Monthly Archive for January, 2010

Cloud computing – barriers for faster adoption

By Olafur Ingthorsson on January 20, 2010 in Cloud Security. 1 Comment

It’s been maintained by many analysts that the main barriers for a faster public cloud adoption, by organizations in particular, is the lack of sufficient security, reliability and portability (data lock-in). CIO’s and IT managers normally cite these as the primary reasons for their reluctance of trusting a third-party cloud provider for storing or processingtheir sensitive, often personalized data. These are however not new concerns born with the notion of cloud computing – but also exist in other forms of IT management structures, including hosting and outsourcing, which can be classified as close relatives of cloud computing. Still, and rightly so, concerns  for security, reliability and vendor lock-in have been epitomized in cloud computing. So, in a few words, why and how are these the key concerns for organizations thinking about utilizing public cloud services? Here are a few observations:

Security
Handing over your corporate data to a third-party is indeed a very difficult decision for most CIO’s and IT managers. A myriad of questions immediately arise; how can I be sure that my data is sufficiently protected; is my data encrypted while stored and what about when being being transferred to and from the service provider; what about back-ups and access to data in case of data center failure; how about restoration strategy? And the list goes on. Fortunately, many of the larger public cloud providers, like AWS, Google and many others, provide a lot of measures and even SLAs that guarantee a certain level of responsiveness and measures in the case of security breaches and hardware/software failure situations within their own domain. Currently, the problem is more related to smaller cloud providers that do not have the capacity, resources and sometimes knowledge to provide sufficient security measures that relief the concerned CIO/IT manager.
Then there is the thorny and related issue of data privacy, especially of personally identifiable data (PII). If you are a CIO/IT manager, you already know your organization protects personal data and limits data exposure. Internally, organizations institute their own processes and policies for protecting privacy of corporate and individual data and ID’s. However, in the cloud, how can you be sure your data is protected by the provider in equal, or better, way? Additional fear include different legislation and regulations, especially in the context of cross-border cloud services – potentially leading to seizure of your data or confiscation of network servers by authorities in the residing country of the cloud service provider. This is an especially relevant where a buyer located in a particular jurisdiction, e.g. the EU, uses cloud computing services located in another jurisdiction, e.g. the USA. In fact, the EU, for example, prohibits the cross-border transfer of PII data originating in the EU, unless the host country applies to certain EU regulations. In the case of data transfer from the EU to the USA, the US service provider needs to apply to the so called “Safe Harbor Principle”.
In general, the World Privacy Forum provides a helpful guide called Privacy in the Clouds detailing the risks and problems relating to privacy and cloud computing.
Reliability
Not far behind security is the issue of reliability. One of the key characteristics of cloud computing is the Internet as the main transport mechanism – with all its notorious bottlenecks (e.g. response time, latency and packet-loss). How can an organization using cloud services be certain that it obtains and maintains acceptable service levels? Pobably, by securing access through managed networks, e.g. MPLS, and/or using overlay network from network providers like Akamai. Within their own domain, cloud service providers usually comply to strict operational policies and measures to minimize failures or outages in their systems. Automatic fail-over and self-healing infrastructure of virtualized components aids to increase reliability and redundancy.
Lock-in
Finally, many CIOs/IT managers are afraid that by choosing a particular cloud service provider, they will enter a “lock-in” situation with that particular vendor. Due to the lack of standardization, most of the current cloud vendors have implemented and deployed proprietary solutions that lack interoperability with each other. This is a big problem, although some analysts, like David Linthicum at InfoWorld in a blog post “The data interoperability challenge for cloud computing”, are suggesting that in 2010 this issue will be addressed to drive cloud computing adoption. Some cloud related standard organizations, like the Open Cloud Consortium, are working on interoperability standards for cloud computing and frameworks for interoperating between clouds. When this has been resolved, a lock-in situation is less likely to occur and the CIO/IT manager can evaluate vendors in terms of their interoperability levels.
Tags: , .

