Blog‎ > ‎

2014 summer reading topics, keywords and links

posted Sep 20, 2014, 10:35 PM by Sami Lehtinen   [ updated Sep 20, 2014, 10:52 PM ]
These are the topics I would have liked to write about, or share links. But I just don't have time for it. So here's really compact dump of interesting stuff.

I got so much summer reading also in Finnish, that I'm just going to drop very compact keyword dump here about topics, I'm interested about and did read during my summer vacation. So if you're interested about some special topic, just contact me, and I'll tell more about it. Are you supposed to read this dump? - Nope, but if you found this page, just ask for more.

When I said, that I've been out and reading during the summer. I wasn't lying. Here's some of the stuff I've been reading during my summer out. This is one of the reasons why I haven't been inside coding, blogging and posting.

Books

Innovator's Dilemma (Clayton Christensen)

Richard S. Rosenbloom’s study of the transition by National Cash Register from electro-mechanical to electronic technology. (See Richard S. Rosenbloom, “From Gears to Chips: The Transformation of NCR and Harris in the Digital Era,” Working paper, Harvard Business School Business History Seminar, 1988). In this case, NCR was very late in its industry in developing and launching a line of electronic cash registers. So late was NCR with this technology, in fact, that its sales of new cash registers dropped essentially to zero for an entire year in the early 1980s. Nonetheless, the company had such a strong field service capability that it survived by serving its installed base for the year it took to develop and launch its electronic cash registers. NCR then leveraged the strength of its brand name and field sales presence to quickly recapture its share of the market.
Managers often sense that acquiring rather than developing a set of capabilities makes competitive and financial sense. The RPV model can be a useful way to frame the challenge of integrating acquired organizations. Acquiring managers need to begin by asking, “What is it that really created the value that I just paid so dearly for? Did I justify the price because of its resources—its people, products, technology, market position, and so on? Or, was a substantial portion of its worth created by processes and values—unique ways of working and decision-making that have enabled the company to understand and satisfy customers, and develop, make, and deliver new products and services in a timely way?
When disruptive change appears on the horizon, managers need to assemble the capabilities to confront the change before it has affected the mainstream business. In other words, they need an organization that is geared toward the new challenge before the old one, whose processes are tuned to the existing business model, has reached a crisis that demands fundamental change.
A separate organization is required when the mainstream organization’s values would render it incapable of focusing resources on the innovation project.
Managers whose organizations are confronting change must first determine that they have the resources required to succeed. They then need to ask a separate question: does the organization have the processes and values to succeed? Asking this second question is not as instinctive for most managers because the processes by which work is done and the values by which employees make their decisions have served them well.
The performance oversupply framework may help consultants, managers, and researchers to understand the frustrated comments they regularly hear from salespeople beaten down in price negotiations with customers: “Those stupid guys are just treating our product like it was a commodity. Can’t they see how much better our product is than the competition’s?” It may, in fact, be the case that the product offerings of competitors in a market continue to be differentiated from each other. But differentiation loses its meaning when the features and functionality have exceeded what the market demands.
The disruptive technology often succeeds both because it satisfies the market’s need for functionality, in terms of the buying hierarchy, and because it is simpler, cheaper, and more reliable and convenient than mainstream products.
Because established companies are so prone to push for high-performance, high-profit products and markets, they find it very difficult not to overload their first disruptive products with features and functionality.
Quicken dominates its market because it is easy and convenient. Its makers pride themselves on the fact that the vast majority of Quicken customers simply buy the program, boot it up on their computers, and begin using it without having to read the instruction manual. Its developers made it so convenient to use, and continue to make it simpler and more convenient, by watching how customers use the product, not by listening to what they or the “experts” say they need.
By watching for small hints of where the product might be difficult or confusing to use, the developers direct their energies toward a progressively simpler, more convenient product that provides adequate, rather than superior, functionality.5
Cook decided that the makers of accounting software for small businesses had overshot the functionality required by that market, thus creating an opportunity for a disruptive software technology that provided adequate, not superior functionality and was simple and more convenient to use. Intuit’s disruptive Quickbooks changed the basis of product competition from functionality to convenience and captured 70 percent of its market within two years of its introduction. Disruptive technology should be framed as a marketing challenge, not a technological one.

Book: The Innovator's Solution (Clayton Christensen)

Assessing disruptive potential Executives must answer three sets of questions to determine whether an idea has disruptive potential. The first set explores whether the idea can become a new-market disruption. For this to happen, answers to at least one and generally both of two questions must be positive: * Is there a large population of people who historically have not had the money, equipment, or skill to do this thing for themselves, and as a result have gone without it altogether or have needed to pay someone with more expertise to do it for them? * To use the product or service, do customers need to go to an inconvenient, centralized location? If the technology can be developed so that a large population of less skilled or less affluent people can begin owning and using, in a more convenient context, something that historically was available only to more skilled or more affluent people in a centralized, inconvenient location, then there is potential for converting the idea into a new market disruption. The second set of questions explores the potential for a low-end disruption. This is possible if the answer is yes to two questions:
* Are there customers at the low end of the market who would be happy to purchase a product with less performance if they could get it at a lower price? * Can we create a business model that enables us to earn attractive profits at the discount prices required to win the business of these overserved customers at the low end? Often, the innovations that enable low-end disruption are improvements that reduce overhead costs, enabling a company to earn attractive returns on lower gross margins, coupled with improvements in manufacturing or business processes that turn assets faster.
“What do we need to master today, and what will we need to master in the future, in order to excel on the trajectory of improvement that customers will define as important?”
As the basis of competition shifts, companies must be able to learn new things, instead of clinging hopefully to the sources of past
Money needs to be impatient for profit. When new ventures are expected to generate profit relatively quickly, management is forced to test as quickly as possible the assumption that customers will be happy to pay a profitable price for the product. If a venture’s management can keep returning to the corporate treasury to fund continuing losses, managers can postpone this critical test and pursue the wrong strategy for a long time. Expectations of early profit also help a venture’s managers to keep fixed costs low. Early profitability also protects a growth venture from cutbacks when the corporate bottom line turns sour.
Launch new growth businesses regularly when the core is still healthy – when it can still be patient for growth – not when financial results signal the need.
* A strategy that targets customers and markets that look attractive to an established competitor is unlikely to succeed. Instead, the team should identify a niche segment that established competitors will be happy to ignore or be relieved to walk away from. This is a point which Peter Drucker also has made in his book, “Innovation and Entrepreneurship.”
* Serving customers who have not found the product they want so far makes a lot of sense. If there are no nonconsumers available, the team must explore whether at the low end of the market, there are customers who can’t use all the functionality for which they currently must pay.
* Innovation means putting ourselves in the shoes of customers. Companies must look for ways to help customers get done more conveniently and inexpensively what they have been trying to get done unsuccessfully in the past.
Indeed, if corporate management is desperate to make a new venture very big very fast, it means introducing a disruptive technology into an established market. Chances of success are remote.

