Posts Tagged ‘secure cloud computing’

Redundancy in the Cloud

Somehow, a perception exists that a cloud provides a certain level of redundancy by default. However, make no mistake. Redundancy is not inherent.

Admittedly, individual hardware and software components have some redundancy built in. However, those capabilities do not eliminate the need for a redundant cloud any more than safe cars eliminate the need for speed limits, traffic lights, divided highways and the rules-of-the-road.

For many cloud providers, especially consumer cloud providers, the only redundancy offered is to make physical copies of the data—and many customers do not use even that minimal level of recovery.  These clouds were not built with redundancy in mind.  They lack the automation, monitoring and procedures to provide clients with an environment that can anticipate, react and recover from component failures.  Such clouds are cost effective only if your business, employees and/or customers can tolerate the occasional complete loss of service.

Redundant Redundancy

The hallmark of an enterprise clouds is the redundancy it offers.  Redundancy exists throughout between the infrastructure layers to ensure high-availability.  For example, a failover process detects application hangs and interruptions so corrective action takes place quicker.  Monitoring tools ensure no single points of failure develops, and specially-built automation handles error conditions when a problem does occurs, obviating the need for human intervention.  This type of automation is particularly important because human interaction comes only after some level of damage is evident.

Built-in Redundancy
It is cloud vendor’s responsibility to design and build redundancy into the cloud, and the expertise, staff, time and investment it requires is substantial. Patches and piecemeal solutions added over time do not render the same strong results as redundancy baked-in from the beginning.

Is recovery of stored data enough redundancy for your applications?

Download SunGard’s white paper, “The Real Value of Cloud Computing.”

Business Continuity in the Cloud

Business continuity focuses on the resiliency, restoration, disaster recovery and security needed to keep your system operating, performing, secure and, if an incident should occur, recoverable. Many cloud vendors have little experience with business continuity, preferring instead to offer consumer cloud services to clients that provide their own back-up procedures, intrusion protection, vulnerability alerts, firewalls, software upgrades and disaster recovery planning/testing.

Resiliency is the key

Without strong resiliency, redundancy and failover capabilities at each layer of the cloud stack, the failure of one component can cause the  failure, in short order, of many subsequent processes.   Some vendors have experienced such “cascading failures.” To be truly resilient, each component in the cloud must have failover logic and automation.

Enterprise Clouds are build for overall resiliency.  That means they have not only failover capabilities and integrated, multi-site, storage locations but also multiple points “baked-in” where the system can failover in and between layers automatically.  If a component fails, it needs to failover without human interaction, so the workload moves automatically to alternative hardware to maintain availability.

Ask the Tough Questions

If low-latency, high-performance, robust security and vigilant management are key requirements for your applications, it pays to drill your potential cloud provider about their procedures and automation related to resilience, redundancy, security, governance  and data recovery.  Ask for their Service Level Agreement early in your conversations, since it spells out the level of responsibility the provider expects to provide.

Does your current data center have automatic failover?

Read “Five Considerations When Evaluating Cloud Computing Architectures” for more information.

 

How Managed Multi-Site Availability Changes the Cloud

As traditional on-premise computing and data storage moves to the cloud, many companies have questions about data outages.  What happens when the cloud experiences an outage?

It is unlikely that an entire cloud data center will go down, but it is not impossible, as Amazon’s recent outage in Dublin showed.  Fortunately, companies can look to managed multisite availability to provide a higher level of service to keep the customer environment up and running, even in the event of an entire site disaster.

The phrase “managed multi-site availability” essentially defined itself.  “Managed” refers to the ability of your vendor to help re-create your information technology in the event of a natural disaster or man-made incident.  A Do-It-Yourself (DIY) service provider offers infrastructure only, while a cloud provider offering managed services has all the capabilities and processes you expect with IT, like change management, security, operations control, and the ability to resolve problems and issues.

Multi-site means your vendor has multiple sites where the cloud is available.  That means you have options and different price points for satisfying back-up and recovery requirements in line with your business requirements, from high availability to highly resilient, failover and recovery, with many nuances in-between.

In effect, multi-site capabilities means the vendor has a “continuum of availability” at your disposal.  “Availability” refers to the how accessible an application must be.  The more important an application is to your business, the higher the availability it requires.

The availability requirements for production applications are much higher than the availability requirements for a development or testing environment.  To accommodate production applications, the cloud environment is built from the ground up for production-level availability.  It is not enough to add change management, security, operations control, etc. on top of a DIY environment.

How many applications in your data center require high availability?

Learn more about SunGard’s Enterprise Cloud Services.

Scalability Requires People and Services, Not Just Technology

Scalability is one of the most attractive features of the cloud.  It lets you meet demand-based business requirements, whether those demands are the results of ads, business growth, seasonal activity or economic cycles.

