Security
Private, not proprietary, cloud computing
Mar 10th
Amid rising costs, a challenging economy and an explosion in Web-based data, IT experts expect continued high growth in cloud computing.
Cloud computing saves energy and operating costs by pooling information-technology (IT) resources, scaling up or down as needed, and putting computer power to use, rather than leaving it idle while it still draws energy.
Over the next decade, cloud computing is expected to transform the way in which IT is purchased, sourced and provisioned.
Companies can use the advanced technologies that cloud computing offers to exchange digital information around the world and across a variety of devices. They can quickly deploy new applications and meet peak workloads without adding to existing infrastructure. The autonomic features of cloud computing can be applied to predict harmful events, such as overheating or unbalanced workloads, and take corrective action. These are all advantages enabling companies under pressure to save time and money and to maintain a complex IT infrastructure while keeping their primary focus on the business.
Public or external cloud-based services, which receive most of the media attention, are available from a third-party service provider, via the Internet. On the other hand, cloud-computing platforms can also be private, and hybrid architectures also integrate both private and public platforms.
For IT users, cloud computing offers fast access to diverse types of information regardless of the type of device they are using, including laptops, smart phones, or PDAs. Technology users, including workers, partners and customers, want access to sophisticated applications that are as simple to use as self-service ATMs.
Where security is concerned, all companies need to maintain the security of their data. Some data may not be permitted to leave an enterprise or a specific geographic location. Therefore, it is essential to evaluate which workloads can be sourced through public clouds and which need to be kept in-house and delivered through private clouds. A strategy working for some companies is to begin with private cloud-computing solutions in order to evaluate the results in a controlled environment.
Private clouds remain behind firewalls in order to maintain privacy and security. Companies are able to establish security protocols, carefully monitoring the levels of access to information that is available for exchange. Access can be limited to internal networks, such as employees, then evaluated before being expanded to other limited networks, for example, business partners. Private clouds can be managed without network-bandwidth restrictions, security exposure and the regulatory-compliance issues of public clouds. Customizing cloud services and determining best practices is a smart way to increase the productivity of sales teams and off-site employees.
No matter whether the clouds are private or public, companies need to begin with trusted; secure foundations in order to build the most secure, efficient, and resilient cloud-services platform. Some companies may be tempted to begin with the user interface. However, beginning with the underlying infrastructure is a better strategy for long-term success, especially if there may be a future need to integrate public and private clouds.
Industry standards are still developing, but they will solidify as the technologies mature and more enterprises use cloud services. Right now, companies may find the best strategy is to opt for cloud services that are interoperable and based on open technologies.
Whether public, private or hybrid, a major driver of cloud computing is the need for companies to get new ideas, products and services to market faster, and continually innovate to meet global competition.
Cloud computing delivers more advanced technology within a simpler, cost-effective infrastructure. It creates a flexible, robust infrastructure to serve the needs of today’s economy, where knowledge flows to countries and regions wherever IT infrastructures are reliable and responsive.
Related posts
Hybrid Clouds Hit Data Centers
Mar 9th
Merging public and private cloud computing infrastructures.
Charlotte Dunlap 
There was much buzz about merging public and private cloud infrastructures at last week’s RSA Security Conference in San Francisco. As enterprises use virtualization to step up the creation of private clouds around their data centers, security vendors are working to steer customers toward merging private and public clouds for a hybrid cloud approach.
Some security and infrastructure providers realize that private clouds are an important first step toward increasingly moving customer workloads to public clouds as the technology and security catches up.
Private cloud infrastructures are necessary for companies that are regulated under compliance mandates, but CIOs see the value of being able to tap public cloud services for obvious reasons: lower total cost of ownership (TCO), simplified management and access to dynamic global threat intelligence, i.e., malware alerts. Of course, enterprises are still very concerned about the security, reliability and governance issues associated with public clouds, but CIOs are going to be hearing a lot more about hybrid or internal/external cloud options in coming months as a way to appease concerns.
