Cloud Compliance | nubifer blogs

Guidelines for Cloud Consumers and Providers

Business users are drawn to the cloud. That’s not surprising, considering they tend to see mostly benefits: self-service freedom, scalability, availability, flexibility, and the pleasure of avoiding various nasty hardware and software headaches.IT leaders though are a different story—they are not always as ecstatic. They indicate uneasiness about cloud securityand have legitimate concerns that unauthorized users could get their hands on their applications and data. Moreover, retaining a level of influence and control is a must for them. Can both “sides” meet halfway? Is it attainable to provide the freedom that users want while having the control that IT leaders need?

Simply put, Yes…. However, doing so will entail a collaborative effort. Both business users and IT leaders have to assume a few key responsibilities. In addition, you will have to make certain that your cloud provider will be doing its part as well.

Your 5 Responsibilities

Here are a few things you need to be held accountable for:

1. Define the business need. Identify the root problem you want to solve a cloud technology. Is it a perpetually recurring concern, or one that happens irregularly? Did you need an answer “last week,” or do you have time to construct a solution?

Important note: Not all clouds are created equally. Some can run your applications unchanged, with instant access; while others require little tweaking. Recognizing your needs and differentiating cloud technologies will help you determine the correct strategy for handling the particular business problem that needs attention.

2. Identify your application and process requirements. Once you have accurately defined your business needs, it is time to select the application best-suited to meet those needs. Be clear and precise about the nature of the application, the development process you want to adapt, and the roles and access permissions for each user.

Your teams no longer have to struggle through traditional linear and slow development processes. Instead, the cloud can give them access to the best practices that are fluid and agile. Many self-service solutions can even empower them to run copies of the same environment in parallel.

Simply put, the cloud may lead to breakthrough productivity when used properly. However, if used incorrectly it can also lead to enormous amounts of wasted resources. Having said this, take your time to do your research and choose wisely.

3. Determine your timetable. Cloud projects are not short sprints contrary to popular belief. They are better illustrated as long journeys over time. Please plan accordingly.

Nubifer recommends to define your early experiments in a quarterly basis because cloud technology is transformative. Learn from the first quarter, take note, and execute the necessary adjustments and then move on to the next. The objective is to generate a learning organization that increases control over time and progresses based on data and experience.

4. Establish success factors. Define what success is for you. Do you want to improve the agility of the development process? Maybe you want to increase the availability of your applications? Or perhaps you want to enhance remote collaboration? Define achievement, and have a tool to measure progress as well. Identifying metrics and establishing realistic goals will aid you achieve the solution that meets not only your needs, but also your budget and payback time frame.

5. Define data and application security. Companies overlook this critical responsibility more often than they realize. Make sure to do your due diligence and attentively determine whom you can trust with cloud application. After which, empower them. The following are questions that need unambiguous answers: What specific roles will team members take in the cloud model? Does everyone comprehend fully the nature of the application and data they are planning to bring to the cloud? Does everyone know how to protect your data? Do they understand your password policies? Dealing with these security factors early on enables you to create a solid foundation for cloud success while having your own peace of mind about this issue.

Your Provider’s 5 Responsibilities

Meanwhile, make sure your cloud provider offers the following to attain better cloud control:

1. Self-service solutions. Time equals money. Thus waiting equals wasted time and money. So search for cloud applications that are ready from the get go. Determine if the solution you are considering may implement the applications and business process you have in mind immediately, or if the provider requires you to rewrite the application or change the process entirely.

There is also a need to distinguish if users will require training, or if they already equipped to handle a self-service Web interface. Answers to these questions can determine whether adoption will be rapid and smooth, or slow and bumpy.

2. Scale and speed. A well-constructed cloud solution provides the unique combination of scale and speed. It gives you access to the resources at a scale that you need with on-demand responsiveness. This combination will empower your team to run several instances in parallel, snapshot, suspend/resume, publish, collaborate, and accelerate the business cycle.

3. Reliability and availability. As articulated in the Service Level Agreements (SLAs), it is the responsibility of the cloud provider to make the system reliable and available. The provider should set clear and precise operational expectations, such as 99.9 percent availability, with you, the consumer.

4. Security. Ask for a comprehensive review of your cloud provider’s security technology and processes. In specific, ask about the following:

Application and data transportability. Can your provider give you the ability to export existing applications, data and processes into the cloud with ease? And can you import back just as hassle free?
Data center physical security.
Access and operations security. How does the consumer protect its physical data centers? Are these the SAS 70 Type II data centers? Are there trained and skilled data center operators in those places?
Virtual data center security. Your provider must be clear about how to control the method of access to physical machines. How are these machines managed? And who are able to access these machines?
In terms of scale and speed, most cloud efficiency derives from how the cloud is architected. Be sure to understand how the individual pieces, the compute nodes, network nodes, storage nodes, etc., are architected and how they are secured and integrated.

Application and data security.

In order to be able to implement your policies, the cloud solution must permit you to define groups, roles with granular role-based access control, proper password policies and data encryption–both iin transit and at rest.

5. Cost efficiencies. Without any commitments upfront, cloud solutions should enable your success to drive success. Unlike a managed service or a hosting solution, a cloud solution uses technology to automate the back-end systems, and therefore can operate large resource pools without the immense human costs. Having this luxury translates all these into real cost savings for you.

Despite business leaders recognizing the benefits of cloud computing technologies, more than a handful still have questions about cloud security and control. Indeed, that is understandable. However, by adopting a collaborative approach and aligning their responsibilities with those of the cloud provider, these leaders can find solutions that offer the best of both worlds. They get the visibility and control they want and need, while giving their teams access to the huge performance gains only the cloud can provide.

Contact Nubifer for a free, no-obligation Cloud Migration consultation.

2011: 10/05
CATEGORY: Cloud Compliance
Cloud Computing
Cloud Interop
Cloud Monitoring
Cloud Security
Leave a comment

Compliance in the Cloud

Cloud computing seems like a simple idea, and, ease of operation, deployment and licensing are its most desirable qualities. But when it comes to issues of compliance, once you go beneath the surface you’ll discover more questions than you thought of originally.

Compliance covers a lot of issues, from government regulations, to industry regulations such as PCI DSS and HIPAA. Your organization probably has internal guidelines in place, but migrating to a public cloud, a cloud application suite or something similar will mean giving up the reins to the cloud vendor.

That’s a position many auditors—and C level officials—discover themselves in today. They want to discover how to adopt the cloud in a fashion that maintains their good standing with compliance. Here are a few tips for keeping an eye on compliance in the cloud.

Challenges to your Workload

When you survey cloud vendors, start by asking about sound practices and methods for identity and access management, data protection and incident response times. These are basic compliance requirements. Then, as you identify various compliance issues to your prospective cloud vendor’s controls, you’ll probably encounter a few cloud-specific challenges.

Multi-tenancy and de-provisioning also pose challenges. Public clouds use multi-tenancy to better provision server workloads and keep costs low. But multi-tenancy means you’re sharing server space with other organizations, so you should know what safeguards your cloud provider has in place to prevent any compromise. Depending on how critical your data is, you may also want to use encryption. HIPAA, for example, requires that all user data, both moving and at rest, be encrypted.

User de-provisioning is an issue that will become more challenging as password-authentication methods grow in complexity and volume. Federated identity management schemes will make it easier for users to log on to multiple clouds, and that will make de-provisioning much trickier.

Ever-Changing Standards

Like it or not, you’re an early adopter. Your decisions about what applications to move to the cloud and when to move them will benefit from an understanding of new and/or modified standards that are now evolving for cloud computing.

Today you can look for SAS 70 Type II and ISO 27001 certifications for general compliance with controls for financial and information security typically required by government and industry regulations, but these don’t guarantee that your company’s processes will comply.

Bringing visibility to users is a major goal of the Cloud Security Alliance, a three-year-old organization fast gaining popularity among users, auditors and service providers. A major goal of the CSA is development of standardized auditing frameworks to facilitate communication between users and cloud vendors.

Well underway, for example, is a governance, risk and compliance (GRC) standards suite, or stack, with four main elements: the Cloud Trust Protocol, Cloud Audit, Consensus Assessments Initiative and the Cloud Controls Matrix. The Cloud Controls Matrix includes a spreadsheet that maps basic requirements for major standards to their IT control areas, such as “Human Resources Employment Termination,” while the Consensus Assessments Initiative offers a detailed questionnaire that maps those control areas to specific questions that users and auditors can ask cloud vendors.

Efforts of the CSA and other alliances, plus those of industry groups and government agencies, are bound to produce a wealth of standards in the next several years. The CSA has formal alliances with ISO, ITU and NIST, so that its developments can be used by those groups as contributions to standards they’re working on. And a 2010 Forrester Research report counted 48 industry groups working on security-related standards in late 2010.

Importance of an SLA

Regardless of your company’s size or status, don’t assume your cloud vendor’s standard terms and conditions will fit your requirements. Start your due diligence by examining the vendor’s contract.

Your company’s size can give you leverage to negotiate, but a smaller business can find leverage, too, if it represents a new industry for a cloud vendor that wants to expand its market. In any case, don’t be afraid to negotiate.

Security

To best understand your potential risk, as well as your benefits, you should bring your security team into the conversation at the earliest possible opportunity, says Forrester.

Moving to the cloud may offer an opportunity to align security with corporate goals in a more permanent way by formalizing the risk-assessment function in a security committee. The committee can help assess risk and make budget proposals to fit your business strategy.

You should also pay attention to the security innovations coming from the numerous security services and vendor partnerships now growing up around the cloud.

For more information regarding compliance and security in the Cloud, contact a Nubifer representative today.

2011: 08/10
CATEGORY: Uncategorized
Leave a comment

Feds to Unveil Cloud Security Guidelines

Late in 2010, the federal government issued draft plans for the voluntary Federal Risk and Authorization Management Program, dubbed FedRAMP. FedRAMP is expected to be operational by April, 2011 and would ensure cloud services meet federal cyber-security guidelines—which will likely shelve remaining government concerns about cloud security and ramp up adoption of cloud technologies.

Developed with cross-government and industry support over the past 18 months, the voluntary program would put cloud services through a standardized security accreditation and certification process. Any authorization could subsequently be leveraged by other agencies. Federal CIO Vivek Kundra said in a statement, “By simplifying how agencies procure cloud computing solutions, we are paving the way for more cost-effective and energy-efficient service delivery for the public, while reducing the federal government’s data center footprint.”

The adoption of cloud computing has been promoted by the Obama Administration as a way to help save the government money, and Kundra and other top officials have championed the technology and instituting policies like data center consolidation requirements—which could bring about a shift to the cloud. Federal IT managers, however, have consistently raised security concerns as the biggest barrier to adoption.

The government’s security concerns arise partly because cloud computing is a relatively new paradigm that has to be adapted to the security requirements of regulations like the Federal Information Management Security Act (FISMA, which governs federal cyber-security for most government agencies). By mapping out the baseline required security controls for cloud systems, FedRAMP creates a consistent set of security outlines for cloud computing.

FedRAMP will seek to eliminate a duplicative, costly process to certify and accredit applications. Each agency used to take apps and services through their own accreditation process, but in the shared-infrastructure environment of the cloud, this process is redundant.

The FedRAMP draft is comprised of three major components: a set of cloud computing security baseline requirements; a process to continuously monitor cloud security; and a description of proposed operational approaches to authorizing and assessing cloud-based systems.

FedRAMP will be used for both private and public cloud services, and possibly for non-cloud computing information technologies and products. For example, two agencies have informed IBM of their intent to sponsor certification of their new Federal Community Cloud services.

Commercial vendors will not be able to directly request FedRAMP authorization, but rather have to rely on the sponsorship of a federal agency that plans to use their cloud services. Guidance on the CIO Council’s website suggests, FedRAMP “may not have the resources to accommodate all requests initially,” and that GSA will focus on systems with potentially larger user bases or cross-government interest, suggesting that the government predicts a large amount of interest.

