Cloud computing has clearly sparked the imagination of business leaders, who see it as a powerful new way to be innovative and gain first-mover advantages.
It now falls to CIOs to not only rapidly adapt to cloud computing, but to find the ways to protect their employees and customers as they adopt cloud models – even as security threats grow.
This is a serious — but not insurmountable challenge.
Cloud computing has clearly sparked the imagination of business leaders, who see it as a powerful new way to be innovative and gain first-mover advantages — with or without traditional IT’s consent.
Todas las entradas hechas por Latest News from Cloud Computing Journal
Cloud-Based Collaboration Services in Asia-Pacific Gov
Government agencies are reportedly one of the primary benefactors of managed cloud services. According to the results from a recent market study by IDC, IT decision-makers across the Asia-Pacific region (excluding Japan) found that 59 percent of public sector respondents are confident in the ability of their internal IT departments to deploy private cloud environments.
However, IDC Government Insights cautions that high levels of private cloud adoption may not bode well for a collaborative and citizen-engaging government and preemptive measures should be taken for collaboration to take place across organizational boundaries. More insights can be found in the IDC report entitled, «Cloud Computing for Government: a View from Asia-Pacific.»
Frank Levering, Research Manager for IDC said, «An efficient and productive internal IT department is definitely a good to have in any organization, private or public. However, a department that is highly confident in running its own private cloud environment may run the risk of not reaching out to other internal departments to collaborate on cloud opportunities.»
To counter this possibility, IDC recommends that whenever possible, governments should consider cloud-based collaboration services rather than independent private cloud solutions.
Although governments will initially be seeking cloud-based solutions to deliver cost advantages and better manage resources, eventually, cloud implementations need to be about inter-department collaborations and citizen relationship management in order to reap the full benefits of its capabilities to deliver optimal citizen services.
This is particularly important for key initiatives like data classification for security purposes; if agencies do not align their security levels, it would prove to be a massive obstacle for future joint efforts.
A positive sign is that governments across the region are growing to recognize the need for collaboration within the cloud space. There is already a significant installed base of collaborative applications in the cloud and the numbers will grow significantly in the next 12 months.
To optimize the benefits of cloud services, IDC offers recommendations to governments:
- Evaluate all aspects of cloud computing. Read everything you can get your hands on. Most suppliers will have recognized that the key to their long-term success is their short-term role as an educator. Since security is a big concern, develop security profiles for all suppliers being considered.
- Service-oriented architecture (SOA) first, then cloud. The right SOA needs to be in place to facilitate a smooth connection to external cloud services. Government agencies needing to build a robust SOA require a plan that tackles the transition in bite-size pieces while solidifying long-term migration to the shared services architecture. Remove the key barriers to cloud computing.
- Challenges like security concerns and decentralized data storage will be blocking issues until they are acknowledged and appropriately addressed. Many of the more complex scenarios, like customer/citizen relationship management and inter-department collaboration will depend on a government’s ability to get the basics right.
- Know your current environment. An inventory of the current environment should provide a good indication of whether systems contain sensitive data, including taxpayers’ personally identifiable information and/or mission-critical data and (legacy) applications. This will provide an excellent start to planning for cloud services adoption.
Does Cloud Storage Make Sense for Businesses?
For the past several years, companies have been making use of cloud computing solutions. Cloud solutions offer agility and scalability that are often hard to duplicate in-house, and they offer a way for companies to meet specific business functions without large capital investments. Cloud-based storage is one of the areas that has seen relatively little activity in the business world, while it’s taken serious hold in the consumer marketplace.
The success of companies like Dropbox in providing cloud-based storage solutions, however, has more and more businesses asking whether such solutions make sense for them.
Cloud Expo New York: The Dark Side of Virtualization
Virtualization and private cloud are good for server consolidation, creating flexible environments, and saving IT budget dollars. A recent survey of 1200 companies with 500+ employees showed that 59% had server virtualization in production or pilot. But that doesn’t tell the whole story.
In his session at the 10th International Cloud Expo, Dave Asprey, VP of Cloud Security at Trend Micro, will explain the types of situations when you should consider not virtualizing some of your applications. Reasons range from technical to legal to IT ops to politics to finances. Attend this session, and hear a true IT insider’s guide to the truth about virtualization.
