Archive for November, 2010

Rahul Bakshi Predicts Cloud Maturity and Convergence

SunGard Availability Services released an article recently featuring Rahul Bakshi, vice president Product Management, Managed Services at SunGard AS.  In the article, Rahul offers predictions on the future of the cloud, including the maturity and convergence of offerings.

Click here to see the video of Rahul discussing his predictions:

Rahul Bakshi

Cloud is a Service, Not a Commodity

Forrester’s James Staten recently wrote a very well written (and widely read) piece on Cloud Computing trends for 2011.  While I agree with most of his bold points and predictions, one point gave me pause.  James writes:

“Cloud economics gets switched on.  Being cheap is good. We all know the basic of cloud economics — pay only for what you use — but the mechanism isn’t the lesson; it’s just the tool. Cloud economics 101 is matching elastic applications to cloud platforms and moving transient apps in and out so their costs are constantly returning to zero. Cloud economics 201 is designing and optimizing applications to take greatest advantage. Cloud economics 301 is knowing when and which cloud to use for maximum profitability. Look to early efforts such as Amazon Web Services’ Spot Instances and Enomaly’s SpotCloud to show the way here and the Cloud Price Calculator to help you normalize costs. As cloud segments, such as IaaS commoditize, tools that let you play the market will grow in importance.”

While this is true of small very portable and transitional workloads, I think this one is highly overstated in the enterprise.   These are the exception not the rule for most businesses.   Most services needed to be highly available once in production and must adhere to fully realized IT Infrastructure Library (ITIL®) processes designed to ensure the availability of these services.   While they will inevitably be moved into the cloud to get benefits of scale, elasticity and lowering costs – the move will be managed very carefully. 

There is a cost to this migration.   Enterprises understand this and will choose their cloud vendors carefully and will not switch vendors to save a nickel when then costs associated with the move will likely be measured in dimes.  It is precisely because most businesses do not have IT as a core competence–which is part of the benefit of clouds–that they will not have workload migration and cloud optimization as a core competence.  They should carefully choose a partner and work with and trust that partner until the partner is unable to meet the organization’s requirements.  In short – for the enterprise production applications, the cloud is a service – not a commodity.

 ITIL® is a Registered Trade Mark of the Office of Government Commerce in the United Kingdom and other countries.

Can Cloud Computing Improve Your Security?

Cloud Security continues to dominiate the cloud conversation.  I asked Nik Weidenbacher, director of product engineering for cloud computing to give us his thoughts on cloud improving security.  Nik and his team are responsible for designing, building and testing the infrastructure for SunGard’s Cloud Computing Service…CM

Can Cloud Computing Improve Your Security?

Obviously, the answer is “it depends.”  How good is your security now?  A number of factors play into that question.

Security in a Data Center

If your technology runs in a traditional data center and you move to a cloud where the same technology is used, security is quite similar.  Essentially, you’ve been using virtual local area networks (VLANs) to separate your departments, and now your cloud provider use that same technology to separate your departments and to separate other tenants from you. 

Security in a cloud

If your company doesn’t use a technology like VMware to run multiple operating systems within VLANs, than the security landscape changes significantly.  A physical switch connecting the network to one machine in your data center is now replaced by software switches connected to multiple machines and managed by a “hypervisor.” 

Just as you secured that physical switch in your data center, the cloud technician must secure the software switches and the hypervisor to control who can/cannot access it, and they also need to adding invasion protection software to thwart unauthorized outside access. 

Then they have to consider security maintenance.  Are patches being received, evaluated and placed operation on a timely basis?   Clouds have lots of moving parts and, since it is the weakest link that is most vulnerable, you have to think about security everywhere all the time. 

Security gains

Ultimately, the most important security question is “who’s running your cloud.”  Many companies can’t afford all the software and technical skill it takes to manage a highly-secured data center, so they aren’t doing it.  A cloud provider can share that cost among many companies to not only provide a more secure environment but also to pay constant attention to it.  Similarly, where PCI-DSS certification for credit card transaction may be an on-going project in a company, the cloud provider may already have that security in place. 

What additional security measures could your organization gain with the right cloud provider?

Is the Cloud Security Risk Overstated?

Gregory L. Smith, Senior Product Architect for Cloud Computing, is a liaison to clients for defining and shaping the security components of SunGard’s Cloud Computing Services.

Is the Cloud Security Risk Overstated?

