Containers are changing the security landscape for software development and deployment. As with any security solutions, security approaches that work for developers, operations personnel and security professionals is a requirement.
In his session at DevOps Summit, Kevin Gilpin, CTO and Co-Founder of Conjur, will discuss various security considerations for container-based infrastructure and related DevOps workflows.

read more

(c)iStock.com/binabina

Everyone is looking for that silver bullet which makes their cloud implementations a success. It’s little wonder that events such as Cloud World Forum and Cloud Expo are at the forefront of executives’ minds.

At Cloud World Forum in London last week, MongoDB VP strategy Kelly Stirman spoke of five directions in which the industry is changing, and how companies can make their cloud success a reality: embrace failure, double down on ops, and pick your partners wisely.

Rule number one, Stirman argued, was to embrace failure. To be able to embrace failure, you need to iterate quicker. “Today, customers expect applications faster,” he tells CloudTech. “When you wake up in the morning, you look for apps to have been installed on your phone, and to do that people need to embrace a more iterative project development lifecycle.

“Cloud makes this possible because the lead time to do things and the cost to do things is so much less, that it becomes reasonable to screw up and then recover,” he adds. “Most people aren’t comfortable with that.”

Quick iteration links in to point number two – move beyond lift and shift. Amazon is not doing releases every few days, but every few seconds. It’s a world away from where most companies are, but Stirman argues simply taking your existing application stack and moving it to the cloud isn’t going to give you a huge amount of value.

“Most people think ‘it’s going to take eight weeks for IT to get my infrastructure ready for my application, and the cloud can be just a couple of minutes’, but that’s kind of it,” he says. “If your application didn’t scale, or you had some limitation in your data centre, it’s going to be the exact same problem – or worse – with cloud.”

Stirman adds: “Things that are really important about the cloud, like elasticity, paying for what you actually use, different storage products so you can optimise for hot and cold data, programmable automated infrastructure – that’s what really is powerful and valuable about the cloud, and you need to make that part of how you think about using [it], not just lift and shift.”

Vendor lock-in, although a long-term enterprise IT issue, has long since been a worry for businesses moving to the cloud, finding the implementation is not for them as their business needs change and then finding they can’t get out of it. But it still warrants a warning note from Stirman.

He explains: “The slightly controversial assertion I made [was] in my lifetime, the tow most proprietary technologies that have come to market have been Apple and cloud. These cloud vendors [are] all based on open source software, and different types of standards – but they themselves are highly proprietary. It is inevitable that you are going to get locked in.”

Cloud products are ‘carefully designed’ for a lock in, he argues. The pricing models are the same, you can’t compare prices between offerings, there are charges to get data in, there are charges to get data out, and so on. “All of these players are adding value on top of the core stack, and the more you use those, the more you get locked in,” Stirman says.

Stirman took to burst two myths around the cloud. The first was regarding the security of the cloud – a subject which is often a bugbear for executives as survey data bears out. “It’s just not true,” he says. “Most of these guys are vastly more secure than any of us can design in our own systems.” Secondly, the idea that if you move to the cloud your operations teams halve is also a red herring. “You need them more than ever, because what you’re going to do is use way more infrastructure,” he says. “The operational obligations you have are directly proportional to the number of operating systems. So if you take a big server and slice it up for virtualisation, you are increasing your operational overhead.”

The MongoDB exec saved his most controversial comments for last; there will only be three players in the cloud infrastructure as a service (IaaS) space; Amazon, Google, and Microsoft. Everyone else will run out of money. “The real cloud opportunity is going to be products that are mostly infrastructure as a service agnostic; they are layers you could play in a cloud vendor, or across those three that give value add services,” he explains.

“What’s going to be interesting to see is, are Amazon and Google and Microsoft going to let other vendors come in and play in their infrastructure stack, or are they going to hold people out, the way Apple does, and really own the value added services on top of the stack?

“You’ve got to pick your partner carefully,” he adds.

(c)iStock.com/mustafahacalaki

Cloud usage is rocketing amongst UK business users – but the final decision making falls to the head of IT or the chief information officer in almost three in five (59%) cases, according to latest research.

The research, from cloud hosting provider Cobweb Solutions, shows more organisations are turning to cloud for all their business needs, with UK cloud penetration reaching a high of 84%.

78% of businesses are using more than one cloud-based service, figures which correlate with a recent Forrester survey showing 84% of UK companies rely on two or more cloud providers, compared to Singapore (76%) and the US (62%). Half of respondents expect to eventually move their entire IT estate to the cloud.

Despite the issues with security, 99% of respondents have never experienced a breach of security when using a cloud service. The applications most likely to be stored in specific locations are accounting and finance (49%), data backup and disaster recovery (43%) and data storage (43%). 70% of respondents cited concerns over data security when moving to the cloud, with 61% concerned over data privacy.

Yet the issue over who has final say over cloud implementations is a worry for Cobweb, who argues businesses may be failing to see the “holistic potential of integrated cloud solutions”, instead just seeing cloud computing as a new delivery mechanism for software.

“Using a cloud computing solution can fundamentally enhance the way an organisation does business,” Ash Patel, Cobweb director of business transformation said in a statement, adding: “It offers the liberating ability to build entirely new services that customers and partners can easily access and make part of their daily lives.

“Making best use of this liberating technology is a question not solely for the IT team, but for the whole board of directors who can use the cloud to shape a new and more effective way of doing business.”

Do you agree with this analysis?

