Archive for October, 2010

Department of Defense And Cloud Security Management

Migrating Department of Defense applications to public cloud platforms operated outside of the Department of Defense DMZ typically raise concerns about the efficacy of security protocols. Currently, the DoD data-centers rely on fire-walled barriers that are designed to prohibit interactions with those outside of its perimeter. The effectiveness of these safe-guards can be argued on a number of levels. The DoD contracts out the management of much of its data, meaning those in charge of their data are neither military nor civilian employees.

Regardless of this outsourcing, the transference of compute resources to third party platform providers will be subjected to stringent security guidelines. What may be viewed as a minor security incident could result in a revocation of security certification for the cloud services provider.

High level DoD executives realize that cloud computing offers a significant opportunity for cost savings, scalability, as well as fail-safe features that offer advantages when compared to the current DISA data-centers. Decision makers are now asking whether the externalization of the DoD workload to a public cloud cause a degradation in network security. Will the governmental auditors reject a public cloud because they cannot fully guarantee security? But the fact is that many public cloud offerings offer the same level of data security, obfuscation and redundancy that’s offered in the DoD’s internal data-centers.

DoD data-centers lock up server farms as well as associated power inside a physical structure in order to gain security. Additional controls installed include:

– Perimeter firewalls
– Demilitarized zones (DMZ) for isolating incoming transactions
– Network segmentation
– Intrusion detection devices and software for monitoring compliance with security protocols

Currently, there are a plethora of companies selling hardware devices and software packages claiming to increase data-center security. But as security threats rise, data-center management teams keep adding disparate security management devices, thus increasing not only operating costs but also the delays that are incurred as transactions travel their way through multiple security barriers.

The accumulation of these disparate security features only increase the vulnerability of systems and add to potential security loop-holes. Each data-center will ultimately have security measures that are unique to each individual situation. Therefore they are not amenable to coordinated and standardized oversight.

Cloud platform providers gain from the benefits of virtualization. Virtual machines from multiple providers are co-hosted on physical resources without any cross-referencing that can jeopardize security. This allows virtualization to be the key technology that enables the migration of applications into a cloud environment where security is provided via the hypervisor that controls each separate virtual machine.  A standardized third-party security appliance can be connected to this hypervisor allowing for consistent security services delivered to every virtual machine even if they run on differing operating systems.

Users must stop viewing protection of applications at the data center or server levels as the basis for achieving security. Instead, we have to view each individual virtual computer, with its own operating system and its own application as fully equipped to benefit from standardized security services.

A data-center may encompass thousands of virtual machines. Cloud security will be achieved by protecting virtual computers through their hypervisor on which they operate. This way, every virtual machine can be assigned a sub-set of security protocols that will carry its protection safeguards as well as security criteria. Take moving a virtual machine from a DISA data-center to the cloud, the security of a relocated virtual machine will not be compromised. Multi-tenancy of diverse applications, from varied sources is now feasible since the cloud can run diverse applications in separate security enclosures, each with their own customized security policies.

In a cloud environment the addition of a new application is simplified. Integration with security measures can be instant and seamless because a hypervisor already supports your current security protocols. And if a virtual machine can port its own security measures when migrating from one cloud to another, these integration efforts can be further reduced.

In Summation
Security services for a cloud environment can now be pooled and standardized to support a large number of virtual machines. Such pooled services can be managed to give DoD data-centers vastly improved shared security awareness.

But the overall management and monitoring of enterprise-wide security will still remain an intensive task. However, as compared with the current diversity in security methods, the transfer of applications onto a cloud platform will further reduce costs and simplify the administration of security.

Whether the Department of Defense can efficiently implement its own private cloud, or whether it will have to rely on commercially provided cloud providers is yet to be known. The DoD could rely on commercial firms for most cloud computing services, except for retaining the direct oversight over security. This could be accomplished by managing all security appliances and policies from DoD Network Control Centers that would be staffed by internal DoD personnel.

