Tag Archives: firewall

Verizon To Offer Virtualised Android Phones

2 Replies

Telefonica and Verizon will become the first operators to offer Android phones running VMware’s mobile hypervisor, the companies announced on Wednesday at the VMworld 2011 Europe conference in Copenhagen.

VMware has previously said that Verizon would offer the service, without disclosing details about timing, but this is the first time Telefonica has said it plans to offer phones with the hypervisor.

Users of phones with the VMware product will find two profiles on their devices: one for personal use and one for business use. The setup allows for the isolation of enterprise apps from apps available on the open Android Market that could be malicious.

The operators will be making slightly different offerings, said Steve Herrod, chief technology officer for VMware.

Dual subscription

Telefonica will make its offering available initially on the Samsung Galaxy SII. Unlike Verizon, Telefonica will allow users to have two phone numbers, one for business and one for personal use. That means a user will be able to have two voice and data subscriptions on one phone.

Telefonica is able to make that offering using dual-SIM cards. Such a setup would be more difficult for Verizon, which will only allow one phone number on its service, because of its network technology.

IT managers will be able to remotely control the business side of the phone using software from VMware. That software lets administrators remotely wipe just the corporate applications and data, push applications to the phones and set policies for the corporate profile. Telefonica will offer the IT management features as a hosted service.

Verizon will instead offer that software to enterprises to run from inside their firewalls, Herrod said.

Toggle interest growing

Verizon’s offer will initially be available on LG phones. Phone makers must build part of the necessary software into the phones before they hit shelves, meaning the selection of compatible phones initially is likely to be small. LG and Samsung are the only two manufacturers to have announced their support of VMware’s technology.

Neither operator is announcing specific launch dates or pricing but say the service will be available in the coming months.

VMware first started talking about its mobile hypervisor late last year. Interest in the concept of separating business applications from personal, particularly for Android phones, appears to be growing.

Last week, AT&T launched a service called Toggle that allows users to separate work applications from personal applications on Android phones. It’s based on technology from Enterproid, which is different from VMware’s in that applications must be built using Enterproid’s technology in order to be separated from the rest of the phone.

OK Labs is pushing a similar concept for isolating certain applications. Last week, Red Bend started talking about its own virtualisation technology, which would work similarly to VMware’s, but it hasn’t announced phone or operator partners yet.

Author: Nancy Gohring
Source

Gartner: Virtualisation and cloud computing race ahead of security practices

1 Reply

The rush toward virtualisation of internal enterprise computing resources and cloud computing can have many advantages, such as server consolidation, but it’s largely outracing traditional security and identity management practices.

That’s leaving huge gaps, a sense of chaos and questions about where security products and services should be applied in the world of multi-vendor virtual-machine (VM) hypervisors.

“Virtualisation will radically change how you secure and manage your computing environment,” Gartner analyst Neil MacDonald said this week at a Gartner Security and Risk Management Summit in the US. “Workloads are more mobile, and more difficult to secure. It breaks the security policies tied to physical location. We need security policies independent of network topology.”

Gartner estimates almost half of x86-based server workloads are virtualised today, with VMware the clear market leader, but with Microsoft Hyper-V on the rise and Citrix a contender. Gartner advocates that enterprises plan to move to a private-cloud architecture. But at the same time, the consultancy acknowledged management tools and security really haven’t risen to meet the occasion.

“The hypervisor will be less secure than the physical systems they replace,” MacDonald said. “The integrity of that bottom layer is paramount. The hypervisor layer you don’t want compromised.”

Today there’s often a “lack of visibility and controls on internal VM-to-VM communications,” said MacDonald. “Should VM No. 1 be talking to VM No. 3? How do you know they’re not attacking? The traffic never comes out onto our physical network.” Some companies are willing to live with this uncertainty, others not, MacDonald said.

But it’s questions such as these that demand to be addressed to find out what options exist to tackle virtualisation and cloud security. In MacDonald’s view, there needs to be a wide range of security controls in the VM, such as virtual firewalls, intrusion-prevention systems and antivirus, in addition to load balancers and traffic shapers.

Increasingly, vendors such as Altor, Cisco, Juniper, IBM, Hytrust, HP, Enterasys, McAfee, Catbird, StillSecure, Sourcefire, Reflex Systems and StoneSoft are offering virtual-appliance options for firewalling, monitoring and intrusion-prevention, for example. For the VMware platform, “Check Point has gotten furthest along,” said MacDonald. “After a slow start, finally the big security vendors are making progress on their virtual-security controls.”

VMware has provided VMSafe APIs to facilitate hypervisor-based “introspection” so that multiple software agents are no longer required. The need to deploy and run agent software has traditionally “been the bane of our existence,” MacDonald acknowledged. But there are still a lot of questions about exactly how this works.

Trend Micro, seen as the No. 3 player in antivirus behind Symantec and McAfee, has been the fastest to embrace some of VMware’s ideas on this, including support for VMware’s latest security APIs, vShield in its Deep Security product that can perform A/V scanning for vSphere. Trend Micro has been charging less for VM-based A/V software, perhaps figuring “it has nothing to lose,” MacDonald said.

The downside of the Trend Micro Deep Security approach with vShield, though, is that “stub code” for VMware is still needed to make it work and a hypervisor extension, plus it’s for Windows only and it quarantines but does not remove malware infection; it only does anti-malware scanning, MacDonald said. And the possible drawback with vShield, which has the software taking on the role of firewall, is that it’s so specific to VMware vSphere, customers will end up with “another silo.”

The transition to more virtualisation-focused software-based security controls, though now filled with uncertainties, is still expected to occur, and though only deployed “in the single digits today,” by 2015, Gartner predicts 40% of security controls, such as antivirus, will be virtualised. This will happen, MacDonald added, despite the fact that vendors such as Cisco and Juniper have been dragging their feet because they like to sell “overpriced physical hardware.”

At this point, the main idea is to “treat the virtualisation platform as the most important IT platform in your data centre, from a security and management perspective,” MacDonald said.

For those responsible for the identity management arena in the cloud, however, the situation appears to be particularly challenging.

“Until about two years ago, we were talking about how to do identity management internally,” said Gartner analyst Gregg Kreizman. “Now, it’s about how do we get our arms around the SaaS [software-as-a-service] problem? Or we used to manage the applications but now they’re in the cloud” … so it’s leading to a never-before-asked question, “How about if we have our identities there?”

This is the cloud relative to the on-premises systems of yore, Kreizman said, and with SaaS providers using different interfaces, there’s now a growing “interface risk” of a wider attack surface, plus more people potentially with their hands on the data. Google “is not very upfront about their security practices,” Kreizman said. “Salesforce is a little bit better.”

