Gartner reports that 60% of virtual servers are less secure than their physical counter-parts. Refreshingly, instead of beating on the "virtual/cloud environments are not safe!" drum, their analysis focuses on the novelty of the technology in many organizations and the informal roll-out processes that often accompany informal or untested experimentation and un-explored deployment models. Specifically, they point out that many operations teams simply view the implementation of virtualized servers as a straightforward transition of already understood environments between otherwise indistinguishable physical and virtual environments... a failing I have been guilty of myself. Some 40% of virtualization projects are planned without involvement from any security professionals (although, I have to wonder what the percentage of physical implementations are planned with security involved at the outset?) and the attendant vulnerabilities in the virtualization layer are never addressed.

The good news is that people are catching on quickly and the company forecasts that the percentage of affected servers will be cut in half by 2015. So this post is simply here to serve as a gentle reminder; if you aren't thinking about the additional security implications of virtualized environments as you jump on the virtualization bandwagon, it's time to pick up the phone and get your CSO in the room.

There are probably some Human Resources blogs somewhere where you can read the official view on the use of Internet-based background screening on new-hire candidates, but for the most part what I seem to run across are the cautionary tales posted by the applicants, who are less sanguine about the prospect.

Getting Googled as a precondition for employment (or a date, for that matter) is old hat. Embarrassing photos on Facebook tanking the prospective investment banking careers of drunken frat boys isn't news. The latest speculation, though, is over whether or not new location-based tracking services like Foursquare and Gowalla will be the latest resource for companies to check and potentially use against applicants.

I don't have a problem with organizations that do this sort of screening, or any other sort, really; applicants are free to apply or not apply anywhere they want based on whatever information they can uncover about those jobs or businesses, companies should have the same sort of discretion. The protections in place for employees after they are hired are fairly strong, so the time and place to protect the business is before making the hire.

Whether or not it's actually a worthwhile effort that can tell you, as the hiring party, anything useful, is another question. As a CIO, you are primarily looking at technically oriented staff, the sort who are more likely to use this sort of service... but they are also capable of hiding their tracks more adeptly. And are you discriminating against applicants with unusual names? I use a full range of these services, but good luck trying to find me among the cloud of other folks or the Scottish engineering firm with the same name. And so what if your applicant was at a strip club at one AM on a Sunday morning? Maybe they were picking up a drunk friend. There's just a limited number of things you can infer from the information you actually might find.

It's usually pretty easy to get to the "Duh" moment in reading any study commissioned by Microsoft. I get the impression that those released for public consumption are generally the ones where the company (and by extension, anyone else) can guess the results of before they even commission it. They are a marketing tool rather than a "study" and if the facts happen to coincide with the results, it's often because some are left out or that particular set of facts are favorable to the company. Of course it's not just Microsoft that does this, but who else has the spare cash laying around to fund so many of these as Microsoft does?

Anyway, I got the "Duh" moment when I read the headline of the company's latest survey, which is "Study: Remote-Work Programs Benefit Employers Too" but was rewarded with a double when I hit the second paragraph, which starts off with,

Sixty percent of respondents to the Microsoft Telework survey - conducted among 3,600 employees in 36 cities nationwide - say they are actually more productive and efficient when working remotely.

So even though the result was obvious, it turns out that it was supported by nothing more than the people with the motivation to say so, saying so. And, duh, of course that was what they were going to say. Who doesn't want to be chilling at home at ten AM with a box of donuts and a beer, wearing only a stained and torn UW sweatshirt, while the rest of those suckers at the office are stuck in hour two of a droning staff meeting?

The rest of the document goes on in that vein, saying that workers are happier, overhead is lower, coverage is better, but employers nonetheless are not supportive of the effort, all the things we already think we know about remote work. Except for this gem, which may be justification for the whole study in and of itself:

Employees conduct business in unusual places when working remotely, including bathrooms, movie theaters and even at funerals.

To which I say, if it can get that sort of motivation out of your employees, then you need a remote work program today.

Of course, none of this addresses the very real concerns that employers have about accountability, cohesion, and coordination; all solvable problems, but problems that prevent businesses from simply issuing laptops and sending their staff home some afternoon, never to return. I know from conversations with staff there that Microsoft hasn't even managed yet to address some of the employer failings noted in the study, so it's unlikely that the good folks down at the local vulcanized rubber plant have got it all figured out yet.

I think business can generally be trusted to find the most efficient methods over a period of time, but I also think most businesses are fairly conservative and have to be shown the best way of doing something rather than being expected to actively go out and seek it themselves. I think a remote workforce is one of those things. Employers in any given market segment will have to start getting their asses kicked by someone else in that segment who is taking advantage of the benefits of these capabilities before they begin to wholeheartedly adopt them.

Google rolled out their Apps Marketplace yesterday at their Campfire One developer conference, unveiling an unexpectedly powerful way to leverage the Apps platform for other applications.

The Marketplace is hitting the beach with applications from fifty developers including Intuit, Atlassian, and Box, and the word so far is that despite the 20% cut of revenues Google aims to collect from partners, the system they have introduced is vendor-friendly. With an available audience of 25 million users, that's sure to attract additional development quickly. Considering the relatively weak capabilities of the Apps themselves, there is a massive opportunity for more business-oriented developers than Google to fill in gaps that are of concern to business users.

Perhaps inevitably, the Apps Marketplace is being seen as another shot at Microsoft. The offering seems to be structured more for the SMB than the enterprise market, but other than e-mail, that's always where Apps have had the greatest appeal anyway. This move is more likely to take a chunk out of Force.com than Microsoft, although the network effects of additional applications (and more importantly, the ability to integrate custom applications) may serve to make Apps a more attractive selection for day to day business overall.

Google acquired document collaboration company Docverse last week, a move designed to shore up the capabilities of Google Apps to interoperate with desktop-created Microsoft Office documents. Such capability has long been desired by business users, who are heavily reliant on the Office platform to date and faced with few good options for moving documents and operations to cloud-based solutions even when those solutions represent significant economic advantages.

The Docverse acquisition represents expertise as much as IP, which is an important step toward bringing Apps a higher level of interoperability with Office. Google is not low on talent, by any means, but it has not, to date, shown much capacity or interest for delving into the intricacies of Microsoft products. That sort of talent is going to be necessary to bring better and smoother interoperability with those products, and that interoperability represents the wedge the company will need to use if it hopes to supplant the status quo with its own products.

I have questioned, and probably will continue to question, Google commitment to enterprise penetration with various services it has posed for such services. The company's bread just isn't buttered on that side right now. It's possible that a strategy of diversification would be wise and perhaps that is what they are pursuing, but it will take quite a bit more evidence to convince me. How they make use of this acquisition will play a large part in that.