Posts Tagged ‘cloud computing security’

Considerations for Choosing a Cloud Provider

For many organizations, cloud computing is cost-effective for at least some applications.  Determining which applications are appropriate for the cloud takes careful evaluation.  The following checklist covers some of the factors you need to consider before selecting a cloud computing provider:

  1. Does the cloud you are considering meet your business availability needs?  What information can the provider give about historical and recent cloud availability?  What investment has the provider made in resilience and high availability?
  2. What service level agreements does the provider offer?  What compensation is available if the service is lost?
  3. Do you need the cloud provider to comply with certain regulatory requirements?  Where will your data reside, and is that location acceptable?  Does data archiving meet your regulatory requirements?
  4. o the cloud services meet and exceed your IT and data security policies, or do they fall short?  Will it be in a private or public cloud?  Will it be in a secure data center?
  5. Where is the data actually stored and who has access to the data?  What happens to the data when production tasks are completed?  How are archives accessed?  How is the data finally destroyed?
  6. What will costs be tomorrow?  What are your baseline costs?  Agility, flexibility, and strategy are part of the future costs, but you need a baseline for comparison.  How is the agreement structured?  Can the provider change the cost of the service to you?  If so, how much notice is required?
  7. How viable is the cloud provider?  It is important to select a provider with sufficient resources and services to provide the high levels of availability, resiliency, and security your business requires.  Is cloud computing part of the provider’s core business, or is it a new venture that could fail if it does not attract and retain sufficient customers?  Does the cloud offer multiple, highly resilient data centers with very strong network links between them?

In a business environment where information availability is critical, it makes sense to proceed cautiously, using a deliberate and systematic approach to mitigate risk.  A sensible first step is to testing a cloud provider with a non-critical process.  This lets you gain hands-on experience without risking major problems with day-to-day operations.

Does your organization have a business impact analysis (BIA) that audit all your business processes and defines the availability, resiliency and security each needs?

For more information, visit our Cloud microsite

How Managed Multi-Site Availability Changes the Cloud

As traditional on-premise computing and data storage moves to the cloud, many companies have questions about data outages.  What happens when the cloud experiences an outage?

It is unlikely that an entire cloud data center will go down, but it is not impossible, as Amazon’s recent outage in Dublin showed.  Fortunately, companies can look to managed multisite availability to provide a higher level of service to keep the customer environment up and running, even in the event of an entire site disaster.

The phrase “managed multi-site availability” essentially defined itself.  “Managed” refers to the ability of your vendor to help re-create your information technology in the event of a natural disaster or man-made incident.  A Do-It-Yourself (DIY) service provider offers infrastructure only, while a cloud provider offering managed services has all the capabilities and processes you expect with IT, like change management, security, operations control, and the ability to resolve problems and issues.

Multi-site means your vendor has multiple sites where the cloud is available.  That means you have options and different price points for satisfying back-up and recovery requirements in line with your business requirements, from high availability to highly resilient, failover and recovery, with many nuances in-between.

In effect, multi-site capabilities means the vendor has a “continuum of availability” at your disposal.  “Availability” refers to the how accessible an application must be.  The more important an application is to your business, the higher the availability it requires.

The availability requirements for production applications are much higher than the availability requirements for a development or testing environment.  To accommodate production applications, the cloud environment is built from the ground up for production-level availability.  It is not enough to add change management, security, operations control, etc. on top of a DIY environment.

How many applications in your data center require high availability?

Learn more about SunGard’s Enterprise Cloud Services.

SunGard Availability Services Brings Enterprise-class Availability for SAP to the Cloud

Today we are announcing the availability of cloud-based SAP ERP Services.   You will probably see the formal announcement in the blogs, trade pubs and various news services, but we thought we would be remiss if we did not give you a heads-up here.  Don’t hesitate to contact me for more info.  Thanks,           -CM

For the last 10 years, SunGard has provided SAP production support services (SAP-hosting certified since 2009), so it is only logical that we extend those services to our Enterprise Cloud.  With our Enterprise Cloud as its foundation, our SAP ERP production-ready cloud services leverage the best-in-class Vblock™ platform with the multiple layers of availability, scalable and elastic resources, and cost advantages that make cloud computing attractive.