“Unfortunately, the default way to get identity information into a SaaS is to administer directly,” said Kreizman. “A FTP or a Dropbox might be involved.” Dropbox is a service that has suffered several security failures, including one this week involving a password-management problem that left user information exposed.

Companies today wanting to extend their corporate identity management systems to the cloud can seek to extend corporate identity-management systems, such as those from CA (which acquired Arcot Systems) or IBM, to specific cloud providers, if it’s supported, in a hybrid arrangement. In addition, Exostar and Covisint fall into a realm now called a “community federation hub” to serve specific types of groups, in this case mainly aerospace, defense, auto manufacturing and healthcare. “It’s a collection of users willing to pay for identity services under established federations and SaaS providers,” Kreizman said.

There’s a stampede of new choices racing into the identity-management market to hook up to the cloud, creating a “volatile market” and even “kind of a Wild West here,” said Kreizman.

Among the players are Okta, Clavid, Symplified, Onelogin, Ping Identity (which also offers stand-alone federation software) and Nordic Edge (acquired by Intel). Some traditional identity and access management vendors, including Fisher International, idEntropy, Novell and Lighthouse, are selling packages and services for the benefit of cloud providers and customers.

VMware last August acquired TriCipher with the expectation of giving customer easier controls for SaaS in the future. And RSA technologies are expected to be leveraged in the cloud-trust authentication system that’s expected to go into beta soon.

Although identity and access management as a service is still new, Gartner expects this could grow enormously in just a few years, from about 5% of identity and access management sales to as much as 20% by the end of 2012.

Source

Network & VoIP Security Tips

1 Reply

For anyone who has an internet connection, paying attention to your network security should be one of the most important things you can do. With a well maintained and managed network, you won’t need to worry about viruses or compromising sensitive data and access. Here are some simple steps you can take to make sure that you are protected:

1. Install and use a credible Anti-spyware, Anti-virus software package

Spyware can present a major problem, especially in the form of key loggers that steal your passwords so make sure that your anti-virus and anti-spyware definitions are kept up-to-date, and run regular full system scans.

2. Keep your Operating System updated

Updates are critical to the security and reliability of your computer. Some of these updates address bugs and potential exploits in your computer, so you should keep your operating system up to date to ensure you’re have the latest protection.

3. Secure your Wireless connection

* Use WPA2 encryption. This is better than other encryption methods.
* Hide your SSID or change its name to something non-descript or common (i.e. “Router1”)
* Change the default admin username and password on your modem router with strong, varied usernames and passwords (then document them and store them in a safe place)
* Use MAC address filtering to limit wireless access to only those devices whose MAC addresses are allowed
* If you don’t use wireless networking, then turn it off

4. Configure and use a Firewall

Firewalls require some advanced configuration to work properly with some games and software, but it is well worth your time to configure and use them. Firewalls help protect against malicious software and prevent people from traveling through your internet connection to compromise your local network by limiting which ports can be used, from what source IP address, and what type of traffic. It’s recommended that you start with a block-all policy and then add rules to allow access from trusted or known sources.

5. Common threats

* Never open email attachments, email links or instant messages from people you don’t know.
* Be careful about accessing your network from shared computers or public networks (wireless hotspots)
* Be careful when web browsing. Downloading torrents or unauthorised versions of software is one of the easiest ways to undo your network security.

6. VoIP Security

Protecting your computers from online threats is essential, as is protecting all devices that use and are connected to the internet. To make sure that your system is more resilient to network attacks and fraud, we recommend you do the following:

* Protect the administration and remote management interface by using a strong password and a non-standard access port. Treat them like credit card numbers and keep them confidential
* Use alphanumeric passwords and usernames, and make them different from your extensions; especially if you have remote extensions or Direct Inward Service Access (DSIA)
* Block outbound dialling from your voicemail system to prevent Dial Through Fraud (DTF)
* Only allow SIP authentication and inbound call requests from trusted IP addresses. Block all others
* Restrict the destinations phones can call by configuring dial plans, call routes, and user access
* Make use of an intrusion detection system (IDS) and actively monitor your calls
* Delete employee authorisation codes when they leave your company
* If you are selling or discarding your VoIP hardware, make sure that you factory reset it and check that all SIP authentication usernames and passwords have been removed

Failing to secure your PBX or VoIP adapter may result in the following:

* Toll Fraud – utilising your PBX or account details to make calls at your expense
* Obtain unauthorised access to your system resources, information, privileges and/or listening to your calls and voicemail (through fuzzing, sniffing, or brute force attacks)
* Denial of Service – disabling your voice communication using packet floods

These security steps are critical to ensure your protection against internet attackers. If you require assistance configuring or implementing any of these recommendations, contact a certified and credible IT professional or PBX system integrator.

By setting up your network properly and using reliable security policies and procedures, you can sleep more soundly and feel confident that your computers, network, and phones, are as safe as possible.

Source

The Many Colors of Cloud Encryption

1 Reply

Cloud computing is a priority for enterprises seeking greater agility, operational efficiency and overall cost reduction, but security concerns continue to inhibit its use. Half of all companies not adopting cloud computing cite security as the reason, according to a Forrester Research October 2010 study, “Security and the Cloud.”

Whether considering a private cloud or public cloud, IT professionals face new security and compliance challenges. As data moves to the cloud, it can migrate internally to a mixed trust environment or outside of the traditional corporate perimeter to environments that lead to nightmare scenarios among security professionals. While non-sensitive data in the cloud poses little concern, securing sensitive data is a major challenge. Encryption, when properly deployed and managed, can enable enterprises to safely cloud-enable applications and control sensitive corporate or personal information in the cloud.

In determining the correct approach for encryption in the cloud, it is necessary to evaluate whether the chosen approach will support business needs. How can I run applications in the cloud while avoiding application redesign or recoding? How can I encrypt data generated by applications running in the cloud but maintain custodianship of keys? Will encryption hinder application performance? Will it allow policies enabling a separation of duties between IT operations, IT security, and cloud administrators?

Cloud Formations

“The cloud” can be a nebulous concept with many different interpretations, and security depends on the “cloud formation” one uses.

Most larger enterprises are aggressively virtualizing their environments and moving to private clouds that provide the operational and cost-benefits generated by cloud characteristics such as self-service, rapid elasticity, measured/metered service, resource pooling, and broad network access. Private clouds pose new challenges since pooling computing resources can result in a mixed-trust environment requiring segregated data.

The public cloud service models, be it Software as a Service (SaaS), Platform as a Service (PaaS) or Infrastructure as a Service (IaaS), pose new challenges to protecting and controlling sensitive data. In all cloud delivery models, be it SaaS, PaaS or IaaS, the customer is ultimately accountable for securing data, but the degree to which the cloud services’ consumer must take direct responsibility varies. A good way to understand responsibility of securing data is to read the “Security” section of your contract or terms of service.