Is the cloud security risk overstated?  If you work with a trusted partner and already have good security practices in place before you move to a cloud, I think the security risk in the cloud is slightly overstated.  It is not cloud computing itself that is the risk.

The Security Risk Realization

Unfortunately, it is not uncommon for a company to be planning a move to a cloud and suddenly see risks everywhere, including places that they had naively overlooked in their existing environment.  However, in you are moving to a trusted cloud computing provider, that provider probably offers more security capabilities than most managed service or infrastructure providers. 

The Key to Reducing Security Risk

The key to reducing the security risk within a cloud is to know how your provider approached the security requirements. Did the cloud computing provider retrofit security or design it in from scratch?

Retro-fitting security capabilities to handle, say, PCI-DSS, HIPAA, ISO 27001/2 regulatory requirements means extracting whatever information is available from low-level system logs after the fact.  This approach offers limited information, and testing security is difficult.

Designing security into a cloud means you can embed audit trails with needed data across all layers of the environment.  From a due diligence perspective, you can produce reports that provide transparency and prove that security is in place, not only for the auditors, but for the client and their customers as well. 

Large enterprises, especially, need built-in security.  The existing security information provided by a vendor may meet the needs of low-level use cases but not that of more closely regulated organizations.  Adding those capabilities could be difficult.

Enable the Client

The goal is not just to put a check mark by each security item on the list.  Rather, the goal is to enable the customer.  With embedded security, applications can ride on top of the infrastructure and transparently hand-off data that your organization needs for its applications.

Download SunGard’s white paper, “All clouds are not created equal.”

Guest Blog: Cisco’s Omar Sultan’s Thoughts on Security in Multi-Tenant Environments

One of the most frequent questions I get when the topic of cloud computing comes up is around security.  Justifiably, folks tend to have questions around security, privacy, and regulatory compliance in shared environments.

A shared environment (also called a multi-tenant environment) is much like an apartment building.  You have multiple tenants (renters) sharing common infrastructure (the apartment building).   The tenants may be different departments from the same company or completely different companies.

Security is a complex topic but the main concepts are applicable whether you are looking at private cloud solutions or public cloud solutions.  To keep things grounded in something practical, I’ll use Cisco’s Vblock architecture as a reference, since it is deployed in both public and private cloud environments.

Shared Resource Blocks

At the most basic level, you need to be able to segment shared resources among the tenants.   The Vblock architecture segments tenant resources in several ways: 

At the network level, the architecture uses unique Media Access Control (MAC) address pools, Virtual Local Area Network (VLAN) tagging and security features, such as vShield zones, private VLANs and access control lists, to consistently define and enforce policies, not just at the tenant level but also down to the virtual machine level so you can enforce segmentation even within a tenant. 

Similarly, at the storage level, the architecture uses Logical Unit Number (LUN) masking, zoning and Virtual Storage Area Networks (VSANs) to segment of storage assets. 

Quality of Service Monitoring

One subtle aspect of Vblock’s segmentation capability is the ability to create and enforce “quality of service (QoS)”between tenants.  The apartment analogy of this ability is when your neighbor plays their stereo too loud and drowns out your TV.   In cloud environments, you need to ensure that QoS mechanisms are in place so you workloads are not adversely impacted by the activities of another tenant.

vblock multi-tenent

Manage Consistent Security

The next area to look at is manageability.   First is the ability to integrate with your existing information security (“infosec”) framework.  If your information security framework doesn’t have operational consistency with the rest of your environment it can reduce efficiency or, worse, create policy compliance issues.  

The second area is the security on operations and management interfaces, which prevents someone from hacking in and taking control of your infrastructure.  Vblock provides an open framework that integrates with your existing security framework to ensure consistent security between physical and virtual environments.

 vblock graphic

Auditability

Finally, you need auditability.  If you have a business governed by regulatory compliance policies, then you need to make sure your cloud solutions can provide you with the kind of data you need to keep your auditors happy.

At the end of the day, do you need to do your due diligence around security issues when looking at cloud solutions?  Absolutely, but the good news is that there are proven solutions available that allow you to take advantage of cloud computing while still keeping your infosec folks happy, which is always a good idea.

Download SunGard’s white paper: “All Clouds are Not Created Equal.”

SunGard’s Rahul Bakshi Talks About the SunGard Enterprise Cloud Offering

Rahul Bakshi

Rahul Bakshi Talks Cloud

Rahul Bakshi talks about  meeting customer needs and requirements with enterprise cloud services.  Click here to view the video.