FedRAMP will remain an inter-agency effort under federal CIO Kundra’s authority and will be managed by GSA. The new Joint Authorization Board, which now includes reps from GSA, the Department of Defense, will authorize the systems that go through the process with the sponsoring agency.

Although FedRAMP provides a base accreditation, most agencies have security requirements that go beyond FISMA and thus may have to do more work on top of the FedRAMP certification to make sure the cloud services they are looking to deploy meet individual agency requirements.

For more information regarding the Federal adoption of cloud technologies, visit Nubifer.com.

2011: 03/10
CATEGORY: Cloud Compliance
Cloud Computing
Cloud Interop
Cloud Security
IBM
Nubifer
1 comment

Start Me Up….Cloud Tools Help Companies Accelerate the Adoption of Cloud Computing

Article reposted form HPC in the Cloud Online Magazine. Article originally posted on Nov. 29 2010:

For decision makers looking to maximize their impact on the business, cloud computing offers a myriad of benefits. At a time when cloud computing is still being defined, companies are actively researching how to take advantage of these new technology innovations for business automation, infrastructure reduction, and strategic utility based software solutions.

When leveraging “the cloud”, organizations can have on-demand access to a pool of computing resources that can instantly scale as demands change. This means IT — or even business users — can start new projects with minimal effort or interaction and only pay for the amount of IT resources they end up using.

The most basic division in cloud computing is between private and public clouds. Private clouds operate either within an organization’s DMZ or as managed compute resources operated for the client’s sole use by a third-party platform provider. Public clouds let multiple users segment resources from a collection of data-centers in order to satisfy their business needs. Resources readily available from the Cloud include:

● Software-as-a-Service (SaaS): Provides users with business applications run off-site by an application provider. Security patches, upgrades and performance enhancements are the application provider’s responsibility.

● Platform-as-a-Service (PaaS): Platform providers offer a development environment with tools to aide programmers in creating new or updated applications, without having to own the software or servers.

● Infrastructure-as-a-Service (IaaS): Offers processing power, storage and bandwidth as utility services, similar to an electric utility model. The advantage is greater flexibility, scalability and interoperability with an organization’s legacy systems.

Many Platforms and Services to Choose From:

Cloud computing is still in its infancy, with a host of platform and application providers serving up a plethora of Internet-based services ranging from scalable on-demand applications to data storage services to spam filtering. In this current IT environment, organizations’ technology ecosystem have to operate cloud-based services individually, but cloud integration specialists and ISVs (integrated software vendors) are becoming more prevalent and readily available to build on top of the emerging and powerful platforms.

Mashing together services provided by the worlds largest and best funded companies like Microsoft, Google, Salesforce.com, Rackspace, Oracle, IBM, HP and many others, gives way to an opportunity for companies to take hold and innovate, and build a competitive, cost saving cloud of their own on the backs of these software giant’s evolving view of the cloud.

Cloud computing comes into focus only when you think about what IT always needs: a way to increase capacity or add capabilities on the fly without investing in new infrastructure, training new personnel, licensing and maintenance of new software. Cloud computing involves all subscription-centric or pay-for-what-you-use service that extends your IT environments existing capabilities.

Before deciding whether an application is destined for the cloud, analyze you current cost of ownership. Examine more than just the original licenses and cost of ownership; factor in ongoing expenses for maintenance, power, personnel and facilities. To start, many organizations build an internal private cloud for application development and testing, and decide from their if it is cost-effective to scale fully into a public cloud environment.

“Bridging the Whitespace” between Cloud Applications

One company, Nubifer.com (which in Latin, translates to ‘bringing the clouds’) approaches simplifying the move to the Cloud for its enterprise clients by leveraging a proprietary set of Cloud tools named Nubifer Cloud:Portal, Cloud:Connector and Cloud:Link. Nubifer’s approach with Cloud:Portal enables the rapid development of “enterprise cloud mash-ups”, providing rich dash-boards for authentication, single sign-on and identity management. This increased functionality offers simple administration of accounts spanning multiple SaaS systems, and the ability to augment and quickly integrate popular cloud applications. Cloud Connector seamlessly integrates data management, data sync services, and enables highly available data interchange between platforms and applications. And Cloud:Link provides rich dashboards for analytic and monitoring metrics improving system governance and audit trails of various SLAs (Service Level Agreements).

As a Cloud computing accelerator, Nubifer focuses on aiding enterprise companies in the adoption of emerging SaaS and PaaS platforms. Our recommended approach to an initial Cloud migration is to institute a “pilot program” tailored around your platform(s) of choice to in order to fully iron-out any integration issues that may arise prior to a complete roll-out.

Nubifer’s set of Cloud Tools can be hosted on Windows Azure, Amazon EC2 or Google AppEngine. The scalability offered by these Cloud platforms promote an increased level of interoperability, availability, and a significantly lower financial barrier for entry not historically seen with current on-prem application platforms.

Cloud computing’s many flavors of services and offerings can be daunting at first review, but if you take a close look at the top providers offerings, you will see an ever increasing road map for on-boarding your existing or new applications to “the cloud”. Taking the first step is easy, and companies like Nubifer that provide the platform services, and the partner networks to aid your goals, are resourced and very eager to support your efforts.

2010: 12/16
CATEGORY: Cloud Compliance
Cloud Computing
Cloud Interop
Nubifer
Platform-as-a-Service
Software-as-a-Service
Leave a comment

Understanding the Cloud with Nubifer Inc. CTO, Henry Chan

The overwhelming majority of cloud computing platforms consist of dependable services relayed via data centers and built in servers with varying tiers of virtualization capabilities. These services are available anywhere that allows access to the networking platform. Clouds often appear as single arenas of access for all subscribers’ enterprise computing needs. All commercial cloud platform offerings are guaranteed to adhere to the customers’ quality of service (QoS) requirements, and typically offer service level agreements. Open standards are crucial to the expansion and acceptance of cloud computing, and open source software has layed the ground work for many cloud platform implementations.

The article to follow is what Nubifer Inc. CTO, Henry Chan, recently described to be his summarized view of what cloud computing means, its benefits and where it’s heading in the future:

Cloud computing explained:

The “cloud” in cloud computing refers to your network’s Internet connection. Cloud computing is essentially using the Internet to perform tasks like email hosting, data storage and document sharing which were traditionally hosted on premise.

Understanding the benefits of cloud computing:

Cloud computing’s myriad of benefits depend on your organizational infrastructure needs. If your enterprise is sharing large number of applications between a varying number of office locations, it would be beneficial to your organization to store the apps on a virtual server. Web-based application hosting can save time for people traveling without the ability to connect back to the office because they can have access to everything over their shared virtual private network (VPN).

Examples of cloud computing:

Hosted email (such as GMail or Hotmail), online data back-up, online data storage, any Software-as-a-Service (SaaS) application (such as a cloud hosted CRM from vendors like Salesforce, Zoho or Microsoft Dynamics) or accounting applications, are examples of applications that can be hosted in the cloud. By hosting these applications in the cloud, your business can benefit from the interoperability and scalability cloud computing and SaaS services offer.

Safety in the cloud:

Although there are some concerns over the safety of cloud computing, the reality is that data stored in the cloud can be just as secure as the vast majority of data stored on your internal servers. The key is to implement the necessary solutions to ensure that the proper level of encryption is applied to your data while traveling to and from your cloud storage container, as well as when being stored. This can be as safe as any other solution you could implement locally when designed properly. The leading cloud vendors all currently maintain compliance with Sarbanes-Oxley, SAS90, FISMA and HIPPA.

Cloud computing for your enterprise:

To determine which layer of cloud computing is optimally suited for your organization, it is important to thoroughly evaluate your organizational goals as it relates to your IT ecosystem. Examine how you currently use technology, current challenges with technology, how your organization will evolve technologically in the years to come, and what scalability and interoperability will be required going forward. After a careful gap analysis of these determinants, you can decide what types of cloud-based solutions will be optimally suited for your organizational architecture.

Cloud computing, a hybrid solution:

The overwhelming trend in 2010 and 2011 is to move non-sensitive data and applications into the cloud while keeping trade secrets behind your enterprise firewall, as many organizations are not comfortable hosting all their applications and hardware in the cloud. The trick to making cloud computing work for your business is to understand which applications should be kept local and which would benefit most from leveraging the scalability and interoperability of the cloud ecosystem.

Will data be shared with other companies if it is hosted in the cloud:

Short answer: NO! Reputable SaaS and cloud vendors will make sure that your data is properly segmented according to the requirements of your industry.

Costs of cloud computing:

Leading cloud-based solutions charge a monthly fee for application usage and data storage, but you may be outlaying this capital expenditure already, primarily in the form of hardware maintenance and software fees—some of which could be wiped out by moving to the cloud.

Cloud computing makes it easy for your companies’ Human Resource software, payroll and CRM to co-mingle with your existing financial data, supply chain management and operations installation, while simultaneously reducing your capital requirements on these systems. Contact a Nubifer representative today to discover how leveraging the power of cloud computing can help your business excel.

2010: 08/27
CATEGORY: Cloud Compliance
Cloud Computing
Cloud Interop
Cloud Security
Hybrid Cloud and On-Premise
Nubifer
Platform-as-a-Service
Software-as-a-Service
Leave a comment

Four Key Categories for Cloud Computing

When it comes to cloud computing, concerns about control and security have dominated recent discussions. While it was once assumed that all computing resources could be had from outside, now it is going towards a vision of a data center magically transformed for easy connections to internal and external IT resources.

According to IDC’s Cloud Services Overview report, sales of cloud-related technology is growing at 26 percent per year. That is six times the rate of IT spending as a whole; although they comprised only about 5 percent of total IT revenue this year. While the report points out that defining what constitutes cloud-related spending is complicated, it estimates global spending of $17.5 billion on cloud technologies in 2009 will grow to $44.2 billion by 2013. IDC predicts that hybrid or internal clouds will be the norm, although even in 2013 only an estimated 10 percent of that spending will go specifically to public clouds.

According to Chris Wolf, analyst at The Burton Group, hybrid cloud infrastructure isn’t that different from existing data-center best practices. The difference is that all of the pieces are meant to fit together using Internet-age interoperability standards as opposed to homegrown kludge.

The following are four items to consider when making a “shopping list” when preparing your IT budget for use of private or public cloud services:

1. Application Integration

Software integration isn’t the first thing most companies consider when building a cloud, although Bernard Golden, CEO at cloud consulting firm HyperStratus, and CIO.com blogger, says it is the most important one.

Tom Fisher, vice president of cloud computing at SuccessFactors.com, a business-application SaaS provider in San Mateo, California, says that integration is a whole lot more than simply batch-processing chunks of data being traded between applications once or twice per day like it was done in mainframes.

Fisher continues to explain that it is critical for companies to be able to provision and manage user identities from a single location across a range of applications, especially when it comes to companies that are new in the software-providing business and do not view their IT as a primary product.

“What you’re looking for is to take your schema and map it to PeopleSoft or another application so you can get more functional integration. You’re passing messages back and forth to each other with proper error-handling agreement so you can be more responsive. It’s still not real time integration, but in most cases you don’t really need that,” says Fisher.

2. Security

The ability to federate—securely connect without completely merging—two networks, is a critical factor in building a useful cloud, according to Golden.

According to Nick Popp, VP of product development at Verisign (VRSN), that requires layers of security, including multifactor authentication, identity brokers, access management and sometimes an external service provider who can provide that high a level of administrative control. Verisign is considering adding a cloud-based security service.

Wolf states that it requires technology that doesn’t yet exist. According to Wolf, an Information Authority that can act as a central repository for security data and control of applications, data and platforms within the cloud. It is possible to assemble that function out of some of the aspects Popp mentions today, yet Wolf maintains that there is no one technology able to span all platforms necessary to provide real control of even an internally hosted cloud environment.

3. Virtual I/O

One IT manager at a large digital mapping firm states that if you have to squeeze data for a dozen VMs through a few NICs, the scaling of your VM cluster to cloud proportions will be inhibited.