ENISA Cloud Security

Gartner 2012: Almost 33% of the organisations polled are either already using or planning to use cloud based SaaS offerings to augment their Business Intelligence functions.
Amazon reports having customers like Zynga, Animoto, Reddit, MySpace, Netflix, Dropbox, airbnb, Ericssons, European Space Agency, HootSuite, IBM, Mahindra Satyam, Newsweek, UniCredit, Spiegel.Tv, PBS, Yelp, IMDB, Linden Labs, FourSquare, SmugSmug, Alexa, The Guardian, Farmville, Sitepoint, EventBrite.  Rackspace 2011: By the end of 2011 Rackspace reportedly served 172,510 customers, including Transport of London, Virgin Trains, UK MoD, NHS Direct, Fiverr, Pitchfork, The Register, the Royal Navy, and TweetPhoto. 3 http://blog.deepfield.net/2012/04/18/how-big-is-amazons-cloud/ 4 Critical Cloud Computing CIIP Perspective on Cloud Computing  Google 2011: Google reports that Google Apps customers include US General Services Adminstration, Essilor, Ispen, BBVA Spain, Capgemini, SNL Financials, Salesforce.com, Essence, The Guradian, LSI Logic, The Telegraph, and so on.
Its set of customers includes Aer Lingus, Dow Chemicals, Hyatt Hotels, Univ. of Georgia, Los Angeles Community College District etc.
In 2012 the NASDAQ OMX Group announced the launch of FinQloud, a new cloud computing platform powered by Amazon Web Servicses and exclusively designed for the financial services industry.

PCI SSC Standard. Information Supplement * PCI DSS Cloud Computing Guidelines

For example, in a private-cloud deployment, an organization could either implement adequate segmentation to isolate in-scope systems from other systems and services, or they could consider their private cloud to be wholly in scope for PCI DSS. In a public cloud, the client organization and CSP will need to work closely together to define and verify scope boundaries, as both parties will have systems and services in scope.
It is recommended that data-security needs are evaluated for all types of information being migrated to a cloud environment, not only cardholder data. For example, operational data, security policies and procedures, system configurations and build standards, log files, audit reports, authentication credentials, cryptographic keys, incident response plans, and employee contact details are just some of the types of data with different security requirements that may need to be considered. If data security processes are not clearly defined and documented, the data may be unintentionally exposed or subject to unnecessary risk that could result in loss or inappropriate disclosure.
How are least-privilege and need-to-know determined for CSP personnel?

HIPAA check list

Do you have formal sanctions against employees who fail to comply with security policies and procedures?
Have you implemented procedures to regularly review records of IS activity such as audit logs, access reports, and security incident tracking?
Technical Safeguards Access Control. A covered entity must implement technical policies and procedures that allow only authorized persons to access electronic protected health information (e-PHI).24 Audit Controls. A covered entity must implement hardware, software, and/or procedural mechanisms to record and examine access and other activity in information systems that contain or use e-PHI.25 Integrity Controls. A covered entity must implement policies and procedures to ensure that e-PHI is not improperly altered or destroyed. Electronic measures must be put in place to confirm that e-PHI has not been improperly altered or destroyed.26 Transmission Security. A covered entity must implement technical security measures that guard against unauthorized access to e-PHI that is being transmitted over an electronic network.27
Deploy file integrity monitoring tools to alert personnel to unauthorized modification of critical those components may contain system files, configuration files or content files.

The Dangers of Surveillance (Neil M. Richards)

The NSA is building a massive supercomputing facility in the Utah desert, possibly with the goal of capturing and archiving much of the world’s Internet traffic, with a view to decrypting and searching it as decryption technologies inevitably advance.16
But in a postmodern age of “liquid surveillance,”
Panopticon, a prison designed around a central surveillance tower from which a warden could see into all of the cells. In the Panopticon, prisoners had to conform their activities to those desired by the prison staff because they had no idea when they were being watched.
The fear of being watched causes people to act and think differently from the way they might otherwise.
For example, one study of the EU Data Retention Directive notes that “[u]nder pervasive surveillance, individuals are inclined to make choices that conform to mainstream expectations.”83
the coercive effects of monitoring by our friends and acquaintances are much more common.
Bitmessage: A Peer to Peer Message Authentication and Delivery System Jonathan Warren bitmessage@jonwarren.org www.Bitmessage.org

