Posts tagged Storage
How Google Keeps Your Data Safe in the Cloud?
Mar 5th
In a blog post today, Google essentially reminds its enterprise customers that Google Apps provides an alternative to expensive, complex solutions as far as data disaster recovery goes.
Synchronous replication is a system that Google Apps uses to store customer’s info in two data centers at once, so that if one data center fails, Google says it nearly instantly transfers data over to the other one that’s also been reflecting the actions taken by the customer all along.
On the practical side this means that thanks to the cloud-based storage solution, Google customers won’t lose any data in a data center failure. Just as crucially, they are theoretically back up and running straight away — although the online giant does acknowledge that no backup solution is perfect.
This synchronous replication is applied to the entire Apps suite as well as Gmail (Google Calendar, Google Docs and Google Sites), with the sales angle being enterprise-class back-up for all at a much lower cost than if companies were to provide or contract separately for their own data redundancy systems.
Google, ever keen to push its Apps suite to new corporate clients of all sizes, estimates that this kind of backup could cost up to $500 for 25GB of data from other providers, but says it can bundle it in because it’s already running large, fast data centers.
This is essentially Google reminding enterprise customers (and potential customers) about one of the significant benefits of cloud computing over traditional in-house server farm data storage. How does your business handle data backup and redundancy issues? Do you think cloud computing is the ideal solution to hardware failure?
Related posts
RightNow Tries to Change SaaS Contract, Pricing Game
Mar 5th
CRM vendor RightNow announced a new SaaS (software as a service) pricing and licensing model on Thursday that it says provides customers with fairer, clearer deals. The company also issued a “Cloud Challenge” to competitors, urging them to adopt similar principles.
RightNow contends that while SaaS has changed the way companies use IT, providing benefits like faster implementations and quicker innovation, contractual engagements are wracked by the same problems as on-premises software, such as underutilized or excess user seats, hidden fees and restrictive contractual terms.
Under RightNow’s Cloud Services Agreement (CSA), which is now standard for all new business conducted by the vendor, customers receive fixed pricing for three years. They also have the ability to renew for another three years at a cost determined at the time the initial contract is signed.
Users who sign multiyear agreements can cancel on an annual basis for any reason, said CEO Greg Gianforte .
Another key aspect of the CSA sees customers buy a pool of “seat months” that are consumed on an as-needed basis, Gianforte said.
Customers can adjust the number of seat months each year. This will help put an end to shelfware, and particularly benefit customers with seasonal spikes in business, such as an online retailer, Gianforte said.
RightNow is also pledging to give back part of customer’s subscription fees if it fails to meet service-level agreements. The company is also offering 90-day pilot programs with unlimited capacity.
“It’s time for a change. The best thing that could happen is that the industry responds and everyone adopts the Cloud Challenge,” he said. “These are reasonable expectations and if you’re not getting them, you’re being taken advantage of.”
The announcement is “absolutely the right step and right direction from the point of view of SaaS and SaaS vendors,” said Ken Harris , CIO of natural nutrition products company Shaklee, a RightNow customer for more than five years.
Shaklee has a current contract with RightNow and therefore can’t immediately take advantage of the CSA, but the new terms reflect a number of provisions the company negotiated for in past years, he said.
The CSA’s use of “seat months” will be a big help, as Shaklee’s business is somewhat seasonal and underutilized seats do present “a real problem,” he said. “With any software that’s seat-based, you have to build the church for Easter Sunday but the rest of the days it doesn’t fill up, as the old saying goes.”
RightNow is just one of nine SaaS applications Shaklee currently uses, Harris said. The CSA “is going to give us a lot of leverage. A number of things that are in here, we’ve been trying to negotiate in all of our deals, not always successfully.”
Analysts also praised RightNow’s announcement.
“RightNow does go some way to address likely user pain points around adopting cloud apps, particularly in relation to guaranteed pricing over a multi-year period,” said 451 Group analyst China Martens via e-mail. “Having to pay over the odds for both compute power and storage for some versions of vendors’ CRM software have given some customers some nasty surprises.”
“There’s a lot to like in this announcement,” said Frank Scavo , managing partner of the IT consulting firm Strativa, in an e-mail. “For example, the cash level credits. With many providers, SLAs are weakly written or only offer token concessions. RightNow’s terms and conditions look like they put real teeth into RightNow’s SLAs.”
The announcement speaks to a new front in the software industry’s pricing wars, he added.
“Vendors have been discounting for years to win specific deals. The price competition is now moving to long-term maintenance and support, where the real money is,” Scavo said .”We’ve already started to see it with on-premise vendors such as Infor and Microsoft Dynamics, who seem to be emphasizing their maintenance and support programs these days as a way of differentiating themselves from SAP and Oracle. Now we’re starting to see it in the cloud.”
