CloudFucius Shares: Cloud Research and Stats
Sharing is caring, according to some and with the shortened week, CloudFucius decided to share some resources he’s come across during his Cloud exploration in this abbreviated post. A few are aged just to give a perspective of what was predicted and written about over time. Some Interesting Cloud Computing Statistics (2008) Mobile Cloud Computing Subscribers to Total Nearly One Billion by 2014 (2009) Server, Desktop Virtualization To Skyrocket By 2013: Report (2009) Gartner: Brace yourself for cloud computing (2009) A Berkeley View of Cloud Computing (2009) Cloud computing belongs on your three-year roadmap (2009) Twenty-One Experts Define Cloud Computing (2009) 5 cool cloud computing research projects (2009) Research Clouds (2010) Cloud Computing Growth Forecast (2010) Cloud Computing and Security - Statistics Center (2010) Cloud Computing Experts Reveal Top 5 Applications for 2010 (2010) List of Cloud Platforms, Providers, and Enablers 2010 (2010) The Cloud Computing Opportunity by the Numbers (2010) Governance grows more integral to managing cloud computing security risks, says survey (2010) The Cloud Market EC2 Statistics (2010) Experts believe cloud computing will enhance disaster management (2010) Cloud Computing Podcast (2010) Security experts ponder the cost of cloud computing (2010) Cloud Computing Research from Business Exchange (2010) Just how green is cloud computing? (2010) Senior Analyst Guides Investors Through Cloud Computing Sector And Gives His Top Stock Winners (2010) Towards Understanding Cloud Performance Tradeoffs Using Statistical Workload Analysis and Replay (2010) …along with F5’s own Lori MacVittie who writes about this stuff daily. And one from Confucius: Study the past if you would define the future. ps The CloudFucius Series: Intro, 1, 2, 3, 4, 5, 6, 7, 8Blog Roll 2011
It’s that time of year when we gift and re-gift. And the perfect opportunity to re-post, re-purpose and re-use my 2011 blog entries. If you missed any of the approximately 50 blogs, 11 audio whitepapers or 47 videos, here they are wrapped in one simple entry. I read somewhere that lists in blogs are good. Have a Safe and Happy New Year. F5 Security Vignette Series 2012 IT Staffing Crisis? The Top 10, Top Predictions for 2012 Pearl Harbor, Punchbowl and my Grandparents Cloud Copyright, Capital and The Courts A Blog of Thanks Dynamic Attack Protection and Access Control with BIG-IP v11 F5 BIG-IP Platform Security F5 International Technology Center Video Tour When Personal Security is Compromised London IPEXPO 2011 - The Wrap Up London IPEXPO 2011 F5 EMEA Our Identity Crisis Oracle OpenWorld 2011: The Video Outtakes Oracle OpenWorld 2011: The Wrap Up Oracle OpenWorld 2011: Interview with F5’s Ron Carovano Oracle OpenWorld 2011: Interview with F5's Keith Gillum Oracle OpenWorld 2011: Interview with F5’s Calvin Rowland Oracle OpenWorld 2011: BIG-IP ASM & Oracle Database Firewall Oracle OpenWorld 2011: Interview with F5's Andy Oehler Oracle OpenWorld 2011: F5 ARX & Oracle ZFS Storage Oracle OpenWorld 2011: BIG-IP WANOp & Oracle GoldenGate Oracle OpenWorld 2011 - Aloha:Find F5 Booth 1527 IPS or WAF Dilemma VMworld 2011: F5 BIG-IP v11 iApps for Citrix F5 Case Study: WhiteHat Security Cloud Computing Making Waves Hackers Hit Vacation Spots From the Greenroom VMworld 2011: The Video Outtakes VMworld 2011: VMworld Wrap Up VMworld 2011: VMworld Hands-On Lab VMworld 2011: Interview with Ron Carovano VMworld 2011: Multi-Site Application Deployment with vSphere & vCloud Director VMworld 2011: VDI Single Namespace VMworld 2011: Interview with VMware’s Sanjay Aiyagari VMworld 2011: Sign Up for F5's DevCentral VMworld 2011: Find F5 Networks Audio White Paper - High-Performance DNS Services in BIG-IP Version 11 SANS 20 Critical Security Controls The STAR of Cloud Security Audio White Paper - Application Security in the Cloud with BIG-IP ASM DNSSEC: Is Your Infrastructure Ready? Security Never Takes a Vacation Dynamic Application Control and Attack Protection The Best of…Me Protection from Latest Network and Application Attacks IT Security: Mid-Year Gut Check Audio White Paper - Controlling Migration to IPv6: A Gateway to Tomorrow The Land of a Thousand Twist-Ties Cure Your Big App Attack Drive Identity Into Your Network with F5 Access Solutions Custom Code for Targeted Attacks Audio White Paper - The F5 Dynamic Services Model Who In The World Are You? And The Hits Keep Coming Ixia Xcellon-Ultra XT-80 validates F5 Network's VIPRION 2400 SSL Performance Audio White Paper - Application and Data Security with F5 