However, scalability is more than just provisioning more technology and/or increasing a data center footprint.  Scaling horizontally to add hardware is the easy part.  Data centers have been doing it for years, first as managed service offerings and now as enterprise caliber cloud offerings. 

However, the ability to scale vertically is one of the most attractive features of an Enterprise Cloud.  As your business grows, it also becomes more complex, and an Enterprise Cloud offers not just the infrastructure but also the service offerings you need, such as advanced data management services, enhanced security services and multi-site integration to support the complexity of your business.

Storage Tiering Services

As your data grows to multiple terabytes, you need storage tiering to deliver the right scaling costs at the right performance levels.  Tiered storage, where different classes of storage are defined and  available depending on the storage tier/data requirement, allows for the matching of performance and costs to the specific data-set and application(s). 

Enhanced Security Services

Similarly, as your technology footprint grows, you need additional security services beyond the standard firewall, VPN and related security access.  Examples include host-based intrusion prevention, log management/analytics and, in many cases, security information event management (SIEM).  Additional monitoring/reporting tools that report on capacity, performance and health are needed to make informed decisions across the application(s) architecture. 

Multi-site Integration

In addition, since everything is not likely to be in the cloud, you need the ability to inter-connect your Cloud environment to collocated or other managed environments as well as SaaS or self-hosted application infrastructure. This version of the hybrid cloud will continue to build in demand and necessity as more enterprises embrace the various delivery mechanisms, including SaaS, Managed Services, Cloud, Colocation, etc.  Finally, the Enterprise Cloud gives you access to the technical specialists and experts that can help you manage the new challenges.

When you think about scaling your business, recognize that three components—technology, services and people—are needed to scale it.  The Enterprise Cloud makes all those components available as you need them.

Will your data grow beyond your current data center practices  in 2012?

Learn more about SunGard’s Enterprise Cloud Services.

DocuSign Bolsters Global Network Infrastructure with SunGard Hosting and Managed Network Services

When you support large financial companies, your data center gets audited. Period. It used to be that clients demanded the audit themselves. Now, with the passage of Sarbanes Oxley in 2002, the U.S. government requires audits on a regular basis. Every 3-party IT vendor for a financial company undergoes the same audit that the client undergoes for its in-house environment. It’s the law.

Another layer of regulations come into play if a 3-party IT-vendor handles records that contain electronic signatures, whether emails, contracts or faxes. Something called “SSAE 16 Type II” went into effect on June 15th of this year. It requires certain tested solutions have to be in place for the network, and practices, policies and procedures across the whole data center have to meet certain standards.

So, what if you’re DocuSign, the global leader in electronic signature technology for the financial industry, and you expect business to grow rapidly? A cloud infrastructure would be perfect to support that growth—technology ready when you need it without upfront costs. What’s not to love?

The catch is the cloud vendor has to meet the same 3-party IT-vendor regulations that DocuSign and DocuSign’s financial customers have to meet. None of this “it’s the customer’s responsibility to…” nonsense. DocuSign is not about to risk their 100% record for passing audits with their Fortune 500 clients or their 99.99% availability record.

Only an Enterprise Cloud with Internet and private fiber networks with managed network services and multi-location facilities that meet SSAE 16 Type II requirements can provide the security and stability they need.

And now you know why we at SunGard are so proud that DocuSign has signed with us.

Which of your applications could fit into an Enterprise Cloud?

Learn more about SunGard’s Enterprise Cloud Services

Hybrid Clouds — Use Cases and Considerations

Hybrid clouds are becoming more popular as companies seek to optimize their applications and data based on risk, architecture and business growth.  As a result, hybrid clouds are taking several different forms.

The Cloud as Partner

The most common hybrid cloud scenario is one in which a set of applications resides in the cloud with the remaining applications residing in the company’s on-site data center.  This arrangement enables the company to take advantage of the flexibility and cost-savings of the cloud where appropriate, while keeping control over more sensitive applications.

The Cloud as Proving Ground

Another use of a cloud is temporary workspace.  For example, developers can load an application into the cloud, add and test new features without affecting day-to-day operations.  Similarly, they can set-up a newly purchased application, say an ERP or document management system, run it, build it out and size it before moving it in-house.

The Cloud as Extra Capacity

Some companies use a cloud for burst capacity, letting sudden spikes in traffic call into action the additional resources of the cloud to ensure continuity of service.  In other cases, companies mirror their applications in a cloud to provide a hot, stand-by site.

Hybrid Cloud Considerations

Regardless of the type of hybrid cloud your company implements, certain considerations come into play, especially these.

