Hope you will enjoy the reading and provide your comments. Especially wanted to highlight how can we improve Trust ..
Trust in cloud can be established with the same principles that we use for traditional service management (read my earlier post on Cloud Computing Central for details):
- Visibility – The ability to see everything that’s going on across the infrastructure
- Control – The ability to keep the infrastructure in its desired state by enforcing policies
- Automation – The ability to manage huge and growing infrastructures while controlling cost and quality.
Leverage IBM QRadar Security Information and Event Management (SIEM)
for building the visibility into your cloud infrastructure.
Orchestration can be one of those ambiguous concepts in cloud computing, with varying definitions on when cloud capabilities truly advance into the orchestration realm. Frequently it’s defined simply as automation = orchestration.
But automation is just the starting point for cloud. And as organizations move from managing their virtualized environment, they need to aggregate capabilities for a private cloud to work effectively. The automation of storage, network, performance and provisioning are all aspects handled in most cases by various solutions that have been added on over time as needs increase. Even for organizations that take a transformational approach -- jumping to an advanced cloud to optimize their data centers -- the management of heterogeneous environments with disparate systems can be a challenge not simply addressed by automation alone. As the saying goes, “If you automate a mess, you get an automated mess.”
With the proliferation of cloud computing, many businesses are starting
to adopt a service provider model—either as a deliberate strategy to
establish new revenue streams or, in some cases, inadvertently to
support the growing needs of their organizations. This is especially
true for companies with diverse needs, whether they’re tech companies
with dev teams churning out new apps and services, or business owners
driving requirements for SaaS services and cloud capabilities to enhance
their data center operations.
Read more about provisioning and orchestration capabilities
to meet growing business needs
Glad to let the cloud computing central members know that I've also started writing on ThoughtsonCloud
- the IBM cloud experts blog. Please read my first post on
-about Maximizing the value of cloud for small and medium enterprises (SMEs)
. and let me know your comments and feedback. Thanks
Computing is a term that is often bandied about the web these days and
often attributed to different things that -- on the surface -- don't
seem to have that much in common. So just what is Cloud Computing? I've
heard it called a service, a platform, and even an operating system.
Some even link it to such concepts as grid computing -- which is a way
of taking many different computers and linking them together to form one
very big computer.
basic definition of cloud computing is the use of the Internet for the
tasks you perform on your computer. The "cloud" represents the Internet.
Cloud Computing is a Service
The simplest thing that a computer does is allow us to store and
retrieve information. We can store our family photographs, our favorite
songs, or even save movies on it. This is also the most basic service
offered by cloud computing.
a great example of cloud computing as a service. While Flickr started
with an emphasis on sharing photos and images, it has emerged as a great
place to store those images. In many ways, it is superior to storing
the images on your computer.
Flickr allows you to easily access your images no matter where you are
or what type of device you are using. While you might upload the photos
of your vacation to Greece from your home computer, you can easily
access them from your laptop while on the road or even from youriPhone while sitting in your local coffee house.
Second, Flickr lets you share the images. There's no need to burn them to a compact disc or save them on a flash drive. You can just send someone your Flickr address.
Flickr provides data security. If you keep your photos on your local
computer, what happens if your hard drive crashes? You'd better hope you
backed them up to a CD or a flash drive! By uploading the images to
Flickr, you are providing yourself with data security by creating a
backup on the web. And while it is always best to keep a local copy --
either on your computer, a compact disc or a flash drive -- the truth is
that you are far more likely to lose the images you store locally than
Flickr is of losing your images.
This is also where grid computing comes
into play. Beyond just being used as a place to store and share
information, cloud computing can be used to manipulate information. For
example, instead of using a local database, businesses could rent CPU
time on a web-based database.
downside? It is not all clear skies and violin music. The major
drawback to using cloud computing as a service is that it requires an
Internet connection. So, while there are many benefits, you'll lose them
off if you are cut off from the Web.
Cloud Computing is a Platform
The web is the operating system of the future. While
not exactly true -- we'll always need a local operating system -- this
popular saying really means that the web is the next great platform.
a platform? It is the basic structure on which applications stand. In
other words, it is what runs our apps. Windows is a platform. The Mac OS
is a platform. But a platform doesn't have to be an operating system.
Java is a platform even though it is not an operating system.
Through cloud computing, the web is becoming a platform. With trends such as Office 2.0,
we are seeing more and more applications that were once the province of
desktop computers being converted into web applications. Word
processors like Buzzword and office suites likeGoogle Docs are
slowly becoming as functional as their desktop counterparts and could
easily replace software such as Microsoft Office in many homes or small
But cloud computing transcends Office 2.0 to deliver applications of all shapes and sizes fromweb mashups to Facebook applications to web-based massively multiplayer online role-playing games.
With new technologies that help web applications store some information
locally -- which allows an online word processor to be used offline as
well -- and a new browser called Chrome to push the envelope, Google is a major player in turning cloud computing into a platform.
Cloud Computing and Interoperability
A major barrier to cloud computing is the interoperability of
applications. While it is possible to insert an Adobe Acrobat file into a
Microsoft Word document, things get a little bit stickier when we talk
about web-based applications.
is where some of the most attractive elements to cloud computing --
storing the information on the web and allowing the web to do most of
the 'computing' -- becomes a barrier to getting things done. While we
might one day be able to insert our Google Docs word processor document
into our Google Docs spreadsheet, things are a little stickier when it
comes to inserting a Buzzword document into our Google Docs spreadsheet.
for a moment that Google probably doesn't want you to have the ability
to insert a competitor's document into their spreadsheet, this creates a
ton of data security issues. So not only would we need a standard for
web 'documents' to become web 'objects' capable of being generically
inserted into any other web document, we'll also need a system to
maintain a certain level of security when it comes to this type of data
Possible? Certainly, but it isn't anything that will happen overnight.
What is Cloud Computing?
brings us back to the initial question. What is cloud computing? It is
the process of taking the services and tasks performed by our computers
and bringing them to the web.
What does this mean to us?