For more information regarding security of Cloud platforms and how the government is approaching Cloud Computing and Software-as-a-Service, visit Nubifer.com.

Advertisements

Microsoft Announces Office 365

Announced October 19th 2010, Microsoft is launching Office 365, the software giants’ next cloud productivity offering syncing Microsoft Office, SharePoint Online, Exchange Online and Lync Online in an “always-on” software and platform-as-a-service. Office 365 makes it simpler for organizations to get and use Microsoft’s highly-acclaimed business productivity solutions via the cloud.

With the Office 365 cloud offering, users can now work together more collaboratively from anywhere on any device with Internet connectivity, while collaborating with others inside and outside their enterprise in a secure and interoperable fashion. As part of today’s launch  announcement by Microsoft, the Redmond based software company is opening a pilot beta program for Office 365 in 13 different regions and countries.

Microsoft relied on years of experience when architecting Office 365, delivering industry-acclaimed enterprise cloud services ranging from the first browser-based e-mail to today’s Business Productivity Online Suite, Microsoft Office Live Small Business and Live@edu. Adopting the Office 365 cloud platform means Microsoft users don’t have to alter the way they work, because Office 365 works with the most prevalent browsers, smart-phone hand-sets and desktop applications people use today.

Office 365 developers worked in close association with existing customers to develop this cloud offering, resulting in a platform that is designed to meet a wide array of user needs:

“Office 365 is the best of everything we know about productivity, all in a single cloud service,” said Kurt DelBene, president of the Office Division at Microsoft. “With Office 365, your local bakery can get enterprise-caliber software and services for the first time, while a multinational pharmaceutical company can reduce costs and more easily stay current with the latest innovations. People can focus on their business, while we and our partners take care of the technology.”

With Office 365 for small businesses, professionals and small companies with fewer than 25 employees can be up and running with Office Web Apps, Exchange Online, SharePoint Online, Lync Online and an external website in just 15 minutes, for $6 per user, per month.

Microsoft Office 365 for the enterprise introduces an wide range of choices for mid and large organizations, as well as for governmental entities, starting at $2 per user, per month for basic e-mail. Office 365 for the enterprise also includes the choice to receive Microsoft Office Professional Plus on a pay-as-you-use basis. For less than $25 per user, per month, organizations can get Office Professional Plus along with webmail, voicemail, business social networking, instant messaging, Web portals, extranets, voice-conferencing, video-conferencing, web-conferencing, 24×7 phone support, on-premises licenses, and more.

Office 365 is creating new growth opportunities for Microsoft and its partners by reaching more customers and types of users and meeting more IT needs — all while reducing the financial burden for its customers.

Product Availability

Office 365 will be available worldwide in 2011. Starting today, Microsoft will begin testing Office 365 with a few thousand organizations in 13 countries and regions, with the beat expanding to include more organizations as the platform matures. Office 365 will be generally available in over 40 countries and regions next year.

Towards the end of next year, Microsoft Office 365 will offer Dynamics CRM Online in order to provide their complete business productivity experience to organizations of all varieties and scales. Additionally, Office 365 for education will debut later next year, giving students, faculty and school employees powerful technology tailored specifically to their needs.

October 19th at Noon PDT, Microsoft will launch http://www.Office365.com. Customers and partners can sign up for the Office 365 beta and learn more at that site, or follow Office 365 on Twitter (@Office365), Facebook (Office 365), or the new Office 365 blog at http://community.office365.com to get the latest information.

Nubifer is a Microsoft Registered Partner with expertise in Office, Windows 7, BPOS and Windows Azure.  Contact a representative today to learn how the Office 365 cloud platform can streamline your business processes or visit www.nubifer.com and fill out our online questionaire.

Protecting Data in the Cloud

When it comes to cloud computing, one of the major concerns is protecting the data being stored in the cloud. IT departments often lack the knowledge necessary to make informed decisions regarding the identification of sensitive data—which can cost an enterprise millions of dollars in legal costs and lost revenue.