BIG-IP ASM and Oracle Database Firewall Interop 2011 - TMCNet Interview It’s Show Time Interop 2011 - The Video Outtakes Interop 2011 - Wrapping It Up Interop 2011 - F5 in the Interop NOC Follow Up Interop 2011 - IXIA and VIPRION 2400 Performance Test Interop 2011 - VIPRION 2400 and vCMP EMC World 2011 - ARX Hybrid-Cloud Demo Interop 2011 - F5 in the Interop NOC Interop 2011 - Find F5 Networks Booth 2027 Lost Your Balance? Drop The Load and Deliver! Unplug Everything! Do You Splunk 2.0 Technology Can Only Do So Much 3 Billion Malware Attacks and Counting In 5 Minutes or Less - Enterprise Manager v2.2 The Big Attacks are Back…Not That They Ever Stopped Has The Sky Cleared on Cloud Security? Audio White Paper - Streamlining Oracle Web Application Access Control Defense in Depth in Context Our Digital Life Deciphered Where Do You Wear Your Malware? RSA 2011 Wrap and Blooper Reel RSA2011 F5 Partner Spotlight–NitroSecurity RSA2011 F5 Partner Spotlight - Q1 Labs RSA2011 - Interview with Jeremiah Grossman RSA2011 - BIG-IP Edge Client on iPad RSA2011 F5 Partner Spotlight - PhoneFactor RSA2011 F5 Partner Spotlight - OPSWAT RSA2011 - Welcome to San Francisco On The Way to RSA A Digital Poltergeist On Your Television Identity Theft: Good News-Bad News Edition Radio Killed the Privacy Star Audio White Paper: Achieving Enterprise Agility in the Cloud In 5 Minutes or Less Video Series Audio White Paper: Optimizing Application Delivery in Support of Data Center Consolidation Simplify VMware View Deployments In 5 Minutes or Less Video - BIG-IP APM & Citrix XenApp Audio White Paper: F5 BIG-IP WAN Optimization Module in Data Replication Environments The New Wallet: Is it Dumb to Carry a Smartphone? iDo Declare: iPhone with BIG-IP Audio Tech Brief - Secure iPhone Access to Corporate Web Applications PCI Turns 2.0 In 5 Minutes or Less Video - F5's iHealth System Audio White Paper - Application Delivery Hardware A Critical Component And a couple special holiday themed entries from years past. e-card Malware X marks the Games ps Technorati Tags: blog, social media, 2011, f5, statistics, big-ip, web traffic, digital media, mobile device, analytics, videoThe STAR of Cloud Security
The Cloud Security Alliance (CSA), a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, recently announced that they are launching (Q4 of 2011) a publicly accessible registry that will document the security controls provided by various cloud computing offerings. The idea is to encourage transparency of security practices within cloud providers and help users evaluate and determine the security of their current cloud provider or a provider they are considering. The service will be free. CSA STAR (Security, Trust and Assurance Registry) is open to all cloud providers whether they offer SaaS, PaaS or IaaS and allows them to submit self assessment reports that document compliance in relation to the CSA published best practices. The CSA says that the searchable registry will allow potential cloud customers to review the security practices of providers, accelerating their due diligence and leading to higher-quality procurement experiences. There are two different types of reports that the cloud provider can submit to to indicate their compliance with CSA best practices. The Consensus Assessments Initiative Questionnaire (CAIQ), a 140 question document which provides industry-accepted ways to document what security controls exist in IaaS, PaaS, and SaaS offerings and the Cloud Control Matrix (CCM) which provides a controls framework that gives detailed understanding of security concepts and principles that are aligned to the Cloud Security Alliance guidance in areas like ISACA COBIT, PCI, and NIST. Providers who chose to take part and submit the documents are on the ‘honor system’ since this is a self assessment and users will need to trust that the information is accurate. CSA is encouraging providers to participate and says, in doing so, they will address some of the most urgent and important security questions buyers are asking, and can dramatically speed up the purchasing process for their services. In addition to self-assessments, CSA will provide a list of providers who have integrated CAIQ and CCM and other components from CSA’s Governance, Risk Management and Compliance (GRC) stack into their compliance management tools. This should help with those who are still a bit hesitant about Cloud services. The percentage of those claiming ‘security issues’ as a deterrent for cloud deployments has steadily dropped over the last year. Last year around this time on any given survey, anywhere