With the "cloud" doing most of the work, this frees us up to access the
"cloud" however we choose. It could be a super-charged desktop PC
designed for high-end gaming, or a "thin client" laptop running the
Linux operating system with an 8 gig flash drive instead of a
conventional hard drive, or even an iPhone or a Blackberry.
can also get at the same information and perform the same tasks whether
we are at work, at home, or even a friend's house. Not that you would
want to take a break between rounds of Texas Hold'em to do some work for the office -- but the prospect of being able to do it is pretty cool.
Now 400 millions research papers are available for peacesolution,but there is no result for the same,unless the messagesposted in the website http://www.goldenduas.com are researched by allthe researchers in the world.Otherwise the world cannot peace andunity for the following reasons.Thank you very much joining with me in the interest of public,Safetyand peace in the world.Most of my friends and followers are youngstersand good educated persons involving peace,Unity and safety amongst allcommunities in the world and accordingly we sought support from all ofyou to study and analyse the God's messages posted in the websitewww.goldenduas.com and same may be advertised all over the world onthe reasons that every person are suffering,due to all kind ofnaturalcalamaties in the world.Unless God's messages posted in thewebsite www.goldenduas.com are followed,otherwise No government andScientist can safeguard life and liberity of the public of the allcommunities in the world according to Quranic verses 17:16 and28:59.Internet services in the world and requesting support us tospread our website messages to each and every corner of the world toknow and discuss by all the internet communities in the world.Holy Bible says:1."Behold, I send you forth as sheep in the midst of wolves: be yetherefore wise as serpents, and harmless as doves".- Matthew 10:16.2."Be strong, do not fear; your God will come, he will come with vengeance; with divine retribution he will come to save you". - Isaiah 35:4Holy Quran says:28:59. Nor was thy Lord the oneTo destroy a population untilHe had sent to its CentreAn apostle, rehearsing to themOur Signs; nor are WeGoing to destroy a populationExcept when its membersPractise iniquity.Our website http:www.goldenduas.com contains more information not onlyto avoid all kinds of natural calamities in the world but also to12:15improve economic growths in business, education, employment, jobs,health, wealth, security, faith, climate changes (heavy snow,rain,heatetc),and causes unity and peace all over the world.Our service allover the world is a non-profitable service to all mankind and animals.Please check our homepage of the website to know our services.Otherwise, the public of the world will suffer due to all kind ofnatural calamities till the day of resurrection and also they willfail to improve in economy inbusinesses,unity,peace,education,health,wealth,security,faith and alsoclimate changes.Your SuccessU.Ibrahim Ali
Organizations looking to optimize across the application lifecycle recognize the need for enhanced innovation and speed to market. Yet most IT resources are focused on covering the basics, leaving fewer resources to support business agility. The solution: Platform as a Service (PaaS).
IBM’s PaaS solution, IBM SmartCloud Application Services
, or SCAS, allows clients to differentiate themselves with built-in flexible services that allow them build and customize cloud solutions their way – leading to a competitive advantage. Companies are using enterprise-class IBM Application Services to measure and respond to market demands, capture new markets, and reduce application delivery and management costs.
What are the benefits of a PaaS solution?
First, with IBM Collaborative Lifecycle Management Service
, included within SCAS, development teams can establish shared team development environments in minutes – before it used to take weeks. Within hours they can quickly define their development team and begin working collaboratively to respond to business needs.
Another significant benefit of a PaaS approach is the time it takes to get an application deployed and to market. Application deployment can take weeks on a traditional environment but with IBM SmartCloud Application Services, applications can be deployed to the cloud in minutes.
SCAS also allows clients to respond rapidly to changing market conditions by deploying or modifying cloud-centric (“born on the cloud”) or cloud-enabled (legacy applications) quickly and easily. In fact, developers can move from the dev/test environment directly into production with SCAS, taking advantage of proven repeatable patterns contained within the SmartCloud Application Workload Service, thus eliminating human error. These repeatable patterns allow clients to eradicate errors by avoiding manual processes – this drives consistent results, increases productivity, and reduces risk.
IBM SmartCloud Application Services are compatible with the newly announced IBM PureSystems family. For example, through SmartCloud Application Services clients can rapidly design, develop, and test their dynamic applications on IBM's public cloud and deploy those same application patterns on a private cloud built with PureApplication Systems
, or vice versa.
Want to try IBM’s PaaS . . . for free*?
IBM SmartCloud Application Services is now in pilot and accepting new client who want to get ready to accelerate their cloud initiatives. Clients won’t pay for SCAS services during the pilot, but will only be charged for the underlying *SmartCloud Enterprise infrastructure used by the services (that’s because SCAS runs on top of IBM’s Infrastructure as a Service offering, SmartCloud Enterprise, or SCE). Existing SCE customers can get up and running on the pilot quickly and start realizing the benefits of PaaS right away.
To be considered for the program, new or existing SCE customers should IBM SmartCloud Application Services web site
and click the button on the right titled, “Get a jump on the competition with the SmartCloud Application Services pilot program.”
You can learn more about IBM SmartCloud Application Services with this video, “The multifaceted potential of platform as a service (PaaS) from IBM.”
Who is using IBM SmartCloud Application Services?
CLD Partners, a leading provider of IT consulting services with a particular focus on cloud computing, began using SCAS during the beta which launched in 2011 and has now transitioned into the pilot program.
“We share IBM’s vision for how enterprise customers can achieve huge productivity gains by embracing cloud technologies. SCAS allowed us to utilize world class software in a managed environment that greatly reduced the complexity of the deployment while also providing for future scalability that our customers only pay for when they need it,” said Steve Clune, Founder and CEO of CLD Partners. “Ultimately, traditional infrastructure planning and configuration that would have required weeks was literally reduced to hours. And future flexibility as infrastructure needs change is virtually limitless.”
Who would be interested in the SmartCloud Application Services pilot program?
IT Operations, Independent Software Vendors (ISVs), Line of Business, and Application Developers would benefit from the SCAS pilot program. And it doesn’t matter the company size, enterprise or mid-market; all types of businesses can realize value from getting their applications to market faster.
To learn more about the IBM SmartCloud Application Services pilot program, read the Pilot Services Bulletin
or visit the Application Services web site.