“When you’re in the dev/test stage, having eight or 10 [Gigabit Ethernet] cables per box is an incredible labeling issue; beyond that, forget it. Moving to virtual I/O is a concept shift—you can’t touch most of the connections anymore—but you’re moving stuff across a high-bandwidth backplane and you can reconfigure the SAN connections or the LANs without having to change cables,” says the IT manager.

Virtual I/O servers (like the Xsigo I/O Director servers used by the IT manager’s company) can run 20Gbit/sec through a single cord and as many as 64 cords to a single server—connecting to a backplane with a total of 1,560Gbit/sec of bandwidth. The IT Manager states that concentrating such a large amount of bandwidth in one device saves space, power and cabling and keeps network performance high and saves money on network gear in the long run.

Speaking about the Xsigo servers, which start at approximately $28,000 through resellers like Dell (DELL), the manager says, “It becomes cost effective pretty quickly. You end up getting three, four times the bandwidth at a quarter the price.”

4. Storage

Storage remains the weak point of the virtualization and cloud-computing worlds, and the place where the most money is spent.

“Storage is going to continue to be one of the big costs of virtualization. Even if you turn 90 percent of your servers into images, you still have to store them somewhere,” says Golden in summary. Visit Nubifer.com for more information.

2010: 07/16
CATEGORY: Cloud Compliance
Cloud Computing
Cloud Interop
Cloud Monitoring
Cloud Security
Hybrid Cloud and On-Premise
Platform-as-a-Service
Software-as-a-Service
Leave a comment

Zuora Releases Z-Commerce

The first external service (SaaS) that actually understands the complex billing models of the cloud providers (which account for monthly subscription fees as well as automated metering, pricing and billing for products, bundles and highly individualized/specific configurations) arrived in mid-June in the form of Zuora’s Z-Commerce. An upgrade to Zuora’s billing and payment service that is built for cloud providers, Z-Commerce is a major development. With Z-Commerce, storage-as-a-service is able to charge for terabytes of storage used, or IP address usage, or data transfer charges. Cloud providers can also structure a per CPU instance charge or per application use charge and it can take complexities like peak usage into account. Zuora has provided 20 pre-configured templates for the billing and payment models that cloud providers use.

What makes this development so interesting that that Zuora is using what they are calling the “subscription economy” for the underlying rationale for their success: 125 customers, 75 employees and profitability.

Tien Tzou, the CEO of Zuora (also the former Chief Strategy Officer of Salesforce.com, described subscription economy below:

“The business model of the 21st century is a fundamentally different business model.

The 21st century world needs a whole new set of operational systems — ones that match the customer centric business model that is now necessary to succeed.

The business model of the 20th century was built around manufacturing. You built products at the lowest possible cost, and you find buyers for that product.

They key metrics were all around inventory, cost of goods sold, product life cycles, etc. But over the last 30 years, we’ve been moving away from a manufacturing economy to a services economy. Away from an economy based on tangible goods, to an economy based on intangible ideas and experiences.

What is important now is the customer — of understanding customer needs, and building services & experiences that fulfill those customer needs. Hence the rise of CRM.

But our financial and operational systems have not yet evolved! What we need today are operational systems built around the customer, and around the services you offer to your customers.

You need systems that allow you to design different services, offered under different price plans that customers can choose from based on their specific needs. So the phone companies have 450 minute plans, prepaid plans, unlimited plans, family plans, and more. Salesforce has Professional Edition, and Enterprise Edition, and Group Edition, and PRM Edition, and more. Amazon has Amazon Prime. ZipCar has their Occasional Driving Plan and their Extra Value Plans.

You need systems that track customer lifecycles — things such as monthly customer value, customer lifetime value, customer churn, customer share of wallet, conversion rates, up sell rates, adoption levels.

You need systems that measure how much of your service your customers are consuming. By the minute? By the gigabyte? By the mile? By the user? By the view? And you need to establish an ongoing, recurring billing relationship with your customers, that maps to your ongoing service relationship, that allows you to monetize your customer interactions based on the relationship that the customer opted into.

The 21st century world needs a whole new set of operational systems — ones that match the customer centric business model that is now necessary to succeed.”

To summarize, what he is saying is that the model for future business isn’t the purchase of goods and services, but rather a price provided to a customer for an ongoing relationship to the company. Under this model, the customer is able to structure the relationship in a way which provides them with what they need to accomplish the job (s) that the company can help them with (which can be a variety of services, products, tools and structured experiences).

This is also interesting because your business is measuring the customer’s commitments to you and the other way around in operation terms, even as the business model is shifting to more interactions than ever before. If you are looking at traditional CRM metrics like CLV, churn, share of wallet, adoption rates and more, as they apply to a business model that has continued to evolve away from pure transactions, Tien is saying that the payment/billing, to him, is the financial infrastructure for this new customer-centered economic model (i.e. the subscription model).

Denis Pombriant of Beagle Research Group, LLC commented on this on his blog recently, pointing out that a subscription model does not guarantee a business will be successful. What does have significant bearing on the success of failure of a business is how well the business manages it or has it managed (i.e. by Zuora).

This can be applied to the subscription economy. Zuora is highlighting what they have predicted: that companies are increasingly moving their business models to subscription based pricing. This is the same model that supports free software and hardware, which charges customers by the month. How it is managed is another can of worms, but for now Zuora has done a service by recognizing that the customer-driven companies are realizing that the customers are willing to pay for the aggregate capabilities of the company in an ongoing way—as long as the company continues to support the customer’s needs in solving problems that arise. To learn more about cloud computing and the subscription model, contact a Nubifer.com representative.

2010: 07/14
CATEGORY: Cloud Compliance
Cloud Computing
Cloud Interop
Hosting-as-a-Service
Platform-as-a-Service
Software-as-a-Service
Leave a comment

Microsoft Makes Strides for a More Secure and Trustworthy Cloud

Cloud computing currently holds court in the IT industry with vendors, service providers, press, analysts and customers all evaluating and discussing the opportunities presented by the cloud.

Security is a very important piece to the puzzle, and nearly every day a new press article or analyst report indicated that cloud security and privacy are a top concern for customers as the benefits of cloud computing continue to unfold. For example, a recent Microsoft survey revealed that although 86% of senior business leaders are thrilled about cloud computing, over 75% remain concerned about the security, access and privacy of data in the cloud.

Customers are correct in asking how cloud vendors are working to ensure the security of cloud applications, the privacy of individuals and protection of data. In March, Microsoft CEO Steve Ballmer told an audience at the University of Washington that, “This is a dimension of the cloud, and it’s a dimension of the cloud that needs all of our best work.”

Microsoft is seeking to address security-related concerns and help customers understand which questions they need to ask as part of Microsoft’s Trustworthy Computing efforts. The company is trying to become more transparent than competitors concerning how they help enable an increasingly secure cloud.

Server and Tools Business president Bob Muglia approached the issue in his recent keynote at Microsoft’s TechEd North America conference saying, “The data that you have is in your organization is yours. We’re not confused about that, that it’s incumbent on us to help you protect that information for you. Microsoft’s strategy is to deliver software, services and tools that enable customers to realize the benefits of a cloud-based model with the reliability and security of on-premise software.”

The Microsoft Global Foundations Services (GFS) site is a resource for users to learn about Microsoft’s cloud security efforts, with the white papers “Securing Microsoft’s Cloud Infrastructure” and “Microsoft’s Compliance Framework for Online Services” being very informative.

Driving a comprehensive, centralized Information Security Program for all Microsoft cloud data-centers and the 200+ consumer and commercial services they deliver –all built using the Microsoft Security Development Lifecycle–GFS covers everything from physical security to compliance, such as Risk Management Process, Response, and work with law enforcement; Defense-in-Depth Security controls across physical, network, identity and access, host, application and data; A Comprehensive Compliance Framework to address standards and regulations such as PCI, SOX, HIPPA, and the Media Ratings Council; and third party auditing, validation and certification (ISO 27001, SAS 70).

Muglia also pointed out Microsoft’s focus on identity, saying, “As you move to cloud services you will have a number of vendors, and you will need a common identity system.” In general, identity is the cornerstone of security, especially cloud security. Microsoft currently provides technologies with Windows Server and cloud offerings which customers can use to extend existing investments in identity infrastructure (like Active Directory) for easier and more secure access to cloud services.

Microsoft is not alone in working on cloud security, as noted by Microsoft’s chief privacy strategist Peter Cullen. “These truly are issues that no one company, industry or sector can tackle in isolation. So it is important to start these dialogs in earnest and include a diverse range of stakeholders from every corner of the globe,” Cullen said in his keynote at the Computers, Freedom and Privacy (CFP) conference. Microsoft is working with customers, governments, law enforcement, partners and industry organizers (like the Cloud Security Alliance) to ensure more secure and trustworthy cloud computing through strategies and technologies. To receive additional information on Cloud security contact a Nubifer.com representative today.

2010: 07/07
CATEGORY: Cloud Compliance
Cloud Computing
Cloud Monitoring
Cloud Security
Microsoft
Platform-as-a-Service
Software-as-a-Service
Windows Azure
Leave a comment

The Impact of Leveraging a Cloud Delivery Model

In a recent discussion about the positive shift in the Cloud Computing discourse towards actionable steps as opposed to philosophical rants in definitions, .NET Developer’s Journal issued a list of five things not to do. The first mistake among the list of five (which included #2. assuming server virtualization is enough; #3 not understanding service dependencies; #4 leveraging traditional monitoring; #5 not understanding internal/external costs), was not understanding the business value. Failing to understand the business impact of leveraging a Cloud delivery model for a given application or service is a crucial mistake, but it can be avoided.

When evaluating a Cloud delivery option, it is important to first define the service. Consider: is it new to you or are you considering porting an existing service? On one hand, if new, there is a lower financial bar to justify a cloud model, but on the downside is a lack of historical perspective on consumption trends to aid an evaluating financial considerations or performance.

Assuming you choose a new service, the next step is to address why you are looking at Cloud, which may require some to be honest about their reasons. Possible reasons for looking at cloud include: your business requires a highly scalable solution; your data center is out of capacity; you anticipate this to be a short-lived service; you need to collaborate with a business partner on neutral territory; your business has capital constraints.

All of the previously listed reasons are good reasons to consider a Cloud option, yet if you are considering this option because it takes weeks, months even, to get a new server in production; your Operation team is lacking credibility when it comes to maintaining a highly available service; or your internal cost allocation models are appalling—you may need to reconsider. In these cases, there may be some in-house improvements that need to be made before exploring a Cloud option.

An important lesson to consider is that just because you can do something doesn’t mean you necessarily should, and this is easily applicable in this situation. Many firms have had disastrous results in the past when they exposed legacy internal applications to the Internet. The following questions must be answered when thinking about moving applications/services to the Cloud:

· Does the application consume or generate data with jurisdictional requirements?

· Will your company face fines or a public relations scandal is there is a security breach/data loss?

· What part of your business value chain is exposed if the service runs poorly? (And are there critical systems that rely on it?)

· What if the application/service doesn’t run at all? (Will you be left stranded or are there alternatives that will allow the business to remain functioning?)

Embracing Cloud services—public or private—comes with tremendous benefits, yet a constant dialogue about the business value of the service in question is required to reap the rewards. To discuss the benefits of adopting a hybrid On-Prem/Cloud solution contact Nubifer today.

2010: 06/28
CATEGORY: Cloud Compliance
Cloud Computing
Cloud Interop
Hosting-as-a-Service
Platform-as-a-Service
Software-as-a-Service
1 comment

Cloud Computing Business Models on the Horizon

Everyone is wondering what will follow SaaS, PaaS and IaaS, so here is a tutorial on some of the emerging cloud computing business models on the horizon.

Computing arbitrage:

Companies like broadband.com are buying bandwidth at a wholesale rate and reselling it to the companies to meet their specific needs. Peekfon began buying data bandwidth in bulk and slice it up to sell to their customers as a way to solve the problem of expensive roaming for customers in Europe. The company was able to negotiate with the operators to buy bandwidth in bulk because they intentionally decided to steer away from the voice plans. They also used heavy compression on their devices to optimize the bandwidth.

