Do Govt. Laws Present Undue Risk To Cloud Computing?

(updated 12/12)  There has been a bit of a buzz regarding access to citizen and company data by the U.S government and the associated risks of Cloud computing in that regard.  I’m talking about the recent searches of gMail and Facebook of WikiLeaks supporters.  Paul Carr’s Tech Crunch article  and  David Linthicum’s InfoWorld story refer to these events.  In addition, the New York Times ran a story on secret F.B.I. subpoenas. When you move your data to the cloud, you lose some control over government access to your data during what may (or may not) be a legal search.  I touched briefly on this last year (here), in my article on the Challenges and Risks to Cloud Computing.  For the purposes of this article, I’ll assume your data is still in the US, not a foreign country data center, which poses an entirely different set of risks.

At issue: an individual or business person’s ability to stop an illegal search of their data when law enforcement shows up at your data’s door (that “door” being the door to your cloud provider’s data center).  There is also worry that Fourth Amendment rights will be trampled on because application data has moved to the cloud.  Because your data now lives in a data center, presumably operated outside your company or home, you lose the ability to know when you are being searched, to stop warrantless searches, and to analyze the warrant and validate that the search is, in fact, legal.  Unless you (or preferably your lawyers) are at the data center during the search, you can’t ensure that it adheres to the boundaries set by the warrant to prevent fishing expeditions.  At the same time, you may lose control of privacy or company secrets as part of that search.  How do you protect your Fourth Amendment rights if you don’t even know you are being searched?  If your data is co-located with other individuals or businesses that are being searched, how are you protected from information leakage when they are searched?

Cloud Management Tools Bring Sanity to Cloud Operations

A cottage industry of Cloud management tools has emerged to solve many of the issues companies face as they move to the cloud, like multi-cloud deployments, costs, governance, and security (see my earlier post).   I had the chance to sit in on a live demo of enStratus last week to see how they attack the issues mentioned above.  The enStratus cloud management solution provides a suite of tools for managing a cloud infrastructure, gaining control of costs and providing governance without sacrificing the agility the cloud can provide.

Plan Before You Cloud

IT has a history of solving problems, but in the process, creating new problems that must be dealt with in the future.  For example, back in the early days, IT helped the business digitize everything but as they did that, they ran into scaling issues, and then had to invent a way to store and access all of that data.  Businesses are moving to the cloud to lower costs, improve agility, and scale to meet new demands of their customers. But without proper planning, the potential to create a lot of new cleanup projects still exist when moving to the cloud.

Election 2012, A Case Study For Cloud Computing

There’s a lot of media coverage on the use of cloud computing by this year’s election teams and as a GigaOM article points out:

No matter if you voted for Red or Blue, you have to be impressed by the quick scaling up of systems, including applications, processes, and data to support the massive needs of the campaign.  This included spinning up the instances, operating them during the spikes of use, and spinning them down when not needed.  This is a great case study for the power and value of cloud computing.

For me though, it’s not just the “quick scaling up” but the ability to obtain this amount of computing just when you need it and move your costs to zero when the the campaign is over at a very low cost.  Before cloud computing the expense of deploying an entire data center’s worth of computing to do this would have been prohibitive and if a campaign did have the money to spend, the capability couldn’t be built fast enough.

Another factor that acts as an accelerant to cloud computing in this case  is mobility.  Campaigns had access to developers from all over the world, and built applications that connected candidates, voters and campaign workers via any internet connected device.  

-- Chris Claborne

Higher Risk in Data Loss than Security in the Cloud

In this article in InfoWorld, Gartner makes an interesting point.   Data loss is a bigger risk than security in the cloud.   They almost seem to intimate that  businesses using the cloud assume that they don’t need to have a backup and recovery plan if things turn ugly.

 Moving to the cloud doesn’t mean you can quit thinking about business continuity.  Whatever the service, IaaS, PaaS, or SaaS, you still need to understand what the backup and recovery plan is and how the vendor ensures recovery and up to what point in time.

