Brute-force attacks and hacking of corporate passwords is a pain but a challenge solved with cloud computing. Masses of compute power, example based on Azure og any elastic cloud infrastructure simply cracks passwords and encrypted content within minutes and at a fair price.

Looking at this we could say that cloud computing is the source of those breaches, but normally server parks for hackers would have made this solution optional anyhow. On a more pragmatic level, the CIOs of corporate and enterprise firms, clearly can state to top-management what the cost/risk of not implementing a security policy and more tight password policies may impact business performance. Online discussion boards indicate that cracking a simple password between 3-9 characters would cost around USD 80, while a long typed password with complex letters would cost USD 1.2 mio. Adding complexity with a 8 character password has an estimated cost of USD 100.000 while same complexity with 9 characters would cost in the area og USD 10 mio!

The only breach in cloud computing viable to find, is often the mistake for major companies when launching their SaaS services, without the required complexity of passwords (Microsoft BPOS requires at least 7 characters – one capitalized and one non-alfanumeric = simple).

Take-away for ISVs
Implement a more strong and solid security policy in the applications. Although clients may complain around the complex nature of this enhanced policy, the wording to that is stated somewhat above. Even turn towards two-factor security or certificate based policies.

Take-away for COIs
Look at your vendor and corporate security policy. Require a strong or managed type policy where you as a company can determine the security levels. Running services form providers like Google does add a high risk, as identity and security is accessed through APIs and even Postini Service Levels indicate that Google may or may not index content in non-secured manner. Dealing with personale- og confidential information, remember that in hand.

The trio or duo, according to how you view ownership, today announced Acadia – a joint venture in private cloud computing delivery.

VMWare launched VCloud Exress in US, and will together with Cisco and EMC launch a new innovative solution to help system integrators deliver value with private cloud building blocks. Hosters for long, have chosen VMWare ESX as the favorite choice in virtualized environments, but with the launch of Acadia, it again looks like a vendor attacks the channel.

Several months ago I did mention that there is no Business Model to resell BPOS unless you are a systems integrator and earn your money on time & material. Read – http://mrfoged.wordpress.com/2009/09/02/there-is-no-partner-business-model-in-microsoft-bpos/

Based on todays announcement from Microsoft (Read http://www.microsoft.com/Presspass/press/2009/nov09/11-02BPOSExpandsPR.mspx) I really need to recap my thoughts and learnings from my blog post. Not only does the price cut impact the whole Microsoft Hosting Industry, but a possible earning-model, has just become more hard to cover. Reality is that it’s defiantly not reselling model now for Microsoft Business Productivity Online, and I urge hosters to review their business model, disrupt the model and take a more vertical approach towards differentiating their services in a hosting world. I still believe there are huge markets to capture on Microsoft technology; running a plain vanilla SaaS hosting business has just become harder.

To cover a salary for a medium sales rep. on phone, you now have to cover:

Microsoft Exchange Online, priced at $5 per seat, per month – needs 4.500 SKUs sold per year.

Microsoft Online Suite, priced at $10 per seat, per month – needs 2.700 SKUs sold per year.

It is a tough game…