today's processing speeds, a brute-force attack that tried every possible solution would take billions of years (on average) to crack a 256-bit number--assuming that the person who created the password chose a full-strength password that used all of the bits. The larger the number, the slower the encryption or decryption--but for the modest amounts of data we're talking about here, that's generally not an issue.
If you're planning to transport a working recipe for cold fusion, you might want to confirm that your portable drive satisfies a high level of FIPS 140-2 (Federal Information Processing Standard, Publication 140-2). FIPS 140-2 isn't a technology, but a definition of what security mechanisms should do.
The Imation Defender F200 offers controls in a Web interface.There are four FIPS 140-2 levels. Level 1 involves using an approved encryption algorithm (such as AES 256). With level 2, the encryption is supplemented by a means to reveal tampering. Level 3 adds protection for the encrypting mechanisms and algorithms themselves. And with level 4, you add physically daunting packaging and fry the data and decrypting mechanisms if a breach occurs. At last, Mission Impossible!
The Imation Defender F200 has been validated for level 3 security, as has Lexar's JumpDrive Safe S3000 FIPS. Validation is an expensive process performed by a trusted partner that can take 12 to 18 months. More commonly in the product packaging or advertising, you'll see an indication such as "FIPS compliant," as with the IronKey Personal S200, which simply means the device follows the government's 140-2 guidelines.
What You Want
For most users, the free software approach is adequate, though not particularly convenient. Auto-run flash drives are a bit easier, and they carry only small price premiums. Full on, software-less, Hollywood-like magic such as the Defender F200 costs you four, five times or more per gigabyte than a plain drive, but the convenience and wow factors are huge.
Imation Defender F200 Flash
Drive Has Spy Appeal
Everyone wants to feel a little James or Jane Bond-ish every once in a
while. And nothing beats Imation's Defender F2000 Biometric Flash drive when it
comes to spy-like sex appeal. Pull your flash drive out, jack it into your
notebook, and swipe your finger across its biometric fingerprint reader it to enable
it. How cool, not to mention convenient, is that?
Mind you, the F200 is not the first flash
drive with biometric reader built-in. But it is the first we've seen that's
validated to level 3 of FIPS 140-2 government security guideline. Not
compliant, not designed to meet, but actually validated--a lengthy and
This drive comes in five sizes and prices, with the 1GB option starting at
$90, all the way up to around $300 for the largest capacity of 32GB, as of the
The device uses hardware AES 256-bit encryption
and may be configured to use the biometric scanner, a password, or both for a
double layer of security. You may define two fingers for validation, and excuse
the morbidity, but it's recommended that you use one from each hand in case you
lose the use of one arm. The device, you see, is designed for military use-and
as such, it can withstand extremes as well (including cold, heat, and impact).
Unfortunately, the F200 does not allow you to hide or disable the CD
emulating boot partition that it uses to deliver and auto-run (PC-only) its
configuration and password software. Some workplaces don't want any type of
executable file on removable drives that will be plugged into their PCs, so
that might be an issue for some office environments.
The Access Standard software that comes with the drive is portable, so it
runs from the flash drive without installation and supports both the PC and
Mac. It's also easy to use and efficient. You configure the scanner, passwords,
and can even reset the drive with it--given the proper authority that is; you
can manage multiple users with it.
You might rightly expect biometrics to carry a heavy premium, but the price
for larger-capacity versions of this drive scale particularly poorly, as in
government-procurement poorly. As of Dec. 15, plain 1GB to 32GB flash drives
ran from under $10 to just over $50. A 1GB Defender F200 cost $109 and a 2GB
model $129, understandable premiums for what you get; but a 32GB cost $369--way
beyond the extra cost of the memory.
Despite the high price, the F200 will have many takers; It's good looking,
the finger-swiper is extremely convenient, and it's highly secure.
How can I make a flash drive more secure?
January 19, 2006 12:02 AM Subscribe
How do I make a flash drive more secure?
My father recently bought himself a flash drive, and now uses it for transferring all sorts of work documents to and from home. He asked me if there was any way of putting a password on it, or securing it somehow to stop someone reading all his work documents in the event it was lost / stolen.
I had to admit I was stumped.
So the question is, is there some way of making a generic flash drive more secure? I would like something fairly simple, maybe something where you pop the flash drive into the USB port and it prompts you for a password. I don't even know if this is really possible.