from 42% to 73% of those respondents said cloud technology does not provide adequate security safeguards and that that security concerns have prevented their adoption of cloud computing. In a recent cloud computing study from TheInfoPro, only 13% cited security worries as a cloud roadblock, after up-front costs at 15%. Big difference than a year ago. In this most recent survey, they found that ‘fear of change’ to be the biggest hurdle for cloud adoption. Ahhhh, change. One of the things most difficult for humans. Change is constant yet the basics are still the same - education, preparation, and anticipation of what cloud is about and what it can offer is a necessity for success. ps References: CSA focuses best-practice lens on cloud security Assessing the security of cloud providers CSA Registry Strives for Security Transparency of Providers Cloud Security Alliance Introduces Provider Trust and Assurance Registry Transparency Key To Cloud Security Cloud Security Alliance launches registry: not a moment too soon Fear of Change Impedes Cloud Adoption for Many Companies F5 Cloud Computing SolutionsCloudFucius Tunes into Radio KCloud
Set the dial and rip it off – all the hits from the 70s, 80s, 90s and beyond – you’re listening to the K-Cloud. We got The Puffy & Fluffy Show to get you going in the morning, Cumulous takes you through midday with lunchtime legion, Mist and Haze get you home with 5 o’clock funnies and drive-time traffic while Vapor billows overnight for all you insomniacs. K-Cloud; Radio Everywhere. I came across this article which discusses Radio’s analogue to digital transition and it’s slow but eventual move to cloud computing. How ‘Embracing cloud computing requires a complete rethinking of the design, operation and planning of a station’s data center.’ Industries like utilities, technology, insurance, government and others are already using the cloud while the broadcast community is just starting it’s exploration, according to Tom Vernon, a long-time contributor to Radio World. Like many of you, I grew up listening to the radio (music, I’m not that old) and still have a bunch of hole-punched record albums for being the 94th caller. I listened to WHJY (94-HJY) in Providence and still remember the day in 1981 when it switched from JOY, a soft, classical station to Album-Orientated Rock. Yes, I loved the hair-metal, arena rock, new wave, pop and most what they now call classic rock. It’s weird remembering ‘Emotional Rescue’ and ‘Love Rollercoaster’ playing on the radio as Top 40 hits and now they are considered ‘classics.’ Um, what am I then?!? That article prompted me to explore the industries that have not embraced the cloud, and why. Risk adverse industries immediately come to mind, like financial and health care. There have been somewhat contradictory stories and surveys recently indicating both that, they are hesitant to adopt the cloud and ready to embrace the cloud. A survey by LogLogic says that 60% of the financial services sector felt that cloud computing was not a priority or they were risk-averse to cloud computing. This is generally an industry that historically has been an early adopter of new technologies. The survey indicates that they will be spending IT dollars on ‘essential’ needs and that security questions and data governance concerns is what’s holding them back from cloud adoption. About a week later, results from a survey done by The Securities Industry and Financial Markets Association (SIFMA) and IBM reports that there is now a strong interest in cloud computing after a couple years of reluctance. The delay was due to the cost of implementing new technologies and the lack of talent needed to mange those systems. Security is not the barrier that it once was since their cloud strategies include security ramifications. They better understand the security risks and calculate that into their deployment models. This InformationWeek.com story says that the financial services industry is indeed interested in cloud computing, as long as it’s a Private Cloud. The one’s behind the corporate firewall, not Public floaters. And that security was not the real issue, regulations and compliance with international border laws were the real holdback. In the healthcare sector, according to yet another survey, Accenture says that 73% said they are planning cloud movements while nearly one-third already have deployed cloud environments. This story also says that ‘healthcare firms are beginning to realize that cloud providers actually may offer more robust security than is available in-house.’ Is there a contradiction? Maybe. More, I think it shows natural human behavior and progression when facing fears. If you don’t understand something and there is a significant risk involved we’ll generally say, ‘no thanks’ to preserve our safety and security. As the dilemma is better understood and some of the fears are either addressed or accounted for, the threat level is reduced and progress can be made. This time around, while there are still concerns, we are more likely to give it a try since we know what to expect. A risk assessment exercise gives us the tools to manage the fears. Maybe the threat is high but the potential of it occurring is low or the risk is medium but we now know how to handle it. It’s almost like jumping out of a plane. If you’ve never done it, that first 3000ft tethered leap can be freighting – jumping at that height, hoping a huge piece of fabric will hold and glide you to a safe landing on the ground. But once you’ve been through training, practiced it a few times, understand how to deploy your backup ‘chute and realize the odds are in your favor, then it’s not so daunting. This may be what’s happening with risk averse industries and cloud computing. Initially, the concerns, lack of understanding, lack of visibility, lack of maturity, lack of control, lack of security mechanisms and their overall fear kept these entities away, even with the lure of flexibility and potential cost savings. Now that there is a better understanding of what types of security solutions a cloud provider can and cannot offer along with the knowledge of how to address specific security concerns, it’s not so scary any more. Incidentally, I had initially used KCLD and WCLD for my cloud stations until I realized that they were already taken by real radio stations out of Minnesota and Mississippi. And one from Confucius: Everything has its beauty but not everyone sees it. ps The CloudFucius Series: Intro, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12CloudFucius Investigates: The Comeback Cloud
Not that it was ever down and out, but the whole cloud computing concept has gotten off to a grand but challenging start. It was all the rage when first ‘conceived’ as the new way of hosting applications with the promise of cost savings, automation, flexible/dynamic architectures, fast and repeatable deployment and a pay-as-you-go model. The Coin Operated Cloud but with very little understanding of all the buttons, functions and risks. As IT started to comprehend the nuances of the cloud, then some very serious questions regarding it’s ability to protect and secure information came to light. This arrived at a time when the economic downturn could have vaulted the shared, less expensive infrastructure offerings to the top of any IT list since budgets were tight and resources scarce. It was the perfect storm of tight budgets and cost effective computing. However, the risk of data loss kept folks questioning the viability of putting sensitive data in the cloud. Plus, no consent on standards kept the mix of cloud offerings all over the place while limiting the customer’s ability to mix and match. As cloud offerings matured and *some* security concerns addressed along with IT having a better grasp on risks and mitigation, the cloud is gradually becoming more attractive to enterprises. Like anything else that suddenly bursts on to the scene, the hype outweighs the reality and it takes time to fully understand and realize the benefits. It seems that almost weekly a shiny new cloud computing survey is released and this week, Vanson Bourne (commissioned by Savvis) released a report that ties cloud computing to the economic recovery. Specifically, ‘68 percent of respondents said cloud computing will help their businesses recover from the recession.’ The survey found that 54% of respondents said cost cutting and more flexible IT provisioning is the biggest issue they face and they are optimistic with the prospect that cloud computing can cut costs. A significant number of IT decision makers, 96%, said they are as confident or more confident than they were last year that cloud computing is enterprise ready. Yankee Group also released a report that says cloud computing is on the cusp of broad enterprise adoption. They also indicate that the concept of cloud computing as a business enabler has jumped from 37% to 60% of respondents in just a year. But can cloud computing save the economy? That’s a stretch, according to David Linthicum in this article. The logic goes, if companies can save money with cloud computing and are more optimistic about the prospect of cloud computing, then they will start spending IT dollars for cloud deployments. This will, in turn, boost the cloud economy since providers will have to prepare and hire for the influx of customers. Since accelerated growth would occur, that would attract public and private investments in cloud computing technologies. The ‘catalyst,’ as Linthicum notes, is to get more investment dollars back into the technology industry, which should fuel the tech economy at least. Betting that cloud computing will turn the entire economy is a huge long-shot and unrealistic. The survey also revealed that even with all that confidence, security remains as the key adoption barrier. 