The battle between encryption and tokenization was explored in a recent technology report, and the merits of both are being considered as securing data in the cloud becomes more and more important. Although the debate over which solution is best continues, it is ultimately good news that protection in cloud computing is available in the first place.

It is essential that data is secure while in storage or in transit (both inherent in cloud computing) in the current business climate; the protection is necessary whether dealing with retail processing, accessing personal medical records or managing government information and financial activity. It is necessary to implement the correct security measure to protect sensitive information.

So what is tokenization? Tokenization is the process in which sensitive data is segmented into one or more pieces and replaced with non-sensitive values, or tokens, and the original data is stored encrypted elsewhere. When clients need access to the sensitive data, they typically provide the token along with authentication credentials to a service that then validates the credentials, decrypts the secure data, and provides it back to the client. Even though encryption is used, the client is never involved in either the encryption or decryption process so encryption keys are never exchanged outside the token service. Tokens protect information like medical records, social security numbers, financial transactions, etc prevent unauthorized access.

Encryption, on the other hand, is the process of changing the information using an algorithm to ensure it is unreadable to anyone expect those who possess a key or special knowledge. The military and government have been using this method for some time to make sure that their sensitive information remains in the hands of the right people and organizations.

Tokenization and encryption can be applied when using cloud computing to protect the information is used in the cloud. For organizations seeking to determine which method is a better fit for them, it is necessary to ask questions about the security of the method and whether one has more pros than the others. It is necessary in this case to clearly define the objectives of the business process as well.

A clear method of protecting information is essential if cloud computing is posing benefits for the enterprise. Conversely, this can also be an obstacle to launching a cloud computing strategy. Gartner reports that 85 percent of participants cited security as a key factor that could prevent them from launching cloud-based apps.

In conclusion, there is no clear winner in the debate over tokenization versus encryption. Rather, it depends on the goals of the business and how the company plans to manage the security of their sensitive information. The data needs to be protected in a way that is easily manageable when launching a cloud computing strategy—and it is only at this point that cloud computing can be both successful and secure. For more information regarding securing data int eh cloud via tokenization, contact a Nubifer representative today.

Zoho Creator Adds Reporting & Scheduler Modules

Zoho Corp., a leader in Software as a Service business applications, announced Wednesday October 6th that their ‘Zoho Creator’ offering now allows users to create situational applications. Over the past few years, Zoho has had over 300,000 apps created on this platform, and as Zoho Creator evolves as a leading work-flow engine, they are introducing two key modules to Zoho Creator – Reports & Schedules.

Zoho offers SaaS applications and provides a wide, integrated portfolio of rich online applications for businesses. With more than 20 different applications spanning Collaboration, Business and Productivity, Zoho helps businesses and organizations get work done. Zoho’s applications are delivered via the Internet, requiring nothing but a browser, enabling organizations to focus on their business while leveraging Zoho in order to maintain the servers and keep data safe.

Reports Module
Zoho is introducing a powerful business intelligence module in Zoho Reports that lets users create different types of reports and pivot tables.This Reporting module is now integrated into Zoho Creator allowing users to analyze the data they have in their application. Users are now able to:

  • Create dynamic reports based on the data contained in their Creator app
  • Generate Pivot Tables (including multi-level pivots) with a range of options
  • Filter & Sort data with a report builder interface
  • Embed & Share reports with team members or by embedding them on a website

Scheduler Module
The newly introduced scheduler module lets users create and schedule automated tasks. These tasks can be triggered by user input or at pre-set times and/or dates. There are three general schedule types:

  • Form Schedules, which lets users configure actions to be executed based on any date/date time field in a form
  • Report Schedules lets users schedule periodic reports of data that has been added to their application
  • Custom Schedule give users the power to create and execute their own scripts

Reports Pricing

  • Two reports are available for free users and paid users with ‘Basic’ and ‘Standard’ plans.
  • Unlimited Reports are available for Paid users (Professional plans and above)

Scheduler Pricing

  • Scheduler module is available for all paid users. It includes 31 schedulers.
  • A 15 day trial version is available for free users.