An example of a hybrid cloud solution is the merging of an internally built or private cloud infrastructure with a security vendor’s public network of threat intelligence. Examples of global threat intelligence delivered through public cloud services include Trend Micro’s Smart Protection Network and Cisco ( CSCO – news – people ) Ironport SenderBase Security Network.
Over the past year security vendors have focused their cloud messaging primarily around Software-as-a-Service offerings targeting specific pain points, such as secure messaging, namely anti-spam. CIOs should anticipate more vendor messaging focused around hybrid cloud computing, targeting those large enterprises–not to mention European customers–that are required under governance to keep company data within the folds of the private cloud infrastructure. Security service providers are acknowledging customers’ need to keep data in-house, but they’re also providing options to couple private with public infrastructures and allow customers to off-load more of the security burden.
Later this year Trend Micro has plans to expand its private cloud services to include new protocols, such as Web reputation. Trend Micro says it will create a private cloud within the public cloud to let customers store confidential data, a prospect which will likely be most attractive to Internet service providers. Keep Reading at Forbes
Related posts
Cloud Computing Developer Workshops
Mar 9th
Monday, March 15
Cloud Computing IT Workshops | Developer Workshops | Developing for Microsoft Windows Azure Platform
Attend developer workshops with experts from the leading cloud computing platforms. It’s the only place where you can, in theory, build three cloud apps on three different clouds, guided by the folks behind that cloud, in a single day. BEST VALUE–Register for a Flex Pass to attend the conference (including developer track) plus pre-conference developer workshops.
| 9:00 AM–12:00 PM |
|---|
 Building on Google App Engine
Google’s App Engine cloud platform differs from many infrastructure-centric cloud technologies in that it is an Application Platform as a Service (APaaS) and thus, requires only code to build and deploy apps onto the cloud. Google App Engine provides a free usage entry path which can accommodate most modest web site/service deployments. Sites requiring more industrial strength scalability and bandwidth can enable billing and pay as needed to handle increased growth. Google App Engine distinguishes itself by offering development in either Python or Java. This workshop will be run in two tracks in both Python and Java with the same programming goals. You Will Learn:
Instructor – Wesley Chun, Developer Advocate, Google
Speaker – Ikai Lan, Developer Advocate, Google
|
|
Cloud Performance Optimization
Cloud environments are shared environments, which means that despite your best efforts, someone else can impact your performance and uptime. What if a cloud neighbor doesn’t play well with others? How can you be sure that your users are getting the availability you’ve promised, and the application performance to keep them happy and productive? You Will Learn:
Instructor – Hooman Beheshti, Vice President of Products, Strangeloop
Instructor – Hon Wong, EVP of Business Development and Marketing, Coradiant
Instructor – Imad Mouline, CTO, Gomez
Speaker – Robert Rounsavall, Director, Product Development, Terremark Worldwide, Inc.
Speaker – Don Green, Senior Vice President of Product Management, OpSource, Inc.
Speaker – Joe Hsy, Vice President of Technology and Advanced Development, Coradiant
Speaker – Bernd Harzog, Analyst – Virtualization Performance Management, The Virtualization Practice
Speaker – Seth Redmore, VP of Products, Lexalytics
Speaker – Steve Shah, Principal, RisingEdge Consulting
Speaker – John Allspaw, VP of Technical Operations, Etsy
Speaker – Hal Kalish, Industry Marketing Director – High Tech, Akamai
Speaker – Ron Warshawsky, Founder and CTO, Enteros
Speaker – JL Valente, CEO and President, Rivermuse
|
Related posts
SaaS a big winner in health stimulus
Mar 8th
One conclusion I was able to draw from last week’s HIMSS show is that Software as a Service (SaaS) is the only way clinics and small medical practices are going to get health IT in time to collect that sweet, sweet stimulus cash.
From big SaaS companies like AllScripts to smaller ones like Practice Fusion, the buzz was electric and the lesson obvious.
(Practice Fusion CEO Ryan Howard is shown at his HIMSS reception last week. He’s expecting a better year than the Phillies slugger of the same name. Which is saying something. (Then again, I’m a Braves fan.))