Network connectivity. You will need to consider your connection, bandwidth, firewall requirements and how changes and upgrades will be handled between your on-site data center and the cloud.  You will probably need a Virtual Private Network (VPN) connection to the cloud to provide the level of security your company needs.  Today VPNs typically come in two types. Internet Protocol Security (IPsec) authenticates and encrypts data over the public internet, while Multi-protocol Label Switching (MPLS) VPNs are offered by carriers to provide companies with more secure, but still shared, private IP networks.

User Access. If you are using a Windows or Linux-based cloud, your user identification and authentication can remain the same, but you will need to take into account the fact that your cloud vendor may also have access to the severs they are operating for you.  Consequently, you will need to ensure that your vendor follows access policies that are acceptable to your auditor.

Data Migration.  For small applications, you can transmit your application and data over the network.  However, network transmission is too slow and lengthy for large application, so burning a disk and over-nighting it to the vendor is faster and more efficient for large data sets.

Your hybrid cloud strategy should support your business strategy.   Formulating the right cloud strategy can not only cut costs, but also bring the operational efficiencies and extra capacity your company needs to expand and grow.

How might your company initiate and evolve a cloud strategy?

For more information, visit our Cloud microsite

 

 

An Enabling Architecture for Cloud Services

Today’s post is from Rahul Bakshi, vice president, managed services strategy & solution design 

While many different types of architectures can support cloud computing, architecture can limit a cloud’s capabilities and the therefore the use cases for cloud. Cloud architecture should not be proprietary in its technology so that it limits the applications that can be deployed.  The more agnostic the architecture is to the applications, the better.  For example, some databases, are not designed to be virtualized so dedicated computer resources, at a minimum, are required for this type of application. 

 Open and Secure

Architecture should be designed to offer as much flexibility as possible without sacrificing quality.  It not only has to be accessible to end users via various network connectivity requirements, many solutions require the need to support hybrid connectivity. A closed architecture would prevent one application from communicating with another application. For example, an e-commerce application in a closed system might not be able to communicate with a manufacturing application on dedicated infrastructure required for order fulfillment.

With Cloud computing, the increased dependency on security solutions has risen significantly.  Companies are looking to understand the layers of security the cloud solution offers as well as how that security pertains to their specific environment.  Depending on the business or application requirements, general-use “consumer clouds” will not support the appropriate level of security controls or compliance.  Most lack the ability to identify, prevent and track access, attempted access, and actual intrusions and may not include controls for authorized access.  If the infrastructure lacks the controls to detect, log and perform forensics against an intrusion, it limits the types of use cases.

Redundant and Agnostic

In addition to security, true enterprise-grade for cloud offerings means high performance, scalability, and reliability.  Enterprise cloud solutions must provide appropriate layers of redundancy to support true high availability for the application layer.  Redundancy must be built-in across the infrastructure and associated tools ensuring there are no single points of failure as well as seamless failover for the application(s).  This requires automation and appropriate tooling to prevent any requirement for human interaction.  Further, capacity management and process automation are required to maintain the right levels of availability.    Special automation should move the workload wherever needed to maintain availability. 

Performance transparency and automation

Cloud solutions require tools around monitoring, reporting, and managing now more than ever due to how clouds are architected, shared, and made available for applications.  Organizations need to understand how the resources are being used so they can manage and plan for capacity and growth while having confidence in the current performance and health. 

Automation is also a key component of cloud architectures as automation delivers on the value proposition of services needed with high degree of quality.  Operational automation to provision the services businesses need drives costs down while improving time to market.  Integrating this automation into the overall performance management delivers capacity on demand.

Guest Post: Jim Dunlap on Cycle30′s SunGard Cloud Solution

We recently asked Jim Dunlap, President of Cycle30 and one of the first customers using Sungard’s Enterprise Cloud Services, for his thoughts about SunGard’s Cloud.  Here’s what he had to say.

1.  Last year, Cycle30 adopted a cloud computing solution.  What do you see as the  key business benefits of cloud computing?

“Cloud computing allows us to evolve our application platform as rapidly as our business needs dictate.  Provisioning a virtual machine does not require the detailed planning it once did because we can always scale resources up or down later.  

A second benefit is the ability to support a heterogeneous environment on the same hardware. We run a mix of Linux and Microsoft virtual machines and they happily coexist on shared cloud resources.  The third big benefit is availability.  SunGard’s cloud shields us from underlying physical hardware failures, because our virtual machines migrate across hardware hosts transparently to the end users.”

2.  Just as it was when managed services emerged 10 years ago, security is a big consideration for businesses considering moving to the cloud.  Was this a concern for Cycle30 and how were you assured?