We have been certified as a cloud service provider by SAP, and we have optimized our infrastructure for SAP ERP production.  Our services include advanced SAP monitoring and range from configuration support to application administration, patches and updates.  Because the SAP ERP services interconnect with our hosted physical environment, we can provide flexible, hybrid solutions as well.

We meet the needs of SAP ERP environments ranging from  new development environments to full multi-landscape deployments, including:

Available
Availability features range from automated fail-over of virtualized systems to managed multi-site availability with secure data replication and managed SAP recovery options.  Our Service Level Agreement (SLA) covers 99.95% VM uptime in combination with a 99.9% SAP production uptime SLA.

Compliance
As a SAP-certified cloud services provider, we provides ITILv3 framework production application services in hardened data centers audited under SSAE 16 Type II criteria and certified to the ISO 20000-1 standard.

Security
We provides a range of secure network access, performance and security options, from Internet-based virtual private networks and private carrier circuits to geographic load balancing and intrusion detection systems (IDS).

Now, new SAP ERP installations can deploy with no upfront costs, low minimums for cloud resources and predictable, predetermined costs—making this an attractive, cost-effective alternative to in-house deployment.  Likewise, existing installations can leverage the on-demand resources and predictable costs of the cloud to reduce in-house data center costs when equipment upgrades approach.

Moving to the SAP ERP production-ready cloud services lets your in-house IT experts manage their production work, rather than being consumed with the day-to-day execution details.  In short, it frees them to focus more on the company’s IT priorities and initiatives.  We can help you get there.

How much time could your IT department save with an enterprise-class SAP ERP cloud?

See a demo of the SunGard Enterprise Cloud Services here.

Should you Negotiate your SLA?

Solutions Marketing Manager Janel Ryan discusses service level agreements today. –  Carl M

Much has been written in the few months about negotiating a better Service Level Agreement (SLA) with your cloud vendor.  Before you follow that advise, you may want to consider a few key points.

Be Realistic

First, If you are going to negotiate with your cloud provider, you have to be realistic about the performance you need and you have to be prepared to pay for those services. No vendor is going to take on more responsibility without charging more, no matter how hard you press.

Review the Architecture

Second, you’ll need to determine whether the vendor is capable of providing the service or performance level you are requesting.  Recognize that the services offered by the provider are usually governed by the cloud’s architecture and how it is implemented.  A cloud architected for inexpensive IaaS and quick provisioning may not use the most agile, efficient and self-managing software for storage, network and hypervisor.

Ask questions like, what uptime are you engineered for?  What exclusions would prevent you from obtaining an SLA remedies. Do they adhere to industry standards, like ITI for service management; ISO-9001:2008 for business processes, and  ISO 20000-1 for continuous improvement?  Do their internal procedures adhere to COBIT standards for governance?

Consider Walking Away

Finally and most importantly, if a cloud provider does not offer the SLA commitments you want and need, you are probably talking to the wrong provider.  Providers know what they do best and they know what is not in place.  If you need additional services, redundancy, a geographical distributed architecture and the vendor does not offer it, it is time to walk away.  Pushing a vendor out of his comfort zones adds more risk to an SLA, rather than adding more trust and confidence.

The clearer you are about your company’s needs for latency, redundancy, recovery, security and compliance, customer support, and technical support requirement, the easier it will be for you to select a cloud provider that can become a trusted partner.   Ask for a copy of the SLA early in your conversation with a vendor.  It could save you considerable time.

What improvements in service and support would benefit your company when it moves to a cloud?