Typically in SaaS and PaaS environments, the cloud service provider assumes much of the responsibility for security. For IaaS environments, however, security is a shared responsibility wherein the IaaS provider might provide some security basics like a perimeter firewall and load balancing to avoid DDoS attacks, but the responsibility for securing and controlling data typically falls to the cloud customer.

Enterprises can directly control security for private clouds and IaaS, and encryption provides a proven method of protecting and controlling data.

Encryption Approaches

Using encryption ensures that your data is unreadable if there is a data breach, and a good solution that provides robust separation of duties helps minimize the possibility of a breach.

Some traditional approaches to encryption lose their applicability in a cloud environment. Disk and switch encryption provide security for data within the company’s firewall but are of little relevance in a multi-tenant cloud world where the cloud service provider provisions the infrastructure.

The most effective approach protects information as close as possible to the source while minimizing any re-architecting or recoding that might delay cloud application deployment. Data can be encrypted in a few different ways in private clouds and IaaS including the following:

* Volume-based technologies
* Application-focused technologies
* File-based technologies

Volume-based encryption scrambles data at the mounted storage volume layer. The data is unreadable while unmounted and without encryption keys, but becomes readable to all users with access to the cloud server instance once the storage volume is mounted and the keys unlock the data. The upshot of this is that while it does protect unmounted data and backups from prying eyes, it typically does little to enforce the separation of duties between the IT operations and the IT security teams. Enforcing a separation of duties policy is essential given insider threats; otherwise the same individual has access to all data without security checks and balances.

Application level encryption is more frequently seen in PaaS environments. While application level encryption protects the data, it has to be built into the application itself. This can mean a custom application design, resulting in a higher cost and implementation delays compared to file-based or volume-based encryption that operate with transparency.

File-based encryption works for structured and unstructured data. This method encrypts data at the point of access, enforcing encryption and enabling access control and key management policies at the server, process and usage layers. It can typically be deployed in virtual, private and public cloud environments.

Policy and Key Management

Another important element of encryption is policy and key management. The keys are used to decrypt information and policies determine when keys are distributed. Keys must be secured against unauthorized use, yet available to authorized users when policy dictates.

Hosted key management services handle all key-related issues, enabling quick deployment. Since third parties host the service, there are external risks to consider. Issues include ensuring robust operational procedures (backup/restore, disaster recovery, etc.) and business risks (bankruptcy). More importantly, organizations should ensure that appropriate service level agreements (SLAs) are in place before allowing a hosted provider to be custodian of keys , especially when the sensitive data being protected is governed by regulatory compliance requirements.

On-premises key management allows customers to maintain custody of their encryption keys and apply consistent policies across the physical, virtual and cloud world (the much-desired “single pane of glass” for management). This enables enterprises to minimize the number of key management platforms in their IT environment and avoid “pools” of encryption keys. The up-front costs for such systems may make them inappropriate for smaller businesses or ad hoc cloud usage.

The cloud provides compelling business benefits in terms of operational agility and costs savings. Concerns over security, while certainly justified, shouldn’t prevent a company from moving to the cloud. Identifying which data needs protection and deploying the optimal encryption approach enables businesses to leverage the cloud while maintaining adequate security.

Source

Battling the Cybersecurity Threat

Leave a reply

The need for technological protection has spawned a burgeoning industry in Dallas-Fort Worth.

Economic instability. The explosion of cloud computing. The swift growth of e-commerce and online financial transactions. The rapid spread of mobile devices loaded with digitized information. The spread of social networking.

These are just a few of the technological forces wreaking havoc with commercial and personal security. With the digitization of more and more elements of our social fabric comes a parallel heightening of vulnerabilities. Splash economic turmoil onto the mix and the challenge becomes acute.

“There is no silver bullet,” says Erin Nealy Cox, executive managing director and deputy general counsel in the Dallas office of Stroz Friedberg, a New York-based digital forensics and technical consulting firm. “There is no application. There is no tool. There is no one thing that can guarantee that you are safe. It’s a process.”

To paraphrase software engineer Morrie Gasser, author of Building a Secure Computer System, securing proprietary information has traditionally been a battle of wits: the penetrator tries to find holes, and the designer tries to close them. And those holes take many forms.

Virtually every area of life is swirling with digitized data ripe for hacking, and a number of companies in North Texas are working to thwart the wrongdoers.

Mobile Exposure

Daniel Engels, chief technology officer for Addison-based Revere Security, says the proliferation of radio frequency identification technology, for example, has created a layer of risks that previously didn’t exist. Wireless devices such as smart meters, RFID tags, medical devices, and toll tags are largely insecure and without authentication. These devices can be tampered with or counterfeited with ease. A hacker who penetrated a smart meter, for instance, could alter billing information or shut down power.

“Without security, it is my belief that the abuses of these systems when they become ubiquitous will be so great, that they will impede their adoption and probably cause a huge backlash,” he says.

The emergence of wireless networks and device mobility is why Addison-based Credant Technologies zeros in on securing data as opposed to systems. A laptop can be worth $800, says Credant founder Bob Heard. But the data on that laptop can be worth millions if it falls into the wrong hands. Credant develops encryption technologies to ensure that lost, stolen, or hacked data files cannot be accessed without proper authentication.

“Organizations now have data that is leaving the enterprise on computing devices ranging from a laptop, to a smart phone … to thumb drives,” says Heard. “People are using them in airports and hotels and taxis. That data is now outside the firewall.”

Malicious Infections

Celebrated physicist Stephen Hawking once lamented that computer viruses are the only form of life humans have created so far—and they are purely destructive. Dallas-based Entrust, a mid-’90s spinoff from Nortel Networks, seeks to protect against such malicious infections through sophisticated authentication and fraud-detection technologies. Entrust develops everything from digital credentials for Interpol officers to software applications that protect against cyber attacks.

One of the most potent emerging threats, says Entrust Chief Marketing Officer David Rockvam, is a piece of malware called Zeus. Zeus is essentially a cyber crime kit used by thieves to defeat the security tokens commercial banks employ for online banking. Because it’s able to evade up-to-date antivirus software, Zeus has successfully infected millions of computers in the U.S. It has also compromised numerous websites such as those for Bank of America, Amazon, Monster, and the Department of Transportation.

“What we’re seeing is an epidemic of attacks on small and medium businesses,” says Rockvam. “There’s generally more money in these accounts” than in consumer accounts. Entrust has developed a software solution for banks to defeat the virus by monitoring transactions and scanning for anomalies.

Malware threats keep evolving, Rockvam says. In December 2009 a new crime ware toolkit called SpyEye started appearing on underground Internet forums. Rockvam says SpyEye is a stronger, more pernicious strain of malware.

Digitized data vulnerabilities aren’t the only threats to social and economic security. Supply chains and governments regularly confront threats to the integrity of products and currency through counterfeiting schemes. Addison-based Authentix engineers exotic technologies to protect the authenticity of everything from currencies and fuels to pharmaceuticals and tobacco.