While elastic computing is an integral part of cloud computing, not all companies who want to leverage the cloud necessarily like it. These companies with unique cloud computing needs—like fixed long-term computing that grows at relatively fixed low rate and seasonal peaks—have a problem that can easily be solved via intermediaries. Since it requires hi cap-ex, there will be fewer and fewer cloud providers. Being a “cloud VAR” could be a good value proposition for the vendors that are “cloud SI” or have a portfolio of cloud management.

App-driven and content-driven clouds:

Now that the competition between private and public clouds is nearly over, it is time to think about a vertical cloud. The needs to compute depend on what is being computed, and it depends on the applications’ specific needs to compute, the nature and volume of data that is being computed and the kind of content that is being delivered. The vendors are optimizing the cloud to match their application and content needs in the current SaaS world, and some are predicting that a few companies will help ISV’s by delivering app-centric and content-centric clouds.

For advocates of net neutrality, the current cloud-neutrality that is application-agnostic is positive, but innovation on top of raw clouds is still needed. Developer’s need fine knobs for CPU computes, I/O computes, main-memory computing and other varying needs of their applications. The extensions are specific to a programming stack like Heroku for Ruby but the opportunity to provide custom vertical extensions for an existing cloud or to build a cloud that is purpose-built for a specific class of applications and has a range of stack options underneath (making it easy for the developers to leverage the cloud natively) is here. Nubifer Inc. provides Cloud and SaaS Consulting services to enterprise companies.

2010: 06/14
CATEGORY: Cloud Compliance
Cloud Computing
Cloud Interop
Cloud Monitoring
Hybrid Cloud and On-Premise
Platform-as-a-Service
Software-as-a-Service
Leave a comment

EMC CEO Joe Tucci Predicts Many Clouds in the Future

EMC isn’t alone in focusing on cloud computing during the EMC World 2010 show, as IT vendors, analysts and the like are buzzing about the cloud. But according to EMC CEO Joe Tucci, the storage giant has a new prediction for the future of cloud computing. During his keynote speech on May 10, and a subsequent discussion with reporters and analysts, Tucci said that EMC’s vision of the future varies from others because it sees many private clouds. This exists in stark contrast with the vision of only a few vendors—like Google, Amazon and Microsoft—offering massive public clouds.

“There won’t be four, five or six giant cloud providers. At the end of the day, you’ll have tens of thousands of private clouds and hundreds of public clouds,” said Tucci.

EMC plans on taking on the role of helping businesses move to private cloud environments, where IT administrators have the ability to view multiple data centers as a single pool of resources. These enterprises with their public clouds will also work with public cloud environments, according to Tucci.

The increased complexity and costs of current data centers serve as a catalyst for the demand for cloud computing models. Tucci says that this explosion of data—which comes from multiple sources, including the growth of mobile device users, medical imaging advancements, increased access to broadband and smart devices—is poised to grow further. “Obviously, we need a new approach, because … infrastructures are too complex and too costly. Enter the cloud. This is the new approach,” Tucci said.

According to Tucci, clouds will be based mainly on x86 architectures, feature converged networks and federated resources and will be dynamic, secure, flexible, cost efficient and reliable. These clouds will also be accessible via multiple devices, a growing need due to the ever-increasing use of mobile devices.

EMC’s May 10 announcements were focused on the push for the private cloud, including the introduction of the VPlex appliances and an expanded networking strategy. Said Tucci, “Our mission is to be your guide and to help you on this journey to the private cloud.”

Tucci said that because of the high level of performance in x86 processors from Intel and Advances Micro Devices, he isn’t predicting a long-term future for other architectures in cloud computing. Tucci used Intel’s eight-core Xeon 7500 “Nehalem EX” processors, which can offer up to 1 terabyte of storage, with systems OEMs prepping to unveil servers with as many as eight processors as an example.

Speaking about the overall growth of x86 processor shipments and revenues, Tucci said that RISC architectures and mainframes will continue to slip: “What I’m saying is, we’re convinced, and everything, that EMC does, and everything Cisco does, will be x86-based. Yes, we’re placing a bet on x86, and we’re going to an all-x86 world.” EMC is currently in the midst of a three-year process of migrating to a private cloud environment. This will include abandoning platforms like Solaris and moving to an all-x86 environment. For more information, please visit Nubifer.com.

2010: 06/03
CATEGORY: Cloud Computing
Cloud Interop
Cloud Monitoring
Cloud Security
Hosting-as-a-Service
Hybrid Cloud and On-Premise
Platform-as-a-Service
Software-as-a-Service
Leave a comment

Cloud-Optimized Infrastructure and New Services on the Horizon for Dell

Over the past three years, Dell has gained experience in the Cloud through its Data Center solutions and group-designed customized offerings for cloud and hyperscaled IT environments. The company is now putting that experience to use, releasing several new hardware, software and service offerings optimized for cloud computing environments. Dell officials launched the new offerings—which include a new partner program, new servers optimized for cloud computing and new services designed to help business migrate to the cloud—at a San Francisco event on March 24.

Based on work the Dell Data Center Solutions group has completed over the past three years, the new offerings were outlined by Valeria Knafo, senior manager of business development and business marketing for the DCS unit. According to Knafo, DCS has built customized computing infrastructures for large cloud service providers and hyperscale data centers and is now trying to make their solutions available to enterprises. Said Knafo, “We’ve taken that experience and brought it to a new set of users.”

Dell officials revealed that they have been working with Microsoft on its Windows Azure cloud platform and that the software giant will work with Dell to create joint cloud-based solutions. Dell and Microsoft will continue to collaborate around Windows Azure (including offering services) and Microsoft will continue buying Dell hardware for its Azure platform as well. Turnkey cloud solutions—including pre-tested and pre-assembled hardware, software and services packages that businesses can use to deploy and run their cloud infrastructures quickly—are among the new offerings.

A cloud solution for Web applications will be the first Platform-as-a-Service made available. The offering will combine Dell servers and services with Web application software from Joyent and will come with challenges, caution Dell officials, like unpredictable traffic and the migrating of the apps from development to production. Dell is also offering a new Cloud Partner Program. According to officials, it will broaden options for customers seeking to move into private or public clouds. Dell announced three new software companies as partners as well: Aster Data, Greenplum and Canonical.

Also on the horizon for Dell is its PowerEdge C-series servers, which are designed to be energy efficient and offer features that are vital to hyperscaled environments—HPC (high-performance computing), social networking, gaming, cloud computing, Web 2.0 functions—like memory capacity and high performance. The C1100 (designed for clustered computing environments), the C2100 (for data analytics, cloud computing and cloud storage) and the C6100 (a four-node cloud and cluster system which offers a shared infrastructure) are the three servers that make up the family.

In unveiling the PowerEdge C-Series, Dell is partaking in the increasing industry trend of offering new systems optimized for cloud computing. For example, on March 17 Fujitsu unveiled the Primergy CX1000, a rack server created to offer the high performance environments need when lowering costs and power consumption. The Primergy CX1000 can also save on data center space through a design which pushes hot air from the system through the top of the enclosure as opposed to the back.

Last, but certainly not least, are Dell’s Integrated Solution Services. They offer complete cloud lifecycle management and include workshops to assess a company’s readiness to move to the cloud. Knafo said that the services are a combination of what Dell gained with the acquisition of Perot Systems and what it had already. “There’s a great interest in the cloud, and a lot of questions on how to get to the cloud. They want a path and a roadmap identifying what the cloud can bring,” said Knafo.

Mike Wilmington, a planner and strategist for Dell’s DCS group, claimed the services will decrease confusion many enterprises may have about the cloud. Said Wilmington, “Clouds are what the customer wants them to be,” meaning that while cloud computing may offer essentially the same benefits to all enterprises (cost reductions, flexibility, improved management and greater energy efficiency) it will look different for every enterprise. For more information please visit Nubifer.com.

2010: 05/28
CATEGORY: Cloud Compliance
Cloud Computing
Cloud Interop
Cloud Monitoring
Cloud Security
Platform-as-a-Service
Software-as-a-Service
Leave a comment

Cisco, Verizon and Novell Make Announcements about Plans to Secure the Cloud

Cisco Systems, Verizon Business and Novell announce plans to launch offerings designed to heighten security in the cloud.

On April 28, Cisco announced security services based around email and the Internet that are part of the company’s cloud protection push and its Secure Borderless Network architecture; Cisco’s Secure Borderless Network architecture seeks to give users secure access to their corporate resources on any device, anywhere, at anytime.

Cisco’s IronPort Email Data Loss Prevention and Encryption, and ScanSafe Web Intelligence Reporting are designed to work with Cisco’s other web security solutions to grant companies more flexibility when it comes to their security offerings while streamlining management requirements, increasing visibility and lowering costs.

Verizon and Novell made an announcement on April 28 about their plans to collaborate to create an on-demand identity and access management service called Secure Access Services from Verizon. Secure Access Services from Verizon is designed to enable enterprises to decide and manage who is granted access to cloud-based resources. According to the companies, the identity-as-a-server solution is the first of what will be a host of joint offerings between Verizon and Novell.

According to eWeek, studies continuously indicate that businesses are likely to continue trending toward a cloud-computing environment. With that said, issues concerning security and access control remain key concerns. Officials from Cisco, Verizon and Novell say that the new services will allow businesses to feel more at ease while planning their cloud computing strategies.

“The cloud is a critical component of Cisco’s architectural approach, including its Secure Borderless Network architecture,” said vice president and general manager of Cisco’s Security technology business unit Tom Gillis in a statement. “Securing the cloud is highly challenging. But it is one of the top challenges that the industry must rise to meet as enterprises increasingly demand the flexibility, accessibility and ease of management that cloud-based applications offer for their mobile and distributed workforces.”

Cisco purchased ScanSafe in December 2009 and the result is Cisco’s ScanSafe Web Intelligence Reporting platform. The platform is designed to give users a better idea of how their Internet resources are being used, and the objective is to ensure that business-critical workloads aren’t being encumbered by non-business-related traffic. Cisco’s ScanSafe Web Intelligence Reporting platform can report on user-level data and information on Web communications activities within second, and offers over 80 predefined reports.

Designed to protect outbound email in the cloud, the IronPort email protection solution is perfect for enterprises that don’t want to manage their email. Cisco officials say that it provides hosted mailboxes (while keeping control of email policies) and also offers the option of integrated encryption.

Officials say Cisco operates over 30 data centers around the globe and that security offerings handle large quantities of activity each day—including 2.8 billion reputation look-ups, 2.5 billion web requests and the detection of more than 250 billion span messages—and these are the latest in the company’s expanding portfolio of cloud security offerings.

Verizon and Novell’s collaboration—the Secure Access Services—are designed to enable enterprises to move away from the cost and complexity associated with using traditional premises0based identity and access management software for securing applications. These new services offer centralized management of web access to applications and networks in addition to identity federation and web single sign-on.

Novell CEO Ron Hovsepian released a statement saying, “Security and identity management are critical to accelerating cloud computing adoption and by teaming with Verizon we can deliver these important solutions.” While Verizon brings the security expertise, infrastructure, management capabilities and portal to the service, Novell provides the identity and security software. For more information contact a Nubifer representative today.

2010: 05/24
CATEGORY: Cloud Compliance
Cloud Computing
Cloud Interop
Cloud Monitoring
Platform-as-a-Service
Software-as-a-Service
Uncategorized
1 comment

Amazon Sets the Record Straight About the Top Five Myths Surrounding Cloud Computing

On April 19, the 5^th International Cloud Computing Conference & Expo (Cloud Expo)opened in New York City, and Amazon Web Services (AWS) used the event as a platform to address some of what the company sees as the lingering myths about cloud computing.

