February 22, 2010
” Excellent post Simon and you highlight some of the major security concerns that C levels have when it comes to cloud computing. Another concern should also be the importance of your cloud provider’s reputation. Potential cloud customers need to ask: Who is really managing my company’s sensitive information? What are their internal security practices? How well do they handle incident response? How reliable is the infrastructure that provides the service? Are they prone to service outages? How can my service provider recover my cloud stuff? All of those are very valid questions and concerns that lurk in the minds of potential cloud adopters. Let’s put some of those concerns to rest!” Paul Richards
Thanks for that response Paul, you have highlighted some great points that customers should ask potential providers at both a technical and operational level. Customers should also question:
- The provider’s financial stability. Will they be able to keep systems up and running? What is their pedigree in providing such system availability over time? (Not just in the last twelve months!)
- The SLA’s (Service Level Agreements) they provide.
- The providers approach to recovery. Will they recover the system on failure or disaster? In what time? To what extent? Business continuity and recovery should always be a ‘must have’ rather than an after thought.
Your points also interlink well with my response to Baggy on data portability. As stated there; it’s critical to know who is managing your data, how secure it is and how easy it is to port. These are all critical questions to ask when selecting a cloud services provider.
February 15, 2010
As promised a while back, I wanted to discuss some of the points made by Baggy on one of my recent posts (see more detail here).
“I was very interested by the first few paragraphs regarding portability. I have come across a large multinational who have been severely restricted by their current hosting and managed service provider to allow their business continuity company to port/replicate and even vault their data off their production site. The reason given by their hosting provider for the restriction …?…”you are utilising a shared disk model and we cannot RISK the chance your third party may interfere with other clients using the same platform”. Sounds unbelievable I know but absolutely true!” Baggy
I have to say I am slightly concerned on a number of points here. To start with if the company has signed a contract that prevents it from signing an alternative contract to port/replicate/backup their production data for business continuity, surely that’s anti-competitive!
Secondly, it’s the customer’s data and they have the right to mitigate risk across two providers. The reason given to the customer by their hosting provider around “utilising shared disk” and the possibility of “third party interference with other clients”, suggests to me that the overall security of the platform is definitely questionable.
There is a possibility that the hosting provider’s technology may not allow data portability at a hardware level, but at a software level it should definitely be possible. Of course, it would dependant upon the amount of data the customer wants to port/replicate/backup as the network could restrict the desired RPO (recovery point objective) and the RTO (Recovery Time Objective).
If I were the customer I would challenge the supplier further – after all who owns the data? The provider may own the infrastructure but should support the customer, especially when the customer is simply looking to increase their overall resilience.
If I were looking to outsource any of my compute and data needs I always start by asking what the suppliers approach to data portability is.
Thanks again for your comments Baggy!
February 8, 2010
Some of you may remember one of my recent blog posts “2010: Demise of the desktop?” well, a recent report by business consultancy Deloitte, published in Computer Weekly, supports my sentiment. The article states that companies will increasingly allow their workers to choose their own devices to link into the corporate network. Interesting to note it also supports the idea of a self-maintenance or ‘car allowance’ type agreement that will help to drive adoption.
I think adoption of Hosted Virtual Desktop (HVD) will see organisations drive applications through web services or a common architecture ‘shop window’ like a browser. There is also the possibility to use a terminal server or desktop emulation software to ensure the processing stays within the organisations data centre. Exciting stuff!
However, the first hurdle in any move toward HVD is the perceived risk associated with loss of control. These risks include; security of your company’s network and data, as well as the means of accessing your company’s electronic assets; after all the information contained within these networks is the life blood of any organisation?
So how does a company lay down enough governance to protect itself? Well, one way of course is for organisations to continue to dictate security standards i.e. making it compulsory for staff to run Anti Virus (AV) software. But moving to HVD definitely needs wider consideration – it’s a potential mine field of regulation and risk. But once standards and policies are in place, I believe there are real business benefits to be enjoyed.
So what would your top three considerations for governance in providing the ability for you to adopt the notion of employee ‘self provision’ for access to corporate compute resources?
I don’t know about you, but I’d prefer to use my Apple laptop for work or maybe in a few years even an iPad!
February 2, 2010
I read recently some interesting articles on the use of cloud computing by US government agencies, specifically the US Navy.