Securing The Cloud

Securing the Cloud Cloud Computer Security Techniques and Tactics This page intentionally left blank Securing the Cloud Cloud Computer Security Techniques and Tactics Vic (J.R.) Winkler Technical Editor Bill Meine
The term Defense in-depth in computer and network security was first documented in a 1996 paper Information Warfare and Dynamic Information Defense,3 and was adopted from military operations. This approach has been used for system and net- work security under a number of names, including layered defense.
Overview of cloud security monitoring architecture. PLANNING KEY STRATEGIES FOR SECURE OPERATION
While the use of encryption is a key component for cloud security, even the most robust encryption is pointless if the keys are exposed or if encryption end- points are insecure.
Security triad (confidentiality, integrity, and availability) along with risk tolerance drives the nature of data protection mechanisms, procedures, and processes.
Provider Personnel with Privileged Access Another risk to cloud data security has to do with a number of potential vectors for inappropriate access to customer sensitive data by cloud personnel. Plainly sta- ted, outsourced services—be they cloud-based or not—can bypass the typical con- trols that IT organizations typically enforce via physical and logical controls. This risk is a function of two primary factors: first, it largely has to do with the poten- tial for exposure with unencrypted data and second, it has to do with privileged cloud provider personnel access to that data. Evaluating this risk largely entails 132 CHAPTER 5 Securing the Cloud: Data Security CSP practices and assurances that CSP personnel with privileged access will not access customer data.
For data in motion, encryption keys can be ephemeral, whereas for data at rest, keys must be retained for as long as the stored data is kept encrypted.
When you need to use cryptography in your cloud implementation, remember: * Developing cryptographic algorithms is a specialized and difficult challenge. * Correctly implementing cryptography in software is nearly as difficult. * Many products use cryptography in deeply flawed ways. * A single flaw in cryptography undermines security, much as a weak link compromises the integrity of the entire chain. * Many commercial and free cryptographic products have been shown to be insecure. There is a long history of products that do not work as claimed, products that are flawed, and products that use algorithms that have not been subjected to the test of time or the scrutiny of other cryptographers. Based on past experiences, it is wise to be skeptical about claims regarding a new product with a revolutionary or patent-pending cryptographic algorithm or some secret technique. The road to better cryptography is littered with products that failed to meet some or all advertised claims. * Especially to be avoided are products that use secret cryptographic algorithms. Pick a cryptographic solution that is based on a recognized algorithm that has withstood the test of time and whose implementation has been tested by a recognized testing organization. * Pick a known product that uses a thoroughly vetted algorithm and obtain it through secure means—don’t download cryptographic or security software from Internet-based servers without the means to verify the content.
Asymmetric cryptography (also known as in public–private key cryptography),
Using FTP, telnet, or HTTP rather than a secured version of these plaintext protocols is simply negligent. Network packet sniffing is a pastime on many machines that take part in sending packets back and forth between your laptop and a cloud-based service. Although these protocols should have been retired long ago, they are still common and being available they are used. No cloud implementation should allow these, and they should probably all be blocked as services.
But all are based on a combination of authentication factors: something an individual knows (such as a password), something they possess (such as a security token), or some measurable quality that is intrinsic to them (such as a fingerprint).
Federated identity management (FIM) is an effective foundation for identity in cloud computing.
April 2010 Domain 12: Guidance for Identity & Access Management V2.1 that was prepared by the Cloud Security Alliance.A
Discretionary Access Control (DAC) In a system, every object has an owner.
* Role Based Access Control (RBAC) Access policy is determined by the system. Where with MAC access is based on subject trust or clearance, with Awww.cloudsecurityalliance.org/guidance/csaguide-dom12.pdf
* Mandatory Access Control (MAC) Access policy is determined by the system and is implemented by sensitivity labels, which are assigned to each subject and object.
RBAC access is based on the role of the subject. A subject can access an object or execute a function only if their set of permissions—or role—allows it.
Figure 5.5 depicts this point by contrasting MAC with discretionary access controls (DAC) and role-based access controls (RBAC).
Data Categorization and the Use of Data Labels Putting in place effective and appropriate controls for information systems requires an understanding of the nature of the information. In this regard, sensitive or otherwise valuable data should be categorized to support data security. By identi- fying data according to sensitivity, one can implement various strategies to better protect such data. Unfortunately, understanding what other cloud data may require protection may not always be clear.
Procedures are also necessary for security across phases of the data life cycle, for instance, to limit exposure of such data when we create copies or backups. Also, we need mechanisms to detect when the valuable resource is accessed in ways that warrant concern. Data or information labeling is one information security technique that has been used to great success for classified information such as the hierarchical cate- gories of Unclassified, Confidential, Secret, Top Secret, and Compartmented.
a relatively small percentage of sensitive data is mixed in with far more nonsensitive data and is accessible to anyone with overall access. Failing to identify sensitive data complicates incident resolution and can be proble- matic when compromised data includes data subject to regulatory controls.
The site sidechannelattacks.com has an extensive list of different types of side channel attacks.B
No matter how security conscious Facebook subscribers were, they were exposed simply because their data was in the Facebook service.
a. Clearing. Clearing is the process of eradicating the data on media before reusing the media in an environment that provides an acceptable level of protection for the data that was on the media before clearing.
b. Sanitization. Sanitization is the process of removing the data from media before reusing the media in an environment that does not provide an acceptable level of protection for the data that was in the media before sanitizing.
If a subscriber deletes a portion of the data and the cloud provider backs up that data every night to tape and archives tapes for 6 months, that data is existing well past the point that the sub- scriber deleted it and the subscriber cannot do anything to influence this.
A common data masking technique involves substitution of actual data values with keys to an external lookup table that holds the actual data values.
Exadata oracle
Avoiding Cloud Lock-in
The biggest risks to your data may well reside with the CSP personnel accessing your data or mishandling your data in its various forms.
* A sound security strategy
CHAPTER 6 Securing the Cloud: Key Strategies and Best Practices
In contrast, implement- ing only marginal security is asking for trouble, and trouble will most likely come in the form of much higher remediation costs along with excessive damages.
* Implement Security Controls This involves architecture, engineering, and expertise in the placement and configuration of security controls. * Assess Security Controls This step seeks to determine the effectiveness of implemented controls and involves verifying that controls are correctly implemented and operating as intended. * Periodic Review and Update Security measures must be reviewed on a periodic basis to determine their continuing efficacy in light of mission and operational changes.
As stated above, cost savings in operations will largely stem from the planning and implementation phases.
An Information Security Frame- work)
NIST Special Publication 800-53 Revision 3, Recommended Security Controls for Federal Information Systems and Organizations
CHAPTER 6 Securing the Cloud: Key Strategies and Best Practices ID Family Class AC Access control Technical AT Awareness and training Operational AU Audit and accountability Technical CA Security assessment and authorization Management CM Configuration management Operational CP Contingency planning Operational IA Identification and authentication Technical IR Incident response Operational MA Maintenance Operational MP Media protection Operational PE Physical and environmental protection Operational PL Planning Management PS Personnel security Operational RA Risk assessment Management SA System and services acquisition Management SC System and communications protection Technical SI System and information integrity Operational PM Program management Management FIGURE 6.2 NIST’s security control classes, families, and identifiers.2
Infosec mngt prgm, full spectrum policies, technical controls,
Capability Maturity Model (CMM, Chapter 1) and the Information Techno- logy Infrastructure Library (ITIL) with its best practices for IT service management.
a lightweight set of homegrown best practices
Implementing compensating security controls around poorly designed applications or systems does not guarantee any result other than greater complex- ity.
Security controls must not only be appropriate but also be effective and easy to comprehend and navigate by users and administrators.
The need for a sound security policy cannot be over emphasized.
Threat Categorization, Threat Impact, Threat Frequency along with the Uncertainty Factor of getting the first three right.
Risk analysis and orient the selection of security controls (security life cycle), Risk management. Use Case Discussion Group Service Automation, Workload and Service Management, and Security Practices. Key Strategies and Best Practices, Private Clouds: Motivation and Overview, Business Continuity and Disaster Recovery, SAS70, ISO 27001/2,
PCI A standard, Cloud Security Alliance (CSA),
Business Continuity Recovery point objective (RPO) is the maximum amount of data loss that is acceptable after a data loss incident. This is expressed in terms of time, namely the point in time before the event back to which data can be successfully recovered. In other words, the time of the most recent reliable backup. Recovery Time Objective (RTO) is the maximum amount of time that is acceptable for restoring and regaining access to data after a disruption. Factored into RPO and RTO are loss of revenue and the extent to which a disrupted process impacts business continuity. RPO and RTO will vary widely, depending on the requirements of the business function.
Security Information and Event Management (SIEM) sometimes also known as Security Event Management (SEM) SIEM can be very expensive, but it addresses several key security needs.
As a result, this team is often called a security operations center (SOC) and not a network operations center (NOC). Concept called coresidence.
Foundational security Defense in depth Operational security Policy, standards, and guidelines Software assurance Data center: Physical security Transparency Network security Data center: Power and networking Personnel security Host and VM security Data center: Asset management Third party providers PaaS and SaaS Operational practices Identity and access management Incident management Authentication Key management Business considerations Cryptography
These include business continuity planning along with contingency and disaster recovery planning. There are many sources for these areas, including:
Good Practice Guidelines can be downloaded from: www.thebcicertificate.org/ bci_gpg.html * And the Business Continuity Institute is located at
* The Cloud Security Alliance: * www.cloudsecurityalliance.org * www.linkedin.com/groups?mostPopular=&gid=1864210 * http://groups.google.com/group/cloudsecurityalliance * CloudAudit: * www.cloudaudit.org/ * http://groups.google.com/group/cloudaudit * The Trusted Computing Group: * www.trustedcomputinggroup.org/solutions/cloud_security * www.linkedin.com/groups?mostPopular=&gid=3254114 * CloudSecurity.org (http://cloudsecurity.org/forum/index.php) is not very active but has
With all these cloud security groups, one of the best ways to stay informed is to join the major high-level cloud interest groups and follow general trends in the field. Periodic research via web searching should identify other specific interest area groups as they arise.
Complex steps and procedures are generally not optimized, and by their nature, they present greater opportunity for error and failure. By contrast, simpler and more atomic steps can be more robust and reliable.
Information Security Management
In the 1990s, the Information Security Forum (ISF) published the Standard of Good Practice (SoGP), which identified a comprehensive set of information secur- ity best practices.
ISO/IEC 27002 and COBIT.