Not So Fast NoSQL Evangelists

I found the comments in this InfoWorld article about the capabilities of MySQL vs a noSQL DB interesting.

"A lot of people think they have a big data problem, and a lot of times they don't," said Daniel Austin, who is the chief architect for PayPal. "They have an urge to find a big data solution to a problem, because it looks good."

I still wonder if companies like PayPal and Twitter are too closely tied to MySQL to pan it or if you can tile and shard your way to high performance without going to NoSQL.

Platform as a Service and Force.com

I haven’t written much about "Platform as a Service" (PaaS) up to this point but given Salesforce.com’s growing presence the buzz generated from annual user love-in, Dreamforce, this is a good time to talk about PaaS and Salesforce.  According to this article, Gartner predicts that PaaS platforms will grow from $900 million in 2011 to $2.9 billion in 2016, representing a 26.6 percent rise each year.

Although SalesForce.com (SFDC) is best known for its customer relationship management solution delivered as a service via a cloud, force.com is SFDC’s “platform as a service” offering.  By giving their customers a foundational component for sales and also providing an environment that allows customers to add on the pieces that they need while leveraging a common user interface, authentication framework, it accelerates the potential ROI to customers (and revenue streams for SFDC).  This article will review  PaaS, touch on the advantages, and then talk a little more about why PaaS at SFDC is such a powerful combination.  

CloudPassage Cloud Security Product Review

Updated:I came across a white paper published by CloudPassage, most likely in the attempt to drive interest in their cloud security product.  It worked, since it resulted in my doing a little digging into their product.  They did bring up a security threat I hadn’t thought of and it was just enticing enough to get me to investigate their offering a little further.  Their paper was focused on Infrastructure as a Service (IaaS) environments like Amazon Web Services (AWS) (reviewed here), or Rackspace (reviewed here).  The CloudPassage paper focused on the security threats within the context of the products that they offer in order to mitigate these threats.

I will review some of the key points made by CloudPassage here, and then I’ll review their solution offering.   Hang on though -- this article assumes you understand cloud IaaS, and some general Linux and security topics.

VMware Offers Disaster Recovery To The Cloud

I sat in on a VMware call today where they reviewed the new features in VMware 5.1.  The one that caught my eye was the ability to use the Cloud as a disaster recovery point.  In my article “How to Get Started With Cloud Computing”, I mentioned that one way was to use the cloud was as an inexpensive backup data center for your private cloud.  VMware just made this easier for customers that upgrade or implement VMware 5.1.

Patch Management in the Cloud

I was on my way to a lunch appointment when I started thinking of the headache of managing patching in the cloud.  More importantly how would you ensure that your template server that is used to clone for new servers is current?  

To resolve this, I’d love to see a cloud provider offer the ability to patch the dark VM on disk and if you have a local cloud, say using vmWare, do the same thing to your VM on disk.  After all, there’s an exploit to go directly to a VM image, why not a program that will scan that disk image?

Quick Review and Comparison of Rackspace

Rackspace, a cloud infrastructure as a service (IaaS) vendor, has been ramping up their advertising and recently announced that they were giving away their cloud management software for free for use in private clouds.  Given all the activity and buzz in the media about Rackspace and OpenStack, I thought I’d give Rackspace a test run.  I used the same approach that I used in my Amazon AWS review and setup an application on their cloud for a semi real-world trial.  Given that I’ve used AWS, I’ll try to do some quick comparisons as well. 

Rackspace Releases OpenStack Private For Free

I recently wrote about HP’s use OpenStack as part of their newly announced cloud hosting environment and how it could help feed their consulting and cloud offering sales.   Rackspace, who have been using OpenStack for a while, may be trying to capitalize on the same approach as HP by releasing their build of OpenStack for free.  I continue to think that these moves will allow CIO’s who don’t want to be left out,  implement internal clouds using the same technology and leave open an easy migration path to the providers public cloud.  In addition to this, Rackspace reminds the market of their relevance in cloud computing.  