Related posts
Cloud computing at RSA: It’s not all fluff
Mar 5th
he RSA Conference invited several guest speakers to talk about a variety of topics surrounding cloud computing, including security, value propositions and cost savings to consumers and IT departments which want to reduce costs of information storage. Guests offered various views on scalability, security risks and efficiency models that indicate that there are significant value added services that can reduce IT costs dramatically.
For consumers, the decisions of IT services used by various sized businesses convinced into using cloud computing affects how cloud information and products are used, and how the vendor manages and protects information that potentially exposes you to events beyond your control. Businesses recognize these potential risks and are aware of impacts they may bring upon themselves if cloud computing services are vulnerable.
The evidence is clear – networks are hacked into everyday. Credit card information, transaction records, bank account information, personal identification records, etc. are retrieved through network intrusions regardless if they are stored in managed private networks or outsourced to public cloud based providers. So what makes sense to implement?
Value propositions of shared infrastructure costs spread over a number of customers at a central data center repository suggests that there are significant savings to be had by entering into Cloud based network services. Cloud computing offers different architecture designs, some are good and some are poor. Those that are enabled with shared data drives, network switches, routers, firewalls, intrusion detection systems and VPN domains and hardware should be thoroughly reviewed and analyzed during your service provider review. Consumers have little choice — and little knowledge of how CIO’s and IT departments make these choices.
The components involved in making such decisions are pretty basic, yet continue to be immersed into classic Fear, Uncertainty and Doubt (FUD) debates. Network hacking and intrusions into large network infrastructure such as Google, Intel, Yahoo, and financial data centers are everyday news.
Should something go wrong…
Are the advantages of Cloud computing compared in-house management of data worth the risks or not? Are the financial savings gobbled up in tarnished image and damage control? There are white papers offering several views on the subject here on ZDNet. You can decide from a technical merits perspective if the human and hardware costs savings can make a difference to your IT budget. These key benchmarks of return on investment can be categorically stated and offer ‘reasonable’ accuracy in financial reporting terms.
What cannot be put into the financial statement or projected costs savings are the unknowns in your company’s brand protection should something go wrong. Other considerations are litigation, insurance (risk) costs, and other service liability claims that could arise.
Soon to be a part of the equation are privacy and document responsibility protection costs that are not possible to calculate because the laws concerning how you protect your customer information are in a state of flux — and tort reform is not likely to be addressed in the near future. The more information is stored in central repositories where information about you is collected and used from single source environments, the more risk is taken upon by the provider of cloud computing suppliers. In a business environment that currently is experiencing difficult cost saving exercises, cloud computing is a potentially attractive option. In the current political environment the old business mantra of: ” too big to fail” is no longer true. Just ask GM, Lehman Brothers, and just about all pension funds. Today, a lot of companies have significant IT costs that potentially hinge upon whether or not they become the next dead, nearly dead, or put on life support entity. This may trigger how much risk a company undertakes managing information and intellectual property.
Consumers in many ways have simply become numb to it all. It’s almost acceptable that it is going to happen and why fight it. The tolerance level appears to be very high to potential impacts to an individual’s information. But how much more are people willing to take before it’s too much – let alone too late to fix? The tolerance to credit card fraud has been acceptable in the past because the consumer has never been liable for damages. But as people become accustomed to electronic health care records, personal profile data and purchasing history becoming intermixed and interconnected, that may change how much risk and tolerance consumers are willing to put up with.
Even Google is vulnerable
It was OK when it didn’t happen to you, but when it does, the tune suddenly changes. Data centers that are operated by third parties invite more than just criminal intent, including government oversight, profiling, personal attack, manipulation and legal litigation that may wind up being more expensive to you and the company that entered into a cloud computing service than realized. In fact, I would suggest that cloud computing service providers like Google are exposed to legal and financial risks that could lead to their demise.
In the United States, government agencies like DOJ, FTC, FITC, FBI will be of no help until after the fact. They simply pick up the pieces after an incident occurs. There are no regulations or federal guidelines that are enforceable in a cloud computing environment prior to commencing service. The privacy and criminal laws are not certification or compliance elements. ISO standards and other litmus tests are not mandatory, nor are they sanctioned by any government agency. In some countries, like Canada and Australia, there are requirements with respects to privacy and information security to be in compliance with concerning management of information, but not how they are physically stored within a cloud provider’s infrastructure. Insurance companies are just beginning to learn how to offer product liability products concerning Cloud service providers and they will require certifications like IS0 27001 and SAS70 reviews.