I did a bit of googling but never managed to find quite what I was looking for.
posted by tomble to computers & internet (18 answers total)
Ads by Google
Symantec Web Security
www.Symantec.com/EndpointProtection Secure Laptops, Desktops & Servers from Threats w/ Symantec Solutions.
USB Key Password Software
www.RoboForm.com Free - Easy - Fast - Secure. Over 32 Million Downloads - 5 Stars
Get Database Encryption
vormetric.com Download a Free White Paper That Explains Data Security & Encryption
posted by pompomtom at 12:10 AM on January 19, 2006
PGPi -- useful for more than just flash drives.
posted by krisjohn at 12:26 AM on January 19, 2006
If it's your dad, you probably want it to be dead simple.
Assuming we're talking PC here, I would suggest this solution. WinZip is also useful and pretty much foolproof for creating password protected folders.
posted by insomnia_lj at 12:48 AM on January 19, 2006
posted by raaka at 12:56 AM on January 19, 2006
If it's Windows XP you'll have encryption for NTFS volumes built in. I've not used it myself though.
posted by ed\26h at 1:17 AM on January 19, 2006
Ads by Google
#1 USB Device Security
www.Lumension.com/USB-Security/ Leader in USB Device/Port Control. FIPS 140-2 Encryption. Free Trial.
I second the WinZip solution.
It's not wise to use NTFS on a flash drive, because you might be in a situation where you have to connect it to a non-Windows 2000/XP computer and it will not be able to read it (some OS's have read support), and almost suredly will not be able to write to it.
posted by Mijo Bijo at 1:22 AM on January 19, 2006
To expand on that a little, my suggestion would not work on Windows 2000 either, as it requires an encrypting file system on top of NTFS - it's purely an XP solution.
posted by ed\26h at 2:45 AM on January 19, 2006
I also second the Winzip (or Winrar) solution. You can run winrar right off the flash drive, for that matter. And Winrar has an option to mask/encrypt the filenames in the compressed file as well, making it a little more secure than winzip.
posted by tiamat at 3:01 AM on January 19, 2006
Assuming your Father is running Mac OS X (you didn't specify so I get to assume whatever I want), then the easiest way is to use Disk Utility and create a password protected sparse disk image. The disk image is AES encrypted - which is good, and by using a sparse image the disk image wont take up any more room than it has to.
posted by schwa at 5:24 AM on January 19, 2006
Do not forget to zero out (or better yet, radomize) the data on the flash drive first! If you don't, the old, unencrypted documents will still be easy to access with the right tools. I believe the DOD standard is to wipe it seven times with a random pattern.
posted by shepd at 5:48 AM on January 19, 2006
Ads by Google
Custom Flash Drives
greenthumbdrives.com/FlashDrives More Models, Options & Services Free Logo, Load, Ship - Min. 25 Pcs
Yes, 7. Gutmann recommends 35, though I think that was based on old hard drive technology.
Seconding TrueCrypt - it's surprisingly easy to use, once set up.
posted by blag at 6:09 AM on January 19, 2006
Secure Deletion of Data from Magnetic and Solid-State Memory
some people have treated the 35-pass overwrite technique as a kind of voodoo incantation to banish evil spirits than the result of a technical analysis of drive encoding techniques. As a result, they advocate applying the voodoo to PRML and EPRML drives even though it will have no more effect than a simple scrubbing with random data
posted by Sharcho at 7:40 AM on January 19, 2006
Thirding truecrypt if he's serious about the security. Amazingly easy to use and setup, much better than PGP in that regard. Windows built in encryption won't work unless his home machine is on the domain his work machine is on.
Note that the nature of TrueCrypt, or any truely secure encryption alogrithm, is there will be increased wear on his flash drive.
posted by Mitheral at 7:42 AM on January 19, 2006
Windows built in encryption won't work unless his home machine is on the domain his work machine is on.