Scalability Requires People and Services, Not Just Technology

Scalability is one of the most attractive features of the cloud.  It lets you meet demand-based business requirements, whether those demands are the results of ads, business growth, seasonal activity or economic cycles.

However, scalability is more than just provisioning more technology and/or increasing a data center footprint.  Scaling horizontally to add hardware is the easy part.  Data centers have been doing it for years, first as managed service offerings and now as enterprise caliber cloud offerings. 

However, the ability to scale vertically is one of the most attractive features of an Enterprise Cloud.  As your business grows, it also becomes more complex, and an Enterprise Cloud offers not just the infrastructure but also the service offerings you need, such as advanced data management services, enhanced security services and multi-site integration to support the complexity of your business.

Storage Tiering Services

As your data grows to multiple terabytes, you need storage tiering to deliver the right scaling costs at the right performance levels.  Tiered storage, where different classes of storage are defined and  available depending on the storage tier/data requirement, allows for the matching of performance and costs to the specific data-set and application(s). 

Enhanced Security Services

Similarly, as your technology footprint grows, you need additional security services beyond the standard firewall, VPN and related security access.  Examples include host-based intrusion prevention, log management/analytics and, in many cases, security information event management (SIEM).  Additional monitoring/reporting tools that report on capacity, performance and health are needed to make informed decisions across the application(s) architecture. 

Multi-site Integration

In addition, since everything is not likely to be in the cloud, you need the ability to inter-connect your Cloud environment to collocated or other managed environments as well as SaaS or self-hosted application infrastructure. This version of the hybrid cloud will continue to build in demand and necessity as more enterprises embrace the various delivery mechanisms, including SaaS, Managed Services, Cloud, Colocation, etc.  Finally, the Enterprise Cloud gives you access to the technical specialists and experts that can help you manage the new challenges.

When you think about scaling your business, recognize that three components—technology, services and people—are needed to scale it.  The Enterprise Cloud makes all those components available as you need them.

Will your data grow beyond your current data center practices  in 2012?

Learn more about SunGard’s Enterprise Cloud Services.

Designing for Failure Conditions

Today we hear from Chip Childers, product architect for SunGard’s Enterprise Cloud Services and partners with our product management and product engineering teams to drive the overall solution design of the service…CM

I’m a big fan of designing systems to deal with component failures. But let’s be honest, doing that perfectly is pretty darn hard.

In the research paper “Fundamental Concepts of Dependability,” all possible sources of fault conditions have been classified into 16 different categories. In another paper, “Software Architecture Reliability Analysis using Failure Scenarios,” an 8-step failure analysis process is proposed for how to understand a system’s potential failure conditions. All this is about identifying and classifying fault conditions—neither provides any design or logic to resolve the issues

I’m going to go out on a limb, and declare that nobody is doing that type of full and formal analysis for their cloud applications. (OK, perhaps somebody, but certainly not many.)

So that’s the problem in a nutshell. How can you really say that you have fully designed for failure, given all of the possible failure conditions? And for the 90% of the cloud platform population that just want to get their apps built, how much time should they really be spending on solving this problem? And what if you have legacy applications that can’t be designed in a truly “failure proof” way?

This is where an enterprise class cloud infrastructure comes in. An enterprise cloud has the resiliency, redundancy, data restoration, disaster recovery and security capabilities needed to keep your system secure and operating, and the enterprise cloud provider backs those capabilities with a Service Level Agreement. Further, an enterprise cloud also offers 24/7/365 management and monitoring of your virtualized infrastructure.

Failure can not be completely avoided, but you are better off knowing that the underlying platform design was build with resiliency in mind and that you have someone watching your back when things do go wrong.

To what extent could an enterprise cloud transform your company?

Visit our Cloud Solutions Center for videos, white papers and case studies about SunGard’s Enterprise Cloud Services.