These two modules are available for use now and are readily available at http://www.zoho.com.  For more information on Zoho’s suite of SaaS applications, and migration best practices please contact a Nubifer representative today. www.Nubifer.com -or- (800) 293 4496.

IBM’s Goals for Cloud Computing

With a reported $14 billion left over from its 2009 fiscal year, what is IBM going to do with it? Industry experts suggest that they are expanding upon their ability to deliver enterprise cloud computing solutions and services.

It’s expected that cloud services will add $3 billion in net revenue by 2015, says IBM’s Vice President of Cloud Computing Walt Braeger. Although IBM won’t be able to do so without acquisitions, the company’s excess of cash won’t be spent on a single acquisition—like when IBM purchased Cognos for $5 billion in 2007.

It’s been well documented that IBM has already spent a great deal on significant cloud computing acquisitions, most of which were acquired for less than $1 billion, although a few stray from that norm. IBM spent $1.4 billion on Sterling Commerce (which was a unit of AT&T and focuses on providing software that helps companies manage their channel relationships) earlier this year, for example. IBM also acquired Cast Iron Systems—who’s software systems help connect its cloud services to traditional and legacy software systems—for an undisclosed amount in May.

Cloud Computing and its Inner-workings
Because the business aspects of cloud computing are increasingly local, IBM will need to have a physical presence in many of the nations in which it hopes to build a customer base for its cloud services.

Braeger cited that IBM already has a multi-billion dollar investment in its service delivery centers, located across the globe. Because they require massive amounts of reliable bandwidth, cloud computing centers have to be located next to major Internet points of presence. IBM has not encountered bandwidth constraints as it grows its cloud computing business thus far, but that may change as focus turns to developing markets—where solutions will need to incorporate low-bandwidth mobile devices.

Organizations will utilize IBM’s cloud appliance service model, CloudBurst, in some cases. CloudBurst is a physical device that delivers a cloud, and is one of IBM’s many answers to the security fears of its customers.

CloudBurst, when initially conceptualized, was aimed at developers. This is due to the fact that developers drive so much business value that the typical enterprise devotes 30 to 50 percent of its entire technology infrastructure to development and testing. All but ten percent of that infrastructure remains idle, IBM said, thus making the case for a scalable, flexible, interoperable cloud infrastructure.

Developers and a Cloud Infrastructure
According to Braeger, cloud projects in enterprise testing have delivered on all the hype surrounding the cloud, with an average Return On Investment (ROI) in just four months, making these projects extremely attractive to organizations that are constricting IT budgets.

These types of projects require a multitude of components to be in place before they can begin delivering: self-service access to resources, a detailed service catalog, and infrastructure ready and available for instant provisioning. Those have always proven to be pain points for developers and enterprise IT in the past. For example, developers dealt with bureaucracy when requesting a system on which they could test a new application. Now though, says Braeger, the situation has changed due to a cloud-based infrastructure.

Changing the model so drastically requires IT to revamp other functions beyond deploying resources. Organizations need to develop the capacity to charge other departments for use, for example, meaning departments must be willing to be metered.

These are unlikely to be major obstacles though, at least according to Braeger. In many large enterprises, IT departments already have an accounting function and an auditing function that is standardized. Because modules that work well in a particular auditing system can be reused across a wide spectrum of customer, this makes IBM’s job easier.

Cloud Computing Living Up to the Hype
There is bound to be internal push-back, regardless of the early evidence of a quick return on investment, with so many major changes altering the daily work-flow. During his company’s annual meeting this year, IBM CEO Samuel Palmisano told shareholders that despite the turmoil, cloud technologies are slated to revolutionize how IT functions within the enterprise.

Braeger did admit that hype surrounding cloud computing is current at what industry researcher Gartner would call a “peak of inflated expectations”, which is inevitably followed by a “trough of disillusionment”—but is able to highlight the cloud’s demonstrated success in delivering a quick ROI and more efficient IT services as a reason not to be concerned.