Virtualization and cloud computing

By Olafur Ingthorsson on January 12, 2010 in Virtualization. 0 Comments

One of the primary characteristics of cloud computing is the virtualization of IT resources, network servers in particular – running multiple virtual machines on a single physical machine. Delivering economical, virtualized, elastic and utility based, or pay-as-you-go, services is in essence what cloud computing is. Many organizations are already using virtualization in their data centers to rationalize and support optimal utilization strategies. The dynamic and transparent allocation of IT resources through virtualization and monitoring using “hypervisors” are indeed fundamental, although not prerequisite, technologies of todays data centers for many businesses. Some large public cloud providers, like AWS, are utilizing heavily customized versions of the Xen open source virtualization hypervisor while others, including regular businesses, use less customized or out of the box solutions like the VMware vSphere and Citrix XenServer.

Below is a great video explaining virtualization in simple terms

Still, virtualization and cloud computing should not be used as synonyms, as seems quite common. On the contrary, there is a lot more to be added, as pointed out in my previous post “Characteristics of cloud computing“, for a true cloud computing adoption. Other key issues, such as automation of services, e.g. service provisioning and support/troubleshooting and utility based, or pay-as-you-go, pricing mechanism are also key parts of cloud computing. Specific cloud computing software solutions, such as the open source Eucalyptus, can be built on top of virtualization supports this type of functionality that enable organizations to create multiple clouds inside and outside of their data center environment and even support integration to third-party public cloud providers, e.g. AWS EC2, for a hybrid cloud layout. Antoher example is the VMware vCloud Express IaaS offering that is in many ways similar to Eucalyptus, providing on-demand, pay-as-you-go infrastructure.

Finally, is should not be forgotten that doing cloud computing is usually an evolutionary process rather than revolutionary. Businesses can start out taking small steps without unreasonably risking their sensitive data or systems.

Tags: , .

The rise of hybrid clouds

By Olafur Ingthorsson on January 7, 2010 in Cloud Computing. 2 Comments

It seems that many analysts, e.g. at the Cloud Computing Journal, are proclaiming that private and hybrid clouds will see a real proliferation in 2010. Security concerns of public clouds are still prevailing and many IT professionals and managers are still very reluctant to the idea of migrating private enterprise data and operations to a public cloud provider. Deploying cloud computing on-premise, in a private cloud fashion, is seen as a way to exploit many of the benefits from cloud computing, i.e. automation, centralization and elasticity, without the security risks still lurking around in public clouds. In private clouds, organizations maintain closer security and compliance controls over their applications and data. In the longer term though, together with increased cloud adoption, managers will probably compare more seriously the cost/benefit analysis of private versus public clouds.

Alternatively, hybrid clouds, seem as a sensible intermediary step between public and private clouds, enabling organizations to leverage  upon both worlds – combining on-demand capacity with in-house compliance.
Implementing a hybrid cloud strategy is simply an attempt to augment a private cloud with the resources of a public cloud in order to maintain acceptable service levels despite spikes in demand, i.e. to address and prevent the so called Cloudbursting (“the failure of a cloud computing environment due to the inability to handle spike in demand”).
Hybrid clouds seem a natural step for enterprises not interested or willing to migrate resources to the public cloud due to security vulnerabilities or otherwise. Getting their feet wet in the cloud without risking too much, hybrids clouds may offer a beneficial alternative for dealing with temporary spikes in demand, lowering capital costs and offer the elasticity desired.
Tags: , , , .

2010 – the year of cloud computing catastrophes?

By Olafur Ingthorsson on January 3, 2010 in Cloud Computing. 8 Comments

As more companies offer cloud computing services and the number of users increase, statistics tell us that the likelihood of a serious problem occurring, for example, somewhere in the  transfer network or in different security segments, increases. We have already seen some serious ‘outages’ in the past, such at Magnolia, the social bookmarking site that crashed and lost all its data earlier this year. Will 2010 be the year of some disastrous encounters for cloud computing?

Some analysts are predicting 2010 to be the year of catastrophes for cloud computing, including the CEO of Strategic News Service, Mark Anderson, in an interview with BusinessWeek. He believes that the increasing reliability toward cloud services could actually backfire in the form of a serious service outage or security based catastrophe. And, the disaster could be big enough to question the dependability of cloud services by corporations in particular.

My believe it that although we might possibly see some serious outages or security breaches encounter, the long-term benefit of network delivered services will outweigh the risks of organisations continue to deploy and migrate to cloud based services. Clearly, organisations and IT managers must carefully select the right type of resources or applications to transfer to the cloud with regard to their mission-critical nature and sensitivity. If using a public cloud provider seems too risky in terms of security or availability, another option would be to migrate to a private (or hybrid) cloud.

Tags: , , , .