CFO’s see value in the cloud, Being Courted by Google

According to a Google’s BLOG, in a survey of 800 CFOs, 81% think (AKA a believe) that completely implementing cloud technology would improve employee productivity, and 71% say it would reduce the time required to bring new products and services to market.  The CFO on a company is normally a big part of the decision making process.  I point out “belief” because a lot of times decisions are made in part or whole on a person’s belief.  If the numbers in Google’s BLOG are true, it will continue to fill the sails of cloud computing growth in the years to come.  I can get pretty analytical, but in general, I align with with the conclusions for reduced time for new services and productivity.  Also notice, CFO’s are being courted by Google... and for good reason.

Another example of why to use Google’s Two-Factor Authentication

This is a good article on how to close security holes for Google Apps users.  At the core is “two-factor authentication”.  I’ve written about two factor authentication before and I wish it was available on more sites.  I like Google’s and PayPal’s implementation (using my iPhone to receive a one-time second authentication password).  It’s not a huge pain because I can check a box to have Google remember me for a while.  Why aren’t more sites using this?  My bank doesn’t even offer this.  Although two factor authentication isn’t the end all be all of security, it closes a gaping hole.

NASA Mars Mission Uses Amazon’s AWS

NASA’s use of Amazon’s AWS is interesting.  I knew that NASA had a private cloud so I didn’t expect them to use AWS.  I’m guessing this is a good example of using the cloud to augment capability quickly when you don’t have enough (cloud bursting) and take advantage of services that are too costly to build yourself.  NASA was able to quickly setup needed AWS EC2 services to prepare and serve images and then take advantage of Amazon’s huge network footprint to cache images on the edge of the net to serve images and other science data to a massive set of customers around the globe.

Cloud Vendor Expansion

After taking a much needed vacation I thought I would post an update to catch up on some notable events.  Although Google has been in the cloud business as a “software as a service” (SaaS) provider with their office productivity apps, and a “platform as a service” (PaaS) provider with Google App Engine, they entered the infrastructure as a service (IaaS) field in June, firing a shot over the bow of Amazon, who for the most part is way ahead of everyone in experience and number of products.  HP announced their cloud offering as did Oracle.  All of the new entrants were at limited release status when they made these announcements.

Evaluating Software as a Service

The allure of the cloud for faster deployments of new capabilities with potentially lower equipment and labor costs are hard to turn away from.  For small businesses that either don’t have the capacity or don’t wish to grow their data center, the cloud can be the way to go.  I’ll first focus on evaluating software as a service (SaaS) solutions.  The assumption here is that you will, at a minimum, evaluate SaaS against a local deployment of the solution.  In the near future, I’ll focus on how you might evaluate using Infrastructure as a Service (IaaS) - using the cloud like a data center.

My example evaluation below will use a simple table in a spreadsheet.  The table can contain as many columns as you have solution options.  I’ll break up the evaluation into two sections, one for items that we can put a dollar figure on, one that will contain a rating with a possible multiplier.  The multiplier services as a weighting mechanism where the higher the multiplier, the more important the feature or capability is.  When using a rating (say 1 to 5), larger is better.  I’ll draw from my earlier posts, “Benefits of Cloud Computing” and “Challenges and Risks of Cloud Computing” to help come up with the rating criteria.

Silly Keyboard Review

 Soft, supple and quiet my new keyboard is.  I feel kind of silly doing a review of a keyboard but it is the main input interface on my computer and a tool of my craft.  If I’m not reading, I’m typing.  My quest has been to find the quietest keyboard that still has a really nice touch.  I finally found it, the Logitech Illuminated Keyboard.  So for those of you asking when they saw it, that’s what it is.

The Step Function of Cost

Building a “Private Cloud” within your data center has a lot of potential return on investment (ROI).  David Linthicom’s article, and others, are saying “you need to architect”.  