Most large hospitals have their solutions in place, or are in the process of implementation. This vendor relationship may be the most important thing on a hospital CEO’s plate right now.
From what I gathered on the HIMSS show floor, most of these vendors are lining their customers up to collect cash on investments made long ago.
Collecting on the 2011 meaningful use guidelines, watered down as they’re expected to be, will be fairly simple, and lobbying by both hospitals and vendors could water down the 2013 and 2015 guidelines so they don’t have to spend anything above current plans to collect on them.
Many small practices have been assuming that the hospitals will bring them their health IT. Admitting privileges are a powerful weapon. If the hospital mandates you go with McKesson, you may have no choice.
But small practices may well ask, what’s in it for me? Going with the hospital’s IT solution only ties you closer to the hospital. You have your clinic because you want to stay independent. And many hospital systems were not really designed to scale down.
Thus, SaaS. There is little up-front expense, no server in the closet. You can back up records overnight with Carbonite or a USB-linked hard drive — you can backup 2 terabytes at Costco now for under $300, including software.
SaaS vendors can scale quickly thanks to cloud computing. The biggest problem may be assuring clinics that their broadband connection won’t go down mid-day. But a lightweight version of the software, again on a nurse’s station, can handle that eventuality.
Services like SharEHR claim to require no training while others like Practice Fusion cost nothing thanks to ads. If the hospital demands your records, you can talk to them about that later.
Contrast that with the cost of putting in servers, wiring your office, training your staff, and learning it yourself, which is what many EHR vendors were offering clinics just a few years ago. The horror stories from that are many.
Personally I am still waiting for the glorious tech revolution to strike the doctors I use most often. My pediatrician has a PC on his desk to help with billing, but the kids’ records are still on paper. My internist is also paper driven. My dentist is a computer hobbyist but still brings out a file folder each time I visit. Last time I got new prescriptions I still drove them to the pharmacist.
This tells me there is still an enormous opportunity to automate small practices, but 2011 will be here before you know it and the only way I can see them going is to buy it as a service, stimulus cash or no stimulus cash.
Related posts
IBM Cloud Computing CTO to Keynote CloudSlam’10(TM) Conference
Mar 8th
IBM Cloud Computing CTO to Keynote CloudSlam’10(TM) Conference
Company is Named Exclusive Diamond Collaborator for Conference March 23 – March 25 2010
TORONTO, March 8 /PRNewswire/ — CloudSlam’10™, a virtual conference developed to promote collaborative analysis of the latest trends and challenges in the world of Cloud Computing, will commence on March 23. CloudSlam’10™ is organized by leading experts and authorities in the Cloud Computing industry and backed up by the world’s largest Cloud Computing community. Key topics will include Cloud Standards, Security, Transition Strategies, Compliance & Impact of Cloud Computing on the Global Economy. Attendees will hear breaking news, views & opinions which are exclusive to CloudSlam’10™.
CloudSlam’10™ gives industry leaders’ and professionals’ keen insights into published research, unique and evolving ideas and best practices, as well as an opportunity to network with leading experts within the Cloud Computing industry. The conference is designed to be a thought leadership platform for Business, Government and Academia. It’s also an ideal opportunity for corporate leaders to glean information on the latest innovations in Cloud Computing, generate new contacts and develop ideas on how to capitalize on what’s estimated to eventually become a $100 billion dollar market.
The CloudSlam’10™ speaker line-up will highlight new players in the Cloud Computing arena, as well as established players like IBM, who has been selected to be the Exclusive Diamond Collaborator for CloudSlam’10™. Dr. Kristof Kloeckner, CTO Enterprise Initiatives and Vice President Cloud Platforms, IBM Corporation, will present the Day One Headline Keynote address at the CloudSlam’10™ virtual event.
Drawing on experience of working with IBM customers and IBM’s internal cloud deployments, Dr. Kloeckner will review the conditions under which Cloud Computing can deliver its promise of cost reductions, delivery efficiency, flexibility and agility, as well as share insights around customer adoption based on careful selection of workloads and appropriate deployment models.
