The cloud enables great agility and can reduce costs if used right. But does it also manage risk? In fact, the cloud contains the same traditional hosting risks as well as specific related risks to your production environment running on the cloud.
With IaaS dynamic environment you pay only for what you use enabling alignment with actual real-time demand. The cloud instance is a temporary resource that is created from a gold master image automatically and on demand. This basic cloud automation capability makes traditional patching redundant and fast provisioning extremely easy. It is an important consideration that changes some basic security deployment perceptions when moving from traditional infrastructure to the cloud.
Last month I attended HP Discover (disclosure: my participation was funded by Ivy World). The IT war already started however HP stands still not taking initiatives and real risks as true leaders should take. At the three-day conference I learned why some companies don’t last and why this IT giant is at a great risk of losing in this new era IT battle. This is a story of a lasting company that might have already lost.
Over the last year I had endless conversations with companies that strive to adopt the cloud – specifically the Amazon cloud. Of those I met, I can say that ClickSoftware is one of the leading traditional ISVs that managed to adopt the cloud. The Amazon cloud is with no doubt the most advanced cloud computing facility, leading the market. In my previous job I was involved in the ClickSoftware cloud initiative, from decision making with regards to Amazon cloud all the way to taking the initial steps to educate and support the company’s different parties in providing an On-Demand SaaS offering.
What’s your first priority cloud security concern ?
From an attacker’s perspective, cloud providers aggregate access to many victims’ data into a single point of entry. As the cloud environments become more and more popular, they will increasingly become the focus of attacks. Some organizations think that liability can be outsourced, but no, it cannot! This presentation will answer questions such as what are the key security challenges for new cloud comers. What are the options and how you can start with a safe cloud deployment?
Last week I attended one of the most popular cloud technology conferences in the world – CloudConnect. The CloudConnect conference started about four years ago. Attending the event gave me a clear understanding of the market maturity and evolution rhythm. Check out the following sections for the main points on what I heard and learned:
The underlying infrastructure performance, round trip time, bandwidth, caching and rendering are to be counted as the major features of an online service performance. In an interesting presentation by @joeweinman (known by his famous “Cloudonomics” theory), it was claimed that latency holds the greatest weight among these faetures. I encourage you to check out his new research – As Time Goes By: The Law of Cloud Response Time presents some good formulas, methods and considerations with regards to online services’ performance and latency (including simple facts, for example, that people tend to prefer selecting from fewer options on an online page – so you can have less content on a page and achieve a better browsing performance).
Last week I was invited to the HP Tech Day in HP’s campus in Houston to learn and hear more about the giant’s cloud offering. I appreciate HP and Ivy very much for the invitation and for a great event where I was able to learn more and see these clouds in real. I had the privilege to meet savvy and professional guys. It is always great to see people who are enthusiastic on their jobs and are proud of their company. Let me share with you HP’s cloud from my point of view.
Posted by Nir Peled
Last Friday, I attended MTBC (Metroplex Technology Business Council) “Solutions in the Cloud” conference in Dalla, Texas.The main event at the conference was a prestigious panel composed of three IT leaders: Brian Bonner, CIO of Texas Instruments, Toby Pennycuff, CTO of J.C. Penney Company and the panel moderator, Robert Wiseman, CTO of Sabre.
The panelists shared their thoughts and expertise with more than 300 professionals and academic leaders regarding cloud’s most fundamental questions. This event gave us a chance to hear directly from the decision makers regarding moving into the cloud, how they feel about this new innovative approach, what worries them and their predictions regarding organizations going into the cloud.
The panel was unanimous in their approval of what we all suspected was the main concern of large organizations (when considering going into the cloud), cloud security assurance.
“Providers must have a proven security approach. For us, the cloud provider would have to prove the security of our data before even offering its services to us. This is vital” said Pennycuff.
“What is the exit strategy? What happens to the data after the lease term is over? How do we get it back and how do we know that it is still secure?” asked Bonner.