The focus needs to be on the architecture and the right-fitting enabling technology, including both private and public cloud technology, and not gratuitous opinions. There should be no limits on the technology solution patterns you can apply. If that means private, public, or a mix of both, that's fine as long as you do your requirements homework and can validate that you have chosen the right solution.

I agree, just stop architecting with brochure-ware and really think through your solution.  Think about what you need today, where you are going and how you integrate everything else.  Excluding software as a service (SaaS), when you compare private and public clouds there are some real advantages for a private cloud.  One of the biggest advantages I see public cloud solutions have, is the flexibility to scale up and down and time it takes to do that.

The thing I keep coming back to when I talk to people about public vs. private clouds is what I call “large step functions in cost”. One of the big step functions is cost to build a data center or enlarge it.  That large investments in infrastructure kills your ROI until you fully utilize that capital investment.  If you are building (or enlarging) a data center for example, most companies don’t build just what they need today, they leave some room for growth, and that’s “flexibility”.  That flexibility is costly because it just sits there on the books not really giving you any ROI until you start using it.  Really the ROI from that flexibility is only realized as future cost avoidance of the next step function in cost.  It’s like buying a restaurant and initially only serving breakfast.  Sure you’ll eventually staff up and start getting better use of that capital investment when you start serving lunch and dinner but until you do, your ROI may be negative.  Compare this to the cloud where having the capacity to grow costs you nothing.  Is “public cloud” always the best solution?  No, but you have options, architect, think, and compare.

- Chris Claborne

References & Related

• Benefits of Cloud Computing


• Challenges & Risks of Implementing Cloud Computing

Is The Cloud Prepping for Hockey Stick Growth?

(Updated 3/10/2012)  
There are a number of significant things at play that may indicate the start of a hockey stick growth spurt in cloud computing.  Some may think it’s just a price war but I don’t think so.  In my last article I covered a number of changes that Amazon has made to their AWS offering.  In just the last couple of weeks, Amazon has started lowering their prices on various components of their AWS portfolio including S3 which saw a 192% year over year growth in 2011, and EC2.  This week, Google and Microsoft announced lower prices for storage.  In addition to this, SalesForce.com recently announced pretty good first quarter results, highlighting two big wins, HP and Time Warner (Per ZD Net Article).  It’s hard to tell but SalesForce.com may also be lowering prices a tad.

Rapid Expansion of Amazon's AWS

Since I wrote my last two articles on Amazon Web Services (My intro to AWS and Using AWS), Amazon has continued to pile on capabilities into their of their infrastructure and platform cloud services.  They are rapidly building new products, data centers, and expanding capabilities in existing products.  In just three months since joining the Amazon Web Services Family, they have stuffed my mailbox full news about new product announcements, new data centers, and enhanced or expanded capabilities in existing services.  

iDrive Bulk Restore

I've been using iDrive for quite some time and I continue to recommend it to most of my home and small business clients (read my review HERE).  One thing that I didn't know was that iDrive offers what I call a bulk restore option.  When you have a complete disk failure and you need to restore all of your data, you can restore over the network but that could take a very long time if you have as much data as I have.  In addition, your network provider may get crabby about your high data usage.  In this case, iDrive also offers a "Rapid Serve" service where they Express ship your data to you on a special iDrive Portal USB hard drive. The cost is $69.95 and you can keep the hard drive.  The drive also comes with software to perform local backups with the same security and versioning features of iDrive Online backup.

Read my full review of iDrive and a couple of others to learn more.

- Chris Claborne

How to Get Started With Cloud Computing

Some IT departments want to utilize public cloud infrastructure as a service (IaaS), or Software as a Service (SaaS) but aren’t sure how to get started.  I’ll discuss some ways to use cloud computing as you flesh out how you will use it and integrate into an existing information technology architecture.  If you’re not sure what IaaS is, read my previous article, “Exploring Amazon’s Cloud IaaS & PaaS”.