One of the exciting and valuable characteristics of IBM SmartCloud Enterprise is it's tight linkage with the IBM Software Group portfolio of offerings. In addition to the offerings from IBM Software Group, innovative software vendors are making exciting offerings available as well. There is an ever-growing list of offerings available to IBM SmartCloud Enterprise customers. These recent additions are now in the SmartCloud Enterprise public catalog and available to you to use.
BYOL - Bring Your Own License; PAYG - Pay As You Go
IBM Business Process Manager is a comprehensive BPM platform giving you visibility and insight to manage business processes. It scales smoothly and easily from an initial project to a full enterprise-wide program. IBM Business Process Manager harnesses complexity in a simple environment to break down silos and better meet customer needs.
The following BPM images are now available in the catalog:
IBM Process Center Advanced 7.5.1 64b - BYOL
IBM Process Center Standard 7.5.1 64b - BYOL
IBM Integration Designer 7.5.1 64b - BYOL
IBM Process Server Advanced 7.5.1 64b - BYOL
IBM Process Server Standard 7.5.1 64b - BYOL
IBM Process Designer 7.5.1 64b - BYOL, PAYG
IBM BPM Express 7.5.1 64b - BYOL, PAYG
IBM WebSphere Service Registry and Repository (WSRR) is a system for storing, accessing and managing information, commonly referred as service metadata, used in the selection, invocation, management, governance and reuse of services in a successful Service Oriented Architecture (SOA). In other words, it is where you store information about services in your systems, or in other organizations' systems, that you already use, plan to use, or want to be aware of.
The following WSRR images are now available in the catalog:
IBM WebSphere Service Registry 64bit BYOL
IBM Image IBM WebSphere Service Registry 220.127.116.11 64bit BYOL
IBM WebSphere Message Broker (WMB) delivers an advanced Enterprise Service Bus (ESB) that provides connectivity and universal data transformation for both standard and non-standards-based applications and services to power your SOA.
The following WMB images are now available in the catalog:
IBM WebSphere Message Broker 18.104.22.168 64b BYOL
IBM SPSS Decision Management enables business users to automatically deliver high-volume, optimized decisions at the point of impact to achieve superior results.
The following SPSS image is now available in the catalog
IBM SPSS Decision Management 6.2 64b BYOL
From our partner Riverbed comes Riverbed® Stingray™. This software-based application delivery controller (ADC) designed to deliver faster and more reliable access to public web sites and private applications.
The following Riverbed Stingray images are now available in the catalog:
Riverbed Stingray V 8.0 RHEL 6 32 bit BYOL
Riverbed Stingray V 8.0 RHEL 6 64 bit BYOL
Riverbed Stingray V 8.0 SLES 11 SP1 32 bit BYOL
Riverbed Stingray V 8.0 SLES 11 SP1 64 bit BYOL
Additionally, Alphinat SmartGuide provides visual, drag and drop tools that can help you quickly build interactive web dialogues that guide people to the relevant response, help them diagnose problems or lead them through a series of well-defined steps that make it easy to complete complex—or infrequently performed—tasks.
The following Alphinat SmartGuide images are now available in the catalog:
Alphinat SmartGuide 5.1.3 SLES 11 SP1 32-bit PAYG
Alphinat SmartGuide 5.1.3 SLES 11 SP1 32-bit BYOL
GridRobotics' Cloud Lab Grid Automation Server can manage any number of client or agent computers, which can be spun up automatically on public clouds like IBM SCE or private clouds. Grid Robotics’ Cloud Lab Classroom is a virtual classroom management solution.
The following GridRobotics Cloud Lab images are now available in the catalog:
GridRobotics Cloud Lab Grid Automation Base Server 1.4 32b R2 - BYOL
GridRobotics Cloud Lab Classroom Base Server 1.4 32b R2 - BYOL
GridRobotics Cloud Lab Base Agent V 1.4 32b R2 - BYOL
We are committed to adding value continuously to IBM SmartCloud Enterprise to help you advance cloud in your organization.
Securing the Virtual Infrastructure
computing tests the limit of security operations and infrastructure from
various perspectives. Let us examine what
is different about Cloud Security and identify what are existing threats and what
are the new areas that we should be concerned about.
Figure 2 Cloud Security - Existing & New Threats
I think what make cloud security complex is the number of
layers involved in the cloud service stack and the number of components in each
layers. So it means
Increased infrastructure layers to
manage and protect
Multiple operating systems and
applications per server
More Components = More Exposure
As we can see we already do perimeter protection at the
network and operating systems as well as do physical and personnel security for
the traditional infrastructure. All of them holds good for cloud as well to combat
the existing threats at these layers.
us examine what are the new points of exposure with cloud. Security and resiliency complexities are raised
by virtualization and automation which are essentials to cloud. The new risks
Cloud Service Management Vulnerabilities
Secure storage of VMs and the
Managing identities on the
increasing number of virtual assets
Stealth rootkits in hardware now possible
Virtual NICs & Virtual Hardware
Virtual sprawl, VM stealing
Dynamic relocation of VMs
Elimination of physical boundaries
Manually tracking software and
configurations of VMs
managing these additional complexities, you need a reference model that is
comprehensive and covers security controls that can combat not only the
existing challenges but also the new challenges that cloud brings in.
Foundational Security controls for IBM cloud reference model (see below)
provides the different elements and controls required to build a secure cloud.
Figure 1 Foundation Security Controls for IBM Cloud
Managing datacenter identities (Identity and access
Management) is one of the top-most security concerns and we discussed how to
handle the same in my previous
post. I’ll discuss how to handle the
virtualization related threats in my next post.
Meanwhile let me know your comments on this reference model.
Do you think these set of controls are comprehensive. Do you see any areas not
covered from a cloud security perspective? If so, just add it as comment to
this post and let us discuss.
Rethink IT. Reinvent Business.
