A More Practical View of Cloud Brokers

#cloud The conventional view of cloud brokers misses the need to enforce policies and ensure compliance

cloudbrokerviews During a dinner at VMworld organized by Lilac Schoenbeck of BMC, we had the chance to chat up cloud and related issues with Kia Behnia, CTO at BMC. Discussion turned, naturally I think, to process. That could be because BMC is heavily invested in automating and orchestrating processes. Despite the nomenclature used (business process management) for IT this is a focus on operational process automation, though eventually IT will have to raise the bar and focus on the more businessy aspects of IT and operations.

Alex Williams postulated the decreasing need for IT in an increasingly cloudy world. On the surface this generally seems to be an accurate observation. After all, when business users can provision applications a la SaaS to serve their needs do you really need IT? Even in cases where you’re deploying a fairly simple web site, the process has become so abstracted as to comprise the push of a button, dragging some components after specifying a template, and voila! Web site deployed, no IT necessary.

While from a technical difficulty perspective this may be true (and if we say it is, it is for only the smallest of organizations) there are many responsibilities of IT that are simply overlooked and, as we all know, underappreciated for what they provide, not the least of which is being able to understand the technical implications of regulations and requirements like HIPAA, PCI-DSS, and SOX – all of which have some technical aspect to them and need to be enforced, well, with technology.

See, choosing a cloud deployment environment is not just about “will this workload run in cloud X”. It’s far more complex than that, with many more variables that are often hidden from the end-user, a.k.a. the business peoples. Yes, cost is important. Yes, performance is important. And these are characteristics we may be able to gather with a cloud broker. But what we can’t know is whether or not a particular cloud will be able to enforce other policies – those handed down by governments around the globe and those put into writing by the organization itself.

Imagine the horror of a CxO upon discovering an errant employee with a credit card has just violated a regulation that will result in Severe Financial Penalties or worse – jail. These are serious issues that conventional views of cloud brokers simply do not take into account. It’s one thing to violate an organizational policy regarding e-mailing confidential data to your Gmail account, it’s quite another to violate some of the government regulations that govern not only data at rest but in flight.

A PRACTICAL VIEW of CLOUD BROKERS

Thus, it seems a more practical view of cloud brokers is necessary; a view that enables such solutions to not only consider performance and price, but ability to adhere to and enforce corporate and regulatory polices. Such a data center hosted cloud broker would be able to take into consideration these very important factors when making decisions regarding the optimal deployment environment for a given application. That may be a public cloud, it may be a private cloud – it may be a dynamic data center. The resulting decision (and options) are not nearly as important as the ability for IT to ensure that the technical aspects of policies are included in the decision making process.

And it must be IT that codifies those requirements into a policy that can be leveraged by the  broker and ultimately the end-user to help make deployment decisions. Business users, when faced with requirements for web application firewalls in PCI-DSS, for example, or ensuring a default “deny all” policy on firewalls and routers, are unlikely able to evaluate public cloud offerings for ability to meet such requirements. That’s the role of IT, and even wearing rainbow-colored cloud glasses can’t eliminate the very real and important role IT has to play here.

The role of IT may be changing, transforming, but it is no way being eliminated or decreasing in importance. In fact, given the nature of today’s environments and threat landscape, the importance of IT in helping to determine deployment locations that at a minimum meet organizational and regulatory requirements is paramount to enabling business users to have more control over their own destiny, as it were. 

So while cloud brokers currently appear to be external services, often provided by SIs with a vested interest in cloud migration and the services they bring to the table, ultimately these beasts will become enterprise-deployed services capable of making policy-based decisions that include the technical details and requirements of application deployment along with the more businessy details such as costs.

The role of IT will never really be eliminated. It will morph, it will transform, it will expand and contract over time. But business and operational regulations cannot be encapsulated into policies without IT. And for those applications that cannot be deployed into public environments without violating those policies, there needs to be a controlled, local environment into which they can be deployed.


Related blogs and articles:  
 
lori-short-2012clip_image004[5]

Lori MacVittie is a Senior Technical Marketing Manager, responsible for education and evangelism across F5’s entire product suite.

Prior to joining F5, MacVittie was an award-winning technology editor at Network Computing Magazine. She holds a B.S. in Information and Computing Science from the University of Wisconsin at Green Bay, and an M.S. in Computer Science from Nova Southeastern University.

She is the author of XAML in a Nutshell and a co-author of The Cloud Security Rules

 

F5 Networks

clip_image003[5]clip_image004[5]clip_image006[5]clip_image007[5]clip_image008[5]


read more

How To Define Cloud Education?