Index of the book:
Introduction to Cloud Computing and Security. Understanding Cloud Computing, Cloud Scale, Patterns, and Operational Efficiency, Synergistic Trick 3 Elasticity, Shape Shifting, and Security. The IT Foundation for Cloud Cloud Computing as Foundation for Cloud Services. Cloud Computing Qualities. The Bottom Line. An Historical View: Roots of Cloud Computing. Decentralization and Proliferation. Networking, the Internet, and the Web. Virtualization. A Brief Primer on Security: From 50,000 ft. Terminology and Principles. Risk Management. Security Must Become a Business Enabler. A Brief Primer on Architecture. Systems Engineering. IT Architecture. Security Architecture: A Brief Discussion. Defense in Depth. Cloud Is Driving Broad Changes. Cloud Works Today. Valid Concerns. Cloud Computing Architecture. Cloud Reference Architecture. Revisiting Essential Characteristics. Cloud Service Models. Cloud Deployment Models. Control over Security in the Cloud Model. Cloud Application Programming Interfaces (API). Making Sense of Cloud Deployment. Public Clouds. Private Clouds. Community Clouds. Hybrid Clouds. Making Sense of Services Models. Cloud Software-as-a-Service. Cloud Platform-as-a-Service. Cloud Infrastructure-as-a-Service. How Clouds Are Formed and Key Examples. Using Virtualization to Form Clouds. Using Applications or Services to Form Clouds. Real-world Cloud Usage Scenarios. Virtualization Formed Clouds. Application/Service Formed Clouds. Hybrid Cloud Models. Security Concerns, Risk Issues, and Legal Aspects. Cloud Computing: Security Concerns. A Closer Examination: Virtualization. A Closer Examination: Provisioning. A Closer Examination: Cloud Storage. A Closer Examination: Cloud Operation, Security, and Networking. Assessing Your Risk Tolerance in Cloud Computing. Assessing the Risk. Information Assets and Risk. Privacy and Confidentiality Concerns. Data Ownership and Locale Concerns. Auditing and Forensics. Emerging Threats. So, Is It Safe? Legal and Regulatory Issues. Third Parties. Data Privacy. Litigation. Securing the Cloud: Architecture. Security Requirements for the Architecture. Physical Security. Cloud Security Standards and Policies. Cloud Security Requirements. Security Patterns and Architectural Elements. Defense In-depth. Honeypots. Sandboxes. Network Patterns. The Importance of a CMDB, Cabling Patterns. Resilience and Grace. Planning for Change. Cloud Security Architecture. Cloud Maturity and How It Relates to Security. Jericho Forum. Representative Commercial Cloud Architectures. Representative Cloud Security Architectures. Planning Key Strategies for Secure Operation. Classifying Data and Systems. Define Valid Roles for Cloud Personnel and Customers. Securing the Cloud: Data Security. Overview of Data Security in Cloud Computing. Control over Data and Public Cloud Economics. Organizational Responsibility: Ownership and Custodianship. Data at Rest. Data in Motion. Common Risks with Cloud Data Security. Data Encryption: Applications and Limits. Overview of Cryptographic Techniques. Common Mistakes or Errors with Data Encryption. Cloud Data Security: Sensitive Data Categorization. Authentication and Identity. Access Control Techniques. Data Categorization and the Use of Data Labels. Application of Encryption for Data at Rest. Application of Encryption for Data in Motion. Impediments to Encryption in the Cloud. Deletion of Data. Data Masking. Cloud Data Storage. Cloud Lock-in (the Roach Motel Syndrome). Metadata. Avoiding Cloud Lock-in (the Roach Motel Syndrome). Securing the Cloud: Key Strategies and Best Practices. Overall Strategy: Effectively Managing Risk. Risk Management: Stages and Activities. Overview of Security Controls. Cloud Security Controls Must Meet Your Needs. NIST Definitions for Security Controls. Unclassified Models. Classified Model. The Cloud Security Alliance Approach. The Limits of Security Controls. Security Exposure Will Vary over Time. Exploits Don’t Play Fair. Best Practices for Cloud Computing: First Principals. Best Practices across the Cloud Community. Other Best Practices for Cloud Computing: Cloud Service Consumers. Other Best Practices for Cloud Computing: Cloud Service Providers. Security Monitoring. The Purpose of Security Monitoring. Transforming an Event Stream. The Need for C.I.A. in Security Monitoring. The Opportunity for MaaS. Security Criteria: Building an Internal Cloud. Private Clouds: Motivation and Overview. Security Implications: Shared versus Dedicated Resources. Considerations for Achieving Cost Savings. Private Clouds: The Castle Keep? Analysis to Support Architecture Decisions. Security Criteria for Ensuring a Private Cloud. Network Considerations. Data Center Considerations. Operational Security Considerations. Regulation. Security Criteria: Selecting an External Cloud Provider. Selecting a CSP: Overview of Assurance. Vendor Claims and Independent Verification. Selecting a CSP: Vendor Transparency. Selecting a CSP: Overview of Risks. Risk Will Vary by Customer and by CSP. Assessing Risk Factors. Selecting a CSP: Security Criteria. Security Criteria: Revisiting Defense-in-depth. Security Criteria: Other Considerations. Additional Security-relevant Criteria. Evaluating Cloud Security: An Information Security Framework. Evaluating Cloud Security. Existing Work on Cloud Security Guidance or Frameworks. Checklists for Evaluating Cloud Security. Foundational Security. Business Considerations. Defense-in-depth. Operational Security. Metrics for the Checklists. Operating a Cloud. From Architecture to Efficient and Secure Operations. The Scope of Planning. Physical Access, Security, and Ongoing Costs. Logical and Virtual Access. Personnel Security. From the Physical Environment to the Logical. Bootstrapping Secure Operations. The Refinement of Procedures and Processes over Time. Efficiency and Cost. Security Operations Activities. Server Builds. Business Continuity, Backup, and Recovery. Managing Changes in Operational Environments. Information Security Management. Vulnerability and Penetration Testing. Security Monitoring and Response. Best Practices. Resilience in Operations. Summary. Endnotes. Index.

57 Startup Lessions

Fire people that are difficult, unproductive, unreliable, have no product sense, or aren’t pragmatic. Do it quickly.
Book: Career - Jim Rohn
“Time is our most valuable asset, yet we tend to waste it, kill it, and spend it rather than invest it.”
If you are a product manager – you are not facing the most important challenge of a real product manager (building such a product so great that even a lack of distribution capability doesn’t inhibit its success).

Startup School

I often advise startups that it's better to seek deep appeal, to create something that a few people love, even if most people don't get it right away.
The Technology Note: This is the talk I gave at Startup School Europe, which was held last Saturday in London.
This is the danger of experience. We already know better, we already know that an idea or business won't work.
startup founders.
In 1997, Larry and Sergey tried to sell Google for a million dollars. Fortunately, they were unable to find a buyer.
To be innovative in our work, we need to evade the limitations of established thinking.
Creating an innovative new product often means spending years working on something that most people doubt the value of.
Our days are full of spare moments. Instead of filling them with Flappy Bird or Facebook, take the opportunity to find a calm and clear mind.
Which leads me to pattern number five: Love what you do.
It's less about changing what you do, and more about changing how you do it.

