Posts Tagged ‘security in cloud computing’

How Managed Multi-Site Availability Changes the Cloud

As traditional on-premise computing and data storage moves to the cloud, many companies have questions about data outages.  What happens when the cloud experiences an outage?

It is unlikely that an entire cloud data center will go down, but it is not impossible, as Amazon’s recent outage in Dublin showed.  Fortunately, companies can look to managed multisite availability to provide a higher level of service to keep the customer environment up and running, even in the event of an entire site disaster.

The phrase “managed multi-site availability” essentially defined itself.  “Managed” refers to the ability of your vendor to help re-create your information technology in the event of a natural disaster or man-made incident.  A Do-It-Yourself (DIY) service provider offers infrastructure only, while a cloud provider offering managed services has all the capabilities and processes you expect with IT, like change management, security, operations control, and the ability to resolve problems and issues.

Multi-site means your vendor has multiple sites where the cloud is available.  That means you have options and different price points for satisfying back-up and recovery requirements in line with your business requirements, from high availability to highly resilient, failover and recovery, with many nuances in-between.

In effect, multi-site capabilities means the vendor has a “continuum of availability” at your disposal.  “Availability” refers to the how accessible an application must be.  The more important an application is to your business, the higher the availability it requires.

The availability requirements for production applications are much higher than the availability requirements for a development or testing environment.  To accommodate production applications, the cloud environment is built from the ground up for production-level availability.  It is not enough to add change management, security, operations control, etc. on top of a DIY environment.

How many applications in your data center require high availability?

Learn more about SunGard’s Enterprise Cloud Services.

Scalability Requires People and Services, Not Just Technology

Scalability is one of the most attractive features of the cloud.  It lets you meet demand-based business requirements, whether those demands are the results of ads, business growth, seasonal activity or economic cycles.

However, scalability is more than just provisioning more technology and/or increasing a data center footprint.  Scaling horizontally to add hardware is the easy part.  Data centers have been doing it for years, first as managed service offerings and now as enterprise caliber cloud offerings. 

However, the ability to scale vertically is one of the most attractive features of an Enterprise Cloud.  As your business grows, it also becomes more complex, and an Enterprise Cloud offers not just the infrastructure but also the service offerings you need, such as advanced data management services, enhanced security services and multi-site integration to support the complexity of your business.

Storage Tiering Services

As your data grows to multiple terabytes, you need storage tiering to deliver the right scaling costs at the right performance levels.  Tiered storage, where different classes of storage are defined and  available depending on the storage tier/data requirement, allows for the matching of performance and costs to the specific data-set and application(s). 

Enhanced Security Services

Similarly, as your technology footprint grows, you need additional security services beyond the standard firewall, VPN and related security access.  Examples include host-based intrusion prevention, log management/analytics and, in many cases, security information event management (SIEM).  Additional monitoring/reporting tools that report on capacity, performance and health are needed to make informed decisions across the application(s) architecture. 

Multi-site Integration

In addition, since everything is not likely to be in the cloud, you need the ability to inter-connect your Cloud environment to collocated or other managed environments as well as SaaS or self-hosted application infrastructure. This version of the hybrid cloud will continue to build in demand and necessity as more enterprises embrace the various delivery mechanisms, including SaaS, Managed Services, Cloud, Colocation, etc.  Finally, the Enterprise Cloud gives you access to the technical specialists and experts that can help you manage the new challenges.

When you think about scaling your business, recognize that three components—technology, services and people—are needed to scale it.  The Enterprise Cloud makes all those components available as you need them.

Will your data grow beyond your current data center practices  in 2012?

Learn more about SunGard’s Enterprise Cloud Services.

DocuSign Bolsters Global Network Infrastructure with SunGard Hosting and Managed Network Services

When you support large financial companies, your data center gets audited. Period. It used to be that clients demanded the audit themselves. Now, with the passage of Sarbanes Oxley in 2002, the U.S. government requires audits on a regular basis. Every 3-party IT vendor for a financial company undergoes the same audit that the client undergoes for its in-house environment. It’s the law.

Another layer of regulations come into play if a 3-party IT-vendor handles records that contain electronic signatures, whether emails, contracts or faxes. Something called “SSAE 16 Type II” went into effect on June 15th of this year. It requires certain tested solutions have to be in place for the network, and practices, policies and procedures across the whole data center have to meet certain standards.