52% of those who do not use cloud computing said ‘security of sensitive data’ as a top concern. In a slightly related story, LimeWire Planning A Serious, Cloud-Based Comeback. And one from Confucius: And remember, no matter where you go, there you are. ps The CloudFucius Series: Intro, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14 Resources: Cloud Computing Will Fuel Economic Recovery: Survey Will cloud computing save the economy? Who's actually spending on cloud computing? Yankee Group: Sky clears for cloud computing Cloud Computing's Effect on the Hosting Industry LimeWire Planning A Serious, Cloud-Based ComebackCloudFucius Is: Ready for Some Football
With the opening game of the NFL season in the books and a Sunday (and Monday) of Week 1 matchups filling our living rooms, home team stadiums, fantasy leagues and mobile devices, I was curious just how the NFL and sporting events in general are using cloud services. Technology used within the professional sporting realm has always fascinated me from statistics giant Stats Inc to the 1st down graphics from the likes of Sportvision, Princeton Video Image and SportsMEDIA to Skycam, the cable suspended camera giving you a bird’s eye view of the action and of course, the NFL banning Twitter during games. Media companies are jumping all over cloud computing for the elasticity of services (jump in traffic), digital content, storage and to optimize communication and collaboration of workflows of content production, post-production and delivery. Last week, IBM announced that it was bringing cloud computing to the US Open. This allows the US Tennis Association (USTA) to scale up capacity during the event. They can also take real-time and historic sports data, merge them on a common platform and deliver it to their various consumers: media, officials, fans and the players themselves no matter what the platform – web, mobile, broadcast, social media and so forth. They can also analyze data from the courtside radar guns, the umpire systems, the court statistician and TV feeds. The annual NFL Scouting Combine is when college players ‘audition’ for spots on NFL rosters. They are tested for physical performance like the 40 yard dash along with their mental and problem solving skills to determine if they will make it in the NFL. All the information (data) is collected and then evaluated by owners, coaches, scouts, medical staff and team executives. The amount of data is huge and in years past, it was done with paper and pencil and then entered into computer systems or burned to CD’s and then mailed. There were entry errors, delays and the systems were potential targets for breaches. Now, the capturing, collecting and distribution of player data is done in the cloud making it much more efficient. The data is merged with a master database using a secure connection and then a secure website is provided to the NFL teams to login and view content, download collateral and subscribe to feeds. Pretty cool. When the NFL wanted to extend it’s brand to an international audience, they created NFL360, an interactive media site with videos, game history, player profiles and many other goodies available for fans around the world. Here they deployed a system with Digitaria using technology based on cloud computing. The site also has games and other activities for the NFL fan. NY Jets owner Woody Johnson is testing some cool technology in the skybox this year. He’ll have a touch-screen device to keep track of all the game day operations from his device and get a view of the entire stadium's data flow. From concessions to merchandise to ticket info to the traffic jam in the Meadowlands parking lot, he’ll have access to it all. I’m excited to see the Dolphins win the AFC East and my fantasy team kick butt this year. The cloud will be there too, domed stadium or not. And one from Confucius: He who speaks without modesty will find it difficult to make his words good.. ps The CloudFucius Series: Intro, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20CloudFucius Dials Up the Cloud
