Going Cloud… Thinking Security (part 2)

This series reviews 4 ‘things’ you should take seriously when considering cloud solutions.  Part 1 looked briefly at Application Integration – critical if your cloud solution needs to form part of an integrated IT strategy.

Now, we look at security.

Even though we have written about and discussed security a number of times it is still of extreme relevance and importance in the move to a cloud based service.

Most security consultants have had to deal with a huge shift in focus regarding security, but the basic security fundamentals for users of cloud services still apply. As a first step, assessing the risk in security and compliance is imperative. Core security topics such as control and manageability, tracking records of actions, trust and incident management, liability and support, misuse and data leakage, these are all more critical than ever.

According to Nico Popp, VP of product development at Verisign “This requires layers of security, including multifactor authentication, identity brokers, access management and, in some cases, an external service provider who can provide that high a level of administrative control”

“Security and cloud hosting are two separate things, but the cost of entry is so low, and often so simple, that customers may not do as much due diligence as they should to find out who’s responsible for security,” says Ezra Gottheil an analyst who covers server issues for Technology Business Research.

Too many times companies assume that their cloud provider is taking care of security – leaving themselves vulnerable to attack, and all too often, ignorant of the fact.

Customers must demand transparency, avoid vendors that refuse to provide detailed information on security programs. Ask questions related to the qualifications of policy makers, architects, risk-control processes and technical mechanisms and the level of testing that’s been done to verify that service and control processes are functioning as intended, and that vendors can identify unanticipated vulnerabilities.

Here are seven of the specific security issues Gartner says customers should raise with vendors before selecting a cloud vendor.

1. Privileged user access

Get as much information as you can about the people who manage your data. Ask providers to supply information on the hiring and oversight of privileged administrators, and the controls over their access.

2. Regulatory compliance

Traditional service providers are subjected to external audits and security certifications. Cloud computing providers who refuse to undergo this type of scrutiny must only be used for the most trivial functions.

3. Data location

Ask providers where your data will be stored, and if this data centre has sufficient security measures in place to obey local privacy requirements on behalf of their customers.

4. Data segregation

The cloud provider should provide evidence that encryption schemes were designed and tested by experienced specialists to ensure data integrity.

5. Recovery

Even if you don’t know where your data is, a cloud provider should tell you what will happen to your data and service in case of a disaster.

6. Investigative support.

The vendor needs to assure you that they can investigating inappropriate activity and must show that they have already successfully supported such activities.

7. Long-term viability

Ideally, your cloud computing provider will never go broke or get acquired and swallowed up by a larger company. But you must be sure your data will remain available even after such an event.

Remember we need to qualify the vendors we want to do business with, that is why Marutech and Cornastone have invested a considerable amount of time to cut through all the hype and get to the point. To ensure that our customers know full well that the solutions in our stable really do meet the above requirements.

In the next article we look at storage, which continues to be one of the weak points of many a provider.

Going Cloud… Thinking App Integration (part 1)

As many new and upcoming markets are drifting away from the norm of IT, Cloud based services are continuing to grow and grow fairly quickly in the market place, according to IDC’s Cloud Services Overview Report “Sales of Cloud-related technologies are growing at an average of 26 percent a year”.

That is roughly six times the rate of IT spending overall, the report goes on to state that in 2009 estimated spending on cloud technologies was just over US $17 billion and will grow to a whopping US$44 billion by 2013.

So as you start to review your future IT budget and prepare for the move to cloud based services, there are 4 critical elements to understanding the true value of the service being offered – Application Integration, Security, Storage and Virtual I/O.

In today’s article – we touch on Application Integration.

A number of companies have already invested a considerable amount of money into solutions that can assist in managing their network and platform infrastructure, these solutions are an integral part of your business and should not be ignored when moving to a Cloud based Solution.

The complexities involved in implementing a solution and ensuring that your current products’ potential is maximized requires integration.  We spend considerable effort in ensuring that our cloud based offerings, like Service-now.com can support the integrations required to tap this potential, and as leading systems integrators in our field, we provide the necessary skills and resources to make the integration between systems seamless.

Integration means more than just batch-processing chunks of data being traded between applications once or twice per day the way that was done on mainframes, according to Tom Fisher, vice president of cloud computing at SuccessFactors.com, a business-application SaaS provider in San Mateo, California

Being able to provision and manage user identities from a single location across a range of applications is critical, especially for companies that have never been in the software-providing business before and don’t view their IT as a primary product, he says.

So remember you don’t want to lose the capex on that expensive software solution you bought a few years ago, find out if your existing solutions can work hand in hand with the cloud based offering. And will these solutions be able to communicate and forward information between the varying platforms successfully ?

In the next article, we’ll consider the underlying security required as basis of this service.