“AgilData is the next generation of dbShards. It just adds a whole bunch more functionality to improve the developer experience,” noted Dan Lynn, CEO of AgilData, in this SYS-CON.tv interview at 16th Cloud Expo, held June 9-11, 2015, at the Javits Center in New York City.

read more

“A lot of the enterprises that have been using our systems for many years are reaching out to the cloud – the public cloud, the private cloud and hybrid,” stated Reuven Harrison, CTO and Co-Founder of Tufin, in this SYS-CON.tv interview at 16th Cloud Expo, held June 9-11, 2015, at the Javits Center in New York City.

read more

(c)iStock.com/DHuss

At the Amazon Public Sector Symposium last week, the NSA announced that it will be moving some of its IT infrastructure to AWS. The NSA follows several other federal agencies, including the Department of Defense and the National Geospatial-Intelligence Agency (NGA), in joining the CIA in the Amazon cloud in the last 9 months.

“The infrastructure as a service which Amazon provides has shown us significant IT efficiencies,” said Alex Voultepsis, chief of the engineering for the NSA’s Intelligence Community Special Operations Group, at a panel last week. Voultepsis then estimated that the agency will save 50-55% on infrastructure costs alone by moving to AWS.

The state of the government cloud

In 2010, the CIO of the U.S. government, Vivek Kundra, famously declared that the federal government must move to a “cloud first” policy. It has taken five years for the first federal agencies to get on board, but there is a long way to go. According to a report released by the U.S. Government Accountability Office, an average of 2% of IT spend went towards cloud computing in 2014. The seven largest federal agencies did not even consider cloud computing services for 67% of their projects.

The Cloud Computing Caucus Advisory Group (CCCAG), a nonprofit that builds awareness of the role of cloud computing in society, industry and government, regularly speaks with government IT leaders to discuss the cloud. According to a report in Forbes, CCCAG’s leaders frequently hear concerns such as “the costs savings aren’t real, the technologies aren’t proven” or “there’s not enough data security.” Research conducted by the Congressional Research Service similarly cites security, network infrastructure requirements, and compliance as the largest challenges.

Despite resistance, analysts believe the federal government is at a tipping point in cloud adoption. The IDG estimates that in 2014, federal government spending on private cloud was $1.7 billion, with just $118.3 million on public cloud; they expect this number will double by the end of 2015.

The reason for these sunny projections? Analysts anticipate that adoption of the cloud by the Department of Defense and other early adopters on the state level — including health and security agencies that obviously have very sophisticated security and compliance requirements — will push hesitant federal agencies out of the pilot phase.

Healthcare and defence on AWS

Federal and state Health and Human Services Departments must adhere to very restrictive and punitive data hosting standards. However, special federal and state regulations and incentives have provided strong incentives for state HHS departments to develop Electronic Health Record (EHR), Health Insurance Exchanges (HIX) and Health Information Exchanges (HIE) systems on the cloud. The success of these projects should serve as a model to cloud-averse federal agencies.

Massachusetts Executive Office of Health and Human Services (EOHHS) is a prime example of an early cloud adopter. In 2014, Massachusetts EOHHS launched Virtual Gateway (VG), a platform that connects more than fifteen state agencies, on Logicworks’ hosted private cloud. VG provides over forty software applications used by eighty thousand users including state workers, health care providers, and the public. Healthcare providers may use VG applications to send claims to the EOHHS or to submit disease information to the Department of Public Health, reducing redundancy and improving reliability of services.

“By consolidating information and online services in a single location on the Internet, the Virtual Gateway, a critical computing infrastructure platform, simplifies the process of connecting people to critical health and human services programs and information,” said Manu Tandon, Chief Information Officer for Massachusetts EOHHS.

The rapid progress of Health Information Exchanges (HIEs) across most states should also serve as a model for federal agencies. Largely driven by the HITECH Act, states and providers are required to consolidate and secure health records across multiple local agencies and hospitals, in order to improve interoperability of systems and quality of care for patients. In many cases, these organizations are enabled and supported financially by statewide health information exchange grants from the Office of the National Coordinator for Health Information Technology. The HIEs for 30 states are currently hosted on a private cloud, and California’s HIE, CalIndex, is hosted on Amazon Web Services.

Consolidating IT resources across agencies

Regulations in this vertical were specifically oriented to the interoperability of data across multiple agencies, hospitals, and providers. This is a challenge that the cloud is able to fulfill more simply and inexpensively than traditional hosting. The ability to share cloud resources across multiple agencies is also a clear benefit of cloud-based hosting for the federal government, and the success of state-run agencies and large, complex federal departments like the Department of Defense will recommend the cloud as a key interoperability solution.

A similar need existed among multiple defense agencies. Commercial Cloud Services (C2S), the Amazon cloud region established by the Central Intelligence Agency for classified data, is now open to all 17 federal intelligence agencies, according to TechTarget reporting.

“We cannot continue to operate in the silo mentality of each agency not talking to each other…we’re leveraging this initiative to start working together,” said Jason Hess, cloud security manager for The National Geospatial-Intelligence Agency (NGA).

In the next 6-18 months, SaaS and IaaS offerings for the government cloud will likely become more robust to meet the growing demand of federal agencies. Lessons from the cloud deployments of the most highly regulated federal and state agencies will accelerate cloud adoption. Hopefully, agencies beyond defense and healthcare will soon be able to pass on cost savings — and improved service quality — to taxpayers.

The post Government Cloud on the Rise: NSA, DOJ Move to Amazon Web Services appeared first on Gathering Clouds.

In his session at 16th Cloud Expo, Simone Brunozzi, VP and Chief Technologist of Cloud Services at VMware, reviewed the changes that the cloud computing industry has gone through over the last five years and shared insights into what the next five will bring. He also chronicled the challenges enterprise companies are facing as they move to the public cloud.
He delved into the “Hybrid Cloud” space and explained why every CIO should consider ‘hybrid cloud’ as part of their future strategy to achieve strong security, compliance, and fast-app provisioning without having to reinvent processes or retrain the workforce.

read more