So, what if you’re DocuSign, the global leader in electronic signature technology for the financial industry, and you expect business to grow rapidly? A cloud infrastructure would be perfect to support that growth—technology ready when you need it without upfront costs. What’s not to love?

The catch is the cloud vendor has to meet the same 3-party IT-vendor regulations that DocuSign and DocuSign’s financial customers have to meet. None of this “it’s the customer’s responsibility to…” nonsense. DocuSign is not about to risk their 100% record for passing audits with their Fortune 500 clients or their 99.99% availability record.

Only an Enterprise Cloud with Internet and private fiber networks with managed network services and multi-location facilities that meet SSAE 16 Type II requirements can provide the security and stability they need.

And now you know why we at SunGard are so proud that DocuSign has signed with us.

Which of your applications could fit into an Enterprise Cloud?

Learn more about SunGard’s Enterprise Cloud Services

Hybrid Clouds — Use Cases and Considerations

Hybrid clouds are becoming more popular as companies seek to optimize their applications and data based on risk, architecture and business growth.  As a result, hybrid clouds are taking several different forms.

The Cloud as Partner

The most common hybrid cloud scenario is one in which a set of applications resides in the cloud with the remaining applications residing in the company’s on-site data center.  This arrangement enables the company to take advantage of the flexibility and cost-savings of the cloud where appropriate, while keeping control over more sensitive applications.

The Cloud as Proving Ground

Another use of a cloud is temporary workspace.  For example, developers can load an application into the cloud, add and test new features without affecting day-to-day operations.  Similarly, they can set-up a newly purchased application, say an ERP or document management system, run it, build it out and size it before moving it in-house.

The Cloud as Extra Capacity

Some companies use a cloud for burst capacity, letting sudden spikes in traffic call into action the additional resources of the cloud to ensure continuity of service.  In other cases, companies mirror their applications in a cloud to provide a hot, stand-by site.

Hybrid Cloud Considerations

Regardless of the type of hybrid cloud your company implements, certain considerations come into play, especially these.

Network connectivity. You will need to consider your connection, bandwidth, firewall requirements and how changes and upgrades will be handled between your on-site data center and the cloud.  You will probably need a Virtual Private Network (VPN) connection to the cloud to provide the level of security your company needs.  Today VPNs typically come in two types. Internet Protocol Security (IPsec) authenticates and encrypts data over the public internet, while Multi-protocol Label Switching (MPLS) VPNs are offered by carriers to provide companies with more secure, but still shared, private IP networks.

User Access. If you are using a Windows or Linux-based cloud, your user identification and authentication can remain the same, but you will need to take into account the fact that your cloud vendor may also have access to the severs they are operating for you.  Consequently, you will need to ensure that your vendor follows access policies that are acceptable to your auditor.

Data Migration.  For small applications, you can transmit your application and data over the network.  However, network transmission is too slow and lengthy for large application, so burning a disk and over-nighting it to the vendor is faster and more efficient for large data sets.

Your hybrid cloud strategy should support your business strategy.   Formulating the right cloud strategy can not only cut costs, but also bring the operational efficiencies and extra capacity your company needs to expand and grow.

How might your company initiate and evolve a cloud strategy?

For more information, visit our Cloud microsite

 

 

An Enabling Architecture for Cloud Services

Today’s post is from Rahul Bakshi, vice president, managed services strategy & solution design 

While many different types of architectures can support cloud computing, architecture can limit a cloud’s capabilities and the therefore the use cases for cloud. Cloud architecture should not be proprietary in its technology so that it limits the applications that can be deployed.  The more agnostic the architecture is to the applications, the better.  For example, some databases, are not designed to be virtualized so dedicated computer resources, at a minimum, are required for this type of application. 

 Open and Secure

Architecture should be designed to offer as much flexibility as possible without sacrificing quality.  It not only has to be accessible to end users via various network connectivity requirements, many solutions require the need to support hybrid connectivity. A closed architecture would prevent one application from communicating with another application. For example, an e-commerce application in a closed system might not be able to communicate with a manufacturing application on dedicated infrastructure required for order fulfillment.

With Cloud computing, the increased dependency on security solutions has risen significantly.  Companies are looking to understand the layers of security the cloud solution offers as well as how that security pertains to their specific environment.  Depending on the business or application requirements, general-use “consumer clouds” will not support the appropriate level of security controls or compliance.  Most lack the ability to identify, prevent and track access, attempted access, and actual intrusions and may not include controls for authorized access.  If the infrastructure lacks the controls to detect, log and perform forensics against an intrusion, it limits the types of use cases.

