“Give me some confidence” …

Posted on by

For the majority of  companies, the possibility of buying computational power, disk storage, collaboration, application development resources, programs, etc. on demand is very compelling. After all we can say that Cloud Computing is: No Hardware, No Software, Don’t Hire No One

But until the major Cloud Computing providers don’t answer in a very clear way, to the legitimate questions entreprises have about security, scalability, performance, availability, reliability, etc. (either at infrastructure level, platform level and service level) we can say that we have a “barrier” between entreprises and Cloud Computing , and that “barrier” needs to be addressed, so that entreprises can feel “total” confidence in Cloud Computing.

Here are some of those concerns that need clear answers:

  • Where is my data?
  • How does my data securely enter and exit the cloud?
  • How is my data protected in transit?
  • Who has access to my data?
  • Who is responsible if something goes wrong?
  • What’s the disaster recovery plan, including response to a pandemic?
  • What about export and Privacy laws?
  • Will my data disappear when my online storage site shuts down?
  • What happens if my cloud provider disappears?
  • How is the environment monitored for OS / DB / application failures and how are we notified?
  • Backups (Protected and secured from theft and damage? Encrypted? and how are the encryption keys rotated and managed? etc. )
  • Hard to integrate with in-house IT?
  • Enough ability to customize?
  • On-demand will cost more?
  • Bringing back in-house is difficult? is possible?
  • Regulatory requirements can prohibit cloud?

 

The Balance Between Risks and Rewards

Any IT department, CIO, etc.  is like any other business, they have to balance the risks and rewards, and although the rewards are many, the risks also can’t be ignored.

The fact is that some events (although natural) like for example privacy complaints againts Google , Google Outages or Amazon’s S3 Outages, etc. although they don’t compromise the future of Cloud Computing, they don’t increase that confidence.

And of course, the absence of agreement between the big players (IBM. Microsoft, Google, Amazon, Salesforce, etc.) about the “Open Cloud Manifesto” is not good for confidence:  http://blogs.wsj.com/digits/2009/04/30/cloud-standards-effort-could-turn-into-a-dustup/?mod=rss_WSJBlog?mod= (but I believe, soon or later, they will reach an agreement).

  

The answers of the major Cloud Computing to enhance confidence

But the main reason of this post,  it’s not to discuss those issues, but to say that the major Cloud Computing providers are aware of those questions and concerns (some are answering with very clear responses, while others only acknowledge those concerns but don’t have clear answers) like for example:

HP Unveils “Cloud Assure” to Drive Business Adoption of Cloud Services: HP Cloud Assure, a Software-as-a-Service (SaaS) offering designed to help businesses safely and effectively adopt cloud-based services.

Beyond The Cloud: IBM Unveils ‘Stream Computing’ : IBM  launched a new computing system designed to let businesses instantly analyze “streams” of data with an eye toward enabling faster and better decision making.

Microsoft schools CIOs on #cloudcomputing migration: “Markezich stresses that one of the biggest concerns holding CIOs back from adopting Microsoft’s cloud services model, but really the cloud services concept in general, is a lack of control over their data, including stored business policies and procedures. Markezich says “There is real concern that moving to cloud services means giving up control.” And these concerns stem also into areas of privacy, security and the flexibility required to adapt to this new cloud computing model.”

Evaluating Storage-As-A-Service OptionsCloud vendors respond  to questions about the feasibility of storage services as an alternative to on-premises hardware.

Increasing the control over the Cloud – Reducing the EDoS danger: “One of the control technologies that will definitely reduce the dangers of the EDoS is the new Auto Scaling from Amazon. With this technology Amazon clients will be able to define boundaries that would limit the elasticity of its platforms. With these boundaries they will always control how their platforms will grow and therefore they will no longer be exposed to the EDoS. This new feature of the AWS platform should be used with the also new Amazon CloudWatch which adds to the Amazon platform the ability to be full motorized by their costumers.”

Cloud providers answer the tough questions :”Portability, governance, security and quality of service are concerns of companies considering a move into cloud computingand SaaS. In discussions with SD Times, industry executives met some difficult questions about this emerging paradigm with equally frank answers.”