Bonner was also concerned regarding migration into the cloud of large traditional organizations like the one he comes from. These types of organizations have some old systems. In most of the cases those enterprises would have multiple layers of systems which were added over the years as the technology evolved. In Bonner’s opinion, the cloud migration would and should be systematic and gradual. The new cloud components must support and communicate with the old/current systems.
Cloud.com conducted a survey in the second quarter of 2011 to determine cloud computing usage trends among IT professionals who participate in the BitNami, Cloud.com and Zenoss open source software and user communities. The final results, presented in “2011 Cloud Computing Outlook” document, include a lot of information on cloud adoption including motivations, barriers and trends. The following chart present important findings on one of the today’s common “cloud adoption” question –
> > > At what stage are your plans for cloud computing in 2011?
The panel and the survey, both discuss the Cost as the most common motivation to move to the cloud and the Security as the most common challenge.
> > > What benefits do you believe cloud computing provides to your organization ?
In the large organizations the cloud would need to come up with significant advantages (in terms of cost efficiency) in order to convince migrating from the known, functioning IT (referred to as the “old” approach) to the “new” cloud IT. What matters to organizations is functionality together with speed and above all is security. Security must be trusted in the “old fashioned” approach.
Learn about cloud security basics: The Cloud Security Part 1: For Dummies
If there are a large number of users how would you control and maintain security? In addition, how would you secure the resources used in a virtual system?
Those interesting questions were asked by a PhD from the Texas academic world which is responsible for $5 million research project for the US Air Force. In response to those questions, the panel agreed that while no major attacks have occurred, we should still use several layers of security. All security mechanisms (such as several ID & password combinations timeouts, identity verification etc…) should all be implemented in the cloud security solution. Using a trusted virtual OS in addition to closely monitoring the US military’s network could assist in preventing attacks. They also mentioned that the concept of asking for a `contract for damages` from the cloud providers scares them and limits their services.
Cloud security is still caught as one of the leading adoption barriers, but it is interesting to see that it is not the first according to 2011 outlook report.
> > > Are there any factors inhibiting your adoption of cloud computing?
Check the following results for the question –
> > > What is your biggest challenge with regards to managing your cloud computing environment?
Can we say that there is a mind shift ? Does security factor changes from adoption barrier to become a challenge while the decision to move to the cloud already made?
Another very interesting and important subject was brought up during the panel discussion – Privacy and Regulation in a global cloud environment. Every country and, in some cases, every state has its own regulations and utilizes different approaches toward privacy and ownership rights for data, patents, processing of information in its registration, etc. This issue presents the world with regulatory challenges. If the data is in the cloud, and the cloud can be everywhere (sometimes in several international locations simultaneously) how would the providers protect the data while also guaranteeing their clients’ rights? Where the data being kept and where/how is it being used?
100 years ago, everyone had to drill for water. Today, everyone drilling for water makes no sense. Same for IT, if cloud would be possible and the obvious way for IT, we would be able to concentrate on our core business. No doubt, there is a place for cloud in IT for some companies. The hardest part is finding out whom to trust (which is common when doing any sort of outsourcing).
The final words were shared by all the panel speakers. They agreed on the fact that the world is going towards cloud for platform, infrastructure and services. There are many challenges to confront and issues to deal with primarily regarding security. Today companies and organizations are looking into moving to the cloud and building and/or modifying their current business modules of the last 20+ years.
“Before going into cloud remember to educate yourself, understand the offer, pay attention to security and have a good “exit” strategy.” Pennycuff’s words of wisdom.
“Take it slow, go step by step and in small groups.“ Bonner added
An interesting comment from a participant received unanimous approval from the audience. It was mentioned that cloud provides a good business opportunity for small and new companies. Cloud services benefit from the fact that their own architecture is not grounded in the old methods of operating, and has not yet suffered from “spaghetti” code infrustructures.
Check out the following diagram presenting the survey report in a real creative way:
The author of this article is Nir Peled, a reporter and a contributor `I Am OnDemand` .