“Organized crime spends lots of time and money to overcome anti-counterfeiting efforts,” says Craig Stamm, Authentix president and co-founder. “We design markers that are difficult to remove and very difficult to uncover and defeat.”

Authentix creates chemical markers that can be blended with inks used in pharmaceutical packaging, for example. The inks can then be detected by an electronic device, some smaller than a cell phone, authenticating drugs down to the unit level. To protect its electronic detection devices against hacking via reverse engineering, Authentix developed firmware that melts when exposed to light or oxygen.

To help governments guard against excise tax fraud via smuggling, Authentix deploys nano markers in fuels and in inks used on tobacco packaging to establish authenticity. “A lot of times those dollars end up in the hands of some pretty nasty criminal elements,” says Stamm, pointing out that terrorist organizations such as Hezbollah and Hamas were involved in illegal tobacco smuggling. “Counterfeiting is a growth industry.”

Technology is also being used to ensure personal safety. Through a program dubbed iWatch, the Dallas Police Department is creating a virtual crime-watch system via a dispersed web of anonymous tipsters. The crux of the program is a smart-phone application that facilitates the transmission of crime information via short text messages to police in non-emergency situations.

“There are many things [in crime reporting] that go unsaid,” says Dan Elliott, founder of Addison-based iThinqware, the company that developed the smart-phone application. “If you see something, you should say something. And that really is the cornerstone of how the system works.”

Anonymous text message tips are channeled into a police department tactical intelligence center that mines and sorts the information into potentially actionable data. “We’re seeing these tips in near real-time,” says Brian Harvey, deputy assistant chief of police.

A month after the program went live in early October, more than 1,000 iWatch smart-phone applications had been downloaded. During that same period, the department received more than 100 actionable tips, 39 of them drug-related. Harvey says his goal is to have 75,000 iWatch applications downloaded into the community as of Jan. 1, 2011. The program will also facilitate photo and video tips in the future.

“There is a cell phone in every car on every front seat,” says Elliott. “That is a convenient connection between our lives and law enforcement.”

Emerging Field

The breadth and depth of the region’s security industry demonstrates that the sector has evolved far beyond securing enterprise perimeters. Effective security comprises a layering of defenses that focus both on human and technological elements, both inside and outside the organization.

To be effective, security measures demand unrelenting, flexible processes. “The computers that we use were never designed to be secure, says Jim Stikeleather, chief innovation officer for Dell Services. “The software, databases, operating systems, and networks were never designed to be secure. It’s amazing that things are not worse than they really are.”

Source

Are You Prepared for BusiLeaks?

1 Reply

In the era of WikiLeaks, it’s no wonder that business executives are feeling less secure about their organizations’ data. A recent study by Ernst & Young found that 60% of those polled perceive increased risk from the use of social networking, cloud computing and personal mobile devices at work.

“Organizations are operating in a world that requires borderless security,” warns Bernie Wedge, an IT risk practice leader at Ernst & Young. “Information access by employees using mobile devices, or items that are maintained and accessed by customers, vendors or other business partners, are considered outside traditional borders. Therefore, companies must think about security beyond their employees, data centers and firewalls.”

The study found organizations recognize the risks that come with emerging technology trends and are taking steps to protect information with stronger security programs. Half of the senior executives surveyed said they expect to spend more on data leakage/data loss prevention efforts over the next year. Still, facing continuing economic pressures, companies also want to reduce their overall IT spend and are looking to cloud computing services as a solution. The risk associated with cloud computing include data leakage; 52% of executives identified it as the largest associated risk. Some 39% cite the lost visibility of company data as an increased risk of cloud-based computing.

Information security is shifting from a technology-only approach to one that includes technology and people, the study shows. All employees have a role in information security and organizations need to clearly communicate their responsibilities. People and organizations “outside the borders of the traditional corporate environment play a role in helping to achieve information security objectives, but can also pose a risk to protecting your information,” says Jose Granado, an information security expert at Ernst & Young. “A comprehensive IT risk management program must focus on people, processes and technology to address information throughout its lifecycle, wherever it resides.”

Source

Let A Thousand ‘Clouds’ Bloom

Leave a reply

Cloud computing has been making headlines and generating buzz for the past several years. Companies such as Amazon, Google and Microsoft have all placed big bets on public clouds, while traditional enterprise companies such as IBM, HP and EMC are pushing private clouds.

The future may involve more than one cloud model, even for some of the largest and most staid corporations, but being able to juggle the advantages of each while minimizing risks such as security or the inability to freely move data will require some new ways of thinking about technology.

Forbes caught up with Howard Elias, president and COO of EMC’s Information Infrastructure and Cloud Services, to talk about what’s changing and why.

Forbes: We’ve been hearing about cloud computing for years. Have any of the drivers of this technology changed?
Howard Elias: No, the driver is a higher level of efficiency in utilizing compute, network and storage resources. There is more flexibility in the use of the infrastructure and much more business resiliency. The applications can be set up on an efficient infrastructure and moved around. We’re trying to take the next step to a hyper-cloud model.

What’s the difference?
The hyper-cloud approach allows companies to have their own private cloud, deploy their applications and be highly flexible and resilient, and then have a set of service providers that have their own clouds. Customers can move their data and workloads between them. They may decide a service provider has a better cost model or better expertise in a vertical industry. Or a customer may say that for 70% of the year they only need a certain amount of performance capacity in their infrastructure and they will just buy capacity as needed.

What you’re really selling there is flexibility, right?
It’s the efficiency and the flexibility. Ultimately our view of the cloud is moving IT from a discrete set of capabilities to becoming truly a service. The CIO is really providing IT as a service instead of a discrete set of applications and servers.

And they’re looking at the value of data rather than just warehousing it?
Absolutely. I refer to this as putting the ‘I’ back in ‘IT.’ For a long time CIOs have been spending way too much time and budget on the technology—making sure the technology is highly utilized, well integrated, operating at full capacity and full availability. That accounts for about 70% of the IT budget for most companies. Most of the budget should be spent on business and application innovation.

But to make that work you also need to understand what data is necessary to keep and where you need to keep it, right?
That’s correct. Companies have been dealing with a dramatic growth of information. On top of that we’ve seen an enormous increase from compliance. The big issues are how you manage it all and protect it properly, ensure compliance of that data, and how can you offload your primary production systems in terms of data that is not used very often. The industry provides a host of technology and services manage that information, move it to appropriate tiers of storage, back it up and archive it. It’s probably best to get your information architecture in order before you start down the road to the private cloud. You really need a solid game plan for information management first.