Since October 2008 the US government – namely the DISA (Defence Information Systems Agency) has used IaaS (Infrastructure as a Service) to deploy RACE (Rapid Access Computing Environment) http://www.disa.mil/race/
RACE provides 24-hour computing resource within a secure private cloud environment, as and when required by anyone with a US government credit card or a completed MIPR (Military Interdepartmental Purchase Request).
OK, so you may not think this in itself is a big deal. But the article, goes on to suggest that the US navy (through the Naval Network Warfare Command) are starting to look outside of their secure, confined, controlled infrastructure walls and potentially run certain computing requirements in both private and public clouds provided by third parties!
Every year annual tests called ‘Trident Warriors’ are conducted on various Navy IT projects. For example after the devastation caused by Hurricane Katrina various Navy personnel participated in a Trident Warrior exercise to test new web-based communications technologies; assessing their usability and value in a real-world environment. For further information on such test (http://www.navy.mil/search/display.asp?story_id=24281)
Trident Warrior exercises include stringent technological testing to ensure that the US Navy know exactly what works and what doesn’t work.
Recently the United States Department of Defense (DoD) conducted Trident Warrior tests on third party cloud computing provision supplied to the US Navy through the Amazon EC2 (Elastic Compute Cloud) and S3 (Simple Storage Service). The Navy used the cloud to run several applications and tested ‘data-in-motion’ security. These first tests conclude that the use of third party, public and private cloud computing for global connectivity, server failover and application access for some applications is OK.
I’ll will be keeping a keen eye on the results of the second round of tests – due to be conducted in Trident Warrior ’10 and released this spring. It will be interesting to see if the adoption of third party provision of cloud is accelerated by any endorsement from what must be one of the most mission critical, security conscious users of computing in the world!
January 29, 2010
After what seems one of the most eagerly awaited consumer product launches in recent times the apple iPad is finally here. So was it worth the wait? Well so far it looks like reaction is split; many see its potential and can’t wait to get their hands on it. Whilst the other camp state it doesn’t have the credentials they were expecting or the edge that we expect from Apple to make it a ground breaking consumer product, suggesting that in actual fact it’s just an oversized iTouch. My girlfriend thinks it looks childlike, just like an etch-a-sketch!
Personally, I have a mixed reaction to the product too. It doesn’t have some of the functionality that we have come to expect from netbooks/laptops, for example it’s got no camera, no microphone, no USB port, and no SD (secure digital) card slot. The 3G version is strictly limited to carrying data. It would be a positive move by Apple to include these but Apple does have a penchant to release the additional ‘benefits’ in later generations of it’s product set.. I would not be surprised if Apple has the next three generations mapped out in their roadmap already! Just look at each generation of the iPOD, iTouch and the iPhone!
I would have been really pleased to see a cut down version of OS X as it would have really opened up the platform to the Windows/Linux dominated netbook/laptop market. I am a big fan of MacBook and OS X! Instead iPad has an iPhone interface, which although limits functionality in some ways ensures that Apples series of products continue to provide accessibility, simplicity and excitement to an audience with a varying degree of technical ability.
The massive success of the App Store will no doubt have a massive part to play in making the iPad a great success – you can’t doubt the app stores popularity (see my previous blog on smartphones with Apple vs. Android). It’s this ‘cool’ apps factor married with iPad’s simplicity that other tablet devices have been missing in the past.
But is it really a ground breaking concept? What do you think? Have a look at the picture below (courtesy of IPS Network World Inc 1986!) and see what you think! Yes I did say 1986!!!!
Courtesy of IPS Network World Inc 1986
January 19, 2010
Are you ready to take the jump and get yourself into the game? Is jumping into the ‘cloud’ too much of a risk right now? Can you weigh up the benefits of cloud against the perceived risks?
Whilst one cannot take such strategic decisions lightly… break up the day with some fun and try our fiendishly simple yet tricky game ‘StratosFear’. Journey through the clouds, collecting SunGard services along the way… all before the Sun sets and your time is up!
I’ve played it a number of times, it’s a little addictive and quite tricky – Give it a try and better still invite three friends and you’ll get a chance to nominate one of the supported charities!
Enjoy… Like most of us in some way or another we are all in it to win it!