You'd need to add the certificates to the logon you're using if you're transporting the files to a separate network, as I understand it.
posted by ed\26h at 8:42 AM on January 19, 2006
One note about Truecrypt - it needs to have a device driver installed on the destination computer in order to access the encrypted files. This might be an issue if you need to access the secured files from a system where you don't have administrator privileges (since non-administrators can't install device drivers). This is noted in the Truecrypt FAQ.
posted by gwenzel at 8:56 AM on January 19, 2006
You can buy flash drives that have security/encryption mechanisms built into the hardware. That's probably the simplest and most secure.
posted by winston at 10:29 AM on January 19, 2006
I wouldn't trust the built in encryption on a flash drive. Who knows what method they are using, how secure it is, or whether the implementation has a flaw.
posted by Mitheral at 11:41 AM on January 19, 2006
My vote goes to Keynesis Lockngo Pro. Simple interface, solid encryption -- this is an exceptional product.
posted by JudgeBork at 12:55 PM on January 19, 2006
« Older What is the best pool cue I ca... | CondomFilter: What is the best... Newer »
Ads by Google
Hard Drive Recovery Software
www.DataRetrieval.com Most Successful Data Recovery Rate Free Diagnosis & Free Drive Pickup!
www.magic2003.net Encrypt and password protect usb flash drive, external hard drive.
Windows Azure Security
www.windowsazure.com/free-trial Discover Microsoft® Windows Azure. Sign Up for a Free 90-Day Trial!
In recent years, cloud computing has been as visible
as any topic in IT. Its front-page news status has been
accelerated by Amazon, Salesforce.com, Yahoo, and
Microsoft®, among other firms aggressively vying for
leadership in providing cloud infrastructure or services.
However, this race for mindshare has obscured cloud
computing facts. Many admit to the haze surrounding
This white paper separates fact from fiction, reality
from myth, and, in doing so, will aide senior IT
executives as they make decisions around cloud
computing. While dispelling cloud computing myths,
we will answer tough questions: How hard is it to
adopt a private or hybrid cloud? How difficult is it
to maintain and secure a cloud? How will the cloud
transform my business? Do I have the right skill sets in
place? What are some of my cost considerations? HP
is committing extensive resources to helping customers
with all of their questions and concerns around cloud
So, where did cloud computing come
The IT industry has a habit of latching onto buzzwords
and applying them everywhere. “Cloud” is no
exception. So, to understand cloud computing, let’s
ground the conversation in some definitions. As a
practical baseline for our discussion, we cite the
National Institute of Standards and Technology (NIST)
definition of cloud computing published October 7,
“Cloud computing is a model for enabling
convenient, on-demand network access to a
shared pool of configurable computing resources
(e.g., networks, servers, storage, applications,
and services) that can be rapidly provisioned
and released with minimal management effort or
service provider interaction.”
Historically, the concepts behind cloud computing can
be attributed to John McCarthy who in 1961 said, “If
computers of the kind I have advocated become the
computers of the future, then computing may someday
be organized as a public utility just as the telephone
system is a public utility.…The computer utility could
become the basis of a new and important industry.”1
In 2008, Amy Schurr, in an article in Network World,2
cited Gartner research outlining the opportunity for
cloud computing “to shape the relationship among
consumers of IT services, those who use IT services,
and those who sell them.” Ms. Schurr observed that
“organizations are switching from company-owned
hardware and software assets to per-use service
models” and proposed that “[the] projected shift to
cloud computing…will result in dramatic growth in IT
products in some areas and significant reductions in
As seen with other major evolutionary transformations
of IT over the last four decades, new technologies
can be disruptive initially, with hype moving faster
than reality. But when technology is understood,
the benefits begin to outweigh the negatives. Cloud
concepts can mean different things to different people,
so let’s look at five cloud computing myths and
separate fact from fiction.
Myth one: The public cloud is the
most inexpensive way to procure IT
A characteristic of the public cloud is a relatively
inexpensive “pay-as-you-use” model. For example, the
starting price for Standard On-Demand Instances with
the Amazon EC2 Web service is less than a dime per
hour based on system size, operating system, and
locale. It’s easy to see why people think all delivery
from the public cloud is cheaper than that delivered by
internal IT. However, if you look under the covers, the
Here’s a surprising fact: For resources that are needed
constantly, enterprises can actually reduce costs
by leveraging other cloud models, such as shared
resources delivered via a private cloud. In cases like
this, the private cloud actually is more cost-efficient
than even the pay-as-you-use public cloud model.3
An analogy is the decision to rent or buy a car. For
short-term use, a car rental is cost-effective because
you pay based on what you consume. However, if you
drive frequently and for a longer term, then owning
a vehicle makes better financial sense. And beyond
price, there are other important issues to consider such
as performance, security, compliance, service-level
agreements, and availability.