The second challenge is around security. How do you deal with that?
Companies today do a combination of managing applications, data and infrastructure inside of their data center. They work with partners that outsource it. This is really no different in the cloud world. You still need very solid processes and business practices. We have an umbrella in this industry we call GRC—governance, risk and compliance—whether it’s inside your firewall or outside.

Where does virtualization technology fit in?
It’s a movable layer that abstracts the application and data flows from the underlying infrastructure. That allows you to abstract to a logical view rather than being tied to a physical infrastructure. It’s the most flexible way to implement a cloud. In a virtual machine environment we can make it even more secure.

Why?
Because with physical infrastructure the only strategy is to build a wider and deeper moat around your corporation’s four walls. Information has to move and it has to move outside your company. But just as important, information risk occurs even inside your company. Just having a bigger and deeper moat doesn’t protect your data any better. There are still people with access to information. It’s a matter of what they can do with that information.

But there are also different layers of cloud technology, right? Google Chrome is a lot different than an EMC, IBM or HP enterprise cloud architecture.
Yes, and there are some applications for which Chrome may be suitable. For many enterprise applications it will not be appropriate.

Are companies confused about cloud technology?
I think the trend is now heading away from confusion. There has been a lot of information put out there over the past couple years. Google, Amazon and Microsoft are packaging up a set of services and offering that as a public cloud. For limited uses that makes sense. But there also are private clouds with resource pools and the ability to have IT providers as a service, and with today’s technology you can implement that inside your data center. You can deliver that same efficiency with control of your own environment—where you put it, when you put it there and how it gets operated—along with choice of vendors and what you want to do inside and outside.

The Internet turned enterprise security on its head with multiple ways in and out of the enterprise. Is that changing with cloud models?
If the world was completely open and there was no way to lock down your physical infrastructure the only way you could deal with that would be to encapsulate the information, authenticate the identity, and then limit what people can do to that information. Can they open it, read it, delete it, download it? At that point the information can flow anywhere, whether it’s into a cloud or out of cloud.

How far along are companies?
The business of running IT is already virtualized. Phase two is where you virtualize your business and mission-critical applications. This is where you get the more flexible management of those applications. Most companies are well into phase two of that journey. Phase three is IT as a service. You have a virtualized infrastructure, you’ve virtualized your business applications, and now you add a management and security model and automation and orchestration where you truly have automated, policy-based, flexible management of your IT infrastructure. That’s where you really get cloud-like operations in a private cloud and even in a public cloud.

Is there resistance to this? It makes a lot of IT jobs obsolete?
That has been a concern inside some organizations. But this is no different than any other technology shift. On one hand it can be seen as a challenge to IT careers. On the other hand, it’s an opportunity. Inside our own IT department we’ve created new positions like data center architect or cloud architect. It’s no longer just managing a silo of storage. It’s thinking about it at higher levels.

Source

The Bumpy Road to Private Clouds

Leave a reply

When we first heard about cloud computing, public clouds got most of the attention. But as IT managers looked at the security risks of having data outside the corporate firewall, they turned their attention to private clouds, which analysts and various surveys suggest will get more enterprise investment in the next few years.

But private clouds have their share of challenges too. There are management issues and operational processes to figure out. And, of course, an on-premises private cloud needs to be built internally by IT, which takes time, money and a climb up the learning curve. Indeed, the transition from a traditional data center — even one with some servers virtualized — to a private cloud architecture is no easy task, especially given that the entire data center won’t be cloud-enabled, at least not right away.

(While we generally think of a private cloud as being inside a company’s firewall, a private cloud can also be off-premises — hosted by a third party — and still remain under the control of the company’s IT organization. But this article is only about on-premises private clouds.)

Also, despite the hype you might hear, no single vendor today provides all of the software required to build and manage a real private cloud — that is, one with server virtualization, storage virtualization, network virtualization, and resource automation and orchestration. Look for vendors to increasingly create their own definitions of private cloud to fit their product sets.

Moreover, you’ll have to determine whether your staff has the experience and skills required to support a private-cloud environment, or whether you need to hire someone who has been involved in building private clouds.

Not a Traditional Data Center

Many IT managers equate a private cloud with virtualization. What they describe is usually virtual infrastructure, meaning that “you can treat your servers, storage and networks as a single pool of resources that workloads can request on demand,” explains Tony Iams, an analyst at Ideas International Ltd., an IT research firm.

But virtualization and the cloud aren’t the same thing; to be considered a cloud, the architecture must be set up to provide resource orchestration and automation on top of the virtualization layer.

Orchestration is the coordinated delivery of many types of resources, such as processors, storage and networks, to provide an integrated provisioning process. It means that resources can be delivered in minutes rather than days or weeks. A single command or request causes a number of actions to occur, possibly in a specific sequence, to coordinate the provisioning request.

The whole point of a private cloud is to allow IT managers to reduce costs and provide so-called agile provisioning rather than just making management of the infrastructure more convenient. A private cloud with virtualization underpinnings turns the technology infrastructure into a pool of resources that can be provisioned on demand with minimal manual labor.

Are You Ready? Probably Not

Forrester Research estimates that only 5% of corporate IT shops are really ready to offer private cloud service. A recent Forrester report by analyst James Staten says that your IT operation is “cloud-ready” if:

* You have standardized procedures for the deployment, configuration and management of virtual machines.

* You have turned over the deployment and management of virtual machines to automated tools.

* You provide self-service access for end users.

* Your business units are ready to share the same infrastructure.

Before moving toward private clouds, IT shops must become even more efficient at server virtualization. Most IT departments lack consistent procedures for tracking the deployment, usage and ownership of virtual machines; that leads to “virtual machine sprawl,” which will cancel out the economic savings of a private cloud, Forrester says.

IT shops also need to learn to manage the entire pool of virtualized servers rather than single virtual machines or workloads, the report adds.

Once your virtualization house is in order, Forrester suggests the following steps to get started with a private cloud:

* Begin with noncritical workloads to show that it works.

* If a business unit is willing to invest in cloud computing, set up a brand-new cloud environment just for them.

* Get executive support — actually, a mandate — so that business units will share the pool of virtual resources.

* Show the benefits, such as dramatically faster deployment and lower costs.

* Embrace public clouds that can supplement your internal cloud.

In a traditional data center setup, “every time you add a server, somebody has to walk to a firewall console, set up firewall rules, attach the server to a VLAN, set up load balancing” and do many other tasks, explains Jeff Deacon, cloud computing principal at Verizon Business, a unit of Verizon Communications Inc. that provides managed services. But a private cloud needs little human intervention other than bringing in new computers or storage to keep up with demand. In a cloud environment, there is one console that lets operators set parameters to automate the entire process, rather than requiring IT personnel to log into different consoles for security, networking and server operating system functions.