Join us for the 2012 IBMSmartCloud
Symposium event on 16-19 April 2012 in San Francisco, California. This
Symposium will help you Rethink IT and Reinvent Business.
event will introduce Cloud Computing’s disruptive potential to not only
reduce cost and complexity but reinvent the way we do business. Over the
course of four days, there will be sessions that define cloud computing
and discuss transformative benefits and challenges to consider while
sharing specific, proven patterns of success. We will provide proven
methods to get started on the Cloud journey from the up-front
investments to capacity planning. This event will cover the technology
behind private and public clouds whether you choose to build your own,
leverage prepackaged solutions or have it delivered as a service.
will explore challenges and solutions for securing, virtualization and
performance of mission critical applications as well as automating
service delivery processes for cloud environments. We will help you:
design, deploy and consume.
Use promotion code A2N for 10% off enrollment!
Managing Datacenter Identities for Cloud
challenges for cloud , I discussed Security as the top concern. I also
detailed the top concerns with regard to securing the cloud in the subsequent post.
Cloud computing tests the limits of security operations and infrastructure for
the various security and privacy domains
Cloud brings in lot of additional considerations like
multi-tenancy, data separation, virtualization etc. In a cloud environment,
access expands, responsibilities change, control shifts, and the speed of
provisioning resources and applications increases - greatly affecting all
aspects of IT security. We will discuss
the different security aspects classifying them against specific adoption
patterns (see post here).
The cloud enabled data center pattern is the more predominant one which has Infrastructure
and Identity management as the top concerns. Within cloud security doing the right design
for the infrastructure security is the important aspect – the details of which
and how it is done by different public clouds we discussed in the previous post.
Now with regard to Identity lets discuss the top requirements, use cases and
look at what solutions that we can provide to make the cloud secure. Lets start
with managing datacenter identities which is the top concern.
Managing Datacenter Identities
Identity and Access Control needs to deliver capability that
can be used to provide role based access to securely connect users to the cloud.
The users include the cloud service provider as well as consumer roles. Within
each user groups we need to support User as well as Administrator Roles. The
identity and access management should the 4As - Authentication, Authorization,
Auditing and Assurance.
For a cloud consumer user, it is
about making sure the user identity is verified and authenticated at the self
service portal and providing right access to the resource pools.
For the administrator, we need to
provide role based access to Service Lifecycle Management functions
We will need to integrate with
existing User Directory infrastructure (AD/LDAP/NIS) to extend the user
identity to the cloud environment as well.
Once in the cloud environment, we
need to automatically manage access to the cloud resources, through provisioning
and de-provision of resource profiles and users against the resources in the cloud
identity and access management systems. Manual processes to manage accounts for
users on various virtual systems and applications are not going to scale in a
cloud environment. The same is true with the manual processes to process
various audit logs to meet compliance and audit requirements
In massively parallel,
cloud-computing infrastructures involves enormous pools of external users as
well. We need to ensure smooth user experience for the users so that they don’t
need to enter their credentials multiple times to access various applications
hosted within the enterprise or by business partners and Cloud providers.
Management of user identities and
access rights across hosted, private and hybrid clouds for internal Enterpise
users is also a major challenge that includes
o Centralized user access management to on and off-premise applications
o Enables Federated Single Sign-on and Identity Mediation across
different service providers
Lets look at some of the capabilities that we can leverage
to solution these requiremnts.
IBM Security Identity and Access Assurance - provides
the following capabilities. These
capabilities enable clients to reduce costs, improve user productivity,
strengthen access control, and support compliance initiatives.
and policy-based user management solution that helps effectively manage
- Enterprise, Web, and
federated single sign on, inside, outside, and between organizations,
including cloud deployments.
and access support for files, operating platforms, Web, social networks,
and cloud-based applications.
with stronger forms of authentication (smart cards, tokens, one-time
passwords, and so on).
monitoring, investigating, and reporting on user activity across the
Tivoli Identity Manager complements its role management
capabilities with role mining and lifecycle management, provided by the
IBM Security Role and Policy Modeler component, which helps reduce time
and effort to design an enterprise role and access structure, and
automates the process to validate the access information and role
structure with the business.
Security Access Manager for Enterprise Single Sign-On offers wide
platform coverage, strong authentication enhancements, and simpler
deployments. It introduces 64-bit
operating system and application support, a virtual appliance for easier
installation and configuration of the server, expanded support for smart
cards, and simplified profiling.
Tivoli Federated Identity Manager offers additional Open Authorization
(OAuth) authorization standards support, (for business to consumer
deployments and utilization of cloud-based applications and identities),
enhanced security for Secure Hash Algorithm (SHA-2), usability
enhancements, and new Business Gateway capabilities.
Infrastructure Security Design (Public Clouds)
As we discussed in my previous post, transparency or more
control is need of the hour with regards to security on the cloud. Let examine how this is done by the popular
cloud providers and understand the method and the technologies. We need to
secure the infrastructure, network, endpoints, applications, processes, data,
and information and overall have a governance to mitigate the risk and meet the
compliance. Let us take the infrastructure to begin with.
The key areas for a security team to design for with regards
to infrastructure security are
logs on all resources – VMs and hypervisors
Let us start looking at the public cloud implementations to
understand how they are managing these aspects.
Almost all the vendors – IBM, Amazon,
provide a means to do SSH with keys to the Guest OS. The protocol runs over SSL
and is authenticated with a certificate and private key which could be
generated by the customer.
SmartCloud is designed with enterprise security as a top priority. Access
to the infrastructure self-service portal and application programming interface
(API) is restricted to users with an IBM Web Identity. The infrastructure
complies with IBM security policies, including regular security scans and controlled
administrative actions and operations. Within our delivery centres, customer
data and virtual machines are kept in the data centre where provisioned, and
the physical security is the same as that for IBM’s own internal data centres. With virtual private network (VPN) option,
customers can isolate their servers in the IBM SmartCloud on a virtual local
area network (VLAN) that can act as an extension of their internal network.
This VPN capability can also be used to create security zones in an Internet-facing
configuration to better protect their servers against attacks.