The Art Of Profitability

Read book: Adrian Slywotzky's The Art of Profitability

Keyword & notes listing:
A profitable business, founders, aspiring founders, investors, and employees would find this book valuable and practical. The path to profitability lies in understanding your customer. Different segments of customers want different levels of quality/service and have different abilities to pay. SaaS businesses follow this profit model. Customers can have different price sensitivities for the same item in different contexts. In contexts where assembling a package of related goods and services takes a lot of effort, customers will pay a premium for pre-assembled packages.  In some markets, the path to profit is to produce blockbusters. The movie industry is one such market; the pharmaceutical industry is another one. R&D can be a huge money loser if you are doing research in the wrong areas or in an area not worth researching. It's a shame when someone invests a lot of time and money into developing a product that people don't want. You can improve the effectiveness of R&D by increasing the amount of profit that successful projects produce. This is especially true in software businesses where different product lines can share a lot of code and infrastructure. If you understand a problem better than anyone else, you'll be able to create better products, and customers will pay a premium to work with you. Become a domain expert in a new discipline, then use your expertise to generate profits. Customers who already use your products are a great market for upgrades, add-ons, related products, and so on. One particularly effective business model is to sell products at a low profit margin, then sell add-ons, consumables, upgrades, support plans, and so on at a higher profit margins. Specialty products usually earn much higher margins that commodity products (although not for long). Unique products that serve a small niche can make a ton of money, especially in the absence of competition. Having a near-monopoly is one geographic area can be more profitable than owning a small piece of the market across many locales. If you're competing with a lot of companies for the same location, profits plummet (or go negative). The higher your market share, the more advantages you have in terms of cost structure, distribution, marketing cost per unit, R&D cost per unit, and so on. The biggest player in the market can spread their fixed costs across many more units, which provides the flexibility to decrease prices or increase advertising spend or take other actions that make it even harder for others to compete. Is there a core asset you can repackage into different products? Do customers have different price sensitivities for your product in different markets? Can you sell your product as part of a pre-assembled bundle to save your customers from integration headaches? And so on.

Misc stuff read

"Google: Maintain a healthy disregard for the impossible. "
"How Successful People Stay Calm"
"Emotional Intelligence 2.0"
"Go Lang FAQ - Of course, implementing garbage collection in a concurrent environment is itself a challenge, but meeting it once rather than in every program helps everyone."