DocuSign Bolsters Global Network Infrastructure with SunGard Hosting and Managed Network Services

When you support large financial companies, your data center gets audited. Period. It used to be that clients demanded the audit themselves. Now, with the passage of Sarbanes Oxley in 2002, the U.S. government requires audits on a regular basis. Every 3-party IT vendor for a financial company undergoes the same audit that the client undergoes for its in-house environment. It’s the law.

Another layer of regulations come into play if a 3-party IT-vendor handles records that contain electronic signatures, whether emails, contracts or faxes. Something called “SSAE 16 Type II” went into effect on June 15th of this year. It requires certain tested solutions have to be in place for the network, and practices, policies and procedures across the whole data center have to meet certain standards.

So, what if you’re DocuSign, the global leader in electronic signature technology for the financial industry, and you expect business to grow rapidly? A cloud infrastructure would be perfect to support that growth—technology ready when you need it without upfront costs. What’s not to love?

The catch is the cloud vendor has to meet the same 3-party IT-vendor regulations that DocuSign and DocuSign’s financial customers have to meet. None of this “it’s the customer’s responsibility to…” nonsense. DocuSign is not about to risk their 100% record for passing audits with their Fortune 500 clients or their 99.99% availability record.

Only an Enterprise Cloud with Internet and private fiber networks with managed network services and multi-location facilities that meet SSAE 16 Type II requirements can provide the security and stability they need.

And now you know why we at SunGard are so proud that DocuSign has signed with us.

Which of your applications could fit into an Enterprise Cloud?

Learn more about SunGard’s Enterprise Cloud Services

An Enabling Architecture for Cloud Services

Today’s post is from Rahul Bakshi, vice president, managed services strategy & solution design 

While many different types of architectures can support cloud computing, architecture can limit a cloud’s capabilities and the therefore the use cases for cloud. Cloud architecture should not be proprietary in its technology so that it limits the applications that can be deployed.  The more agnostic the architecture is to the applications, the better.  For example, some databases, are not designed to be virtualized so dedicated computer resources, at a minimum, are required for this type of application. 

 Open and Secure

Architecture should be designed to offer as much flexibility as possible without sacrificing quality.  It not only has to be accessible to end users via various network connectivity requirements, many solutions require the need to support hybrid connectivity. A closed architecture would prevent one application from communicating with another application. For example, an e-commerce application in a closed system might not be able to communicate with a manufacturing application on dedicated infrastructure required for order fulfillment.

With Cloud computing, the increased dependency on security solutions has risen significantly.  Companies are looking to understand the layers of security the cloud solution offers as well as how that security pertains to their specific environment.  Depending on the business or application requirements, general-use “consumer clouds” will not support the appropriate level of security controls or compliance.  Most lack the ability to identify, prevent and track access, attempted access, and actual intrusions and may not include controls for authorized access.  If the infrastructure lacks the controls to detect, log and perform forensics against an intrusion, it limits the types of use cases.

Redundant and Agnostic

In addition to security, true enterprise-grade for cloud offerings means high performance, scalability, and reliability.  Enterprise cloud solutions must provide appropriate layers of redundancy to support true high availability for the application layer.  Redundancy must be built-in across the infrastructure and associated tools ensuring there are no single points of failure as well as seamless failover for the application(s).  This requires automation and appropriate tooling to prevent any requirement for human interaction.  Further, capacity management and process automation are required to maintain the right levels of availability.    Special automation should move the workload wherever needed to maintain availability. 

Performance transparency and automation

Cloud solutions require tools around monitoring, reporting, and managing now more than ever due to how clouds are architected, shared, and made available for applications.  Organizations need to understand how the resources are being used so they can manage and plan for capacity and growth while having confidence in the current performance and health. 

Automation is also a key component of cloud architectures as automation delivers on the value proposition of services needed with high degree of quality.  Operational automation to provision the services businesses need drives costs down while improving time to market.  Integrating this automation into the overall performance management delivers capacity on demand.

Are you Ready for Cloud?