Of particular concern is access to information by government authorities. By hosting your information with third party entities, you may not be even aware of search warrants and monitoring by government agencies and this creates potential vulnerabilities that are not only beyond your control, but potentially damage your company’s credibility - permanently. Processes, policies and jurisdiction issues are upcoming hot spots creating significant legal and ethical questions that are not transparent. Service providers can stress that they have the best security and controls in the world. They are no good to you as a company or individual when the authorities knock on their door and you don’t even know.
Criminal and intelligence communities’ attraction to attack such a valuable commodity will always be in demand. Consumer sympathy, complacency and tolerance will collide and cannot be relied upon for recovery. Cloud computing is an appropriate description for such services. CIO’s and consumers need to understand that SOME clouds may look like nice fluffy places to park your data, others but they can turn out to be towering cumulus clouds emitting thundering lightning bolts that eventually hit you, maybe more than once, and leaving nothing behind.
Related posts
Cloud Computing: Will It Be Government’s Venus Fly Trap? Gartner
Mar 4th
The cryptographer’s panel at the RSA conference is always my favorite part. At this year’s conference, Ron Rivest (the R in RSA) made a comment along the lines of “One of my fears for the future is that cloud computing is a ‘dream come true’ for government intelligence agencies.” He actually used a more colorful term for ‘dream come true’ but his basic point was something I point out to Gartner clients all the time: in many countries (the US included) companies are legally (and often illegally) required to cooperate with government requests to surreptitiously monitor communications and content flowing through or stored on their systems.
There is a school of thought that true cloud computing means no care at all about the physical location of the storage. The fact that many governments can compel any company or service provider operating in their country to expose their customer’s data means for real businesses, location does matter.
Does encryption solve the problem? Only if the control of the keys is completely outside of the control of the service provider and if there is complete and guaranteed transparency into all access to the encrypted data. The reason for that and clause: with unlimited local access to encrypted data, government funded brute force attacks are much more likely to eat into the safety margin of long key lengths. And, as Brian Snow pointed on on the cryptographers panel, unlike the commercial/academic crypto community, the government crypto community does not publicize its breakthroughs in cracking algorithms or in developing orders of magnitude faster brute force capabilities.
Does striping or scattering the data across multiple data centers in multiple countries solve the problem? Assuming (a very, very big assumption) that the cloud service provider has not made concessions to a host country that would allow access anyway, this has possibilities – but I think there are a myriad of ways to attack this approach. Encryption has been banged on for years and we know that most proprietary encryption approaches are not secure. Striping/scattering for security has not been banged on and I am positive that many, many implementations will turn out not to be secure.
What about striping/scattering encrypted bits? Well, security in depth is always more expensive but not always more secure. This approach has possibilities, but just adding more “rounds” just as often introduces new vulnerabilities rather than increasing security.
I was on a panel at RSA on tokenization, and the idea of “tokenization as a service” is where I think more promise lies. Use cloud storage for the non-sensitive data (which by volume is usually more than 99% of the storage) and keep the sensitive data at home or at least in-country. Use the cloud for what it is good at and don’t use it for what is not good at.
Related posts
Cloud computing: the biggest threats
Mar 2nd
The next generation of cloud-based storage and services allows us greater freedom to compute on the go. It enables us to be free from the storage constraints of compact devices and gives us the ability to access services and personal information on these devices regardless of our location. Cloud computing also poses serious threats to online privacy.
A new report published by The Cloud Security Alliance (CSA) and HP on March 1 details some of the more serious threats about what could occur when using cloud-based services, now and in the future.
Perhaps the most worrisome threat for individuals is the loss and interception of personal information such as credit card details, banking records, medical records, home and work address and any other information that could leave them susceptible to identity theft.
A lot of research has gone into creating cloud-based services, but perhaps not enough time and money has been spent protecting individuals’ privacy and safeguarding against the interception of information via third-party sites. More resources need to be harnessed to ensure these services will be safe for people to use when future generations of hackers try to prey on cloud-based databases.
There are few laws in place that govern cloud-based security practices. Cloud computing privacy policies are often very vague about what happens in the event of information loss or theft.
This level of uncertainty is largely replicated in the early adoption of cloud computing. Security is cited as the number one barrier to adoption. New users find it difficult to weigh up the pros and cons of cloud computing; there is a wealth of opportunities floating in the cloud but customers are very concerned about the associated risks.
By highlighting the top cloud computing security issues, CSA and HP hope to make cloud computing safer for consumers and businesses alike.
“Cloud services are clearly the next generation of information technology that enterprises must master. We have a shared responsibility to understand the security threats that accompany the cloud and apply the necessary best practices to mitigate them,” said Jim Reavis, founder of the Cloud Security Alliance.