In addition, IBM senior software engineer Doug Tidwell will discuss the need for and status around cloud computing standards.
IBM Primary Keynote Sessions:
* “Headline Keynote Presentation” – Presented on March 23rd @ 13.30(pm) EDT.
* “Headline panel Discussion” – Presented on March 23rd @ 16.00(pm) EDT.
* “Headline Expert Session” – Presented on March 24th @ 13.30(pm) EDT.
* “Headline Case Study Session” – Presented on March 25th @ 14.45(pm) EDT.
Commenting on the announcement today, CloudSlam’10™ Chairman – Khazret Sapenov said, “We are truly delighted to have IBM join this year’s proceedings as our Headline collaborator for the event. IBM brings a wealth of expertise and know-how which we are certain will educate our event delegates, Cloud Computing group community members, as well as the Global audiences tuning in worldwide.”
CloudSlam’10™ – Produced by Cloudcor, Inc.™, is the premier Cloud Computing event. As an affordable way for industry leaders to exchange ideas and experiences, CloudSlam’10™ opens new horizons of cloud computing and serves as a springboard to success. CloudSlam’10™ will take place March 23-25 2010 -Online. For more information, contact Khazret Sapenov at k.sapenov@cloudslam.org or visit http://cloudslam10.com
Related posts
How Google Keeps Your Data Safe in the Cloud?
Mar 5th
In a blog post today, Google essentially reminds its enterprise customers that Google Apps provides an alternative to expensive, complex solutions as far as data disaster recovery goes.
Synchronous replication is a system that Google Apps uses to store customer’s info in two data centers at once, so that if one data center fails, Google says it nearly instantly transfers data over to the other one that’s also been reflecting the actions taken by the customer all along.
On the practical side this means that thanks to the cloud-based storage solution, Google customers won’t lose any data in a data center failure. Just as crucially, they are theoretically back up and running straight away — although the online giant does acknowledge that no backup solution is perfect.
This synchronous replication is applied to the entire Apps suite as well as Gmail (Google Calendar, Google Docs and Google Sites), with the sales angle being enterprise-class back-up for all at a much lower cost than if companies were to provide or contract separately for their own data redundancy systems.
Google, ever keen to push its Apps suite to new corporate clients of all sizes, estimates that this kind of backup could cost up to $500 for 25GB of data from other providers, but says it can bundle it in because it’s already running large, fast data centers.
This is essentially Google reminding enterprise customers (and potential customers) about one of the significant benefits of cloud computing over traditional in-house server farm data storage. How does your business handle data backup and redundancy issues? Do you think cloud computing is the ideal solution to hardware failure?
Related posts
Cloud computing at RSA: It’s not all fluff
Mar 5th
he RSA Conference invited several guest speakers to talk about a variety of topics surrounding cloud computing, including security, value propositions and cost savings to consumers and IT departments which want to reduce costs of information storage. Guests offered various views on scalability, security risks and efficiency models that indicate that there are significant value added services that can reduce IT costs dramatically.
For consumers, the decisions of IT services used by various sized businesses convinced into using cloud computing affects how cloud information and products are used, and how the vendor manages and protects information that potentially exposes you to events beyond your control. Businesses recognize these potential risks and are aware of impacts they may bring upon themselves if cloud computing services are vulnerable.
The evidence is clear – networks are hacked into everyday. Credit card information, transaction records, bank account information, personal identification records, etc. are retrieved through network intrusions regardless if they are stored in managed private networks or outsourced to public cloud based providers. So what makes sense to implement?
Value propositions of shared infrastructure costs spread over a number of customers at a central data center repository suggests that there are significant savings to be had by entering into Cloud based network services. Cloud computing offers different architecture designs, some are good and some are poor. Those that are enabled with shared data drives, network switches, routers, firewalls, intrusion detection systems and VPN domains and hardware should be thoroughly reviewed and analyzed during your service provider review. Consumers have little choice — and little knowledge of how CIO’s and IT departments make these choices.