You could say I believe in cloud computing. You could say the same for anyone reading this article. And you could say the same for anyone attending or exhibiting at the upcoming Cloud Expo.

We’ve now moved well beyond the basic question, “what is cloud computing?”

But I’m curious: what is a cloud computing education? How should college students, mid-career technologists, and senior executives be informed, trained, and certified? Should there be such a thing as a cloud computing major and post-grad cloud computing studies?

These questions spring to mind as I prepare to deliver a short seminar on the topic at the Tau Institute, a small research organization I’ve co-founded in two locations: my Illinois hometown and Manila, Philippines.

There is certainly a global aspect to cloud computing, now that we’re in an era where technological advancement happens simultaneously (if unevenly) throughout the world.

But more important is the idea of a universal foundation to cloud. What should people know, and when should they know it?

I’m participating in a new podcast series called Run!, which tackles the subject of “what we do with technology and what it’s doing to us.” We recorded an episode last night in which a major cloud company CTO talked of dealing with three dozen platforms in his job.

Is there such a thing as a basic, standard cloud education? If so, what languages, frameworks, and general understanding should it encompass? Please let me know your thoughts, as I work to build such a thing – a cloud computing education/certification program – within the Tau Institute.

read more

Cloud enthusiasm continues to rise – and are security fears allaying?

A TechSoup Global survey has revealed that most non-governmental organisations (NGOs) are keen to move to the cloud but need to be better informed about its strengths and weaknesses.

TechSoup’s 2012 Global Cloud Computing Survey interviewed over 10,000 NGOs, non-profits and charities and found that many of these companies were unaware they were already using cloud services.

Sound familiar? Well a study from Citrix last month showed that 95% of 1000 Americans surveyed who thought they weren’t using the cloud actually were, so more knowledge on what the cloud encompasses can now be attributed to NGOs, as well as consumers.

Despite this, TechSoup Global – itself a non-profit – noted in its response how many NGOs were utilising the cloud.

The key takeaways from the report are:

  • 90% of those surveyed are already using cloud computing, with 53% hoping to move “a significant portion” of their portfolio into the …

Monitoring in the Cloud

“To manage a private cloud infrastructure, we have focused our efforts on the challenges that face our customers when deploying a private cloud for their collaboration environment.”
How did you come to the private cloud approach?
Bystran: As you may know, we have had over 600 customers for more than 15 years now. Most of our customers are large companies with multiple operating units and an International footprint. For example in Europe, we’ve provide our services for many of the big banks and major industries like Total, Technip, and Bayer etc.
These customers have high expectations, so we continuously improve our product with their feedback and future concerns in mind. Because of these deep relationships our product management and development teams often work in a very direct way to fit their needs.

read more

Amazon Starts Spot Market for Reserved Instances

Amazon Web Services has set up an online marketplace where customers can sell their excess EC2 Reserved Instances to other AWS customers.
Reserved Instances cost less because buyers make a one-time payment to reserve compute capacity for a specified term and get a discount on the hourly charges for that instance.
Amazon will charge sellers a 12% fee.
Interested parties can browse the site for term lengths and pricing options outside the standard one-year and three-year term lengths.
AWS suggests owners may want to move instances to a new AWS Region, change to a new instance type or sell capacity for projects that end before the term expires.

read more

Aujas Launches Phishnix for Cloud Services

Aujas Information Risk Services today announced the launch of Phishnix for cloud services, a new product that will help clients protect their sensitive information on the cloud by strengthening their weakest link in the security chain, their own employees. The product is targeted for major cloud services such as Salesforce, Google Apps, Netsuite etc.

Salesforce.com is the most popular cloud CRM company in the world with more than 75,000 companies who trust their customer data on Salesforce. The Salesforce security guideline specifically warns against the threat and says, “As the Salesforce.com community grows, it has become an increasingly appealing target for phishers. Phishers often direct users to enter details at a fake website whose URL and look-and-feel are almost identical to the legitimate one.”

One example is a recent scam that involved an email luring receivers to participate in the beta test of ‘Dreamforce,’ promising discounts and requesting receivers to fill a form, in a fake web link. In such a case, employees who are unaware of it being a phishing attack may easily fall prey to it. Any company is likely to face heavy business loss, when employees become victims of phishing attacks. According to the RSA Fraud report 2011, global loss from phishing is estimated to be about $1 billion.