Keywords & Topics

Avainsanat kesälukemistoista: identiteetti pilvessä, cloud user identity, identification, trust, confidential, tools, technology, työkalut, välineet, teknologia, työkalut, vaihtoehdot, pin-codes,  users, security, authentication, käyttäjähakemisto, tunnistautumispalvelu pilvessä, microsoft-sovellukset, omat, 3. osapuolen sovellukset, digitaalinen identiteetti, digitaalisen, identity, local, locally, SSAML, WS_Federation, BYOD, federointi, autentikointi, synkronointi, hybridimalli, teknologiset, kustannus, ID, kustannukset, API. www.identityblog.com, veroilmoitus, veroilmoitusta, yksityishenkiö, yksityishenkilön, yksityishenkiöille, veroilmoituksen, verkossa, verovirkailijat, rutiini, täyttäminen, täytä, tuottavuus, tuottavuutta, yksinkertainen, helppokäyttöinen, helppokäyttöistä, helposti, Digia, ALVEU-palvelu, EU, maksuliikenne, maksuliikenteen, maksut, verkkomaksu, verkkomaksaminen, verkossamaksaminen, maksukorttirikos, maksukorttirikosten, torjunta, rikostilanneseuranta, turvallinenmaksaminen, turvallisesti, maksaminen, verkkorikollisuus, verkko, rikos, rikokset, verkossa, PCI DSS (Payment Card Industry Data Security Standard), dataliikenne, data, dataa, luottokortti, luottokortilla, luottokorttien, käsittely, käsitteleminen, transaktio, transaktiot, nettikauppa, nettikaupat, nettikauppaan, nettikaupassa, IP, MAC, ostaminen, ostokset, ostaa, SEPA, EMV, PaySafeCard, wallet, lompakko, NFC, infrastruktuuri, virtuaalilompakko, virtuaalilompakot, bitcoin, verkostoasiantuntija, verkkoasiantuntija, wiki, wikiin, wikillä, wikissä, verkkopalvelu, verkkopalvelussa, wireframe, wireframing, sähköinenhakemus, hakemus sähköisesti, jättäminen, allekirjoitus, allekirjoittaminen, sähköinen, vahvistaa, vahvistus, aineisto, aineistot, aineistoon, aineistojen, rooli, rololissa, viestintä, viestinnässä, viestintää, organisaatiossa, organisaatio, organisaatioiden, tallentaa, tallennus, jakaa, jakaminen, organisoida, organisointi, aineistopankki, aineistopankit, mediapankki, kuvapankki, mediapankissa, kuvapankkiin, skaalautuvuus, skaalautuva, skaalautuminen, skaalattava, automaattinen, automaattisesti, käyttöoikeus, käyttöoikeuksia, käyttöoikeuksien, käyttöoikeudet, turvallinen, turvallisesti, turvallisuus, turva, tietoturva, infosec, comsec, verkkoasiointi, verkkoasioida, verkkoasiointiin, prjektipäällikkö, sitoutuminen, tilaaja, tilaajan edustaminen, edustus, ydinprosessi, ydinprosessit, toimintakäytännöt, toimintokäytäntöjä, toimintakäytäntöjen, määrittely, määrrittäminen, linjaaminen, linjaukset, linja, rajaus, rajata, rajauksella, operatiivisesti, operatiivinen, operoida, operaatioita, ylläpito, ylläpitoprosessi, prosessiuudistus, prosessiuudistuksin, paradigma, paradigmamuutos, tavoitetila, tavoitteet, tahtotila, tahtotilalla, tahtotilan, tavoitetilan, business process re-engineering, heterogeeninen, käyttäjäkunta, asiantuntija, asiantuntijat, ohjausryhmä, ohjausryhmässä, sopimukset, sopimustekninen, sopimusteknisesti, sopimusteknisen, projektihallinto, projektihallinnossa, projektihallinnollisen, päätökset, päätöksenteko, päättäjä, vaatimusmäärittely, vaatimusmäärittelyt, vaatimusmäärittelyyn, vaatimusmäärittelyllä, markkinakartoitus, markkinoiden kartoittaminen, markkinakartoituksella, markkinakartoitukseen, kilpailutus, kilpailuttaminen, kilpailutuksella, kilpailuttaa, tietohallinto, tietohallinyksikkö, tietohallinnossa, tietohallintoon, tarjouspyyntö, tarjouspyyntöön, tarjouspyynnössä, tarjousvertailu, ketterä, ketteriä, täysketterä, täysketteriä, tyytyväiset, tyytyväinen, tyytyväisiä, projektihallinta, project management triangel, tiangle,  rinnakaiskäyttö, rinnakkaiskäyttö, kustannuksia, kustannus, kustannukset, käyttöönotto, tuotantoonotto, tuotannossa, tuotantoon, käyttöönoton, open knowledge, demokratia, tietovarannot, turvallisuus, turvaaminen, avoin, avaaminen, avoimessa, avointa, mallintaminen, mallintaa, mallinnuksessa, mallintamalla, TOGAF, ARIS, IT, devaaja, devata, devaajat, devailu, tiedonlaatu, tiedonlaadun, parantaminen, parantaa, tehostaa, tehostamalla, tehostus, kokonaisarkkitehti, kokonaisarkkitehtuuri, kokonaisarkkitehteja, demo, demojärjestelmä, plug-in, SOA/ESB, modulaarinen, modulaarisuus, verkosto, verkostoitua, verkostossa, verkkomalli, projektijohtaja, projektijohtaminen, tuottavuus, tuottavuutta, innovaatio, innovaatioita, innovoida, innovaatiolla, hajautettu, hajauttaa, hajautetussa, projektiammattilaiset, projektiammattilainen, harrastus, harrastaa, harrastuksena, ketteryys, ketterästi, projektihyödyt, projektin hyödyt, laadunhallinta, teitojärjestelmän hankinta, hankehallinta, kanban, lean, business intelligence, ohjelmistokehitys, riskienhallinta, riskienhallintaan, riskienhallinnalla, riskienhallinnassa, ketterää muutosta, kaizen, markkinatutkimus, markkinatutkimuksessa, markkinatutkimuksen, Scaled Agile Framework, SAFe. kokonaisvaltainen, kokonaisvaltaisesti, kokonaisvaltaisessa, hankesalkku, hankesalkussa, hankesalkkun, hankesalkun, hankkeet, hankkeessa, hanke, hankkeeseen, joukoistaminen, joukkoistettu, joukkoistamalla, Kaikaku, parannus, parannukset, parantaa, parantamalla, systemaattinen, systemaattisesti, systemaattisella, moderni, modernissa, kiihdyttää, kiihdyttämällä, tietoarkkitehtuuri, tietohallintojohtaja, tuottavuusohjelma, analyysi, analysoida, analyysissa, analyysiin, analyysillä, rinnakkaistutkimus, rinnakkaistutkimuksella, rinnaistutkimukseen, rinnakkaistutkimuksessa, tiedustelu, tiedusteltiin, käsitemalli, käsitelmallissa, käsitemalliin, osapuoli, suhde, automatisointi, automatisoinnilla, automatisointiin, automaattisesti, ict2015.fi, palveluarkkitehtuuri, reaaliaikainen talous, avoindata, big data, ekosysteemi, ekosyysteemissä, ekosysteemiin, ekosysteemillä, teollinen, teollisuus, automaatio, ansiorekisteri, ohjelmistotuote, tuotteistaminen, tuotteistaa, tuotteistuksella, tuote, tuotteen elinkaari, elinkaaren, elinkaareen, ALM (Application Lifecycle Management), portfolio, tuotepäällikkö (Product Owner), tuotetiimi, multisite, multivendor, multiproduct, malli, mallissa, malliin, mallilla, self-organizing teams, agile manifest, tilaaminen, tilaamalla, tilaus, toimittaa, toimitus, toimittamalla, toimitukseen, toimituksessa, kumppanuus, kumppanuutta, kumppanuudella, dokumentaatio, dokumentatiolla, dokumentoida, dokumentaatiossa, dokumenaatiota, dokumentointi, vasteaika, palvelulaatu, SLA, vasteajassa, palvelulaadun, palvelulaatuun, palvelulaadulla, vasteaikaa, mitata, mittaaminen, mittaamalla, mittaus, mittauksella, tunnusluvut, tunnusluku, tunnuslukuja, tunnusluvuista, lineaarinen, lineaarisesti, lineaarisella, vaihemalli, vaihemalleilla, vaihemallia, vaihemallissa, vaihemalliin, iteratiivisesti, iteratiiviset, iteratiivisella, iteroida, iteraatio, iteraatioita, tietoturva, tarvekartoitus, tarvekartoituksessa, tarvekartoituksella, testaus, testaamalla, testauksella, testausta, tietoturvataso, tietoturvatasoon, auditonti, auditoidusti, auditoida, tietoturvavaatimukset, tietoturvavaatimuksissa, järjestelmänkehitysprosessi, järjestelmänkehitysprosessit, viranomaismääräykset, arviointikriteerit, arviointikriteeri, viranomaismääräyksiä, käytettävyys, käyttävyyden, käytettävyydellä, käytettävä, kriittisyystaso, kriittisystasoon, suojauutumistaso, suojautuminen, suojautumislella, kriitisyys, kriittiset, kriittinen, kriittisiä, katselmointi, katselmoinnissa, katselmoinnilla, katselmoida, katselmoinnin, koodikirjasto, koodikirjastoon, koodikirjastoa, koodikirjastot, strategia, strategisesti, strategialla, stategiaa, lainsäädännölliset