AWS officials said that the company continues to grapple with questions about features of the cloud-ranging from reliability and security to cost and elasticity—despite being one of the first companies to successfully and profitably implement cloud computing solutions. Adam Selipsky, vice president of AWS, recently spoke about the persisting myths of cloud computing from Amazon’s Seattle headquarters, specifically addressing five that linger in the face of increased industry adoption of the cloud and continued successful cloud deployments. “We’ve seen a lot of misperceptions about cloud computing is,” said Selipsky before debunking five common myths.

Myth 1: The Cloud Isn’t Reliable

Chief information officers (CIOs) in enterprise organizations have difficult jobs and are usually responsible for thousands of applications, explains Selipsky in his opening argument, adding that they feel like they are responsible for the performance and security of these applications. When problems with the applications arise, CIOs are used to approaching their own people for answers and take some comfort that there is a way to take control of the situation.

Selipsky says that customers need to consider a few things when adopting the cloud, one of which is that the AWS’ operational performance is good. Selipsky reminded users that they own the data, they choose which location to store the data (and it doesn’t move unless the customer decided to move it) and that regardless of whether customers choose to encrypt or not, AWS never looks at the data.

“We have very strong data durability—we’ve designed Amazon S3 (Simple Storage Service) for eleven 9′s of durability. We store multiple copies of each object across multiple locations,” said Selipsky. He added that AWS has a “Versioning” feature which allows customers to revert to the last version of any object they somehow lose due to application failure or an unintentional deletion. Customers can also ensure additional fault-tolerant applications by deploying their applications in various Availability zones or using AWS’ Load Balancing and Auto Scaling features.

“And, all that comes with no capex [capital expenditures] for companies, a low per unit cost where you only pay for what you consume, the ability to focus on engineers on unique incremental value for your business,” said Selipsky before adding that the origin of the reliability claims come merely from an illusion of a control, not actual control. “People think if they can control it they have more say in how things go. It’s like being in a car versus an airplane, but you’re much safer in a plane,” he explained.

Myth 2: The Cloud Provides Inadequate Security and Privacy

When it comes to security, Selipsky notes that it is an end-to-end process and thus companies need to build security at every level of the stack. Taking a look at Amazon’s cloud, it is easy to note that the same security isolations are employed as with a traditional data center—including physical data center security, separation of the network, isolation of the server hardware and isolation of storage. Data centers had already become a frequently-shared infrastructure on the physical data center side before Amazon launched its cloud services. Selipsky added that companies realized that they could benefit by renting space in a data facility as opposed to building it.

When speaking about security fundamentals, Selipsky noted that security could be maintained by providing badge-controlled access, guard stations, monitored security cameras, alarms, separate cages and strictly audited procedures and processes. Not only is Amazon’s Web Services’ data center identical to the best practices employed in private data facilities, there is an added physical security advantage in the fact that customers don’t need to access to the servers and networking gear inside. Access to the data center is thus controlled more strictly than traditional rented facilities. Selipsky also added that the Amazon cloud as equal or better isolation than could be expected from dedicated infrastructure, at the physical level.

In his argument, Selipsky pointed out that networks ceased to be isolated physical islands a long time ago because, as companies increasingly began to need to connect to other companies—and then the Internet—their networks became connected with public infrastructure. Firewalls and switch configurations and other special network functionality were used to prevent bad network traffic from getting in, or conversely from leaking out. Companies began using additional isolation techniques as their network traffic increasingly passed over public infrastructure to make sure that the security of every packet on (or leaving) their network remained secure. These techniques include Multi-protocol Label Switching (MPLS) and encryption.

Amazon used a similar approach to networking in its cloud by maintaining packet-level isolation of network traffic and supporting industry-standard encryption. Amazon Web Services’ Virtual Private Cloud allows a customer to establish their own IP address space and because of that customers can use the same tools and software infrastructure they are familiar with to monitor and control their cloud networks. Amazon’s scale also allows for more investment in security policing and countermeasures than nearly and large corporation could afford. Maintains Selipsky, “Our security is strong and dug in at the DNA level.”

Amazon Web Services invests in testing and validating the security of its virtual server and storage environment significantly as well. When discussing the investments made on the hardware side, Selipsky lists:

After customers release these resources, the server and storage are wiped clean so no important data can be left behind.

Intrusion from other running instances is prevented because each instance has its own customer firewall.

Those in need of more network isolation can use Amazon VPC, which allows you to carry your own IP address space with you into the cloud; your instances are only accessible through those IP addresses only you know.

Those desiring to run on their own boxes—where no other instances are running—can purchase extra large instances where only that XL instance runs on that server.

According to Selipsky, Amazon’s scale allows for more investment in security policing and countermeasures: “In fact, we often find that we can improve companies’ security posture when they use AWS. Take the example lots of CIOs worry about—the rogue server under a developer’s desk running something destructive or that the CIO doesn’t want running. Today, it’s really hard (if not impossible) for CIOS to know how many orphans there are and where they might be. With AWS, CIOs can make a single API call and see every system running in their VPC [Virtual Private Cloud]. No more hidden servers under the desk or anonymously places servers in a rack and plugged into the corporate network. Finally, AWS is SAS-70 certified; ISO 27—1 and NIST are in process.”

Myth 3: Creating My Own In-House Cloud or Private Cloud Will Allow Me to Reap the Same Benefits of the Cloud

According to Selipsky, “There’s a lot of marketing going on about the concept of the ‘private cloud.’ We think there’s a bit of a misnomer here.” Selipsky continued to explain that generally, “we often see companies struggling to accurately measure the cost of infrastructure. Scale and utilization are big advantages for AWS. In our opinion, a cloud has five key characteristics: it eliminates capex; allows you to pay for what you use; provides true elastic capacity to scale up and down; allows you to move very quickly and provision servers in minutes; and allows you to offload the undifferentiated heavy lifting of infrastructure so your engineers work on differentiating problems.

Selipsky also pointed out the following drawbacks of private clouds: still own the capex (and they are expensive!); not pay for what you use; not have true elasticity; still manage the undifferentiated heavy lifting. “With a private cloud you have to manage capacity very carefully … or you or your private cloud vendor will end up over-provisioning. So you’re going to have to either get very good at capacity management or you’re going to wind up overpaying,” said Selipsky before challenging the elasticity of the private cloud: “The cloud is shapeless. But if it has a tight box around it, it no longer feels very cloud-like.”

One of AWS’ key offerings is Amazon’s ability to save customers money while also driving efficiency. “In virtually every case we’ve seen, we’ve been able to save people a significant amount of money,” said Selipsky. This is in part because AWS’ business has greatly expanded over the last four years and Amazon has achieved enough scale to secure very low costs. AWS has been able to aggregate hundreds of thousands of customers to have a high utilization of its infrastructure. Said Selipsky, “In our conversations with customers we see that really good enterprises are in the 20-30 percent range on utilization—and that’s when they’re good … many are not that strong. The cloud allows us to have several times that utilization. Finally, it’s worth looking at Amazon’s heritage and AWS’ history. We’re a company that works hard to lower its costs so that we can pass savings back to our customers. If you look at the history of AWS, that’s exactly what we’ve done (lowering price on EC2, S3, CloudFront, and AWS bandwidth multiple times already without any competitive pressure to do so).”

Myth 4: The Cloud Isn’t Ideal Because I Can’t Move Everything at Once

Selipsky debunks this myth by saying, “We believe this is nearly impossible and ill-advised. We recommend picking a few apps to gain experience and comfort then build a migration plan. This is what we most often see companies doing. Companies will be operating in hybrid environments for years to come. We see some companies putting some stuff on AWS and then keeping some stuff in-house. And I think that’s fine. It’s a perfectly prudent and legitimate way of proceeding.”

Myth 5: The Biggest Driver of Cloud Adoption is Cost

In busting the final myth, Selipsky said, “There is a big savings in capex and cost but what we find is that one of the main drivers of adoption is that time-to-market for ideas is much faster in the cloud because it lets you focus your engineering resources on what differentiates your business.”

Summary

Speaking about all of the myths surround the cloud, Selipsky concludes that “a lot of this revolves around psychology and fear of change, and human beings needing to gain comfort with new things. Years ago people swore they would never put their credit card information online. But that’s no longer the case. We’re seeing great momentum. We’re seeing, more and more, over time these barriers [to cloud adoption] are moving.” For additional debunked myths regarding Cloud Computing visit Nubifer.com.

2010: 05/20
CATEGORY: Cloud Compliance
Cloud Computing
Cloud Interop
Cloud Monitoring
Cloud Security
Platform-as-a-Service
Software-as-a-Service
Leave a comment

IBM Elevates Its Cloud Offerings with Purchase of Cast Iron Systems

IBM Senior Vice President and Group Executive for IBM Software Group Steve Mills announced the acquisition of cloud integration specialist Cast Iron Systems at the IBM Impact 2010 conference in Las Vegas on May 3. The privately held Cast Iron is based in Mountain View, California and delivers cloud integration software, appliances and services, thus the acquisition broadens the delivery of cloud computing services for IMB’s clients. IBM’s business process and integration software portfolio grew over 20 percent during the first quarter and the company sees this deal as a way to expand it further. The financial terms of the acquisition were not disclosed although Cast Iron Systems’ 75 employees will be integrated into IBM.

According to IBM officials, Big Blue anticipated the worldwide cloud computing market to grow at a compounded annual rate of 28 percent from $47 billion in 2008 to a projected $126 billion by 2012. The acquisition of Cast Iron Systems reflects IBM’s expansion of its software business around higher value capabilities that help clients run companies more effectively.

IBM has transformed its business model to focus on higher value, high-margin capabilities through organic and acquisitive growth in the past ten years–and the company’s software business has been a key catalyst in this shift. IBM’s software revenue grew at 11 percent year-to-year during the first quarter and the company generated $8 billion in software group profits in 2008 (up from $2.8 billion in 2000).

Since 2003, the IBM Software Group has acquired over 55 companies, and the acquisition of Cast Iron Systems is part of that. Cast Iron Systems’ clients include Allianz, Peet’s Coffee & Tea, NEC, Dow Jones, Schumacher Group, ShoreTel, Time Warner, Westmont University and Sports Authority and the cloud integration specialist has completed thousands of cloud integrations around the globe for retail organizations, financial institutions and media and entertainment companies.

IBM’s acquisition comes at a time when one of the major challenges facing businesses when adopting cloud delivery models is integrating the disparate systems running in their data centers with new cloud-based applications–which used to be time-consuming work which drained resources. IBM gains the ability to help businesses rapidly integrate their cloud-based applications and on-pemises systems, with the acquisition of Cast Iron Systems. Additionally, the acquisition advances IBM’s capabilities for a hybrid cloud model–which allows enterprises to blend data from on-premises applications with public and private cloud systems.

IBM, which is know for offering application integration capabilities for on-premises and business-to-business applications, will now be able to offer clients a complete platform to integrate cloud applications from providers like Amazon, Salesforce.com, NewSuite and ADP with on-premises applications like SAP and JD Edwards. Relationships between IBM and Amazon and Salesforce.com will essentially become friendlier due to this acquisition.

IBM said that it can use Cast Iron Systems’ hundreds of prebuilt templates and services expertise to eliminate expensive coding, thus allowing cloud integrations to be completed in mere days (rather than weeks, or even longer). These results can be achieved through using a physical appliance, a virtual appliance or a cloud service.

Craig Hayman, general manager for IBM WebSphere said in a statement, “The integration challenges Cast Iron Systems is tackling are crucial to clients who are looking to adopt alternative delivery models to manage their businesses. The combination of IBM and Cast Iron Systems will make it easy for clients to integrate business applications, no matter where those applications reside. This will give clients greater agility and, as a result, better business outcomes.”

IMB cited Cast Iron Systems helping pharmaceutical distributor Amerisource Bergen Specialty Group connecting Saleforce CRM with its on-premise corporate data warehouse as an example. The company has since been able to give its customer service associates access to the accurate, real-time information they need to deliver a positive customer experience while realizing $250,000 in annual cost savings.

Cast Irons Systems additionally aided a division of global corporate insurance leader Allianz integrate Salesforce CRM with its on-premises underwriting applications to offer real-time visibility into contract renewals for its sales team and key performance indicators for sales management. IBM said that Allianz beat its own 30-day integration project deadline by replacing labor-intensive custom code with Cast Iron Systems’ integration solution.

