Got Cloud? I Got Mail. Your Mail!

And that’s just the beginning. I’ve warned you before that you can’t control the clouds and that they are inherently insecure. But did you listen? Nope. Clouds are gaining in popularity, and, consequently, every day more and more data is there for the taking, by experienced AND novice hackers alike.

As per this recent article in the (MIT) Technology Review, on “How to Steal Data from Your Neighbour in the Cloud”, a recent study (by researchers at the Universities of Wisconsin and North Carolina) has proven that software hosted in one part of the cloud can spy on software hosted nearby.

This study conducted an experiment in which malicious software was run on hardware designed to mimic the equipment used by cloud companies such as Amazon. The software was able to steal an encryption key that was used to secure e-mails from software belonging to another user. This allowed the researchers to decrypt e-mails sent by the user (which are easily captured by packet sniffers on a compromised machine attached to the cloud).

As per the article, the new attack undermines one of the basic assumptions underpinning cloud computing: that a customer’s data is kept completely separate from data belonging to any other customer. This separation is supposedly provided by virtualization technology. However, because virtual machines running on the same physical hardware share resources, the actions of one can impinge on the performance of the other, an attacker in control of one virtual machine can snoop on data stored in memory attached to one of the processors running the cloud environment (that is used as a cache in a trick known as a side-channel attack).

Remember this before you go for a full-fledged cloud solution. SaaS from a private data centre run by a single vendor is probably okay if they maintain separate database instances for each client (with their own, separate, encryption keys). But shared services on a cloud are probably not a good idea. At least not from a security perspective.

One Size Does Not Fit All – That’s Why You Need User Configurable Workflows

Andrew just posted a great post over on CPO Rising on how One Size Does Not Fit All where e-Sourcing and e-Procurement is concerned. As Andrew astutely notes, process standardization is very important within Supply Management, but having only one option for e-Sourcing or e-Procurement events is certainly not the way to go.

One has to remember that even in the simplest classification scheme, you will break your events into quadrants based on dollar value and business impact (or supply challenge and business impact). For low value, low impact events, you’re not going to use a process that requires a lot of time and effort, because you need that on high-value, high impact categories. Similarly, you’re not going to use an automated e-Auction for a high-value, high-impact category and essentially throw the category to the wind. As Andrew notes in the first example in his post, if the process is set up for large, high-value, multi-stakeholder process, it’s not going to work for small, low-value, single stakeholder processes as it will be too cumbersome and your buyers will do everything they can to bypass or ignore it.

In order for your solution to work, it needs to support multiple project configurations that can be defined by the client. For example, the client should be able to configure simple, automated e-Auctions for low-value, low-impact categories; automated e-RFXs for low-value, high-impact categories and high-value, low-impact categories where Procurement personnel only need to get involved in final review and award; and full-fledged multi-round RFX and Decision Optimization for high-value, high-impact categories. (Now, every category should run a baseline optimization scenario before an award is made, but extended analysis does not need to be done for all categories.)

And, further more, it needs to be easy for a Director or CPO to grant exceptions to the process when they are appropriate. For example, as per Andrew’s 3rd example, it should not take months of back and forth to remove a “mandatory” automobile insurance provision when no automobiles are being used! So make sure your solution is configurable, or it might not last long in your client’s Supply Management department.

If America is Going to Be Number One Oil Producer By 2020, Will Canada Be Number Two?

According to this recent Economist Article on Energy to Spare, America is on track to produce all the energy it needs at home. Considering that Americans burn three and a half times as much energy as the average Chinese person, and hasn’t been able to meet its energy needs in over half a century, this seems like a tall order. Especially since, demand has more than doubled since America was last able to satisfy its energy needs from domestic sources.

However, the International Energy Agency is forecasting that America could become the world’s largest oil producer by 2020, when it could be churning out 11.1 Million barrels a day, and be energy self-sufficient by 2035. Coupled with the fact that demand is waning due to increased fuel efficiency, the prediction is that rising production and falling demand will equal out in 2035.

It’s an interesting prediction, but so is the prediction about the Athabasca Oil Sands north of the American border. Right now, production is about 1.3M barrels per day, but estimates are that production can get to 5.1M barrels per day. As per this article in the Economist, on The Sands of Grime, Canada’s oil sands contain over 170 Billion Barrels of oil that can be recovered economically with today’s technology. With the third largest proven oil reserves in the world, it’s quite likely that production can ramp up to make Canada at least fourth in oil production by 2020, with third place a strong possibility. Right now, Venezuelan production for 2020 is estimated at 6.5M barrels per day and Saudi Arabia, at close to 10M barrels per day, expects it can get to 11 M barrels per day (Source). With the difference between Canadian production estimates and Venezuelan production estimates for 2020 less than 30%, it would only take a 15% increase in Canadian production and a 15% decrease in Venezuelan production for Canada to edge in third.

Unless Saudi Arabian reserves are less than estimated, or Canadian production ramps up exponentially beyond expectations, we probably won’t make number two, but number three is a strong possibility.

Is the California High Speed Rail Authority Saving a Dime and Losing a Dollar?

A recent article in the Economist on California High-Speed Rail (HSR), touted Cheaper, Slower as if it was a good thing. Quoting the “Fresno Bee”, The CEO of the HSR Authority has decided to extend the first phase of the project, which was due to complete in 2017, until September 18.

As a result of this extension, which is expected to result in less weekend and overtime work, the California HSR Authority is expecting to save $150 Million of taxpayers’ money. This is being promoted as a good thing. I’m not sure I agree.

You see, for Taxpayers to benefit, the State as a whole has to be financially sound. This means that Revenues Minus Expenditures has to be at least zero, if not positive, and anything that increases revenue or decreases expenditures is generally good, unless the State is running a deficit, in which case the State needs to look at each action and see what the costs of the action are.

In this case, the cost of delaying the project is delaying revenues another year. If you look at the revenue projections for the project, available at this link on the California HSR site, you will see that they are massive. Over 2 Billion annually. Now while it’s true that this is just one piece, from Bakersfield to Fresno / Madera, due to the lack of travel options in the area and the fact that it is a vital part of the corridor between LA and San Jose, the revenue projections for this piece alone appear to be over 25% of the total projections. In other words, to save this 150 Million, the State is delaying at least 500 Million of Revenue by at least a year. Now, HSR does have a high operating cost, we don’t know what the profit margins are, and the HSR might actually be projected to lose money early on, but I’d like to see a full cost benefit analysis of what it is costing in the long run to achieve a projected savings of $150 Million. Until someone does this, we have no idea what the projected savings really are, and even less of an idea as to what the savings will even be as they might not even materialize when you consider expected labour increases, expected material cost increases (given the fact that inflationary times are back), and the fact that a whole slew of things could go wrong to cause delays that need to be made up with overtime.

I’m a little disappointed the Economist took the Fresno Bee at their word. An analysis really is needed here.