Redundant and Agnostic

In addition to security, true enterprise-grade for cloud offerings means high performance, scalability, and reliability.  Enterprise cloud solutions must provide appropriate layers of redundancy to support true high availability for the application layer.  Redundancy must be built-in across the infrastructure and associated tools ensuring there are no single points of failure as well as seamless failover for the application(s).  This requires automation and appropriate tooling to prevent any requirement for human interaction.  Further, capacity management and process automation are required to maintain the right levels of availability.    Special automation should move the workload wherever needed to maintain availability. 

Performance transparency and automation

Cloud solutions require tools around monitoring, reporting, and managing now more than ever due to how clouds are architected, shared, and made available for applications.  Organizations need to understand how the resources are being used so they can manage and plan for capacity and growth while having confidence in the current performance and health. 

Automation is also a key component of cloud architectures as automation delivers on the value proposition of services needed with high degree of quality.  Operational automation to provision the services businesses need drives costs down while improving time to market.  Integrating this automation into the overall performance management delivers capacity on demand.

Are you Ready for Cloud?

Solutions Marketing Manager Janel Ryan discusses how to evaluate your organization’s readiness for cloud –  Carl M

As companies evaluate cloud computing as part of an overall business delivery model, deciding which applications are candidates to move to cloud and which need to remain in legacy environments is part of the planning process.  Identifying business requirements up front creates the right basis for planning cloud projects, timelines, and resources.

The demand for consulting services designed around cloud readiness is being driven by customers looking for solutions that can get cloud technologies and legacy technologies – dedicated hosting or on-premise – to work together.

Discovery Phase

A cloud readiness assessment can be viewed as a series of stages.  During the Discovery phase, a thorough examination of your current IT infrastructure gathers details about your business systems, their usage, performance, capacity, and application interdependencies, etc.  Due to the complexity of IT environments and numerous IT demands, many large companies may not have a complete documentation or understanding of all their application environments.  Most companies use a consultant during the assessment process because the specific expertise needed for this type of evaluation is not something an IT department normally has available to spare.

Analysis Phase

During the Analysis phase, you and the consultant review the data on each application and confirm its continued need, use and importance with users. You also need to confirm access, performance, security, compliance and other special requirements for each application.  From there, you can discern and compile the infrastructure requirements.

Validation Phase

In the Validation phase the initial findings are laid out and you determine a strategic vision for using cloud computing.  You and the consultant explore different scenarios and options, and you determine which applications are ready to deploy, which could be ready if security, compliance and other requirements can be met by a vendor and which cannot be moved for whatever reason.  Your consultant should be able to articulate how various vendors deliver their technology and should identify those vendors that could potentially meet your needs.

Migration Planning Phase

Based on your strategic vision, you select your vendor and proceed to the Migration Planning phase.  Here you lay out a plan for preparing migrating, testing and moving to live production for each application.  You also set critical requirements for security, storage, performance, etc. along with the timeline for accomplishing each move. 

Some companies take longer than others to plan and execute their moves to cloud computing.  Regardless of the time it takes, the more meticulously you perform these four tasks, the more smoothly your migrations will go and the better your cloud computing experience will be. 

 Download SunGard’s white paper, “All clouds are not created equal.”

Can Cloud Computing Improve Your Security?

Cloud Security continues to dominiate the cloud conversation.  I asked Nik Weidenbacher, director of product engineering for cloud computing to give us his thoughts on cloud improving security.  Nik and his team are responsible for designing, building and testing the infrastructure for SunGard’s Cloud Computing Service…CM

Can Cloud Computing Improve Your Security?

Obviously, the answer is “it depends.”  How good is your security now?  A number of factors play into that question.

Security in a Data Center

If your technology runs in a traditional data center and you move to a cloud where the same technology is used, security is quite similar.  Essentially, you’ve been using virtual local area networks (VLANs) to separate your departments, and now your cloud provider use that same technology to separate your departments and to separate other tenants from you. 

Security in a cloud

If your company doesn’t use a technology like VMware to run multiple operating systems within VLANs, than the security landscape changes significantly.  A physical switch connecting the network to one machine in your data center is now replaced by software switches connected to multiple machines and managed by a “hypervisor.” 

Just as you secured that physical switch in your data center, the cloud technician must secure the software switches and the hypervisor to control who can/cannot access it, and they also need to adding invasion protection software to thwart unauthorized outside access. 