President and chief executive officer of Cast Iron Systems Ken Comee said, “Through IBM, we can bring Cast Iron Systems’ capabilities as the world’s leading provider of cloud integration software and services to global customer set. Companies around the world will now gain access to our technologies through IBM’s global reach and its vast network of partners. As part of IBM, we will be able to offer clients a broader set of software, services and hardware to support their cloud and other IT initiatives.”

IBM will remain consistent with its software strategy by supporting and enhancing Cast Iron Systems’ technologies and clients while simultaneously allowing them to utilize the broader IBM portfolio. For more information, visit Nubifer.com.

2010: 05/18
CATEGORY: Cloud Compliance
Cloud Computing
Cloud Interop
Hybrid Cloud and On-Premise
Platform-as-a-Service
Software-as-a-Service
1 comment

Transforming Into a Service-Centric IT Organization By Using the Cloud

While IT executives typically approach cloud services from the perspective of how they are being delivered, this model neglects what cloud services are and how they are consumed. These two facets can have a large impact on the overall IT organizations, points out eWeek Knowledge Center contributor Keith Jahn. Jahn maintains that it is very important for IT executives to veer away from the current delivery-only focus by creating a world-class supply chain for managing the supply and demand of cloud services.

Using the popular fable The Sky Is Falling, known lovingly as Chicken Little, Jahn explains a possible future scenario that IT organizations may face due to cloud computing. As the fable goes, Chicken Little embarks on a life-threatening journey to warn the king that the sky is falling and on this journey she gathers friends who join her on her quest. Eventually, the group encounters a sly fox who tricks them into thinking that he has a better path to help them reach the king. The tale can end one of two ways: the fox eats the gullible animals (thus communicating the lesson “Don’t believe everything you hear”) or the king’s hunting dogs can save the day (thus teaching a lesson about courage and perseverance).

So what does this have to do with cloud computing? Cloud computing has the capacity to bring on a scenario that will force IT organizations to change, or possibly be eliminated altogether. The entire technology supply chain as a whole will be severely impacted if IT organizations are wiped out. Traditionally, cloud is viewed as a technology disruption, and is assessed from a deliver orientation, posing questions like how can this new technology deliver solutions cheaper and better and faster? An equally important yet often ignored aspect of this equation is how cloud services are consumed. Cloud services are ready to run, self-sourced, available wherever you are and are pay-as-you-go or subscription based.

New capabilities will emerge as cloud services grow and mature and organizations must be able to solve new problems as they arise. Organizations will also be able to solve old problems cheaper, better and faster. New business models will be ushered in by cloud services and these new business models will force IT to reinvent itself in order to remain relevant. Essentially, IT must move away from its focus on the delivery and management of assets and move toward the creation of a world-class supply chain for managing supply and demand of business services.

Cloud services become a forcing function in this scenario because they are forcing IT to transform. CIOs that choose to ignore this and neglect to make transformative measures will likely see their role shift from innovation leader to CMO (Chief Maintenance Officer), in charge of maintaining legacy systems and services sourced by the business.

Analyzing the Cloud to Pinpoint Patterns

The cloud really began in what IT folks now refer to as the “Internet era,” when people were talking about what was being hosted “in the cloud.” This was the first generation of the cloud, Cloud 1.0 if you will—an enabler that originated in the enterprise. Supply Chain Management (SCM) processes were revolutionized by commercial use of the Internet as a trusted platform and eventually the IT architectural landscape was forever altered.

This model evolved and produced thousands of consumer-class services, which used next-generation Internet technologies on the front end and massive scale architectures on the back end to deliver low-cost services to economic buyers. Enter Cloud 2.0, a more advanced generation of the cloud.

Beyond Cloud 2.0

Cloud 2.0 is driven by the consumer experiences that emerged out of Cloud 1.0. A new economic model and new technologies have surfaced since then, due to Internet-based shopping, search and other services. Services can be self-sourced from anywhere and from any device—and delivered immediately—while infrastructure and applications can be sourced as services in an on-demand manner.

Currently, most of the attention when it comes to cloud services remains focused on the new techniques and sourcing alternatives for IT capabilities, aka IT-as-a-Service. IT can drive higher degrees of automation and consolidation using standardized, highly virtualized infrastructure and applications. This results in a reduction in the cost of maintaining existing solutions and delivering new solutions.

Many companies are struggling with the transition from Cloud 1.0 to Cloud 2.0 due to the technology transitions required to make the move. As this occurs, the volume of services in the commercial cloud marketplace is increasing, propagation of data into the cloud is taking place and Web 3.0/semantic Web technology is maturing. The next generation of the cloud, Cloud 3.0 is beginning to materialize because of these factors.

Cloud 3.0 is significantly different because it will enable access to information through services set in the context of the consumer experience. This means that processes can be broken into smaller pieces and subsequently automated through a collection of services, which are woven together with massive amounts of data able to be accessed. With Cloud 3.0, the need for large-scale, complex applications built around monolithic processes is eliminated. Changes will be able to be made by refactoring service models and integration achieved by subscribing to new data feeds. New connections, new capabilities and new innovations—all of which surpass the current model—will be created.

The Necessary Reinvention of IT

IT is typically organized around the various technology domains taking in new work via project requests and moving it through a Plan-Build-Run Cycle. Here lies the problem. This delivery-oriented, technology-centric approach has inherent latency built-in. This inherent latency has created increasing tension with the business it serves, which is why IT must reinvent itself.

IT must be reinvented so that it becomes the central service-sourcing control point for the enterprise or realize that the business with source them on their own. By becoming the central service-sourcing control point for the enterprise, IT can maintain the required service levels and integrations. Changes to behavior, cultural norms and organizational models are required to achieve this.

IT Must Become Service-Centric in the Cloud

IT must evolve from a technology-centric organization into a service-centric organization in order to survive, as service-centric represents an advanced state of maturity for the IT function. Service-centric allows IT to operate as a business function—a service provider—created around a set of products which customers value and are in turn willing to pay for.

As part of the business strategy, these services are organized into a service portfolio. This model differs from the capability-centric model because the deliverable is the service that is procured as a unit through a catalog and for which the components—and sources of components—are irrelevant to the buyer. With the capability-centric model, the deliverables are usually a collection of technology assets which are often visible to the economic buyer and delivered through a project-oriented life cycle.

With the service-centric model, some existing roles within the IT organization will be eliminated and some new ones will be created. The result is a more agile IT organization which is able to rapidly respond to changing business needs and compete with commercial providers in the cloud service marketplace.

Cloud 3.0: A Business Enabler

Cloud 3.0 enables business users to source services that meet their needs quickly, cost-effectively and at a good service level—and on their own, without the help of an IT organization. Cloud 3.0 will usher in breakthroughs and innovations at an unforeseen pace and scope and will introduce new threats to existing markets for companies while opening new markets for others. In this way, it can be said that cloud is more of a business revolution than a technology one.

Rather than focusing on positioning themselves to adopt and implement cloud technology, a more effective strategy for IT organizations would be to focus on transforming the IT organization into a service-centric model that is able to source, integrate and manage services with high efficiency.

Back to the story and its two possible endings:

The first scenario suggests that IT will choose to ignore that its role is being threatened and continue to focus on the delivery aspects of the cloud. Under the second scenario, IT is rescued by transforming into the service-centric organization model and becoming the single sourcing control point for services in the enterprise. This will effectively place IT in control of fostering business innovation by embracing the next wave of cloud. For more information please visit Nubifer.com.

2010: 05/14
CATEGORY: Cloud Compliance
Cloud Computing
Cloud Interop
Cloud Monitoring
Cloud Security
Platform-as-a-Service
Software-as-a-Service
Leave a comment

A Guide to Securing Sensitive Data in Cloud Environments

Due to the outsourced nature of the cloud and its innate loss of control, it is important to make sure that sensitive data is constantly and carefully monitored for protection. That task is easier said than done, which is why the following questions arise: How do you monitor a database server when its underlying hardware moves every day—sometimes even multiple times a day and sometimes without your knowledge? How do you ensure that your cloud computing vendor’s database administers and system administrators are not copying or viewing confidential records inappropriately or abusing their privileges in another way?

When deploying a secure database platform in a cloud computing environment, these obstacles and many more are bound to arise and an enterprise needs to be able to overcome them, as these barriers may be enough to prevent some enterprises from moving their on-premises approach. There are three critical architectural concerns to consider when transferring applications with sensitive data to the cloud.

Issue 1: Monitoring an Ever-changing Environment

Cloud computing grants you the ability to move servers and add or remove resources in order to maximize the use of your systems and reduce expense. This increased flexibility and efficiency often means that the database servers housing your sensitive data are constantly being provisioned and deprovisioned. Each of these scenarios represents a potential target for hackers, which is an important point to consider.

Monitoring data access becomes more difficult due to the dynamic nature of a cloud infrastructure. If the information in those applications is subject to regulations like the Payment Card Industry Data Security Standard (PCI DSS) or the Health Insurance Portability and Accountability Act (HIPAA), it is vital to make sure that it is secure.

It is essential to find a methodology that is easily deployed on new database servers without management involvement when thinking about solutions to monitor activity on these dynamic database servers. This requires a distributed model in which each instance in the cloud has a sensor or agent running locally; and this software must be able to be provisioned automatically along with the database software without requiring intrusive system management.

It won’t always be possible to reboot whenever it is necessary to install, upgrade or update the agents in a multitenancy environment such as this, and the cloud vendor may even place limitations on installation of software requiring certain privileges. With the right architecture in place, you will be able to see where your databases are hosted at any point in town and will be able to centrally log all activity and flag suspicious events across all servers wherever they are.

Issue 2: Working in a WAN

Currently, database activity monitoring solutions utilize a network-sniffing model to identify malicious queries, but this approach isn’t feasible in the cloud environment because the network encompasses the entire Internet. Another method that doesn’t work in the cloud is adding a local agent which sends all traffic to a remote server.

The solution is something that is designed for distributed processing where the local sensor is able to analyze traffic autonomously. Another thing to consider is that cloud computing resources procured are likely to be on a WAN. Network bandwidth and network latency will make off-host processing inefficient. With cloud computing, you are likely unable to colocate a server lose to your databases. This means that the time and resources spent spending every transaction to a remote server for analysis will stunt network performance and also hinder timely interruption of malicious activity.

So when securing databases in cloud computing, a better approach is to utilize a distributed monitoring solution that is based on “smart” agents. That way, once a security policy for a monitored database is in place, that agent or sensor is able to implement protection and alerting locally and thus prevent the network from turning into the gating factor for performance.

It is also necessary to test the WAN capabilities of your chosen software for remote management of distributed data centers. It should be able to encrypt all traffic between the management console and sensors to restrict exposure of sensitive data. There are also various compression techniques that can enhance performance so that alerts and policy updates are transmitted efficiently.

Issue 2: Know Who Has Privileged Access to Your Data

The activity of privileged users is one of the most difficult elements to monitor in any database implementation. It is important to remember that DBAs and system administrators know how to stealthy access and copy sensitive information (and cover their tracks afterward). There are unknown personnel at unknown sites with these access privileges in cloud computing environments. Additionally, you cannot personally conduct background checks on third parties like you would for your own staff in this situation. When looking at all of these factors, it is easy to see why protecting against inside threats is important yet difficult to do.

So how do you resolve this issue? One way is to separate duties to ensure that the activities of privileged third parties are monitored by your own staff and also that the pieces of the solution on the cloud side of the network are unable to be defeated without alerts going off. It is also necessary to be able to closely monitor individual data assets regardless of the method used to access it.

Seek out a system that knows when the data is being accessed in violation of the policy–without relying on query analytics alone. Sophisticated users with privileges can create new views, insert stored procedures into a database or generate triggers which compromise information without the SQL command arising suspicion.