Read more of this post

Tips on choosing IT Management solutions

Here are 3 high-level tips on choosing solutions for your IT Management.   These are aimed at the not-so-versed IT manager, senior manager, business owner or entrepreneur looking to expand his business and with it establish a more mature IT environment…

1.       Start by defining or at least understanding [fully] what the business or IT process is.   If you don’t understand the process – you can’t properly identify the broader problem and how that problem can potentially be solved. In the world of IT (or IT Management), make sure you’re working according to some model and broader vision – whether that be by adopting an FCAPS model, the Meta Group model for E/DSM, your own proprietary model or simply by aligning to ITIL guidelines for managing your processes.  Whatever your preference, you have to work towards a model.

2.       Choose software or solution components that will contribute to the solution you intend to adopt.  Choosing a solution is not just about choosing a good piece of software, hardware or service.   You must take some time to understand the vendor and supplier of choice.   You should take into consideration their culture, their success (and reputation) in the market, satisfaction of existing customers and whether they could get maximum value from solutions they’ve purchased.   You should look at how the local partners are empowered to support you, how willing they are to understand your needs and grow with you.   Most importantly, choose a partner that will support you through the tough times, a partner that’s knowledgeable and can give you the appropriate advise, a partner that puts your interests before his (i.e. your business objectives) because he realizes that he’ll only be successful if your business is successful.    When making your buying decision – consider all these aspects – and spend time developing a relationship so that you can actually gain an understanding of these aspects.

3.       Lastly, it’s important to consider what your definition of a solution is.  Many people have a wrong perception – partly due to vendors selling “solutions” when all they’re selling is software or hardware.   Ask yourself “when is a solution a solution?”.   A solution is note something that comes in a box.  It’s not something you buy and now have to wonder what you’re going to do with it.  You only have a solution when the software, hardware, service and whatever else you purchase is fully implemented, integrated, supported and utilized (i.e. users are empowered and educated), and when it is adding maximum value according to your original definition of the problem that needed to be solved.

To sum this up, a solution must support a process that solves a business problem, it must be integrated into existing systems and you should have a partner supporting you to gain maximum value from your investment so that you can focus your efforts on your own business and your customers’ businesses.

Virtualisation and Cloud – How do they Fit ?

“Virtualisation and Cloud – How do they Fit ?”

At the 2010 VMWorld held at the Moscone Center in San Francisco, VMware unveiled a new approach to ‘Cloud Computing’ that enables businesses and larger enterprises who already have virtualized infrastructures, to shift some of their IT operations to an ISP’s cloud service offering.

The new service, Computing as a Service (CaaS) enabled by VMware vCloud Datacentre, is currently in field trials. Enterprises can use this hybrid service without having to rewrite applications that operate on VMware, using their current modes of operation, according to the vendor.

“It is intended to lower some of the barriers to adoption of cloud computing.” says Joe Crawford, executive director of IT solutions. “VMware customers will be interested in this functionality. There are hundreds of thousands of customers who use VMware today, and they can now use a cloud-based solution using the same tool set and same knowledge base”

For some ‘Virtualization’ and ‘Cloud Computing’ is still a grey area, so let’s try to clarify this a bit.

Virtualization is the creation of a virtual version of something, such as an operating system, a server, a storage device or network resource, in essence it is scaling down from a ‘one server, one application’ model to ‘one server, multiple servers and multiple applications’ model. A number of customers have used this model to scale down massive power hungry data centres to run on a few high capacity servers. With an array of benefits.

Whereas ‘Cloud Computing’ is Internet based computing, it is also a general term for anything that involves delivering hosted services over the Internet. These services are broadly divided into three categories – Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS)

This new service is ground-breaking for VMware, a company that has factored heavily in the service provider community’s move to cloud computing. VMware have started to engage with ISP’s to offer this cloud based solution, built on the customers’ requirements.

The new service also promises security for applications shifted onto the cloud-based architecture.

One immediate area of appeal is disaster recovery and business continuity, Joe Crawford, executive director of IT solutions says, “as enterprises look for network-based computing options that enable them to stay in business in the face of natural or man-made disasters or service interruptions. In addition, the CaaS offering will give businesses the ability to add or subtract computing resources as needed, paying for what they use rather than investing capital in computing power that sits idle during slower times.

InterContinental Hotel Group (IHG) has been selected to trial the field tests for this service, using cloud computing to handle higher booking activity during peak travel times,  and with the upcoming to holiday season, they are likely to need extra capacity until the off season.

With this service, you can have variable workloads hosted by the service provider as opposed to using your own resources, so if you require a higher capacity it is as simple as putting through a request.

So moving forward we can see infrastructures scaling down through virtualized environments and them saving money, by only paying for what they use. We have a high expectancy from the field trials and hope within the next year we can see our local ISP’s adopting a CaaS model driving forward with VMware at the helm.