vaatimukset, vaatimuksia, vaatimuksilla, vaatimuksiin, vaatimus, lainsäädäntö, lainsäädäntöä, tiedonohjaus, tiedonohjaussuunnitelma, ohjaussuunnitelma, ohjaussuunnitelmassa, ohjaussuunnitelman, ohjaussuunnitelmaan, käsittelysääntö, käsittelysäännöt, käsittelysääntöjen, käsittelysääntöjä, tietoturva, tietoturvan, suunnittelu, suunnittelemalla, suunnittelussa, suunnittelua, suunnitella, suunnitelmassa, suunnitteluun, järjestelmäkehitysprosessissa, järjestelmäkehitysprosessiin, järjestelmäkehitysprosessia, järjestelmäkehitysprosessilla, järjestelmäkehitysprosesseissa, järjestelmäkehitysprosesseja, käyttöönottotarkastus, testaus, testausvaiheessa, käyttöönotossa, käyttöönotto, käyttöönotettu, ylläpitodokumentaatio, ylläpitodokumentointi, dokumentaation ylläpitäminen, tietoturvatarkastus, tietoturvantarkastaminen, tarkastettu, tarkastamisella, tarkastaa, tietoturvakatselmus, tietoturvakatselmuksessa, tietoturvakatselmukseen, tietoturvakatselmuksiin, tietoturvakatselmuksissa, fyysinen, fyysisessä, fyysisellä, fyysiseen, valvonta, valvontaan, valvonnalla, valvominen, water-scrum-fall, struktuuri, struktuurilla, struktuureissa, stuktuuria, on-demand, kehitysmalli, kehitysmalliin, kehitysmallilla, ICT, systeemityö, systeemityöläinen, systeemityössä, systeemityöhön, yrittäjä, yrittäjyys, startup, yritys, yritykset, yritykseen, yrityksissä,  teknologiateollisuus, teknologia, palveluarkkitehtuuri, palveluarkkitehtuurilla, palveluarkkitehtuurissa, ala, alalla, alalle, alata, työryhmä, työryhmän, työryhmässä, työryhmiin, kasvuyritys, kasvuyritykset, kasvuyritykseen, ohjelmistoyrittäjä, ohjelmistoyritys, ohjelmistoyrittäjäksi, yrityksen perustaminen, ohjelmisto-osaaminen, ohjelmisto-osaamista, ohjelmist-osaamisella, ohjelmistoala, ohjelmistoalall, ohjelmistoyritys, ohjelmistoyritykset, ohjelmistoyrittäjät, liikevaihto, palkkasumma, liikevaihdon, innovaattorit, vientitoimittaja, sektori, sektorilla, tuntityö, tuntityönä, konsultti, konsultointi, konsultointia, konsultoida, konsultteja, asiantuntijapalvelu, asiantuntijapalvelut, asiantuntijapalveluita, osaajat, osaaja, osaajia, konsulttiyritys, konsulttiyrityksen, osaamisen kehittäminen, jatkuva opiskelu, opiskella, kehittää, kehityksen, kehityksessä, itsensä kehittäminen, uudet teknologiat, teknologieoiden, oppiminen, oppimalla, oppiman, konsultti, konsultin, konlsultoida, liiketoiminta, liiketoimintaan, liiketoiminta, liiketoiminnassa, tuntihinta, tuntihinnalla, tuntihintaan, asiantuntija, asiantuntijapalvelu, asiantuntijapalvelut, asiantuntijapalveluita, asiantuntijapalvelua, asiantuntijat, asiauntuntijoita, koodaaja, koodaajia, tuottavuus, tuottavuuden, tuottava, tuottavasti, tehokkuus, tehokkaasti, tehokkuuden, tehokasta,  loppuasiakas, loppuasiakkaalle, loppuasiakkaiden, loppuasiakasta, lopuasiakkaita, asiantuntijayrittäjä, asiantuntijayrittäjyys, asiantuntijayrittäjiä, asiantuntijayrittäjäksi, asiantuntijayrittäjille, markkinointi, markkinoinnin, markkinointia, markkinointiin, markkinoinnilla, yrittäjäura, ura, uralla, uraan, urassa, urani, yrittäjäksi, yrittäjien, yrittäjälle, yrittäjiin, yrittäjät, yrittäjä, internet, internettiin, internetillä, internetissä, nettiin, netissä, netti, trendi, trendit, trendejä, trendiin, markkina, markkinat, markkinoille, markkinoiden, aikataulu, aikataulutus, aikatauluttaminen, aikataulussa, aikataulujen, aikatauluja, palvelu, palvelut, palveluiden, palveluita, haaste, haasteita, haasteisiin, vastata, vastaaminen, tarttua, tarttuminen, mikroyritys, mikroyrittämienn, yksinyrittäjä, yksinyrittäminen, self-employed, konsulttina, riippumaton, riippumattomasti, riippumattomuus, transaktioanalyyysi, vuorovaikutustaidot, vuorovaikutus, vuorovaiktuksessa, vuorovaikutukseen, laaduvarmistus, laadunvarmistaminen, laadunvarmistamiseen, laadunvarmistamisella, testauksella, testaukseen, jalkauttaminen, jalkautettu, jalkautus, tuotevalikoima, tuotevalikoimaan, tuotevalikoimassa, tuotevalikoiman, toteutustyö, toteutustyötä, toteutustyöllä, totetuttaminen, toteuttaa, toteutettu, toteuttaminen, työsuhde, työsuhteeseen, työsuhteessa, työsuhteella, vakuutukset, vakuuttaminen, vakuutuksilla, eläkemaksut, eläkemaksujen, kustannukset, mainonta, mainontaan, kustannuksia, kustannuksella, kustannukseen, kustantamiseen, hinnoittelumalli, hinnoittelumallit, hinnoittelumalliin, kilpailutilanne, kilpailijat, markkinat, markkinoiden, verkostoituminen, verkostot, verostossa, verkostoon, tietojenkäsittely, tietojenkäsittelyyn, tietojenkäsittelyllä, tietojenkäsittelyssä, korkealuokkainen, korkealuokkaista, korkealuokkaisia, epävarmuus, epävarmuuteen, eriskinotto, riskinotolla, riskienhallinta, riskit, riskejä, parvityö, parveistaminen, parveen, parvea, parvella, työn organisointi, organisoimalla, organisointiin, teknologiaa, teknologialla, teknologioita, teknologia, organisaatiossa, organisaatiolla, organisaatioon, yhteiskehittelytuotanto, co-configuration production, tiimit, tiimiin, tiimissä, tiimillä, solmutyöskentely (knotworking9, parveutuminen (swarming), parvimaiset mallit (swarm-like patterns), matriisiorganisaatio, horisontaalinen, horisontaalisesti, horisontaalisessa, hierarkisia, hierarkisesti, hierarkia, hiearkisilla, kehittäjäryhmä, kehttämisryhmä, kehittäjäryhmään, kehittämisryhmään, joustava, joustavasti, joustavuus, joustavalla, vaatimukseen, vaatimukset, vaatimusten, vaatimuksia, asiakasohjautuva, asiakasohjautuvilla, asiakasohjautuvuus, asiakastiimi, asiakastiimiin, asiakastiimeihin, asiakastiimillä, asiakastiimejä, parvityötä, itseorganisoituva, itseorganisoituvassa, itseorganisoituvaan, itsenorganisoituvissa, itseorganisoituvalla, työryhmä, työryhmillä, työryhmiä, työryhmään, intressi, intressejä, intresseihin, intressiin, mikrotasking, mikrotaskaaja, yrittäjyys, Suomi, Suomessa, Suomeen, Suomalainen, Suomalaisia, tapahtumia, tapahtumaan, tapahtumassa, coworking, asenneilmapiiri, asenneilmapiiriin, kansainvälinen, kansainvälistä, kansainvälisesti, ongelmia, ongelmien, ongelman, ongelmat, ongelmasta, ongelmaan, ratkaisu, ratkaista, ratkaisuja, ratkaistu, ratkaisemalla, yrittäjyyttä, innovointiin, innovaattori, yrittäjälähtöinen, yrittäjähenkinen, yrittäjälähtöisesti, yrittäjähenkisesti, projektityöskentely, projektityöskentelyyn, projektityöskentelyssä, projektityöskentelyä, softalan, softala, softalla, softalaan, MVP (Minimum Viable Product), nopeasti, nopea, tietojärjestelmätyö, tietojärjestelmätyötä, tietojärjestelmätyöhön, tietojärjestelmätyöllä, yritysyhteistyö, yritysyhteistyötä, yritysyhteistyöhön, projektit, vaativa, vaativat, vaativiin, käyttöohjeet, käyttökoulutus, käyttökouluttaminen, käyttökoulutusta, käyttöohjeita, toiminnanohjaus, toiminnanohjauksella, toiminnanohjaukseen, toiminnanohjausta, liiketoimintasuunnitlema, liiketoimintasuunnitelman, liiketoimintasuunnitelmassa, toimitusprosessi, toimitusprosessit, toimitusprosessia, toimitusprosesseita, toimitusprosessiin, järjestelmä, järjestelmät, järjestelmiin, järjestelmiä, järestelmää, toimeksiantaja, toimeksiantajan, toimeksiantajat, toimeksiantajien, ansaintalogiikka, ansaintalogiikkaa, tulos, tulokseen, tuloksellisesti, tuloksella, tuloksiin, tulosta, hautomo, hautomossa, ansaintalogiikalla, ansaintalogiikoiden, rahoitus, rahoittaminen, rahoitusta, rahoittamista, kansainvälinen, kansainvälisesti, kansainvälisiin, kainsainväliselle, avoin