Summary

Although some may wrongfully conclude that the complex nature of monitoring database in a cloud architecture isn’t worth changing from dedicated systems–or at least not just yet. With that said, most enterprises will decide that deploying applications with sensitive data on one of these models is inevitable. Leading organizations have begun to change and as a result tools are now meeting the requirements driven by the issues raised in this article.

Essentially, security should not prevent you from moving forward with deploying databases in the cloud if you think your enterprise would benefit from doing so. By looking before you leap–ensuring your security methodologies adequately address these unique cases–you can make the transition safely. For more information please visit Nubifer.com.

2010: 05/12
CATEGORY: Cloud Compliance
Cloud Computing
Cloud Security
Platform-as-a-Service
Software-as-a-Service
Leave a comment

Legal Risks for Companies to Consider Before Embracing the Cloud

Along with its never-ending stream of possibilities in revolutionizing the invention, development, deployment, scale, updating, maintenance and payment for data and applications, cloud computing brings a variety of legal risks to the table, and companies must consider these before entering a highly optimized public cloud.

Risk from uncertainty over where sensitive data and applications physically dwell arises from what Baselinemag.com calls the “nationless state” of the public cloud. Among these ricks are jurisdictions where laws governing the protection and availability of data are very different than what companies are used to. Information in the cloud can also be widely distributed across various legal and international jurisdictions (which each have different laws concerning security, privacy, data theft, data loss and intellectual property) due to the virtual and dynamic nature of cloud computing architecture.

Furthermore, when operating in the cloud, issues concerning privacy, data ownership and access to data cause many questions to arise. National or international legal precedents for cloud computing may be few and far between, but companies nonetheless must ensure that they can immediately access their information and that their service provider has appropriate backup and data-retrieval procedures in place.

A new paradigm of licensing—in which traditional software license agreements will be replaced with cloud service agreements—will be replaced with cloud service agreements as a result of the legal framework of cloud computing. Lawyers representing cloud service providers will subsequently try to reduce the liability of their clients by proposing contracts with the service provided “as is” without a warranty. Under this new paradigm, the service is provided without any assurance or promise of a specific level of performance. This added rick must be evaluated within the context of the benefits derived from the cloud as well as the proposed data which will be stored in the cloud.

Cloud computing also causes issues for companies that have to meet increasingly stringent compliance and reporting requirements for the management of their data. These issues pose major risks in protecting companies’ sensitive data and the information assets their customers have entrusted them to watch over.

In summary, enterprises must make sure that their cloud service providers specify where their data dwells, the legal framework within those specific jurisdictions and the security, backup, anti-hacking and anti-viral processes the service provider has set up. Despite these risks, cloud computing has enormous benefits which should make companies eager to take advantage of its optimization, scalability and cost savings that cloud computing provides. While embracing the cloud, companies must simply conduct a more detailed legal analysis and assessment of risks, much like they would with traditional IT services. For more information on security relating to Cloud Computing, please visit Nubifer.com.

2010: 04/21
CATEGORY: Cloud Compliance
Cloud Computing
Cloud Monitoring
Cloud Security
Software-as-a-Service
Leave a comment

The Role of Multitenancy in the Cloud

The debate over whether or not multitenancy is a prerequisite for cloud computing wages on. While those pondering the use of cloud apps might think they are removed from this debate, they might want to think again, because multitenancy is the clearest path to getting more from a cloud app while spending less.

Those in the multitenancy camp, so to say, point out that there is only a slight only difference between two subscription-based cloud apps is that one is multitenant and the other is single-tenant. The multitenant option will offer more value over time while lowering a customer’s costs and the higher degree of multitenancy—i.e. the more a cloud provider’s infrastructure and resources are shared—the lower the customer cost.

At the root of the debate is revenue and cost economics of cloud services. Revenues for most cloud app providers come from selling monthly or annual per-seat subscriptions. These bring in just a portion of the annual revenue that would be generated by an on-premise software license with comparable functionality. The challenge for selling software subscriptions comes from reducing operating costs to be able to manage with less. If this is not achieved, the provider may have to do more than an on-premise vendor does—like run multiple infrastructures, maintain multiple versions, perform upgrades and maintain customer-specific code—with less money. The answer to this conundrum is multitenancy. Multitenancy extends the cost of infrastructure and labor across the customer base. Customers sharing resources down to the database schema is perfect for scaling.

As the provider adds customers, and those customers benefit from this scaling up, the economies of scale improve. The cloud app provider is able to grow and innovate more as costs decrease and in turn value increases. Over time customers can expect to see more value (like in the form of increased functionality), even if costs don’t lower. For more information of Multitenancy, visit Nubifer.com.

2010: 04/14
CATEGORY: Cloud Computing
Cloud Interop
Cloud Security
Hosting-as-a-Service
Software-as-a-Service
Leave a comment

Google’s Plans on Expanding Its Cloud Offerings for 2010

After a few years spent plugging away in the cloud computing market, hosting its Google Apps collaboration programs for business and consumers, Google is embracing cloud computing even more in 2010. According to Google’s vice president of product management Bradley Horowitz, the company plans on focusing on Google Voice and cloud computing this year. Industry prognosticators predict that the Gizmo5 assets will boost the Google Voice phone management application and Google will be competing with IBM, Microsoft and Cisco Systems for market share in hosted applications.

According to one Google executive, we haven’t seen anything yet when it comes to Google Voice. A phone management application which lets users route calls to all of their phones from one distinct number, Google Voice features tools like automatic voicemail transcription, conference calling, SMS support and low-cost international calling. Oh, and did we mention it’s free? That might explain why there are over 1.4 million users. While 1.4 million is a mere fraction of the 500 million people around the globe using Skype, that is about to change. Currently, Google Voice users are required to have a phone carrier to use the service, something no required by the popular VOIP all Skype, but in 2010 that is going to change.

In November 2009 Google acquired Gizmo5. The maker of so-called softphone software will allow Google Voice to operate similarly to Skype, by letting users place calls via the Internet from one PC to another or even from a PC to a mobile phone or landline. Although Horowitz, who jumped ship from Yahoo two years ago and currently oversees Gmail, Google Docs, Picasa and other Google Apps, has yet to outline specifics for how exactly Google will implement Gizmo5 with Google Voice, he appeared elated with the move during a recent interview with eWeek.com.

During the interview, Horowitz described the goal of the newly-improved Google Phone as a way to seamlessly combine telephony communication as it currently resides separate from user’s experience on the Web. According to Horowitz, Google sees essentially all computing services, for work and for play, funneling through the Web in the future.

Although over two million businesses have signed up for Google Apps, there remains a sizable faction of businesses that are hesitant to embrace the cloud. Web-based social networks like Facebook and Twitter, with over 350 and 60 million users respectively, became more and more popular in 2009, which shows an increasing trend towards accepting the cloud. Essentially, worries associated with cloud computing began to dissipate in 2009, which means there is a lot to look forward to for cloud computing in 2010.

One way that Google made cloud computing more accessible last year was by showcasing the Data Liberation Front to let users export data created within users’ Google Apps to apps outside of Google’s realm. Additionally, Google launched the Google Dashboard, which lets users see exactly how much data they were creating within Google to host. Horowitz believes that Google’s trust-taking measures will pay off.

Google won’t be the only company moving deeper into cloud computing, as a whole batch of rival companies have plans to forge ahead and mark new territory in 2010. Customers and businesses will gain from the competition within cloud computing as the rivalry between companies will mean more choices for everyone. For more information on Google Apps Migration, please visit Nubifer.com.

2010: 03/11
CATEGORY: Cloud Computing
Cloud Interop
Google Apps
Software-as-a-Service
Leave a comment

The Arrival of Ubiquitous Computing

Among other things, one of the “ah ha” moments taken from this year’s CES (the world’s largest consumer technology tradeshow) was the arrival of ubiquitous computing. Formerly a purely academic concept, the data, voice, device and display convergence is now more relevant than ever. Ubiquitous convergence in consumer technology on enterprise software is poised to impact those highly involved in the field of cloud computing as well as the average consumer in the near future.

Industry prognosticators are now predicting that consumers will begin to expect the ubiquitous experience in practically everything they use on a daily basis, from their car to small household items. Take those that grew up in the digital world and will soon be entering the workforce; they will expect instant gratification when it comes to work and play and everything in between. For example, Apple made the Smartphone popular and a “must-have” item for non-enterprise consumers with its iPhone. The consumer-driven mobile phone revolution will likely seep into other areas as well, with consumers increasingly starting to expect to have a similar experience as with an iPhone in software. Due to this trend, many enterprise software vendors are now making mobile a greater priority than before, and in turn staying ahead of the curve will mean anticipating more and more ubiquitous convergence.

What Does Ubiquitous Computing Mean for ISVs?

CES showcased a wide range of new interface and display technology, such as a multi-touch screen by 3M, a screen with haptic feedback, pico projector and the list goes on. A cheap projector and a camera can combine to make virtually any surface into an interface or display, which will allow consumers to interact with software in innovative, unimaginable and unanticipated ways, thus putting ISVs to the task of supporting these new interfaces and displays. This gives ISVs the opportunity to differentiate their offering by leveraging rather than submitting to this new trend in technology.

The Combination of Location-based Apps and Geotagging

Both Google’s Favorite Places and Nokia’s Point and Find seek to organize and essentially own the information about places and objects using QR codes. The QR codes are generally easy to generate and have flexible and extensible structure to hold useful information, while the QR code readers are the devices—such as a camera phone with a working data connection—that most of us own already. When geotagging is combined with augmented reality that is already propelling the innovation in location-based apps, there is the potential for ample innovation. Smarter supply chain, sustainable product life cycle management and efficient manufacturing are all possible outcomes from the combination of location-based applications and geotagging.

The Evolution of 3D

While 3D simply adds a certain “cool” factor to playing video games or watching movies, 3D is poised to make the transition from merely a novelty into something useful. Although simply replicating 3D analog in the digital world won’t make software better, adding a third dimension could aid those looking at 2D. One way that 3D technology can be more effective is by using it in conjunction with complementing technology like multi-touch interface, to provide 3D accordances, and with location-based and mapping technology to manage objects in 3D analog world.

Rendering Technology to Outpace Non-Graphics Computation Technology

As shown by Toshiba’s TV with cell processors and ATI and nVidia’s graphic cards, the investment into rendering hardware complements the innovation in display elements (like LED, energy-efficient technology, etc). Hi-quality graphics at all former factors are being delivered via the combination of faster processors and sophisticated software. So far, enterprise software ISVs have been focusing on algorithmic computation of large volumes of data to design various solutions, and rendering computation technology lagged non-graphics data computation technology. Now rendering computation has caught up with non-graphics data and will outpace non-graphics data computation in the near future. This will allow for the creation of software that can crunch large volumes of data and leverage high-quality graphics without any lag, that delivers striking user experiences as well as realtime analytics and analysis. For more information, please visit www.nubifer.com.

2010: 02/18
CATEGORY: Cloud Compliance
Cloud Computing
Cloud Monitoring
Platform-as-a-Service
Software-as-a-Service
Leave a comment

Scaling Storage and Analysis of Data Using Distributed Data Grids

One of the most important new methods for overcoming performance bottlenecks for a large class of applications is data parallel programming on a distributed data grid. This method is predicted to have important applications in cloud computing over the next couple years, and eWeek Knowledge Center contributor William L. Bain describes ways in which a distributed data grid can be used to implement powerful, Java-based applications for parallel data analysis.

In current Information Age, companies must store and analyze a large amount of business data. Companies that have the ability to efficiently search data for important patterns will have a competitive edge over others. An e-commerce Web site, for example, needs to be able to monitor online shopping carts in order to see which products are selling faster than others. Another example is a financial services company, which needs to hone its equity trading strategy as it optimizes its response to rapidly changing market conditions.

Businesses facing these challenges have turned to distributed data grids (also called distributed caches) in order to scale their ability to manage rapidly changing data and sort through data to identify patterns and trends that require a quick response. A few key advantages are offered by distributed data grids.