Phishnix does a behavioral analysis of employees when faced with a phishing attack. It is integrated with Salesforce and has ready Salesforce scenarios which the client can select. They can start the assessment in a matter of hours and analyze how their employees react to a phishing attack. That data is then used to create awareness and train the employees on how to respond to a phishing attack.

Speaking on the occasion Mr. Karl Kispert, Vice President at Phishnix said, “A single assessment and training cycle of Phishnix reduces the phishing fall rate by almost 35%. That is a huge reduction in the phishing risk for any organization.”

The product will be showcased by our partner Exafort at Dreamforce 2012, booth number 326 at the Moscone Center, San Francisco, on 18—21 September 2012. Stop by Exafort’s booth and ask for a demo and additional information about Phishnix. Dreamforce 2012 is the cloud computing industry event of the year with more than 50,000 attendees and 350 cloud computing companies showcasing more than 1000 solutions.

“Data security and confidentiality on the cloud is one of the biggest concerns for all our clients using cloud based services to run their business. Cloud service providers are addressing this concern to a large extent by building robust and secure applications and platforms. By adding Aujas’ Phishnix to our tool belt we can now gain valuable insights of our clients’ employees’ behavior with respect to information security and act upon them,” said  Arun Kanchi, CEO of Exafort Inc.

As cloud adoption increases within organizations, more sensitive data will be stored in the cloud. “We will see more focused phishing attacks targeting popular cloud applications. The road-map is to enable Phishnix for all popular cloud platforms, and help clients reduce phishing risk for all their cloud applications. It would become an integral part of their cloud security program,” said Sameer Shelke, CTO at Phishnix.


Workshare, SkyDox Launch Policy-Based Enterprise Collaboration Platform

Workshare, a provider of document collaboration software, today announced that it has joined forces with SkyDox. By combining their respective capabilities, they will provide existing and future customers with a unique platform for policy-based, cloud-enabled file sharing and enterprise collaboration.

The combination is supported by growth capital investment from a UK investor group led by Scottish Equity Partners (SEP) and includes Business Growth Fund (BGF).

Mobile working, Bring Your Own Device (BYOD), Big Data and the cloud have created a demand for Web 2.0 applications that provide today’s knowledge workers with the features and functionality they expect while also addressing enterprise IP and data security requirements. This combination will allow Workshare to integrate its best-of-breed, policy-based document comparison and metadata removal application with SkyDox’s scalable, highly secure, cloud-enabled file sharing and collaboration platform. The combined organization will enable its current and future customers to improve the efficiency of collaboration across organizational and geographical boundaries, while maintaining full auditability and adherence to internal and external data security and IP mandates.

“Workshare and SkyDox clearly recognize that secure mobile enablement is where the collaboration market is headed and are taking the next logical step towards delivering that to the enterprise,” said Terri McClure, a senior analyst at Enterprise Strategy Group. “The combined entity is uniquely positioned in the market, given the companies’ shared background and exceptionally complementary market offerings. The integrated solution, ultimately, has the potential to raise the industry bar for enterprise collaboration platforms considerably.”

“As the online collaboration services market continues to evolve, the vendors that rise to the top will master the security, compliance, and IT management concerns of IT leaders,” said Forrester Research. “In addition, these vendors will provide IT leaders the flexibility in deployment models they need to serve the unique needs of their business and workforce.”1

The management team will be comprised of a strong combination of executives drawn from the two organizations. SkyDox’s CEO Anthony Foy will be retained as CEO of the joint company. Foy has a deep, longstanding background in the software industry – building customer-centric businesses, improving share-holder value and improving customer satisfaction. Previously Foy served as the Group Managing Director at Interxion, a leading European data center and colocation services company where he was responsible for delivering 22 consecutive quarters of revenue growth which led to an Initial Public Offering. Scott Smull the former CEO of Workshare will continue to work with Workshare and will have multiple key executive responsibilities as part of the Executive Integration Team and spearheading customer advocacy activities. Barrie Hadfield who originally co-founded Workshare and architected the current solution has been appointed CTO. Barrie brings with him a deep understanding of the collaboration space and is well known and respected by a large number of Workshare customers, IT sector thought leaders and the analyst community.

“Organizations are constantly looking for ways to drive operational efficiency, grow revenue and reduce costs. This combination allows Workshare to deliver a more holistic collaborative experience to our customers by blending Web 2.0 technologies with our existing award-winning solutions to provide an unmatched policy-based enterprise collaboration platform,” said Anthony Foy, CEO Workshare. “The combined company is ideally positioned to deliver unique solutions that help employees improve inter and intra company collaboration without sacrificing enterprise information security requirements.”