According to IDC, the worldwide mobile worker population is set to increase from 919.4 million in 2008, accounting for 29% of the worldwide workforce, to 1.19 billion in 2013, accounting for 34.9% of the workforce. The United States has the highest percentage of mobile workers in its workforce, with 72.2% of the workforce mobile in 2008. This will grow to 75.5% by the end of the forecast period to 119.7 million mobile workers. The U.S. will remain the most highly concentrated market for mobile workers with three-quarters of the workforce being mobile by 2013 and Asia/Pacific (excluding Japan) represents the largest total number of mobile workers throughout the forecast, with 546.4 million mobile workers in 2008 and 734.5 million in 2013. This means more workers will be using mobile devices, not being tied to an office cube and will need to have access back to the corporate network or applications hosted in the Cloud. Enterprises and management are faced with a potential contradictory business situation. The level of employee collaboration is on the rise; yet at the same time, the locations and work hours are changing and growing. Additionally, companies understand the importance of providing access to their critical systems, even during a disaster; and that doesn’t necessarily mean a major tornado, flood, hurricane, earthquake or other natural phenomenon. What does an enterprise do when it’s so cold and snowy that employees can’t get to the office? Declare a “snow day” and close their doors? Certainly not. What does an employee do when they are sick, injured or their child is home from school? Depending on the severity, they might be able to work from home. As for the users, it's not just a bunch of office employees and road warriors accessing shared files; but it’s also consultants, contractors, telecommuters, partners and customers using home computers and mobile devices to get our job done. Squeezed in the middle are the IT guys facing the demands of both management and users, along with the ever expanding and evolving security requirements. SSL VPN has become the mainstream technology of choice for remote access and Infonetics reports that the Worldwide SSL VPN gateway revenue increased 13.9% to $116.8M in 4Q09 and will grow 19% to $138.7M by 4Q10. Traditionally, corporate VPN controllers have been deployed in-house or in the corporate data center since the needed resources were also located there. Management and control over that VPN has been critical since it’s the gateway to the corporate network along with much of the sensitive info that resides ‘on-the-inside.’ Plus, *most* VPN controllers are full appliances – dedicated/branded hardware with the vendor’s code baked in. Finally, the advancement of cloud computing has become an enticing choice for IT departments looking to deploy corporate systems and sensitive resources for user and customer access. Enter FirePass SSL VPN Virtual Edition. A couple weeks ago F5 released FirePass v7, improving SSL VPN functionality, scalability, third-party integration, and offering new flexible deployment options including a virtual appliance. Virtualization as a technology, has reached a point of widespread adoption and many customers have requested the option of running FirePass as a virtual appliance. Providing a virtual edition of FirePass allows customers to potentially save money by allowing them add SSL VPN functionality to their existing virtual infrastructure. With FirePass VE, you get better scalability & flexibility due to the ability of being able to spin up and spin down virtual FirePass instances across the globe, in much the same way we talk about the BIG-IP appliances managing virtualized environments around the world. FirePass Virtual Edition is the full fledged, full featured FirePass code and currently runs on VMware ESX* and ESXi 4.0*. It’s vMotion enabled and you can cluster for config-sync, load balance VMs and service providers can have multiple VMs running on one system for a hosted VPN service. FirePass VE provides flexibility, scalability, context, and control particularly for Small & Medium Enterprises whose budgets might still be tight but need a remote access solution. It’s also a perfect solution for Enterprises who need a remote access business continuity solution. *Asterisk alert: If you are like me, and see a little * after something, I immediately drop to the bottom fine print to find the catch. FirePass VE is sold & supported just like FirePass hardware and is fully supported on the VMware products listed above. VMware also has a link off their website about the FirePass VE/VMware interoperability. As with any piece of software, there are minimum hardware and configuration requirements along with recommended VM provisioning but actual performance may vary depending on the target system. The FirePass v7 VE release notes (logon may be required) does provide the VMware system minimum characteristics. Just want to properly set expectations, especially with that pesky asterisk. :-) And one from Confucius: A man who has committed a mistake and doesn't correct it, is committing another mistake. ps The CloudFucius Series: Intro, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11CloudFucius’ Money: Trickles to the Cloud
No, I’m not investing some seed money in a cool new company or technology but banks are certainly looking to take advantage of cloud computing services. At least that’s the message from a recent survey by Bank Systems & Technology and InformationWeek Analytics. 70% of those that expressed interest in cloud computing said that the ‘Ability to meet user demands quickly and achieve scale,’ was the top consideration factor. Among the financial services applications that are currently being deployed in the cloud, Payment Applications (23%), Core banking applications (22%) and Retail banking applications (21%) topped the list. Mobile banking applications came in at 19% but another 19% plan to use the cloud for mobile banking and another 32% are currently evaluating the cloud for mobile applications, highest of any financial services apps. Shows where they think future traffic will be coming from. As with most cloud surveys and the financial industry in general, Security along with Compliance/Audit were the top concerns. 58% said ‘cloud technology does not provide adequate security safeguards’ and one-third noted a concern about the audit trail. We’ve mentioned here before that the financial industry usually jumps all over new technologies and is an early adopter for many things tech. No so with Cloud. 38% said that Cloud technology is too new and untested. Another interesting factor that is inhibiting cloud adoption is legacy systems. Most of the current banking applications were written for in-house systems and servers and have not been made ‘cloud-aware’ or ‘cloud-enabled.’ They face a tough choice to either invest now to make those apps ‘cloud-ready’ or wait until cloud vendors have matured and resolved some of the concerns. Yet another issue is spreading the IT mess, according to Ovum senior analyst Laurent Lachal. Today, many banking systems are in a secure data center (or several with GSLB) or located in-house. IT knows which room the data resides rather than somewhere, anywhere out in vapor land. The problem occurs when another department uses a cloud service without IT’s knowledge and the mess that creates across boundaries. The integration headache occurs when the same workflow is being done by two different applications. Cost effectiveness gets negated by inefficiencies. I started thinking about the future of banking and giving the customer the choice of having their data stored in the cloud or on a dedicated, physical server. There is not much we could do if our financial institution decided to put sensitive data in the cloud and I’m sure some of it is there already. But for those many folks who are not comfortable with that (at least for now), I wondered if the ‘dedicated server’ will become the ‘ultra-premium’ service of the future. It’s kinda far-fetched but go with me on this – maybe, when you open a bank account of the future, you get the choice of having your data in the cloud (get free checking with that, if checks are even still around) or you select a dedicated server for a nominal monthly fee. The promotion could go something like: ‘In order to provide you with the most cost effective banking solutions, we have two options for your data storage – a secured cloud environment with our trusted cloud provider (free with any account) or a dedicated physical server housed in our data center (for a small monthly fee). All the security protections and guarantees are built into both options, but we feel that it’s important that you choose and know where we store your data.’ Now, that would be interesting. And one from Confucius: By nature, men are nearly alike; by practice, they get to be wide apart. ps The CloudFucius Series: Intro, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17Has The Sky Cleared on Cloud Security?