IBM LotusLive employs a security approach based on three
three-pillars that includes ensuring security rich infrastructure.
security: Making personnel
roles across LotusLive and their access authorizations are recorded in a
Separation of Duty matrix.
security-rich infrastructure: Security configuration reviews
and periodic vulnerability scanning of all systems and infrastructure.
enforcement points providing application security: multi-layered
compliance with periodic programs that address all elements of the service
We will see how the infrastructure
security aspects are dealt with for private clouds in my next post. Stay tuned
and keep those comments coming. I’d some of my readers tell me that the blog
entries are not showing up fine on Internet explorer. While I will make the
effort to fix the issue, please use Firefox or any other browser in the
And if you these posts interesting dont forget to rate the post (click on the stars) and if you got an extra minute do put in a comment on what apsects you find interesting or need discussion.
Securing the Cloud – What are the top concerns?
IT Security is well researched and
matured area. The reason why we have enterprises doing commerce over the web
today is because IT Security practices, tools and technologies have matured to
establish the trust and have overcome the
concerns. As with most new technology paradigms, security concerns surrounding
cloud computing have become the most widely talked about inhibitor of
widespread usage as discussed in my previous post.
To gain the trust of organizations,
cloud services must deliver security and privacy expectations that meet or
exceed what is available in traditional IT environments. Let us discuss what’s are
the Top Security Concerns when it comes to cloud.
Transparency or Less Control
If we look at the security and
privacy domains in cloud, they are no different from the traditional domains.
We need to secure the infrastructure, network, endpoints, applications,
processes, data, and information and overall have a governance to mitigate the
risk and meet the compliance. But in a cloud environment, access expands,
responsibilities change, control shifts, and the speed of provisioning
resources and applications increases - greatly affecting all these aspects of
IT security. The different cloud deployment models like the public, private and
hybrid clouds also change the way we think need to about security. The
responsibilities are spread across Consumer, Service Resellers and Providers.
The immediate risks of these shared responsibility is that nobody gets a
holistic view of the security and so less customization of any security
controls. Consumers need visibility into day-to-day operations as well as need
access to logs and policies. The aspect of less visibility or transparency is
mostly the top most concern shared universally.
Data and Information Security
The next primary concern that
customers mention related to security on the cloud is related to data and
information security. The specific concerns include
Protection of intellectual property and data
Ability to enforce regulatory or contractual obligations
Unauthorized use of data
Confidentiality of data
Availability of data
Integrity of data
A shared, multi-tenant
infrastructure increases potential for unauthorized exposure especially in the
case of public-facing clouds. Security Administrators need to worry about
designing security for applications and data that are publically exposed which
can be potentially accessed by anybody on the internet.
Different industries and geographies have different regulations
and rules that they need to comply to depending on the workloads and data they
put on the cloud. Complying with SOX,
HIPAA and other regulations are one risk or issue because of which customers
are not ready to put their applications on the cloud. Cloud or no cloud for
these sort of workloads comprehensive auditing capabilities are essential.
Security Management - Methods and Tools
Finally customers would need to know how today’s enterprise
security controls are represented in the cloud.
They need to understand how the security events are monitored correlated
and actions taken when needed to keep their infrastructure, workload and data
safe. Security coming on the way of high availability is another key
concern. IT departments worry about a
loss of service should outages occur because of security reasons. If so, when
running mission critical applications how soon you can get the environment back
at the same level of security is the priority.
Until all of these concerns are addressed and without strong
availability guarantees, customers may not be ready to run their apps in the
cloud. But things are not that bad as we might think. We will discuss how these
aspects can be addressed and what tools and technologies to put to use in the
Meanwhile I recommend that you read this very interesting whitepaper
on “Cloud Security Who do you trust?” which discusses all of these aspects
in detail as well as the different security challenges that security
Cloud Security – The top most concern and Opportunity
First of all, wishing all my readers a
very happy and prosperous year 2012 ahead.
Few things happened towards the end
of the year which was significant to me. IBM acquired Q1 Labs to Drive Greater Security Intelligence and created a New Security Division. I also joined this
newly formed IBM Security Systems team last quarter as a solution architect for cloud security. This is a great time to be looking at cloud security. Happy to be on this new role where I can provide solution to customers to handle their cloud security concerns and make it easy for them to adopt cloud and innovate at a faster rate than before.
In my previous
post, we discussed security as the top most concern why customers and
enterprises are not adopting cloud. As
part of year’s posts, I plan to discuss the various security issues and aspects
of cloud computing.
We will explore to understand what are
the unique challenges with Cloud Security and discuss what aspects is important
for each customer
adoption pattern that we have seen.
We will also learn how the IBM Security
Framework can be used to address the various security challenges namely
governance, risk management and compliance
server and endpoint
forward to your comments and inputs in this journey of understanding the
security requirements for cloud and how we can overcome this major challenge to
cloud adoption using the World’s Most Comprehensive Security Portfolio – IBM
Security Systems. I’ll
try and elaborate the IBM Point of View on cloud security and discuss the architectural
model to address the security requirements for cloud. Stay tuned and keep those comments and inputs coming.
With the barrage of cloud news constantly hitting the market, it can be challenging for organizations to differentiate between all of the solutions and capabilities out there.
But with the latest cloud offering from IBM, the value proposition is quite simple—you get a low-cost, low-risk entry to cloud computing with compelling features. This is especially important for organizations who are still trying to leverage the cost savings of virtualization.
Our customers have told us they’re looking to cloud computing to increase agility—the ability of IT to evolve and meet business needs—and they’re looking for ways to control expenses related to IT investments. They also want to reduce IT complexity while at the same time increase utilization, reliability and scalability of IT resources. And they are looking for the ability to expand capabilities gradually, as their needs change and grow.
In designing a solution to meet all of these needs, we developed IBM SmartCloud Provisioning. Using industry best practices for cloud deployment and management, this new solution allows organizations to quickly deploy cloud resources with automated provisioning, parallel scalability and integrated fault tolerance to increase operational efficiency and respond to user needs.
The name doesn’t tell the whole story though. IBM SmartCloud Provisioning is a full-featured solution wrapped up in an easy-to-implement package. That means you get:
· Rapidly scalable deployment designed to meet business growth
· Reliable, non-stop cloud capable of automatically tolerating and recovering from software and hardware failures
· Reduced complexity through ease of use and improve time to value
· Reduced IT labor resources with self-service requesting and highly automated operations
· Control over image sprawl and reduced business risk through rich analytics, image versioning and federated image library features
Using this technology, we’ve seen customers get a cloud up and running in just hours—realizing immediate time to value. It’s fast—administrators have been able to go from bare metal to ready-for-work in under five minutes, or start a single VM and load OS in under 10 seconds, or scale up to 50,000 VMs in an hour (50 nodes).