Cloud Control Does Not Necessarily Imply Cloud Security
Most of the commentary written about companies moving to the Cloud focuses on the loss of control over company data as a consequence of giving up self-hosted infrastructure. There is usually an implication that this is bad. I believe that is not necessarily a given. How may stories do you read daily about data breaches unrelated […]
Advances in Clouds – Research in Future Cloud Computing
It has been more than two years since the European Commission published in January 2010 its pioneering report about the Future of Cloud Computing. A group of experts was established with the aim to evaluate the state-of-the-art and develop future research directions in cloud computing. Since then, there has been considerable advances in the field, developments have closed some gaps that were identified in this report, but more challenges have emerged.
We were re-convened by the European Commission in 2011 in order to capture these changes and maintain a state-of-the-art view on cloud computing technologies, its position in and its relevance for Europe. The experts, led by Keith Jeffery, Lutz Schubert and Maria Tsakali, have produced a final version of this report entitled Advances in Clouds – Research in Future Cloud Computing.
The report brings valuable information for people defining Cloud Computing strategies, developing innovative research lines, or exploring emerging market opportunities beyond today’s Clouds. It is a must-read.
Unified Communications as a Service (UCaaS) Opportunities in Ontario
The bare bones skeleton of the Canada Cloud Roadmap is now available – This provides the outline document that we will then populate with exciting new Cloud products and services. The first of these is ‘UCaaS’ – Unified Communications as a Service. How we build and launch new Cloud services is the magic formula that […]
Is HTML5 Web 3.0?
About six years ago I wrote a blog titled “I have no idea what Web 2.0 means“. That blog had link to a video where IT leaders were helplessly trying to explain what Web 2.0 means. One guy said something like this, “Everyone wants to do it, and you can’t find enough people to do […]
Tracelytics Heats Up Cloud-based APM
Gaining visibility to application performance is key. Application Performance Management (APM) solutions are not new and provide insight to tiers within an application stack. With the entry of cloud based computing in the past couple of years, the APM world got a bit more complex. APM is mature enough to consider cloud-based providers in the […]
FedRAMP Releases Updated Security Assessment Plan Templates
Last week the GSA FedRAMP Program Office released the latest version of the cloud computing Security Assessment Plan (SAR) template. This document is the most recent step toward the Federal governments goal of establishing FedRAMP initial operating Capability by June 2012.
The Federal Risk Authorization Management Program (FedRAMP) is
a government-wide program that provides a standardized approach to security assessment,
authorization, and continuous monitoring for Cloud Service Providers (CSP).
Testing security controls is an integral part of the FedRAMP security
authorization requirements and enables Federal Agencies to use the findings
that result from the tests to make risk-based decisions. Providing a plan for
security control ensures that the process runs smoothly. This document has been designed for CSP Third-Party
Independent Assessors (3PAOs) to use for planning security testing of CSPs.
Once filled out, this document constitutes a plan for testing. Actual findings
from the tests are to be recorded in FedRAMP security test procedure workbooks
and a Security Assessment Report (SAR).
a government-wide program that provides a standardized approach to security assessment,
authorization, and continuous monitoring for Cloud Service Providers (CSP).
Testing security controls is an integral part of the FedRAMP security
authorization requirements and enables Federal Agencies to use the findings
that result from the tests to make risk-based decisions. Providing a plan for
security control ensures that the process runs smoothly. This document has been designed for CSP Third-Party
Independent Assessors (3PAOs) to use for planning security testing of CSPs.
Once filled out, this document constitutes a plan for testing. Actual findings
from the tests are to be recorded in FedRAMP security test procedure workbooks
and a Security Assessment Report (SAR).
This release also includes templates for:
- Information Technology Contingency Plan
- Control Implementation Summary (CIS)
- eAuthentication
- Plan of Action and Milestones (POA&M)
- Rules of Behavior
- Privacy Threshold Analysis and Privacy Impact Assessment
- Security Assessment Plan; and
- FedRAMP System Security Plan
( Thank you. If you enjoyed this article, get free updates by email or RSS – KLJ )
Follow me at http://Twitter.com/Kevin_Jackson