Distributed data grids store memory instead of on a disk for quick access. Additionally, they run seamlessly across various servers to scale performance. Lastly, they provide a quick, easy-to-use platform for running “what if” analyses on the data they store. They can take performance to a level unable to be matches by stand-alone database serves by breaking the sequential bottleneck.

Three simple steps for building a fast, scalable data storage and analysis solution:

1. Store rapidly changing business data directly in a distributed data grid rather than on a database server

Distributed data grids are designed to plug directly into the business logic of today’s enterprise application and services. They match the in-memory view of data already used by business logic by storing data as collections of objects rather than relational database tables. Because of this, distributed data grids are easy to integrate into existing applications using simple APIs (which are available for most modern languages like Java, C# and C++).

Distributed data grids run on server farms, thus their storage capacity and throughput scale just by adding more grid servers. A distributed data grid’s ability to store and quickly access large quantities of data can expand beyond a stand-alone database server when hosted on a large server farm or in the cloud.

2. Integrate the distributed data grid with database servers in an overall storage strategy

Distributed data grids are used to complement, not replace data servers, which are the authoritative repositories for transactional data and long-term storage. With an e-commerce Web site, for example, a distributed data grid would hold shopping carts to efficiently manage a large workload of online shopping traffic. A back-end database server would meanwhile store completed transactions, inventory and customer records.

Carefully separating application code used for business logic from other code used for data access is an important factor to integrating a distributed data grid into an enterprise application’s overall strategy. Distributed data grids naturally fit into business logic, which manages data as objects. This code is where rapid access to data is required and also where distributed data grids provide the greatest benefit. The data access layer, in contract, usually focuses on converting objects into a relational form for storage in database servers (or vice versa).

A distributed data grid can be integrated with a database server so that it can automatically access data from the database server if it is missing from the distributed data grid. This is incredibly useful for certain types of data such as product or customer information (stored in the database server and retrieved when needed by the application). Most types of rapidly changing, business logic data, however, can be stored solely in a distributed data grid without ever being written out to a database server.

3. Analyze grid-based data by using simple analysis codes as well as the MapReduce programming pattern

After a collection of objects, such as a Web site’s shopping carts, has been hosted in a distributed data grid, it is important to be able to scan this data for patterns and trends. Researchers have developed a two-step method called MapReduce for analyzing large volumes of data in parallel.

As the first step, each object in the collection is analyzed for a pattern of interest by writing and running a simple algorithm that assesses each object one at a time. This algorithm is run in parallel on all objects to analyze all of the data quickly. The results that were generated by running this algorithm are next combined to determine an overall result (which will hopefully identify an important trend).

Take an e-commerce developer, for example. The developer could write a simple code which analyzes each shopping cart to rate which product categories are generating the most interest. This code could be run on all shopping carts throughout the day in order to identify important shopping trends.

Using this MapReduce programming pattern, distributed data grids offer an ideal platform for analyzing data. Distributed data grids store data as memory-based objects, and thus the analysis code is easy to write and debug as a simple “in-memory” code. Programmers don’t need to learn parallel programming techniques nor understand how the grid works. Distributed data grids also provide the infrastructure needed to automatically run this analysis code on all grid servers in parallel and then combine the results. By using a distributed data grid, the net result is that the application developer can easily and quickly harness the full scalability of the grid to quickly discover data patterns and trends that are important to the success of an enterprise. For more information, please visit www.nubifer.com.

2010: 02/16
CATEGORY: Cloud Compliance
Cloud Computing
Cloud Interop
Cloud Monitoring
Hosting-as-a-Service
Platform-as-a-Service
1 comment

Answers to Your Questions on Cloud Connectors

Jeffrey Schwartz and Michael Desmond, both editors of Redmond Developer News, recently sat down with corporate vice president of Microsoft’s Connected Systems Division, Robert Wahbe, at the recent Microsoft Professional Developers Conference (PDC) to talk about Microsoft Azure and its potential impact on the developer ecosystem at Microsoft. Responsible for managing Microsoft’s engineering teams that deliver the company’s Web services and modeling platforms, Wahbe is a major advocate of the Azure Services Platform and offers insight into how to build applications that exist within the world of Software-as-a-Service, or as Microsoft calls it, Software plus Services (S + S).

When asked how much of Windows Azure is based on Hyper-V and how much is an entirely new set of technologies, Wahbe answered, “Windows Azure is a natural evolution of our platform. We think it’s going to have a long-term radical impact with customers, partners and developers, but it’s a natural evolution.” Wahbe continued to explain how Azure brings current technologies (i.e. the server, desktop, etc.) into the cloud and is fundamentally built out of Windows Server 2008 and .NET Framework.

Wahbe also referenced the PDC keynote of Microsoft’s chief software architect, Ray Ozzie, in which Ozzie discussed how most applications are not initially created with the idea of scale-out. Explained Wahbe, expanding upon Ozzie’s points, “The notion of stateless front-ends being able to scale out, both across the data center and across data centers requires that you make sure you have the right architectural base. Microsoft will be trying hard to make sure we have the patterns and practices available to developers to get those models [so that they] can be brought onto the premises.”

As an example, Wahbe created a hypothetical situation in which Visual Studio and .NET Framework can be used to build an ASP.NET app, which in turn can either be deployed locally or to Windows Azure. The only extra step taken when deploying to Windows Azure is to specify additional metadata, such as what kind of SLA you are looking for or how many instances you are going to run on. As explained by Wahbe, the Metadata is an .XML file and as an example of an executable model, Microsoft is easily able to understand that model. “You can write those models in ‘Oslo’ using the DSL written in ‘M,’ targeting Windows Azure in those models,” concludes Wahbe.

Wahbe answered a firm “yes” when asked if there is a natural fit for application developed in Oslo, saying that it works because Oslo is “about helping you write applications more productively,” also adding that you can write any kind of application—including cloud. Although new challenges undoubtedly face development shops, the basic process of writing and deploying code remains the same. According to Wahbe, Microsoft Azure simply provides a new deployment target at a basic level.

As for the differences, developers are going to need to learn a new set of services. An example used by Wahbe is if two businesses were going to connect through a business-to-business messaging app; technology like Windows Communication Foundation can make this as easy process. With the integration of Microsoft Azure, questions about the pros and cons of using the Azure platform and the service bus (which is part of .NET services) will have to be evaluated. Azure “provides you with an out-of-the-box, Internet-scale, pub-sub solution that traverses firewalls,” according to Wahbe. And what could be bad about that?

When asked if developers should expect new development interfaces or plug-ins to Visual Studio, Wahbe answered, “You’re going to see some very natural extensions of what’s in Visual Studio today. For example, you’ll see new project types. I wouldn’t call that a new tool … I’d call it a fairly natural extension to the existing tools.” Additionally, Wahbe expressed Microsoft’s desire to deliver tools to developers as soon as possible. “We want to get a CTP [community technology preview] out early and engage in that conversation. Now we can get this thing out broadly, get the feedback, and I think for me, that’s the most powerful way to develop a platform,” explained Wahbe of the importance of developers’ using and subsequently critiquing Azure.

When asked about the possibility of competitors like Amazon and Google gaining early share due to the ambiguous time frame of Azure, Wahbe’s responded serenely, “The place to start with Amazon is [that] they’re a partner. So they’ve licensed Windows, they’ve licensed SQL, and we have shared partners. What Amazon is doing, like traditional hosters, is they’re taking a lot of the complexity out for our mutual customers around hardware. The heavy lifting that a developer has to do to tale that and then build a scale-out service in the cloud and across data centers—that’s left to the developer.” Wahbe detailed how Microsoft has base computing and base storage—the foundation of Windows Azure—as well as higher-level services such as the database in the cloud. According to Wahbe, developers no longer have to build an Internet-scale pub-sub system, nor do they have to find a new way to do social networking and contacts nor have reporting services created themselves.

In discussing the impact that cloud connecting will have on the cost of development and the management of development processes, Wahbe said, “We think we’re removing complexities out of all layers of the stack by doing this in the cloud for you … we’ll automatically do all of the configuration so you can get load-balancing across all of your instances. We’ll make sure that the data is replicated both for efficiency and also for reliability, both across an individual data center and across multiple data centers. So we think that be doing that, you can now focus much more on what your app is and less on all that application infrastructure.” Wahbe predicts that it will be simpler for developers to build applications with the adoption of Microsoft Azure. For more information on Cloud Connectors, contact a Nubifer representative today.

2010: 02/14
CATEGORY: Cloud Compliance
Cloud Computing
Cloud Interop
Cloud Monitoring
Hosting-as-a-Service
Hybrid Cloud and On-Premise
Platform-as-a-Service
Software-as-a-Service
Leave a comment

Launch of Azure

After months of media and technology buzz, Microsoft announced that Microsoft Azure, often described as “Windows in the Cloud,” would be launched on January 1, 2010. The software giant’s Internet-based cloud computing service is likely to alter the entire face of the ever-expanding cloud computing field.

Ray Ozzie, Microsoft chief software architect, revealed the official launch date for Microsoft Azure at the recent Microsoft Professional Developers Conference, held in Los Angeles. Known as an industry leader in selling packaged software like Windows operating systems and Office work programs, Microsoft is joining in on the increasing trend towards cloud computing by unveiling a program hosted on the Internet—or in the cloud.

Cloud computing is an attractive avenue for enterprise companies as well as individuals, as it eliminates the cost and time of buying, installing, updating and maintaining software on workplace machines by letting users and companies basically rent text, spreadsheet, calendar and other programs in the cloud on an as-needed basis. According to industry tracker Gartner, revenue from cloud computing will surpass 14 billion dollars annually by the end of 2013.

Speaking at the at the recent Microsoft Professional Developers Conference, Ozzie said that the first month of Windows Azure will be free of charge, with users being billed from February on. Ozzie described Windows Azure as part of a “three screens and a cloud” future, in which software is delivered across personal computers, televisions and phones connected by cloud-based services.

“Customers want choice and flexibility in how they develop and deploy applications,” explained Ozzie before continuing to say, “We’re moving into an era of solutions that are experienced by users across PCs, phones and the Web, and that are delivered from data centers we refer to as private clouds and public clouds.”

Due to advancements in the cloud made by competitors like Amazon and Google, Microsoft has been under the microscope to make the transition into offering cloud services as of late. Google, for example, has long since established Internet-based applications like its popular Web-hosted email service, Gmail, while Internet retail giant Amazon currently offers an online application platform called the Elastic Compute Cloud (EC2).

With the launch of Microsoft Azure, competition within the cloud computing field continues to expand, while the transition into the cloud for companies becomes more achievable. To see how Adopting Windows Azure could help your organization, visit Nubifer.com.

2010: 01/04
CATEGORY: Cloud Compliance
Cloud Computing
Hosting-as-a-Service
Microsoft
Platform-as-a-Service
Software-as-a-Service
Uncategorized
Windows Azure
Leave a comment

Answers to Your Questions on Cloud Connectors for Leading Platforms like Windows Azure Platform

Jeffrey Schwartz and Michael Desmond, both editors of Redmond Developer News, recently sat down with corporate vice president of Microsoft’s Connected Systems Division, Robert Wahbe, at the recent Microsoft Professional Developers Conference (PDC) to talk about Microsoft Azure and its potential impact on the developer ecosystem at Microsoft. Responsible for managing Microsoft’s engineering teams that deliver the company’s Web services and modeling platforms, Wahbe is a major advocate of the Azure Services Platform and offers insight into how to build applications that exist within the world of Software-as-a-Service, or as Microsoft calls it, Software plus Services (S + S).

2009: 07/16
CATEGORY: Cloud Compliance
Cloud Computing
Cloud Interop
Cloud Monitoring
Cloud Security
Hosting-as-a-Service
Platform-as-a-Service
Software-as-a-Service
Leave a comment

May 2013
M	T	W	T	F	S	S
« Dec
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

Cloud Computing and Software-as-a-Service

Nubifer

Categories

Top Posts

Archives

Tag Cloud

Calendar

Pages

Email Subscription

nubifer

Follow “nubifer blogs”