But ultimately, these IT benefits have translated to business benefits—customers have been able to see how cloud computing can impact their business, and how they can accelerate the delivery of new services to drive revenue.
With the new release of IBM SmartCloud Provisioning this week, you can try and see firsthand the potential of this breakthrough technology to accelerate your journey to cloud.
And if you want a preview of what’s in development, you can join our Open Beta program for access to beta-level code.
Possible Solution for Mullaperiyar Dam Issue ?
While I’m writing this blog, the Ministers of Tamil Nadu and
Kerala are having a meeting
with Prime Minister to discuss the contentious issue of Mullaperiayar at length.
For those who don’t know about this issue, this is about the Mullaperiayar Dam in
Mullaperiyar Dam is a masonry gravity dam over River Periyar and operated
by the Government of Tamil Nadu based on
a 999-year lease agreement. The catchment areas and river basin of River
Periyar downstream include five Districts of Central Kerala, namely Idukki,
Kottayam, Ernakulam, Alappuzha and Trissur with a total population of around
This dam is at the centre stage again in the wake of reports that
the dam is weakening due to increase in incidents of tremor in Idduki district
in Kerala. Ministers from Kerala are seeking Central Government intervention in
ensuring the safety of the dam. At the same time, Tamil Nadu is insisting on
increasing the water level in the reservoir for enhancing water supply to the
state. While Tamil Nadu wants to increase the water-level in the reservoir,
Kerala has been insisting that it be reduced from the current 136 feet to 120
Currently I don’t think we have clear metrics on the exact usage
of water by each state, what is right level of water to be retained by the dam,
what are the risks etc. We have been relying on data that we have from the
However you look at it -- whether too much or not enough,
the world needs a smarter way to think about water. We need to look at the
subject holistically with all the other considerations as well. We use water
for more than drinking. We need to make an inventory of how much water we get
and how is it used – of industries, irrigation, etc.
This is where I think we need smarter ways to manage the water in the best possible way that addresses both states
Smarter Water Management can help us think in a smarter way about water. For
instance IBM is helping
the Beacon Institute to do source-to-sea real-time monitoring network for New York’s Hudson
and St. Lawrence Rivers as well as report on conditions and threats in real
time. There are many other case studies across the globe on IBM Smarter Water
Those interested in the problem and the possible solutions should
definitely read IBM’s broader outlook on Water Management as covered in the Global Innovation Outlook.
for Tomorrow is another interesting partnership between IBM and The Nature
Conservancy. IBM is providing a state-of-the-art support system for a free,
online application that will provide easy access to data and computer models to
help watershed managers assess how land use affects water quality.
Though it's a worldwide entity, water is treated as a regional
issue. I think we should try putting technology to use to solve our water problems.
The solution should be more instrumented, interconnected and intelligent system
that can not only take into consideration the realtime monitoring of the river
but also include early warning systems to notify risks related to earth quakes
etc. IBM’s Strategic
Water Management Solutions include offerings to help governments, water
utilities, and companies monitor and manage water more effectively. The IBM
Strategic Water Information Management (SWIM) solutions platform is both an
information architecture and an intelligent infrastructure that enables
continuous automated sensing, monitoring, and decision support for water
you might be wondering what has this to do with Cloud and why is this post on
cloud computing Central. For these solutions and platforms to be successful it
is highly important that we have energy efficient high-performance computing
platforms and complex sensor, metering, and actuator networks. Such platform
needs and flexible choices of having the solution on-premise as well as
leverage different delivery models can only be supported through a cloud.
I think we should just leverage these solutions on the cloud to
solve this issue and keep all the states and its people happy :-).
Top 5 Challenges to Cloud Computing
In my previous post, we looked at understanding the
different adoption patterns – i.e. how customers are turning towards
cloud. Some of the key reasons of the
“why” are listed below
- Ease of deployment
- More flexibility in
supporting evolving business needs (both from a technical and business
- Lower cost of
- Easier way to scale
and ensure availability and performance
- Overall ease of use
While all of these are good, there are
still many yet to get on to this cloud computing train. Let’s explore what are
their key concerns or challenges why they are reluctant to jump in. The
following are inputs that I’ve got from various analyst studies and resources
on the internet.
- Security and Privacy- The top most concern that everybody seem to agree
as a challenge with cloud is security. The data security and privacy
concerns ranks top on almost all of the surveys. Cloud computing
introduces another level of risk because essential services are often
outsourced to a third party, making it harder to maintain data integrity
and privacy, support data and service availability, and demonstrate compliance.
- Real Benefits / Business Outcome – Though we have several case studies showcasing
the benefits arising out of implementing cloud technologies, some of the
customers are still not convinced on the possible benefits. Their main
concern is how to realize the investment to full potential and make cloud
part of their mainstream IT Portfolio. Enterprises
need to a good view into the real benefits of cloud computing rather than
the seeing the potential of cloud computing to add value. The return on
investment (ROI) on cloud needs to be substantiated by comparing specific
metrics of traditional IT with Cloud Computing solutions that can show
savings that demonstrate cost, time, quality, compliance, revenue and
profitability improvement. The cloud ROI model should include things such
as indicators for comparing the availability, performance versus recovery
SLA, Workload-wise assessments, Capex versus Opex costs benefits,
- Service Quality: Service quality is one of the biggest factors that the enterprises
cite as a reason for not moving their business applications to cloud. They
feel that the SLAs provided by the cloud providers today are not
sufficient to guarantee the requirements for running a production
applications on cloud especially related to the availability, performance
and scalability. In most cases,
enterprises get refunded for the amount of time the service was down but
most of the current SLAs down cover business loss. Without proper service
quality guarantee enterprises are not going to host their business
critical infrastructure in the cloud.
- Performance / Insufficient responsiveness over
network: Delivery of
complex services through the network is clearly impossible if the network
bandwidth is not adequate. Many of
the businesses are waiting for improved bandwidth and lower costs before
they consider moving into the cloud.