Cloud strategy is essential
At the core of cloud computing—whether you’re using
a public cloud service, building your own private
cloud, or taking a hybrid cloud approach—is the
need to have your specific requirements incorporated
into a well-developed cloud strategy. It’s not a simple
exercise, as your cloud road map must address all
aspects of your performance, security, control, and
Beth Schultz in her article “Public Cloud vs. Private
Cloud: Why Not Both?” observes that many
organizations today are gravitating toward a private
cloud first in order to understand it within the confines
of their own firewalls. She asserts that experts
now believe it’s a viable option to base your cloud
delivery decisions on an analysis of your applications.
She advises organizations to “evaluate specific
applications, factor in security and compliance
considerations, and then decide what apps are
appropriate for a private cloud, as well as what apps
can immediately be shifted to the public cloud.”4
To help you develop your own strategy and road map,
the HP Cloud Discovery Workshop was created to
lead your key IT and business decision makers in a
two-day workshop. This HP service demystifies cloud
computing through the use of structured interactive
discussions around the transformation of existing
applications: setting appropriate service levels,
planning for security vulnerability management, and
weighing cloud economic models. In this workshop,
HP experts explain the possibilities, risks, and business
implications of the cloud.
Myth two: Baby steps in virtualization
are the only way to reach the cloud
There are lots of good reasons for businesses to turn to
virtualization technology—more efficient utilization of
existing computing resources and improved flexibility,
to name just two. And virtualization is a powerful step
in transforming IT. But it’s just that—a step.
The real transformation comes when organizations
fully embrace cloud computing. Building even a
private cloud brings tremendous benefits such as
reducing IT complexity, significantly lowering IT
costs, and enabling a more flexible and agile service
delivery. Not that virtualization and cloud computing
are mutually exclusive; in fact, many technologists now
believe a virtualized infrastructure is a strong catalyst
for the next step, the adoption of cloud computing. But
even the private cloud is so much more; it automates
the underlying provisioning of infrastructure and
applications and adds a convenient way for end users
to request IT services.
Data center sprawl, rigidity, complexity, and costs
are reasons why traditional IT silos are not meeting
the increased pace of business demands. A private
cloud based on shared pools of resources—resources
that can be automatically tapped to meet business
needs—can help IT keep up. The private cloud
allows IT managers to have complete control over
available assets, while adhering to the security
standards required both within the cloud and in
the data center. The cloud provides the agility
needed to automate workflows and reduce human
involvement in time-consuming but necessary tasks
such as the provisioning of applications. Whereas
most companies take anywhere from three to six
months or longer to provision new applications, with
the cloud, the applications can be provisioned in a
few hours. With cloud patching and upgrading the
OS, applications or databases can be automated to
dramatically reduce the time IT administrators spend
The all-in-one approach can achieve the private
So why do businesses delay the adoption of a private
cloud? Change can be difficult for any organization,
but some executives may have concerns that the
work needed to automate their environment might
eclipse any gains made by automation. Or they may
believe they need to further standardize their current
environment to truly take advantage of automation.
But the truth is that today, the effort needed to get the
cloud is much, much less. Great strides have been
made by such firms as HP to build the automation
and integration tools needed for fast development of
private clouds. True, if an organization has already
adopted virtualization technology, that’s a major
step toward internal cloud computing. But, in fact,
it’s no longer necessary to take the stairs to the cloud
by first adopting virtualization, then building on
that technology, and finally moving tentatively to an
embryonic cloud environment. Today you can take the
A case in point is HP CloudStart, a fast-track on-ramp
to the cloud. CloudStart is a turnkey HP Services
solution that allows you to deploy an open and
flexible private cloud solution in 30 days. You get all
the hardware, software, and services you need to
launch HP CloudSystem Matrix, a complete, integrated
private cloud that provides infrastructure as a
service, as well as basic application deployment and
monitoring. This is a complete cloud solution that can
provide “cloud driven” services. You can deliver those
services reliably and securely from a common portal,
with the scalability needed to deploy new services
For anyone hoping to create a private cloud,
HP CloudStart has several key benefits, including:
• Best practice guidance: HP Services provides
expertise in deploying, customizing, and executing
on the long-term vision for creating a private cloud
that is tuned to your environment.
• Workshops and services for private cloud
success: To help your organization fully realize the
business promise of private cloud computing, HP
offers a series of targeted workshops that focus on
key areas of concern such as change management,
process re-engineering, and virtualization
Myth three: Critical applications do
not belong in the cloud
It’s one thing to relegate a few servers running test
and development jobs to a cloud-based infrastructure.