Cloud billing triggers anxiety:  ”Microsoft‘s Amitabh Srivastava, the senior vice president of Windows Azure, agreed that the pricing and billing aspect of cloud services is a “very genuine worry” among customers. Azure will be available in a pay-as-you-go model but also feature discount pricing for commitment up-front, and companies can cap it, he said. In addition the Azure pricing model will be folded into enterprise agreements so that companies are not managing different pricing schemes that would make it more difficult to track and plan budgets”

During RSA 2009, Cloud Security Alliance released its Guidance for Critical Areas of Focus in Cloud Computing(pdf). (see also http://groups.google.com/group/cloudsecurityalliance )

IBM to Validate Resiliency of Cloud Computing Infrastructures: “In a move that could spur the rise of the nascent computing model known as cloud, IBM said it would introduce a program to validate the resiliency of any company delivering applications or services to clients in the cloud environment. As a result, customers can quickly and easily identify trustworthy providers that have passed a rigorous evaluation, enabling them to more quickly and confidently reap the business benefits of cloud services.

Taking Account of Privacy when Designing Cloud Computing Services ( HP Paper): “Privacy is an important issue for cloud computing, both in terms of legal compliance and user trust, and needs to be considered at every phase of design. In this paper the privacy challenges that software engineers face when targeting the cloud as their production environment to offer services are assessed, and key design principles to address these are suggested.”

MIT: Cloud Computing to Reshape IT : ”But even while panelists praised the advantages of cloud computing, they pointed to some limitations that could hinder its widespread adoption… Rackspace Cloud General Manager, Emil Sayegh, for example, said that certain database-intensive applications would likely perform better with dedicated infrastructure. He also said that industries that are under heavy regulatory control, such as healthcare, would be better off using dedicated systems rather than cloud computing services.”

Michelle Dennedy (Sun Microsystems) discusses Security in Cloud Computing for Businesses & Government: ”A discussion about the changing landscape of data retention policies. The more data we retain, the more at risk we are of exposing that data inadvertently – and therefore creating exposure. Sun’s Chief Data Strategy and Privacy Officer, Michelle Dennedy, and Sun Product Manager, Cathy Norton, discuss how businesses and governments can take on these challenges. ”

And of course this also enhance the confidence:

Sun Microsystems is open sourcing its Cloud Computing APIs

 Interop: SAP CTO backs open source for the cloud

Amazon taps ex-FBI official to develop gov’t cloud business

As well as:

The largest IT department on the World is changing to Cloud Computing

Japan to build massive cloud infrastructure for e-government

Obama’s Cloud Computing Strategy Takes Shape

 Federal Government Defining the Expanding World of Cloud Computing

 

Recommendations that should be taken in account

But the reality, is that in spite of all those objections and problems, the true is that in general Cloud Computing  have more security, scalability, performance, availability, reliability than the majority of the in-house systems (and it will improve on time), never than less the following recommendations should be taken in account (source http://www.intelligententerprise.com/blog/archives/2009/05/saascloud_audit.html ):

With respect to data security, organizations must review the vendor’s data protection techniques to ensure appropriate cryptography is used for both data in rest and in motion, and make sure the appropriate documentation is available for auditors. In addition, the provider’s access control and authentication procedures should be reviewed, and companies should find out if third parties have access to the information.”

And,

Also, to ensure data security, companies should review the service provider’s architecture to make sure proper data segregation is available and review their data leak prevention (DLP) deployment to prevent insider attacks, the report recommended.”

And,

Before utilizing a cloud computing provider’s services, organizations also must conduct a feasibility study that engages legal, risk, and compliance officers to determine if cloud computing is appropriate with respect to laws and regulations the business is subject to. Next, organizations should determine which security, legal, and compliance needs are most important and find a vendor that meets those requirements, the report recommended.”

 

Conclusion

Of course, at this stage, not all those legitimate questions, that entreprises have, still have clear responses (as you can see at  Cloud’s Security Challenge Isn’t Just Technical), but in a near future, all of those questions and concerns will have very clear answers,  and  the major concern of enterprises about Cloud Computing, won’t be about “Give me some confidence”, instead it will be “Help me move to the cloud”

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>