Many cloud applications are still too bandwidth intensive.
- Integration: Many applications have complex integration needs to connect to other
cloud applications as well as other on-premise applications. These include integrating existing cloud
applications with existing enterprise applications and data structures.
There is a need to connect the cloud application with the rest of the
enterprise in a simple, quick and cost effective way.
I plan to discuss more on what are the
perceived and real threats related to Security and Privacy in my subsequent
posts. In my new role, as an Architect for IBM Security Solutions,
I’ll like to discuss the details on what IBM tools and technologies you could use to overcome the issues.
Meanwhile keep those comments coming and I look
forward to them to understand what other areas you think are key
concerns to be addressed to accelerate adoption of cloud.
The IBM Tech Trends report is out! We asked, you answered. Check out the results of IBM developerWorks' 2011 Tech Trends survey
and find out what more than 4,000 IT professionals -- your peers -- have to say about the future of technology, including their opinions on cloud computing, business analytics, mobile computing, and social business.
The report provides insight from the worldwide IT development community into the adoption, preferences and challenges of key enterprise technology trends including cloud, business analytics, mobile computing, and social business. The results also provide guidance on areas where IT professionals like you say they need help with skills to develop new technologies and platforms that will be in demand in the coming years.
As we focus in on cloud, there is absolutely a growing trend in cloud computing to view it as more than just cheap infrastructure. Companies are now exploring the possibility of developing applications in the cloud (you guys are already doing that) many of them related to mobile development.
Currently the biggest challenge is integrating the cloud into application development as the reduction of operating expenses is the driver of this move. We still have a way to go however with 40% of the survey responders saying their company is not yet involved in cloud currently. Hmm, interesting right.
The cool news is that the expectation from those same responders is that over the next two years 75% of the IT professionals responded that they expect that this will change and that theirs and other enterprises will take to building cloud infrastructure.
Understanding the Cloud Adoption Patterns
I did discuss the - The Next Big thing – Cloud enabled
business model Innovation in my previous post. But you may be asking where do I
start. That’s where I guess Cloud
Adoption Patterns work that IBM has pioneered is going to help. This is some
great analysis - Cloud Adoption
Patterns that IBM have done based on thousands of cloud engagements that we
have done so far. This analysis is a good abstraction of the ways organizations
are consuming cloud -- a good starting /entry point discussions on cloud.
The four most common entry points to cloud solutions are discussed in the
picture above. I love these videos on youtube - Cloud Adoption
Patterns that tells you the essence of these patterns in less than 2 minutes.
Data Center – to achieve better return on investment and manage
complexity by extending virtualization well beyond just hardware consolidation.
Platform Services – to accelerate time-to-market by creating, deploying
and managing cloud applications.
Solutions on Cloud – to access enterprise-level capabilities through a
provider’s applications running on a cloud infrastructure; to improve
innovation and flexibility while minimizing risk and capital expense.
Service Provider – to innovate with new business models by building,
extending, enabling and marketing cloud services.
For each of these patterns of cloud adoption, we have defined a set of
proven projects that it supports with software, services and solutions to help
businesses streamline the implementation of their chosen cloud capabilities.
While the Cloud
Enabled Data Center pattern is the case for most of the private cloud
implementation. Most customers start with providing infrastructure as a service
on the cloud. This pattern also discusses how we can share infrastructure
across multiple projects and drive benefits.
This also discusses a lot of automation in the operation and business
process that’s possible to have a responsive IT department that can help the
business to be agile.
The next level of gain or reuse would be run your workloads on a shared
stack of middleware. Platform
as a Service Pattern is an integrated stack of middleware that is optimized
to execute and manage different workloads, for example, batch, business process
management and analytics. This middleware stack standardizes and automates a
common set of topologies and workloads, providing businesses with elasticity,
efficiency and automated workload management. A cloud platform dynamically
adjusts workload and infrastructure characteristics to meet business priorities
and service level agreements. All the layers below understanding what workloads
are running on top of it and optimizing self is going to help run these
workloads more efficiently and at a lower cost.
The Cloud Platform Services adoption pattern can improve developer
productivity by eliminating the need to work at the image level so that
developers can instead concentrate on application development.
solutions pattern maps to the SAAS model where you leverage cloud to innovate with speed and efficiency to drive
sales and profitability. In these we
look at creating and consuming business solutions on the cloud. Some of the key
offerings in this space are things like business process design, social and
collaboration tools, supply chain and inventory, digital marketing
optimization, B2B integration Services etc. These generic services consumed
from the cloud relieves you of the pain of setting up things from scratch as
well as enable you to scale based on your demands.
Cloud Service Provider (CSP) Pattern is the one that most of the Telcos
adopt when they have to service multiple consumers with a single cloud
solution. We provide tools and technologies to design and deploy highly secure,
multi-tenant cloud services infrastructure that can integrate nicely with
plenty of 3rd party applications.
As we understand it is easy to do the IaaS pattern and more
work to do when we implement SaaS or CSP patterns. But the gain is more when we
do sharing at the software or application level. Depending on where you are in
your current IT Environment, you can pick up and implement any of these
patterns that suit you. The work that we have done to analyse these patterns
and provide a consistent set of technologies and tools to build out these
patterns should make life easy for you. Leverage it –less pain and more to gain.
There's still time to sign up for the IBM webcast: Managing the Cloud – Best practices for cloud service management
Organizations today are looking to cloud computing to deliver cost savings and faster service delivery. However, most organizations are still struggling to have the basic IT infrastructure that is necessary to take the leap to a robust cloud. This session will explain how service management can help provide the essentials to maintain service levels in the cloud and best practices based on IBM's work with customers. This information will provide the foundation for building and managing a cloud to meet your business objectives and transform IT.
The Next Big thing – Cloud enabled business model Innovation
I remember the day when one of our Executives - Nick
Donofrio visited us in India.