Another big difference between private clouds and traditional data centers involves IT processes, which probably need to be revamped for a private cloud. Today, for example, to provide computing resources, IT organizations typically have to get budget approvals, discuss the implications with storage, network and server groups, and fill out tons of paperwork. This type of process is in stark contrast to the streamlined, short-duration provisioning done in clouds. The time-to-provision may go from weeks in the traditional data center to minutes in a cloud.

The systems running older applications may need an overhaul too, if they’re based on mainframes and proprietary Unix platforms. Most virtualized environments, including private clouds, are geared to run on x86-based systems. Also, in a virtualized environment, you generally don’t know exactly where an application is running at any given time. Because most legacy applications are tied to a specific platform, running them in a private cloud will often require re-architecting them.

Divorcing applications from the hardware is a hallmark of clouds, including private clouds. In a traditional data center, you might have 10 servers running billing applications, and five other servers running customer data apps. But with a private cloud, it’s not known ahead of time which servers will run which specific applications. The applications run on whichever servers have free cycles at the time the apps need to run.

Private clouds involve two groups of people: the IT operations staff and the business users who want to run applications. A private cloud gives business users the opportunity to quickly provision a server and run an application when they want to, without human intervention.

The IT operations staffers have to make sure that sufficient resources are available for the type of on-demand computing that business users have heard is available with public clouds, and that usually means that the wait for user-requested resources is minutes, not days. Anything short of this, and end users won’t be happy.

By the Numbers

Private Clouds: Pros and Cons

What kind of cloud computing are you planning or implementing?

* No clouds under consideration at this time: 53%

* Private cloud only: 18%

* A combination of public and private clouds: 17%

* Public cloud only: 12%

Base: 155 IT managers

What do you see as the advantages of private clouds over public clouds?

* 1. Better security/control

* 2. Self-service provisioning

* 3. Little or no learning curve for end users

* 4. Better or more-efficient scaling

Base: 54 respondents planning or implementing private clouds; multiple responses allowed.

What do you see as the drawbacks of private clouds compared to public clouds?

* 1. Having to build it all internally: time, cost, learning curve for IT

* 2. Scalability

* 3. Having to handle virtualization, automation and orchestration

Base: 54 respondents planning or implementing private clouds; multiple responses allowed.

What’s the most challenging part of implementing a private cloud?

* 1. Software licensing/pricing issues

(tie) Finding tools to help us build our cloud

(tie) Ensuring economies of scale

* 4. Finding tools to help us manage our cloud

* 5. Making it all work together (interoperability)

(tie) Technology obsolescence

* 7. Lack of cloud standards

Base: 54 respondents planning or implementing private clouds; multiple responses allowed.

Source: Computerworld online survey, November 2010; Research assistance provided by Mari Keefe, editorial project manager.

This is what private clouds are all about: providing the on-demand elasticity of public clouds, but doing it within the company’s firewall.

By the way, business users may expect private clouds to act like public clouds. In a public cloud, the public cloud provider’s IT operations group is responsible for the computer infrastructure, and the customer’s business application groups manage and monitor their own applications on the public cloud. If the private cloud is expected to operate in a similar manner, then the IT group may need to give up its traditional application-management role.

Getting Started

The first step down the path to a private cloud is to go beyond server virtualization. Iams outlines these subsequent steps:

• Virtualize your storage and try to achieve the same flexibility with storage that you already have with virtualized servers.

• Coordinate server virtualization and storage virtualization using management tools such as Microsoft Corp.’s Windows Azure Storage or VMware’s vStorage.

• Virtualize your network infrastructure and, again, coordinate that with your management tools.

You know that your infrastructure has been fully virtualized when you have server virtualization, storage virtualization and network virtualization. The crossover point from a virtual infrastructure to private cloud comes when you have the management tools that treat all three types of resources — servers, storage and networks — as a single pool that can be allocated on demand.

Of course, all this is from a technology point of view. Iams says that there is a parallel set of steps from the organizational perspective, including people, processes, governance, policy and funding. One key question: What does a private cloud structure do to budgets and financial flow within an organization?

Public clouds require users to pay only for what they use. Because a private cloud doesn’t provide users with a fixed amount of capacity like they may have had with a traditional data center, chargeback is almost certain to be an integral part of private cloud environments. Chargeback is a way of rationing computing resources, which is especially important when obtaining resources is as easy as filling out a Web form.

Paul Cameron, head of enterprise services at Suncorp Group, a major financial services provider in Brisbane, Australia, says that when his company began planning its private cloud, it created a service-based operating model and a service catalog. The service catalog contains the list of services being automated for internal use and is available to business users via a self-service portal.

A key to building that catalog was storing information about Suncorp’s assets and business application relationships in a configuration management database (CMDB). All of Suncorp’s major IT processes — incident, problem, asset and change — use the CMDB.

Populating a service catalog can be time-consuming. But if you’re using IT service management and change management tools such as BMC Software Inc.’s Remedy product line or Service-now.com and have a CMDB in place, it can be easier. You can work through the appropriate services in the CMDB to provide the automated services listed in a service catalog. This is what Suncorp is doing with its BMC Remedy-based CMDB.

Cameron says that Suncorp deployed a private cloud to provide better and faster IT provisioning to business users. Suncorp users can go to a self-service portal and request resources and services. Once the requests are made, the fulfillment of these services is automated. Cameron says that about 80% of Suncorp’s data center services are now covered by automated self-service portals.

While private clouds are pitched as ideal for companies concerned about security and regulatory compliance, Cameron cautions that private clouds force implementers to rethink how they do security. For example, traditional firewalls won’t always provide satisfactory security in cloud environments where workloads can be moved around to less-secure portions of the network. So Suncorp is now virtualizing its firewalls.

Keeping Up With Demand

Jeffrey Driscoll, a systems engineer at consultancy Precision IT Group LLC, says the basic building blocks of a private cloud are servers, storage (such as a SAN) and virtualization software. “Then you start building a cluster,” he says, and after that cluster is complete, “capacity planning becomes critical.”

Capacity planning involves figuring out what happens when you add servers and other resources to the cluster as needed to keep up with business demand. Capacity planning is a major component of the cluster and the cloud’s performance. If it’s done wrong, you might end up with useless systems or have to shoehorn-in traditional, noncloud systems to keep things running.

Most organizations aren’t good at monitoring and keeping ahead of capacity. To be able to satisfy user demands, you always need to have some extra capacity on the data center floor, which results in a certain amount of hardware sitting around in idle mode. Keeping a history of capacity usage in your enterprise can help you be reasonably confident that you have sufficient — but not too much — capacity.

One solution is to create a hybrid cloud environment and move requests for capacity to public clouds, such as Amazon.com Inc.’s Elastic Compute Cloud, when capacity isn’t available in the private cloud.

Once the cluster is up and running, you can start provisioning virtual servers. The result is a tiered architecture with a server layer, a network layer and a virtualization layer. There is a management tool at each layer. “Now you can start thinking about automation,” Driscoll says.