But delivering business applications quickly and
efficiently continues to be the most important charter
for IT organizations. Studies such as a recent one by
Forbes shows that IT executives are under extreme
1) Cut infrastructure costs
2) Adjust their service levels to meet changing needs
3) Deliver applications with greater speed
IT professionals are interested in cloud computing to
help them address all three of these requirements. But
when CIOs and administrators look at major, businesscritical
applications like SAP, Oracle, and Microsoft,
they start to have doubts. How can IT possibly deploy
these often complex and traditionally hardwarebound
suites on something as seemingly transitory
as a “cloud”? And how can the cloud possibly be
configured to run these applications speedily, safely,
and securely—without a lot of time and effort on the
part of the IT department? In short, is cloud computing
appropriate for the critical applications that are so
important to the success of the busines
It starts with a map
To answer these questions, HP developed the Cloud
Maps. HP Cloud Maps fast-track the automation
of business application such as those from Oracle,
SAP, and Microsoft. They save days or weeks of time
while ensuring accurate deployment, configuration,
and sizing of cloud services for specific applications
and services. Each Cloud Map includes tools to build
a service catalog that meets your requirements for
fast and consistent delivery of high-quality services.
A typical Cloud Map consists of tested engineering
components such as:
• Templates for hardware and software configuration
that can be imported directly into your cloud
solution, saving days or weeks of solution design
• Sizers to help guide capacity and performance
• Workflows and scripts designed to automate
installation more quickly and in a repeatable fashion
• Reference white papers to help customize the Cloud
Map for your specific information
HP Cloud Maps help organizations set up critical
business applications to use both the physical and
virtual aspects of a cloud infrastructure.
Myth four: Public cloud security and
management concerns apply to all
The use of a public cloud service can provide relief
from investments in hardware and software, as you
pay for service delivery instead. Cloud services are
now often obtained by various areas of the business,
which means IT must manage at the service level. But
many IT executives are unwilling to create a system
where their data resides outside of their control. Many
enterprises, due to governance, risk, and compliance
regulations, have strict rules about the handling and
archiving of sensitive data. The most prevalent security
concerns as cited by the Cloud Security Alliance are:5
• Abuse and nefarious use of cloud computing
• Insecure application programming interfaces
• Malicious insiders
• Shared technology vulnerabilities
• Data loss/leakage
• Account, service, and traffic hijacking
• Unknown risk profile
Fearful of the constant growth in attack
methodologies, IT executives believe that the private
cloud is the answer, as it keeps the cloud infrastructure
on the premises, inside company firewalls, and under
the direct control of the IT group. These executives
feel that if they trust the security on their traditional
networks, then their private cloud models, at least,
should possess that same level of assurance.
But is the private cloud model impenetrable? No.
Vulnerabilities exist with connection to the Internet.
There is also the threat of insider attacks and data
Securing the cloud requires real specialists
So how can your organization safely and
confidently take advantage of the speed, flexibility,
scalability, and cost-effectiveness of cloud services?
HP CloudAssure can help. HP CloudAssure is
a comprehensive turnkey solution consisting of
HP software, services, and expertise. It leverages
nearly a decade of HP’s software as a service (SaaS)
expertise and advanced service-level performance.
With HP CloudAssure, HP experts provide ongoing
visibility into your cloud services. They help diagnose
and report on potential performance and security
issues before those issues can impact your business.
HP CloudAssure helps you validate and assess:
• Security by scanning networks, operating systems,
and Web applications and performing automated
• Performance by testing for bandwidth, connectivity,
scalability, and quality of the end-user experience
• Availability by testing and monitoring Web-based
application business processes and identifying and
analyzing performance issues and trends
• Cost optimization by providing resource, code, and
end-user performance metrics that allow you to rightsize
Whether you utilize cloud services for infrastructure
(IaaS), platforms (PaaS), or software (SaaS), this
solution can help you take full advantage of a public,
private, or hybrid cloud.
Myth five: There is only one way to
do cloud computing
As you have seen, there are a number of cloud
delivery models available. We’ve discussed the role of
public and private clouds in some detail in this paper.
Based on proven, market-leading HP Converged
Infrastructure and HP Cloud Service Automation,
the HP CloudSystem combines servers, storage,
networking, and security together with automated
systems and hybrid service delivery management.