He is like the chief mentor for all the members of the IBM technical community
and he has seen IBM and the IT industry for many years. He was addressing a
Technical Exchange event few years ago and then someone in the audience asked
him this question – “Sir , you have seen technology for so many years now – can
you tell us what’s going to be the next big thing in terms of
invention/innovation”. Everyone was all ears waiting for the answer - is it the
next version of the internet, the search, a web2.0 application or may be an
intelligent mobile app. But his answer was that he believes that there is not
going to be any next big thing in technology. The next big thing for all of us
is going to be Business model innovation. Even today his statements holds very
true. Businesses that are able to reinvent their business model are succeeding
and managing to stay on top and others vanish from the scene.
There are lots of innovative and technical things happening all
around us like
and doing more and more using mobile devices
Media – thinning the line between work and life and business having reach
to your social network
Data and its related analytics giving the business insights that were not
possible few years ago.
I believe the next big thing is going to be how well you can
use all these elements for business seamlessly and cost effectively. The key to
succeed is to use technology to do this business model innovation and do it
How do you do it faster ?-- The answer is cloud. This is something that I’m saying based on
the data that IBM has got analyzing over 2000 customers cloud adoption
patterns. All of them have seen the below advantages with Cloud.
Considering all these factors, I think the next big thing is
Cloud Enabled Business Model Innovation. I was able to relate with some of the
latest announcements that we have made in the cloud easily because they are
just restating my same belief. As
discussed in this interesting
video by IBM's Saul Berman (Innovation & Growth Leader), 60% of the
customers that IBM interviewed is saying they would consider cloud immediately
and 70% of the them intend to use cloud to enable business model innovation. Based
on the rate at which they adopt the new technologies they may be an Optimizer (looking
at improving existing model), Innovator (looking at new model) or a Disruptor (who
is ready to bring in game changing ideas).
So as today’s IT leaders, let us broaden our focus from merely
delivering technology to solving larger business issues. One great opportunity for that is to tune in
or be present for the SWG
Universe India 2011. You will get a
chance to listen to some great speakers who will talk about how to use cloud
for business model innovation.
Cloud enabled Business Model Innovation I feel is the next
big thing that could change IT and Businesses. – So come let’s Rethink IT & Reinvent Business
Today IBM announced new SmartCloud Foundation capabilities to help organizations realize the potential of cloud computing. Watch the replay of the IBM SmartCloud launch webcast, to learn more about how the new announcements, including IBM SmartCloud Provisioning (delivered by IBM Service Agility Accelerator for Cloud), can help customers move beyond virtualization to more advanced cloud deployments.
In order for me to be responsive to your reading interests and learning needs, I thought I'll take a short feedback that will help me understand your reactions to my blog. Request your response by taking this short survey. This should not take more than
two minutes 30 seconds of your time. It is primarily for me to improve the focus on my blog. Please note that there is nothing official about this survey and all responses are anonymous within the system.
You can see all the blog entries in this category by clicking on the tag "stepbystep" If you liked any entry in the blog, please rate it by clicking on the "star"
or feel free to provide your comments and inputs through this feedback form.
You can access the feedback form here.
Look forward to your comments and inputs.
I've been writing about the step by step approach to Cloud
till now. The rate at which I see cloud computing being adopted inside and
outside the Enterprise, I think we really need to get out of our step-by-step
approach and start riding the wave. IBM has implemented may be over 2000
cloud engagements in the last year and are managing over 1 million virtual
machines today. We have identified the
customer cloud adoption patterns and entry points to cloud and have lots of
lessons learnt and experience to share.
So won’t it be nice if we could talk to you about the things as well as
share the best practices with you. All
of it is difficult to discuss through a blog. So You have a better option – The IBM Software Universe 2011 – The Next Big Wave.
Yes, the 7th edition of IBM India’s largest annual software
conclave is happening this year Oct 19th and Oct 20th. I believe it would be time well spent to
learn from our learnings and accelerate your adoption of cloud. We have some interesting sessions on Private Cloud [R]Evolution which will
discuss some of the key trends and technologies to look at for building the
cloud insider your firewall. If you are looking to understand how to expand
your existing Data Center capabilities to have better visibility, control and
automation across your physical and virtual environments then “Integrated Service Management – Thinking
Beyond the Data Center” is a must attend session. If you are one of those business or
Enterprise IT Manager who is looking to start with the cloud – you don’t want
to miss the “Get Your Head in the Cloud” session which can tell you how you
could get some of your collaboration requirements from the cloud.
Finally it is wonderful opportunity for you to talk to some
of the Distinguished Engineers and IBM Fellows who can spend 1:1 time with you
to listen about your issues/problems as well as discuss the future roadmap. For
instance, Bala Rajaraman who is the Distinguished Engineer with
responsibilities including the architecture and design for Cloud &
Service Management solutions is going to be in India and it is your opportunity to
catch up with Bala.
Last but not the least, there is going to be Solution Expos
that will be setup for you, so you have a opportunity to touch and feel the
cloud solutions. This should include industry specific demos and
technology/product demos from IBM as well as partners.
So be there on Oct 19, 20th at the IBM Software Universe 2011. It is
going to teach you a new skill – How to ride the next big wave… the cloud wave..
Join us for the Managing the Cloud Webcast series to learn more about best practices, technical approaches and capabilities to help solve your business and technical challenges in the cloud. Sign up for these free 1 hour webcasts today.
Best practices for cloud service management - Nov 8, 12-1EST
Organizations today are looking to cloud computing to deliver cost savings and faster service delivery. However, most organizations are still struggling to have the basic IT infrastructure that is necessary to take the leap to a robust cloud. This session will explain how service management can help provide the essentials to maintain service levels in the cloud and best practices based on IBM's work with customers. This information will provide the foundation for building and managing a cloud to meet your business objectives and transform IT.https://www14.software.ibm.com/webapp/iwm/web/signup.do?source=swg-tivoli-nov8managingcloud
Performance management in the cloud - Nov 15, 12-1EST
Cloud services can leverage everything from databases to mainframe transactions to SOA services, so the ability to see how all these different touch points are performing is critical. See how integrated service management can provide the capabilities you need to monitor and manage today's cloud based services and help you meet your service level goals.https://www14.software.ibm.com/webapp/iwm/web/signup.do?source=swg-tivoli-nov15managingcloud