The integration of Workshare and SkyDox operations is expected to be completed during the second half of 2012, and support and development for Workshare and SkyDox products will continue without interruption.


GXS Ups Retail Supply Chain Efficiency with Catalogue-Based Web Ordering

GXS, a  provider of B2B integration services, today announced that GXS Intelligent Web Forms (IWF) allows manufacturers to quickly and easily enable their smaller retail customers to issue purchase orders electronically. IWF creates forms to digitise the full lifecycle of supply chain transactions with the customer community from purchase orders and order changes to electronic invoices and remittance advices. By integrating directly with GXS Catalogue, the retail industry’s leading data synchronisation application that supports product, price and image information, web forms ensure that retail buyers can only select valid, preauthorised SKUs for inclusion on purchase orders.

Most large retail chains issue purchase orders to their suppliers electronically using EDI (Electronic Document Interchange) but smaller, independent store owners often lack the budget, resources and expertise to support these B2B integration technologies.  As a result, a high percentage of the purchase orders issued from smaller retailers are transmitted via fax, email or spreadsheet, creating an efficiency drag on the operations of large suppliers.  Using GXS web forms, suppliers of food and beverage, apparel and footwear and other consumer products can offer their customers the option to issue purchase orders online. As a SaaS offering, GXS IWF does not require small retailers to license, install or maintain software. The web-based forms mimic the paper equivalents making the application easy to use without training or technical expertise.

By integrating with GXS Catalogue, the web forms can present users with a preloaded list of available and authorised items for each customer.  Catalogue integration ensures that users do not mistakenly request SKUs that are unauthorised, discontinued or non-existent.  Retail SKUs consist of long alphanumeric strings which can easily be transposed or mistyped in an electronic ordering system.  Some SKUs have special characters such as hyphens or spaces which further complicate the order entry process. Catalogue-based web forms reduce the amount of exception processing and order handling expenses for suppliers.  Higher quality purchase order data also reduces the likelihood of shipping delays and out-of-stocks for the retailers.

“Leading suppliers of consumer products and general merchandise have automated many of the order-to-cash and demand planning processes with their larger retail customers. These large suppliers have struggled to gain the same efficiencies with smaller retail chains and independent stores,” said Melanie Nuce, director of retail industry marketing for GXS.  “Catalogue-based web ordering offers a cost-effective approach to quickly achieving supply chain efficiencies with small retailers and opens up the opportunity for better customer service.”


DR Systems Launches Radiology EHR for Meaningful Use Compliance

DR Systems announced that its cloud-based ambulatory EHR for radiologists – the e|HR Meaningful Use for Medical Imaging solution — is now commercially available after successfully completing beta testing.

The radiology-based EHR launch was timed so that radiologists can meet the approaching deadline for complying with meaningful use requirements. Radiologists and their practices can receive federal bonus payments of up to $44,000 per radiologist by implementing a complete, certified ambulatory EHR such as DR System’s e|HR. To receive the full incentive payment, however, meaningful use compliance – not just acquisition – must be achieved by October 3, 2012.

“Many radiology practices are concerned about the staff workflow burden of an EHR,” said Chuck Scudelari, COO of Pueblo Radiology Medical Group (Santa Barbara, Calif.), a beta test facility for DR System’s e|HR. “But there is no substantive staff workflow burden with the EHR from DR Systems. It provides excellent value for the federal bonus payments and the workflow fits nicely within the existing registration process. Plus, we’re seeing that it provides other benefits for our radiology practice in addition to satisfying meaningful use.”

An estimated 90% of radiologists are eligible for radiology incentive payments from the CMS, according to the American College of Radiology. Radiologists will have to qualify before this October to earn the full $44,000, as the total incentive payment goes down each year. Failure to comply with meaningful use requirements will eventually subject radiologists and others to financial penalties.

“Radiologists come out way ahead by deploying a system such as ours,” said radiologist Murray Reicher, M.D., F.A.C.R., DR Systems co-founder and chairman. “First, they earn a substantial, five-figure incentive payment that far exceeds the cost of the system. Second, they actually improve patient care and the efficiency of their radiology workflow, including the collection of patient information and integration of that information with the EHR.”

Dr. Reicher is a recognized authority on meaningful use and was author of an article on the subject that was published in the September 2011 issue of the Journal of the American College of Radiology.


The cloud news categorized.