The top security threats of cloud computing:
1. Abuse and Nefarious Use of Cloud Computing
2. Insecure Interfaces and APIs
3. Malicious Insiders
4. Shared Technology Issues
5. Data Loss or Leakage
6. Account or Service Hijacking
7. Unknown Risk Profile
Related posts
The economics of cloud computing
Feb 25th
The new big thing of the IT world is “cloud computing”, a general purpose technology that could provide a fundamental contribution to promote efficiency in the private and public sectors and promote growth, competition, and business creation.
Cloud computing is an Internet-based technology (hence “cloud”) which stores information in servers and provides it as an on-demand service. The economic impact of cloud computing will be substantial on both households and companies.
- On one side, consumers will be able to access all of their documents and data from any device (the home or work PC, the mobile phone, an internet point), as they already do for email services or social networks.
- On the other side, firms will be able to rent computing power (both hardware and software in their latest versions) and storage from a service provider, while paying on demand, as they already do for other inputs such as energy and electricity.
The former application will affect our lifestyles, but the latter will have a profound impact on the cost structure of all the industries. For instance, it can provide huge cost savings and greater efficiency in large areas of the public sector including hospitals and healthcare (especially to provide information and technologies in remote or poorer locations), education (especially for e-learning) and the activity of government agencies with periodic spikes in usage. Moreover, substantial positive externalities are expected because of energy savings: the improvement of energy efficiency may contribute to the reduction of total carbon emissions in a substantial way.
If we look at the private sector, again the introduction of cloud computing can provide cost savings. It can create multilateral network effects between businesses, and it can promote entry and innovation in all the sectors where IT costs are restrictive and are drastically reduced by the adoption of cloud computing. This last effect can have a large effect on the wider economy. Continue Reading…Full Source
Related posts
RELIACLOUD JOINS THE RANKS OF AMAZON AND RACKSPACE
Feb 24th
ReliaCloud and enStratus Team Up to Present CloudCamp Events and
Cloud Computing Webinar for IT Directors
EDEN PRAIRIE, Minn. (February 24, 2010) – ReliaCloud, the new service that offers small-to-medium-sized enterprises cloud computing servers and storage space, has announced a new partnership with enStratus, a national cloud management platform that delivers governance for enterprise applications in the cloud. Together ReliaCloud and enStratus offer companies a seamless, manageable cloud computing service. The two organizations are also joining forces to sponsor 2010 CloudCamp events and an April 7, 2010, webinar to educate information technology professionals about the business advantages of using cloud computing.
“We are thrilled to offer the enStratus solution to ReliaCloud customers,” said Jason Baker, chief technology officer for ReliaCloud. “The highly regarded management platform and experience in cloud security and availability management at enStratus is invaluable to regulation-heavy businesses or enterprises that are concerned about reliability and business continuity.”
To go beyond basic cloud computing service, ReliaCloud customers now have access to a suite of software management tools from enStratus that are also used with Amazon Web Services, Rackspace and Microsoft Azure platforms to maximize:
- Security – enStratus has a patent-pending security architecture that ensures separation of security keys from encrypted data and provides advanced user management and activity logs for compliance;
- Reliability – Automated management tools, auto-recovery engine and unique clustering capabilities that minimize human error and enable support of service level agreements up to 99.9999 percent; and
- Cloud Independence – enStratus provides business continuity through cloud-independent backups as well as cross-cloud disaster recovery.
“enStratus is pleased to add ReliaCloud to its supported list of cloud providers,” says George Reese, chief technology officer of enStratus. “We’re confident that ReliaCloud is ready to serve IT directors who are seeking a reliable and secure partner that they can trust in the cloud.”
In addition to launching their affiliation, ReliaCloud and enStratus are hosting the Minneapolis CloudCamp on Tuesday, March 2, which is a local gathering of early cloud computing adopters who want to exchange ideas on the evolving topic. Other upcoming 2010 regional CloudCamps are taking place on Friday, March 5, in Chicago; Tuesday, March 16, in Philadelphia; Tuesday, March 23, in Washington, DC and Tuesday, May 25, in Denver. For more details about a specific CloudCamp go to www.cloudcamp.org.
To continue cloud computing education efforts, ReliaCloud and enStratus are also hosting a webinar on Wednesday, April 7, 2010, for IT directors and chief technology officers who want to learn what cloud computing can do for their respective businesses and hear examples of success stories. The webinar will feature Jason Baker from ReliaCloud and George Reese from enStratus. More details about the Webinar are posted on the ReliaCloud blog at www.reliacloud.com/blog.