Storm Clouds On the Horizon

Building your own private cloud involves some challenges, including the following:

* Budget. Private clouds can be expensive, so figure out the upper and lower bounds for your return on investment.

* Integration with public clouds. Build your private cloud so you can move to a hybrid model if you need public cloud services. This will involve making sure systems are secure and verifying that you can run your workloads in both places, among other things.

* Scale. Private clouds usually don’t have the economies of scale that large public-cloud providers provide.

* On-the-fly reconfigurations. You may have to tear down servers and other infrastructure — while it’s still in use — to move it into the private cloud. This could create huge problems.

* Legacy hardware. Leave your oldest servers behind. Don’t try to repurpose any servers that require manual configuration with a private cloud, because it would be impossible to apply automation and orchestration management to these older machines.

* Technology obsolescence. The complexity and speed of technology change will be hard for any IT organization to handle, especially smaller ones. Once you make an investment in a private cloud, you need to protect that investment by staying up to date with new releases of software components.

* Fear of change. Your IT team may not be familiar with private clouds, and there will be a learning curve. You may need to create some new operational processes and rework some old ones. Turn this stressful situation into a growth opportunity for your staff, reminding them that these are important new skills in today’s business environment.

You’ll need to acquire management tools that can bridge the physical infrastructure and the virtual infrastructure. So choose tools that let you see the same view across execution environments.

One layer of management is the infrastructure, which includes managing virtual machines, storage, backup/recovery and so on. While vendors often claim that their products are targeted at private cloud infrastructures, they sometimes use a very loose definition of “cloud,” so carefully investigate the functions of each product.

The second layer, service-level management, involves managing workloads at a level of abstraction above virtual servers. This is where automation is applied. It is also where traditional management tools such as IBM’s Tivoli and Hewlett-Packard Co.’s Insight work within the private-cloud stack. Vendors that claim to have automation management tools include IBM Tivoli, HP, CA, LineSider Technologies, DynamicOps, VMware and BMC.

Iams says that almost all system and hardware vendors are pursuing some type of virtualization or cloud management tools. Microsoft’s System Center management product, for example, offers visibility into hypervisors and virtual servers.

But Iams says you should plan on managing multiple hypervisors, such as VMware’s ESX, Microsoft’s Hyper-V, the open-source Xen, and various implementations of the Linux KVM (Kernel-based Virtual Machine). Microsoft can manage Hyper-V virtual servers and some aspects of ESX virtual servers. Other cloud vendors, such as VMware and Red Hat Inc., can also manage virtual machines created by multiple hypervisors. Ideally, you want to control multiple hypervisors from a single interface.

Buy or Build?

The downside of commercial, off-the-shelf tools is that they will likely need to be customized to work with your environment. On the other hand, the downside of rolling your own tools is that your in-house IT group will need to maintain them and make feature enhancements. One alternative to homegrown tools is building mixed-component cloud stacks by acquiring various third-party components and putting them together. The question then becomes: Who do you call when there’s a problem?

You could choose to go with a single provider, such as Microsoft or VMware, but that can result in vendor lock-in.

Open-source software — from the OpenStack project and from vendors such as Abiquo, Cloud.com, Eucalyptus Systems and Red Hat — is a good choice for building private clouds. The software is essentially free and provides more flexibility than proprietary software licensed on physical CPUs. For example, proprietary software can create difficult licensing issues when migrating virtual machines from host to host.

Each alternative has its pluses and minuses, so weigh your options carefully, because switching gears once you’re already under way is expensive and time-consuming. Don’t lock yourself into a single vendor’s cloud stack. In particular, avoid vendors with cloud stacks that perform well when using only their components. Reserve the option to plug in third-party or homegrown tools.

Industry Players

Here’s a sampling of vendors that claim to have tools for building private clouds.

* BMC Software Inc. (Cloud Lifecycle Management)

* CA Inc. (3Tera AppLogic)

* Cisco/EMC/VMware (Vblock)

* Citrix Systems Inc. (Citrix Open Cloud)

* Cloud.com Inc. (CloudStack 2.0)

* Dell Inc. (Virtual Integrated System)

* Enomaly Inc. (Elastic Computing Platform)

* Eucalyptus Systems Inc. (Eucalyptus 2.0)

* Hewlett-Packard Co. (BladeSystem Matrix)

* IBM (CloudBurst)

* NewScale Inc. (NewScale 9)

* Platform Computing Corp. (Platform ISF)

* Tibco Software Inc. (Tibco Silver)

* VMware (vCloud)

Source: Forrester Research Inc., August 2010

So far, it isn’t possible to buy one commercial product that will do everything IT managers need to do for private clouds. You have to stitch together a number of different products from various vendors and place your own user interface on the front end.

But Verizon Business’ Deacon says that more-sophisticated enterprises are integrating multiple management tool sets — for instance, HP’s Server Automation suite and BMC’s Patrol suite. Security, firewall, networking and storage elements can be orchestrated from within both HP and BMC suites. IT shops that don’t link multiple tool sets may have to write a lot of their own software to get the necessary automation capabilities.

Is single-console management a real possibility for private clouds? Not everyone will be able to get by with just one console, says Iams, but even two or three consoles would be a huge improvement over the dozen that some shops use today.

Deacon says that single-console management is in the cards, noting that Verizon Business has built a high-level console management layer that collects data from VMware vCenter Server, HP Network Automation and HP Virtual Connect, among other products.

Vendors Will Consolidate

Frank Gillett, an analyst at Forrester Research Inc., isn’t so optimistic. “It is unrealistic to think that we are going to get many of these management tools to work together,” he says. Instead, he predicts that over time, the market will shrink dramatically through acquisitions, leaving a handful of vendors that will offer “much more integrated capabilities.” And some IT managers prefer large, established vendors for cloud technology because they can’t trust their data centers to start-ups that may not be in business in a year or two.

Deacon agrees that consolidation is likely as large companies like HP and IBM buy up cloud-based start-ups and add the new software to their existing portfolios. That’s what HP did with its acquisition of OpsWare. Similarly, BMC absorbed BladeLogic, and CA has been on a buying spree, acquiring Nimsoft, Oblicore, 3Tera and others.

IT shops need federation and interoperability, Gillett adds, “and we are very early in those efforts. We may be able to bring private cloud management tools together, but it will be a messy interim period.”

Yet during that period, IT shops will be under enormous pressure from business users to engage in cloud computing. If the data center operations group can’t respond quickly with a private cloud, then business users will look at public clouds. To successfully compete with public cloud providers, IT departments will need to deploy similar services in-house, and those private clouds will have to be better and more attractive to use than public clouds.

Source

What Cloud Computing Really Means

Leave a reply

Cloud computing is all the rage. “It’s become the phrase du jour,” says Gartner senior analyst Ben Pring, echoing many of his peers. The problem is that (as with Web 2.0) everyone seems to have a different definition.