Security is a big concern for Cycle30 and our customers.  However, SunGard’s cloud offers unique flexibility in provisioning resources and that allows us to leverage our corporate security systems.  We can present and protect the cloud resources as if they were inside our security perimeter.  A similar approach is possible when incorporating cloud resources into high availability and disaster recovery planning.”

3.  Time to market was important to Cycle30 – how did utilizing a cloud environment help you address your timing goal?

“Cycle30 use a mix of Sungard’s cloud and our own private cloud, also hosted on Sungard’s infrastructure.  We built our own cloud, which involved careful planning, procurement and installation.  While that was in process, we started using Sungard’s cloud.  With very little overhead or ceremony, we rapidly spun up development and test environments on Sungard’s cloud, safe in knowing we could transition those resources to our own hardware later.

Now that our own cloud is firmly in place, utilizing SunGard’s cloud resources has become even easier. We can now decide almost on a machine by machine basis where new resources should be created.   This gives us unprecedented reaction times to new business requirements, while also permitting migrations between the environments to constantly optimize our service and cost levels.”

 

Can Cloud Computing Improve Your Security?

Cloud Security continues to dominiate the cloud conversation.  I asked Nik Weidenbacher, director of product engineering for cloud computing to give us his thoughts on cloud improving security.  Nik and his team are responsible for designing, building and testing the infrastructure for SunGard’s Cloud Computing Service…CM

Can Cloud Computing Improve Your Security?

Obviously, the answer is “it depends.”  How good is your security now?  A number of factors play into that question.

Security in a Data Center

If your technology runs in a traditional data center and you move to a cloud where the same technology is used, security is quite similar.  Essentially, you’ve been using virtual local area networks (VLANs) to separate your departments, and now your cloud provider use that same technology to separate your departments and to separate other tenants from you. 

Security in a cloud

If your company doesn’t use a technology like VMware to run multiple operating systems within VLANs, than the security landscape changes significantly.  A physical switch connecting the network to one machine in your data center is now replaced by software switches connected to multiple machines and managed by a “hypervisor.” 

Just as you secured that physical switch in your data center, the cloud technician must secure the software switches and the hypervisor to control who can/cannot access it, and they also need to adding invasion protection software to thwart unauthorized outside access. 

Then they have to consider security maintenance.  Are patches being received, evaluated and placed operation on a timely basis?   Clouds have lots of moving parts and, since it is the weakest link that is most vulnerable, you have to think about security everywhere all the time. 

Security gains

Ultimately, the most important security question is “who’s running your cloud.”  Many companies can’t afford all the software and technical skill it takes to manage a highly-secured data center, so they aren’t doing it.  A cloud provider can share that cost among many companies to not only provide a more secure environment but also to pay constant attention to it.  Similarly, where PCI-DSS certification for credit card transaction may be an on-going project in a company, the cloud provider may already have that security in place. 

What additional security measures could your organization gain with the right cloud provider?

Is the Cloud Security Risk Overstated?

Gregory L. Smith, Senior Product Architect for Cloud Computing, is a liaison to clients for defining and shaping the security components of SunGard’s Cloud Computing Services.

Is the Cloud Security Risk Overstated?

Is the cloud security risk overstated?  If you work with a trusted partner and already have good security practices in place before you move to a cloud, I think the security risk in the cloud is slightly overstated.  It is not cloud computing itself that is the risk.

The Security Risk Realization

Unfortunately, it is not uncommon for a company to be planning a move to a cloud and suddenly see risks everywhere, including places that they had naively overlooked in their existing environment.  However, in you are moving to a trusted cloud computing provider, that provider probably offers more security capabilities than most managed service or infrastructure providers. 

The Key to Reducing Security Risk

The key to reducing the security risk within a cloud is to know how your provider approached the security requirements. Did the cloud computing provider retrofit security or design it in from scratch?

Retro-fitting security capabilities to handle, say, PCI-DSS, HIPAA, ISO 27001/2 regulatory requirements means extracting whatever information is available from low-level system logs after the fact.  This approach offers limited information, and testing security is difficult.

Designing security into a cloud means you can embed audit trails with needed data across all layers of the environment.  From a due diligence perspective, you can produce reports that provide transparency and prove that security is in place, not only for the auditors, but for the client and their customers as well. 

Large enterprises, especially, need built-in security.  The existing security information provided by a vendor may meet the needs of low-level use cases but not that of more closely regulated organizations.  Adding those capabilities could be difficult.

Enable the Client

The goal is not just to put a check mark by each security item on the list.  Rather, the goal is to enable the customer.  With embedded security, applications can ride on top of the infrastructure and transparently hand-off data that your organization needs for its applications.

Download SunGard’s white paper, “All clouds are not created equal.”