tieto, avoin informaatio, avoin data, lukutaito, tietopolitiikka, tietopolitiikkaa, tietokulttuuria, tietokulttuuri, tietokulttuurilla, tietoarkkitehtuuri, tietoarkkitehtuurilla, tietoarkkitehtuuriin, tietokulttuuriin, koneluottavuus, koneluettava, oikeellisuus, oikeellisuuden, oikeellisuutta, laatu, laadukasta, laatua, luotettava, luotettavasti, luotettavuus, luottamuksellisuus, ajantasaisesti, ajantasaisuus, ajantasaista, ymmärrettävyys, ymmärrettävästi, ymmärrettävä, havainnollisuus, havainnollistaminen, havainnollisesti, havainnollinen, tietorakenne, tietorakenteet, tietorakenteella, tietorakenteisiin, tietorakenteeseen, tietorakenteita, käyttöliittymässä, käyttöliittymään, käyttöliittymiä, käyttöliittymällä, käsitteet, käsitteitä, käsitteestä, käsitteiden, metatieto, metatiedot, metatietojen, metatietoja, löytyvyys, löydettävyys, löydettävä, löytäminen, yhteentoimivuus, yhteentoimiva, yhteentoimivat, yhteentoimivien, yhteentoimivuudella, yhteentoimivilla, yhteentoimivassa, dataluettelo, dataluetteloissa, dataluetteloiden, dataluetteloita, hakupalvelu, hakupalvelulla, hakupalveluihin, hakupalvelussa, hakupalveluiuita, hakupalveluista, hakupalveluun, laintaäädännössä, lainsäädäntö, lainsäädäntöön, lainsäädännöllä, tietosuoja, tietosujasta, tietosuojan, tietosujaan, tieoturvallisuus, tietosuojattu, tietoturvallinen, tietoturvalliseen, tietoturvattu, tietoturvallisuuteen, pääsyllä, pääsyyn, pääsy, saatava, saatavuuteen, saatavuus, saatavuudella, maksuttomuus, ilmainen, ilmaiseksi, ilmaisella, maksaminen, maksuttomuudella, maksamisella, maksamiseen, maksuttomuuteen, koneluettavuus, koneluettavasti, koneluettavuudella, koneluettavaksi, käyttöehdot, käyttöehto, käyttöehtoihin, käyttöehdoilla, henkilöstökulut, henkilöstökulujen, henkilöstökuluihin, tiedon, tiedolla, tietoihin, tietoon, tietoja, julkisesti, julkinen, julkisuus, koneluettavassa, sisältöjä, sisältö, sisältöön, sisältöä, budjetti, budjetointi, budjetissa, budjettiin, mobiilipalvelu, mobiilipalvelut, mobiilipalvelussa, mobiilipalveluita, mobiilipalveluun, suunnitelmallisesti, suunnitelma, suunnittelu, sunnittelulla, suunnitelmassa, suunnittelussa, tietosuojasta, yksityisyys, yksityisesti, yksityinen, tietovarannot, tietovarantoon, tietovarannossa, tietovarannoissa, tietovarannosta, tietoaineisto, tietoaineistoja, tietoaineistoon, tietoaineistojen, tietoaineistoa, datasetti, datasettiä, datasettinä, datasettiin, datasetistä, datasettejä, algoritmi, algoritmit, algoritmilla, Apps4Finland, XBRL (eXtensible Business Reporting Language), standardi, standardointi, standardilla, standardiin, standardeja, standardeihin, verkkolaskut, verkkolaskutus, verkkolaskuun, verkkolaskujen, Finvoice, e-Lasku, verkkopankki, verkkopankissa, veronumero, FKL, JHS-sanasto, koodistot, käsitemallit, tietomallit, rajapintakuvaukset, YSR, ydintieto, ydintietoa, ydintiedolla, ydintietoon, ydintiedosta, Apotti, potilasturvallisuus, käyttäjäkunta, käyttäjäkunnan, käyttäjäkunnassa, käyttäjäkuntaan, käyttäjäkunnalla, tavoitetila, tavoitetilaan, tavoitetilassa, tavoitetilalla, valmisjärjestelmä, valmisjärjestelmällä, valmisjärjestelmiin, räätälöinti, räätälöidä, räätälöinnillä, räätälöity, räätälöidään, palvelukokemus, palvelukokemukseen, palvelukokemuksesta, palvelukokemukseella, palvelukokemusta, kansallinen palveluväylä, vahva tunnistautuminen, palveluväylällä, palveuväylään, kansallisesti, Suomalainen, Suomessa, KanTa, eResepti, Mobiilivarmenne, Katso, Sote, informaatio-ohjaus, valiokunta, valiokuntaan, valiokunnssa, JulkiCT, https://wiki.julkict.fi/, operatiiviselle, operatiivisesti, operatiiviseen, operatiivinen, toimintaympäristö, toimintaympäristön, toimintaympäristössä, toimintaympäristöön, soveltuvuus, soveltuva, soveltuu, soveltuvat, siiloutunut, siiloutunutta, siiloutuminen, siiloituvat, siiloutuneen, siiloitumista, rakenneuudistus, rakenneuudistuksella, rakenneuudistukseen, rakenneuudistaminen, ominaisuus, ominaisuuksilla, ominaisuuden, ominaisuuksien, ominaisuuteen, ominaisuudella, ominaisuudet, ominaisuuksiin, X-väyläkeskus, rajapinta, rajapintaan, rajapinnalla, rajapintojen, rajapinnoissa, rajapintoja, rajapintoihin, eKatselu, pilotti, pilottiin, pilotissa, pilotilla, pilotteja, pilottien, sertifioitu, sertifiointi, sertifioituprosessi, sertifikaattiprosessi, tietokanta, tietokantaan, tietokannassa, tietokantojen, tietokannalla, tietokannat, tietokantojen, tupas, valvira, sektori, sektorilla, sektorista, sektoreita, sektoriin, sektoreittain, biometrinen tunnistaminen, tunnistus, tunnistimet, tietojärjestelmät, tietojärjestelmä, tietojärjestelmällä, tietojärjestelmään, tietojärjestelmien, tietojärjestelmässä, tietojärjestelmistä, tietojärjestelmän, paperiton, paperittomasti, paperittomalla, idea, ideoita, ideoista, ideointi, ideoidaan, ideat, idealla, ideasta, ideaksi, järjestelmäsuunnittelija, palaute, palautetta, palautteen, palautteeseen, utopia, utopistinen, utopiaan, layout, tietokone, tietokonetta, tietokoneella, tietokoneeseen, mobiili, mobiilisti, mobile, mobiililla, mobiiliin, tabletti, tabletilla, tablettiin, tabletissa, konaisuus, kokonaisuuksien, kokonaisuuden, kokonaisuuteen, kokonaisuudella, tietojenvaihto, tietojenvaihtoon, tietojenvaihdossa, tietojenvaihdolla, tietojenvaihtoa, turvaaminen, turvattu, turvaamisella, turvaattuun, reaaliaikainen, reaaliaikaisesti, reaaliaikaisella, reaaliaikaisessa, tietovirta, tietovirtojen, tietovirtaa, tietovirrassa, tietovirtoja, turhiin, turasta, turhuus, turhalla, mittava, mittavissa, mittavaan, mittavien, käytettävyystavoitteet, käytettävyystavoitteeseen, substanssi, substanssilla, substanssien, potentiaali, potentiaalinen, potentiaalisesti, potentiaalilla, valmisjärjestelmä, valmisjärjestelmät, valmisjärjestelmällä, valmisjärjestelmiin, valmisjärjestelmien, räätälöimällä, perusratkaisu, perusratkaisut, perusratkaisuun, perusratkaisulla, perusratkaisusta, perusratkaisujen, käytettävyystestaus, käytettävyystestauksella, käytettävyystestaukseen, käytettävyystestausta, substanssien, avoin, avointa, avoimella, avoimesta, avoimiin, lähdekoodi, lähdekoodia, lähdekoodilla, lähdekoodiin, perustuu, perustua, perustuvalla, perustuvaan, pilvipalvelu, pilvipalvelut, pilvipalveluun, pilvipalvelulla, pilvipalvelujen, pilvipalveluista, pilvipalveluja, pilvipalvelin, pilvipalvelimiin, pilvipalvelimista, pilvipalvelimella, pilvipalvelinta, datajoukkoa, datajoukko, datajoukkoon, datajoukkojen, datajoukkoja, valtava, valtavat, valtavien, datalle, dataan, dastasta, FLOSS, CC BY, salakirjoittaa, salakirjoituksella, salakirjoituksessa, salakirjoitetaan, salataan, salausavain, salausavainten, salausavaimien, salausavaimet, kryptataan, kryptata, kryptaus, kryptattu.

And that's not even all. ;)

Sorry, I didn't ', '.join(set(post.split(','))) this post, but I could have to avoid possible dupes.