As a metaphor for the Internet, “the cloud” is a familiar cliché, but when combined with “computing,” the meaning gets bigger and fuzzier. Some analysts and vendors define cloud computing narrowly as an updated version of utility computing: basically virtual servers [1] available over the Internet. Others go very broad, arguing anything you consume outside the firewall is “in the cloud,” including conventional outsourcing.

Cloud computing comes into focus only when you think about what IT always needs: a way to increase capacity or add capabilities on the fly without investing in new infrastructure, training new personnel, or licensing new software. Cloud computing encompasses any subscription-based or pay-per-use service that, in real time over the Internet, extends IT’s existing capabilities.

Cloud computing is at an early stage, with a motley crew of providers large and small delivering a slew of cloud-based services, from full-blown applications to storage services to spam filtering. Yes, utility-style infrastructure providers are part of the mix, but so are SaaS (software as a service) [6] providers such as Salesforce.com. Today, for the most part, IT must plug into cloud-based services individually, but cloud computing aggregators and integrators are already emerging.

InfoWorld talked to dozens of vendors, analysts, and IT customers to tease out the various components of cloud computing. Based on those discussions, here’s a rough breakdown of what cloud computing is all about:

1. SaaS
This type of cloud computing delivers a single application through the browser to thousands of customers using a multitenant architecture. On the customer side, it means no upfront investment in servers or software licensing; on the provider side, with just one app to maintain, costs are low compared to conventional hosting. Salesforce.com is by far the best-known example among enterprise applications, but SaaS is also common for HR apps and has even worked its way up the food chain to ERP, with players such as Workday. And who could have predicted the sudden rise of SaaS “desktop” applications [7], such as Google Apps and Zoho Office?

2. Utility computing
The idea is not new, but this form of cloud computing is getting new life from Amazon.com, Sun, IBM, and others who now offer storage and virtual servers that IT can access on demand. Early enterprise adopters mainly use utility computing for supplemental, non-mission-critical needs, but one day, they may replace parts of the datacenter. Other providers offer solutions that help IT create virtual datacenters from commodity servers, such as 3Tera’s AppLogic and Cohesive Flexible Technologies’ Elastic Server on Demand. Liquid Computing’s LiquidQ offers similar capabilities, enabling IT to stitch together memory, I/O, storage, and computational capacity as a virtualized resource pool available over the network.

3. Web services in the cloud
Closely related to SaaS, Web service providers offer APIs that enable developers to exploit functionality over the Internet, rather than delivering full-blown applications. They range from providers offering discrete business services — such as Strike Iron and Xignite — to the full range of APIs offered by Google Maps, ADP payroll processing, the U.S. Postal Service, Bloomberg, and even conventional credit card processing services.

4. Platform as a service
Another SaaS variation, this form of cloud computing delivers development environments as a service. You build your own applications that run on the provider’s infrastructure and are delivered to your users via the Internet from the provider’s servers. Like Legos, these services are constrained by the vendor’s design and capabilities, so you don’t get complete freedom, but you do get predictability and pre-integration. Prime examples include Salesforce.com’s Force.com [8], Coghead [9] and the new Google App Engine [10]. For extremely lightweight development, cloud-based mashup platforms [11] abound, such as Yahoo Pipes [12] or Dapper.net.

5. MSP (managed service providers)
One of the oldest forms of cloud computing, a managed service is basically an application exposed to IT rather than to end-users, such as a virus scanning service for e-mail or an application monitoring service (which Mercury, among others, provides). Managed security services delivered by SecureWorks, IBM, and Verizon fall into this category, as do such cloud-based anti-spam services as Postini, recently acquired by Google. Other offerings include desktop management services, such as those offered by CenterBeam or Everdream.

6. Service commerce platforms
A hybrid of SaaS and MSP, this cloud computing service offers a service hub that users interact with. They’re most common in trading environments, such as expense management systems that allow users to order travel or secretarial services from a common platform that then coordinates the service delivery and pricing within the specifications set by the user. Think of it as an automated service bureau. Well-known examples include Rearden Commerce and Ariba.

7. Internet integration
The integration of cloud-based services is in its early days. OpSource, which mainly concerns itself with serving SaaS providers, recently introduced the OpSource Services Bus, which employs in-the-cloud integration technology from a little startup called Boomi. SaaS provider Workday recently acquired another player in this space, CapeClear, an ESB (enterprise service bus) provider that was edging toward b-to-b integration. Way ahead of its time, Grand Central — which wanted to be a universal “bus in the cloud” to connect SaaS providers and provide integrated solutions to customers — flamed out in 2005.

Today, with such cloud-based interconnection seldom in evidence, cloud computing might be more accurately described as “sky computing,” with many isolated clouds of services which IT customers must plug into individually. On the other hand, as virtualization and SOA permeate the enterprise, the idea of loosely coupled services running on an agile, scalable infrastructure should eventually make every enterprise a node in the cloud. It’s a long-running trend with a far-out horizon. But among big metatrends, cloud computing is the hardest one to argue with in the long term.

——————————————————————————————————–
Links:
[1] http://www.infoworld.com/video/InfoClipz/Virtualization-Networking/InfoClipz-Server-virtualization/video_721.html
[2] http://www.infoworld.com/d/cloud-computing/selecting-the-right-cloud-step-step-guide-692?source=ifwelg_fssr
[3] http://www.infoworld.com/server-virtualization-deepdive?source=ifwelg_fssr
[4] http://www.infoworld.com/newsletters/subscribe?showlist=infoworld_cloud_computing&source=ifwelg_fssr
[5] http://www.infoworld.com/d/cloud-computing/selecting-the-right-cloud-step-step-guide-692?idglg=ifwsite_editinline&source=ifwelg_15FE-cloud-computing-reality
[6] http://www.infoworld.com/video/InfoClipz/SAAS/InfoClipz-Software-as-a-Service-/video_665.html
[7] http://www.infoworld.com/article/06/10/02/40FEbrowseapp_1.html
[8] http://www.infoworld.com/article/07/09/13/Salesforce-unveils-UI-as-a-service_1.html
[9] http://www.infoworld.com/article/08/01/14/Cogheadflex_1.html
[10] http://www.infoworld.com/article/08/04/08/Google-offers-to-host-services-for-free-on-App-Engine_1.html
[11] http://www.infoworld.com/archives/t.jsp?N=s&V=86084
[12] http://www.infoworld.com/article/07/02/08/HNyahoorssmashup_1.html
[13] http://www.infoworld.com/d/cloud-computing/what-cloud-computing-really-means-031?source=footer
[14] http://www.infoworld.com?source=footer
[15] http://www.infoworld.com/d/cloud-computing?source=footer

Source