Solutions Marketing Manager Janel Ryan discusses how to evaluate your organization’s readiness for cloud –  Carl M

As companies evaluate cloud computing as part of an overall business delivery model, deciding which applications are candidates to move to cloud and which need to remain in legacy environments is part of the planning process.  Identifying business requirements up front creates the right basis for planning cloud projects, timelines, and resources.

The demand for consulting services designed around cloud readiness is being driven by customers looking for solutions that can get cloud technologies and legacy technologies – dedicated hosting or on-premise – to work together.

Discovery Phase

A cloud readiness assessment can be viewed as a series of stages.  During the Discovery phase, a thorough examination of your current IT infrastructure gathers details about your business systems, their usage, performance, capacity, and application interdependencies, etc.  Due to the complexity of IT environments and numerous IT demands, many large companies may not have a complete documentation or understanding of all their application environments.  Most companies use a consultant during the assessment process because the specific expertise needed for this type of evaluation is not something an IT department normally has available to spare.

Analysis Phase

During the Analysis phase, you and the consultant review the data on each application and confirm its continued need, use and importance with users. You also need to confirm access, performance, security, compliance and other special requirements for each application.  From there, you can discern and compile the infrastructure requirements.

Validation Phase

In the Validation phase the initial findings are laid out and you determine a strategic vision for using cloud computing.  You and the consultant explore different scenarios and options, and you determine which applications are ready to deploy, which could be ready if security, compliance and other requirements can be met by a vendor and which cannot be moved for whatever reason.  Your consultant should be able to articulate how various vendors deliver their technology and should identify those vendors that could potentially meet your needs.

Migration Planning Phase

Based on your strategic vision, you select your vendor and proceed to the Migration Planning phase.  Here you lay out a plan for preparing migrating, testing and moving to live production for each application.  You also set critical requirements for security, storage, performance, etc. along with the timeline for accomplishing each move. 

Some companies take longer than others to plan and execute their moves to cloud computing.  Regardless of the time it takes, the more meticulously you perform these four tasks, the more smoothly your migrations will go and the better your cloud computing experience will be. 

 Download SunGard’s white paper, “All clouds are not created equal.”

What’s in a Private Cloud?

Today we hear from Gregory Smith, Senior Product Architect, Cloud Computing

Many companies have a virtualized infrastructure, but in reality, a virtualized data center is not the same as a private cloud. Most virtualized data centers lack the automation and processes to manage them as private clouds.

In the ‘90s when Fortune 500 companies implemented VMware’s virtual infrastructures, their equipment became more efficient and cost-effective, but because most companies kept the same practices, policies, procedures and methods in place, IT’s ability to respond to user needs did not change much. 

For example, provisioning did not get simplified or faster. For most it still involves a string of people to purchase the hardware, deliver the hardware, lay down the company image, create the user account, update the asset management system, obtain the login information and load the appropriate software (a list of applications that may or may not exist on paper).

Even when they added VCloud Director or VCenter Orchestrator, IT added them on top of the environment to track the current policies more exactly. Nothing streamlined or improved the procedures and processes. 

A private cloud offered by a trusted vendor is designed from the ground up to support the most efficient processes for the user in addition to the most efficient use of resources. A private cloud contains intelligent software for requesting resources and having those resources allocated rapidly. It also should come with a service level agreement (SLA) that specifies a certain level of availability and/or performance, with penalties for default. Few companies have this type of guarantee or recourse.

A private cloud also comes with actual prices (i.e., chargebacks) for services. This enables a company to see the exact cost of resources used by a particular business unit, not just estimated costs based on a formula or a cost model that must be revamped every year as hardware depreciates and is refreshed and expanded.

Could a Fortune 500 company bring in the expertise to build request, allocation, and chargeback software; revamp its procedures, and run as efficiently as a private cloud? Yes, but virtually no CFO would foot the bill for that upgrade. Especially when he or she could leverage the investment a cloud provider has already made—and save costs while he does it.