The hybrid cloud is composed of two or more
clouds (private, community, or public). These clouds
remain unique entities, but they are bound together
by standardized technology that enables data and
application portability (e.g., cloud bursting for loadbalancing
In her article, “Cloud Computing for the Enterprise
Steps Forward: Lessons Learned and Key Takeaways,”
IDC, June 25, 2010, author Jean Bozman states that
next-gen cloud computing decisions will be designed
to “scale up, and scale down, on-demand—and to
allocate resources across a ‘grid’ or ‘array’ of preconstructed
building blocks developed by the service
provider. It will also demand a careful evaluation of
the customer’s inventory of enterprise applications,
to determine which ones could be moved to a
cloud computing platform (to run on private, public
or hybrid clouds).” Decisions based on the careful
analysis of applications clearly highlights the range of
cloud delivery options available to an organization.
Bozman further illustrates the benefits with private
and public clouds: “Private clouds leverage cloud
technology, bringing many of the benefits—such as
more standardization of infrastructure and business
processes—that reduce overall operational costs
(opex) and improve business agility. Public clouds offer
the benefits of leveraging someone else’s infrastructure
to run IT workloads on a pay-as-you-go basis,
reducing capex costs.”
HP CloudSystem is a comprehensive, integrated
solution for all clouds
For a complete, integrated platform that provides
private, hybrid, and even public clouds, look no
further than HP CloudSystem. HP CloudSystem is
the industry’s most complete cloud system, with
offerings for both enterprise organizations and
service providers. And HP is the only vendor able to
deliver such a comprehensive cloud platform with the
attributes needed by CIOs, service providers, and IT
With support for the broadest set of applications,
CloudSystem provides IT with a unified way to offer,
provision, and manage services across private clouds,
public cloud providers, and traditional IT. It enables
the flexibility to scale capacity within and outside the
data center, it is extensible to existing IT infrastructure,
and it can support heterogeneous environments.
HP CloudSystem consists of three integrated offerings.
These offerings provide a range of services for all
organizations as well as an avenue for growth and
• The HP CloudSystem Matrix offering is focused
on private clouds and infrastructure as a service.
This entry-level offering allows you to provision
infrastructure and applications in minutes, not
• HP CloudSystem Enterprise is for those looking
to deploy private and hybrid cloud environments
and the full range of service models (IaaS, PaaS,
and SaaS). It provides a single services view of
your environments, from private cloud to public
clouds to traditional IT with advanced application to
infrastructure lifecycle management.
• Finally, HP CloudSystem Service Provider is tuned
for service providers looking to deploy public and
hosted private clouds, and to deliver owned and
third-party cloud services.
HP CloudSystem offerings can be extended with
HP’s market-leading software and hardware such as
HP 3PAR Utility Storage, HP TippingPoint and ArcSight
security, HP networking, HP mission-critical computing,
and HP software. CloudSystem is optimized for
HP infrastructure but it supports non-HP infrastructure
HP CloudSystem enables you to build and manage
cloud services across private, public, and hybrid
clouds without having to know, or care, whether
those services come from HP CloudSystem’s own “onpremises”
resources, from your existing infrastructure,
or from the public domain.
Are you ready for the cloud?
While there is plenty of hype about cloud computing,
it can bring you real benefits. Embracing cloud where
it makes sense for your business can speed your time
to revenue and reduce your costs. But embracing
cloud means cutting through the hype to find real
No matter where you are in the cloud adoption
lifecyle, HP has the people, processes, and proven
track record to make a real difference and help you
take a direct route to the cloud. With HP as your
partner, you’ll be on your way to reaping the benefits
of cloud computing—without the hype—because
HP offers the most extensive range of cloud computing
expertise, products, and services. Contact us today
and learn more about the solutions discussed in this
paper and how HP can help make your journey to the
cloud a smooth one.
To learn more about HP Cloud technologies, go to:
• HP Cloud Computing Solutions at Cloud Computing
| HP Enterprise Solutions
• HP CloudSystem at Build Cloud Services with
• HP Cloud Maps at HP Cloud Maps for
© Copyright 2011 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only
warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein
should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
Microsoft is a U.S. registered trademark of Microsoft Corporation. Oracle is a registered trademark of Oracle and/or its affiliates.
4AA3-4550ENW, Created May 2011