Then they have to consider security maintenance.  Are patches being received, evaluated and placed operation on a timely basis?   Clouds have lots of moving parts and, since it is the weakest link that is most vulnerable, you have to think about security everywhere all the time. 

Security gains

Ultimately, the most important security question is “who’s running your cloud.”  Many companies can’t afford all the software and technical skill it takes to manage a highly-secured data center, so they aren’t doing it.  A cloud provider can share that cost among many companies to not only provide a more secure environment but also to pay constant attention to it.  Similarly, where PCI-DSS certification for credit card transaction may be an on-going project in a company, the cloud provider may already have that security in place. 

What additional security measures could your organization gain with the right cloud provider?

Is the Cloud Security Risk Overstated?

Gregory L. Smith, Senior Product Architect for Cloud Computing, is a liaison to clients for defining and shaping the security components of SunGard’s Cloud Computing Services.

Is the Cloud Security Risk Overstated?

Is the cloud security risk overstated?  If you work with a trusted partner and already have good security practices in place before you move to a cloud, I think the security risk in the cloud is slightly overstated.  It is not cloud computing itself that is the risk.

The Security Risk Realization

Unfortunately, it is not uncommon for a company to be planning a move to a cloud and suddenly see risks everywhere, including places that they had naively overlooked in their existing environment.  However, in you are moving to a trusted cloud computing provider, that provider probably offers more security capabilities than most managed service or infrastructure providers. 

The Key to Reducing Security Risk

The key to reducing the security risk within a cloud is to know how your provider approached the security requirements. Did the cloud computing provider retrofit security or design it in from scratch?

Retro-fitting security capabilities to handle, say, PCI-DSS, HIPAA, ISO 27001/2 regulatory requirements means extracting whatever information is available from low-level system logs after the fact.  This approach offers limited information, and testing security is difficult.

Designing security into a cloud means you can embed audit trails with needed data across all layers of the environment.  From a due diligence perspective, you can produce reports that provide transparency and prove that security is in place, not only for the auditors, but for the client and their customers as well. 

Large enterprises, especially, need built-in security.  The existing security information provided by a vendor may meet the needs of low-level use cases but not that of more closely regulated organizations.  Adding those capabilities could be difficult.

Enable the Client

The goal is not just to put a check mark by each security item on the list.  Rather, the goal is to enable the customer.  With embedded security, applications can ride on top of the infrastructure and transparently hand-off data that your organization needs for its applications.

Download SunGard’s white paper, “All clouds are not created equal.”

Top Five Reasons to Move to the Cloud

As director of product management at SunGard Availability Service, Satish Hemachandran focuses on the strategy and direction of the core platform for SunGard’s Enterprise Cloud Services…CM

As more and more businesses look to rise to the cloud, there is a lot of talk not just about the “how” but the “why”.  While the cost-savings is definitely a major driver, most organizations see business and technical advantages as well.  This list looks at some of the main reasons for cloud adoption.

Cost Savings, of course

Cost Savings.  Without a doubt, cost-savings is the number one driver of cloud adoption.  Organizations see it as a way to get an enterprise-grade infrastructure without the top-dollar price tag that accompanies such an environment. 

Product Advantages:

More Product Focus.  Between 70- 75% of an IT budget goes to the upkeep and maintenance of a company’s existing IT environment.  That’s a lot of resources to expend on the status quo.   Most customers don’t want to be in the IT business.  They want to focus on streamlining and growing their own products and services.  Having a partner to host, update, secure, back-up and administer their IT needs frees IT to focus on top-line, revenue-generating projects.

More and Better Services.  The cloud provides access to more and better IT services then they a business currently haves.  Every CTO knows where his or her IT department is weak—whether it is in administration, patch management, or tools for operational support.  Within a cloud, a customer shares the costs of expensive tools and applications, so they become affordable.

Technical Advantages:

Right-sizing.  Clouds are elastic.  They expand and contract to meet the changing needs of your business.  With an in-house data center, you have to carefully monitor and refresh your capacity projections.  You don’t want to under-provision, but if you over-provision, you can’t scale back.  In a cloud, you can right-size your environment as it evolves.

Integration.  Most in-house data centers are isolated and each new application or capability represents a new project.  A cloud is not isolated.  Many applications, tools and capabilities are already integrated into the cloud.  They are easy to access and add on, and they come with operational management and security already in place.

 Download SunGard’s Cloud Computing white paper.  Discover what cloud computing is and explore the benefits and challenges that it brings to organizations.