The components involved in making such decisions are pretty basic, yet continue to be immersed into classic Fear, Uncertainty and Doubt (FUD) debates. Network hacking and intrusions into large network infrastructure such as Google, Intel, Yahoo, and financial data centers are everyday news.
Should something go wrong…
Are the advantages of Cloud computing compared in-house management of data worth the risks or not? Are the financial savings gobbled up in tarnished image and damage control? There are white papers offering several views on the subject here on ZDNet. You can decide from a technical merits perspective if the human and hardware costs savings can make a difference to your IT budget. These key benchmarks of return on investment can be categorically stated and offer ‘reasonable’ accuracy in financial reporting terms.
What cannot be put into the financial statement or projected costs savings are the unknowns in your company’s brand protection should something go wrong. Other considerations are litigation, insurance (risk) costs, and other service liability claims that could arise.
Soon to be a part of the equation are privacy and document responsibility protection costs that are not possible to calculate because the laws concerning how you protect your customer information are in a state of flux — and tort reform is not likely to be addressed in the near future. The more information is stored in central repositories where information about you is collected and used from single source environments, the more risk is taken upon by the provider of cloud computing suppliers. In a business environment that currently is experiencing difficult cost saving exercises, cloud computing is a potentially attractive option. In the current political environment the old business mantra of: ” too big to fail” is no longer true. Just ask GM, Lehman Brothers, and just about all pension funds. Today, a lot of companies have significant IT costs that potentially hinge upon whether or not they become the next dead, nearly dead, or put on life support entity. This may trigger how much risk a company undertakes managing information and intellectual property.
Consumers in many ways have simply become numb to it all. It’s almost acceptable that it is going to happen and why fight it. The tolerance level appears to be very high to potential impacts to an individual’s information. But how much more are people willing to take before it’s too much – let alone too late to fix? The tolerance to credit card fraud has been acceptable in the past because the consumer has never been liable for damages. But as people become accustomed to electronic health care records, personal profile data and purchasing history becoming intermixed and interconnected, that may change how much risk and tolerance consumers are willing to put up with.
Even Google is vulnerable
It was OK when it didn’t happen to you, but when it does, the tune suddenly changes. Data centers that are operated by third parties invite more than just criminal intent, including government oversight, profiling, personal attack, manipulation and legal litigation that may wind up being more expensive to you and the company that entered into a cloud computing service than realized. In fact, I would suggest that cloud computing service providers like Google are exposed to legal and financial risks that could lead to their demise.
In the United States, government agencies like DOJ, FTC, FITC, FBI will be of no help until after the fact. They simply pick up the pieces after an incident occurs. There are no regulations or federal guidelines that are enforceable in a cloud computing environment prior to commencing service. The privacy and criminal laws are not certification or compliance elements. ISO standards and other litmus tests are not mandatory, nor are they sanctioned by any government agency. In some countries, like Canada and Australia, there are requirements with respects to privacy and information security to be in compliance with concerning management of information, but not how they are physically stored within a cloud provider’s infrastructure. Insurance companies are just beginning to learn how to offer product liability products concerning Cloud service providers and they will require certifications like IS0 27001 and SAS70 reviews.
Of particular concern is access to information by government authorities. By hosting your information with third party entities, you may not be even aware of search warrants and monitoring by government agencies and this creates potential vulnerabilities that are not only beyond your control, but potentially damage your company’s credibility - permanently. Processes, policies and jurisdiction issues are upcoming hot spots creating significant legal and ethical questions that are not transparent. Service providers can stress that they have the best security and controls in the world. They are no good to you as a company or individual when the authorities knock on their door and you don’t even know.
Criminal and intelligence communities’ attraction to attack such a valuable commodity will always be in demand. Consumer sympathy, complacency and tolerance will collide and cannot be relied upon for recovery. Cloud computing is an appropriate description for such services. CIO’s and consumers need to understand that SOME clouds may look like nice fluffy places to park your data, others but they can turn out to be towering cumulus clouds emitting thundering lightning bolts that eventually hit you, maybe more than once, and leaving nothing behind.