Last year I embarked on a blog series, lead by my trusty advisor CloudFucius, that evolved into an exploration of the numerous cloud computing surveys, reports, statistics and other feelings about the technology. At the time, 4-5 surveys a week were being released covering some aspect of cloud computing and security was cited as the biggest hurdle in almost 90% of the surveys. I also found that availability, control and a general lack of understanding were also drivers in challenges to cloud adoption. Almost 6 months have passed since the last CloudFucius entry and I wanted to see if the same fears were still lingering or at least, were the current surveys reporting the same concerns from a year ago about Cloud Computing. First up, is UK based technology publication, Computing. Working with Symantec.cloud, they surveyed 150 IT decision makers and learned that as more companies embrace Cloud Computing, they are finding that the cloud solutions meet or beat, not only their expectations but also their own existing in-house solutions. While on-premise security solutions might be adequate today, as the security threats evolve, the cloud providers may have the advantage over time due to the infrastructure investments in advanced filtering and detection along with 24/7 trained staff. Last year, availability and uptime also emerged as concerns and today there is great interest in the contractual SLAs offered by cloud providers since it often surpasses what they are capable of in-house. Resiliency and disaster recovery across multiple data centers can ensure that if there is an outage in one location, the customers can still access their data. Management and control still create some anxiety but many IT teams are happy to abdicate routine maintenance, like OS patching and hardware upgrades, in exchange for management SLAs. Now that the hype of cloud services has passed and many providers are proving themselves worthy, it is now becoming part of the overall IT strategy. As the perceived threats to data security in the cloud dwindle, trust in the cloud will grow. The Cloud Connect Conference in Santa Clara also released a survey during their gathering. In that one, elasticity and speed of deployment were the top motivators to using cloud services. Elasticity or the flexibility to quickly add or reduce capacity, can greatly influence the availability of data. These folks however were less motivated by improved security or access to the provider’s IT staff. Their top concerns were data privacy and infrastructure control. I do find it interesting that last year the term ‘security,’ which can encompass many things, was the primary apprehension of going to the cloud while today, it has somewhat narrowed to specifically data privacy. That too can mean several things but areas like outsider’s physical access to systems doesn’t seem to worry IT crews as much any more. When it comes to our school/educational system, Panda Security released a study that focused on IT security in K-12 school districts. Like many companies, they must deal with unauthorized user access, malware outbreaks and admit that IT security is time and resource intensive. They do believe however that the cloud can offer security benefits and improve their overall infrastructure. 91% see value in cloud solutions and are planning to implement over the next couple years with 80% saying improved security was a main reason to deploy cloud-based security. Finally on the consumer front, GfK Business & Technology surveyed 1000 adults about cloud services and storing content in the cloud. With all of our connected devices – cell phone, computer, tablet, etc – there will be a greater demand to move data to the cloud. Not real surprising, less than 10% of the consumers surveyed fully understand what the cloud actually does. The know of it, but not what it accomplishes. With what you don’t understand comes fear. 61% said that they were concerned about storing their data in the cloud and almost half said they would never use the cloud unless it was easy to store and retrieve data. As businesses begin to feel content with the cloud, they then need to both educate and communicate cloud benefits to their consumers. So it does appear like comfort with the cloud is beginning to take hold and as cloud offerings mature, especially around security, err ah, I mean data privacy solutions, the fear, uncertainty and doubt from last year is starting to loosen and it sure seems like greater adoption is on the horizon. And one from Confucius: They must often change who would be constant in happiness or wisdom. ps Resources: CloudFucius Closes This Cloud Canon Content security in the cloud - no longer hot air Cloud-based IT Security at a Tipping Point Reader Forum: The importance of cloud computing in mobile security Panda Security Study Reveals 63 Percent of Schools Plagued by IT Security Breaches at Least Twice a Year Cloud computing: What it can do for you and your business Just Don't Call It A 'Cloud' Defining enterprise security best practices for self-provisioned technology What do security auditors really think? Private Cloud Computing No Safer than Public Cloud Survey Shows Businesses Interested, But Still Conflicted, About The Cloud Cloud Computing Has the Power to Enhance Consumer Data Consumption, But Obstacles Hinder Greater Short-Term AdoptionCloud Copyright, Capital and The Courts
In 2006, Cablevision was developing a service which allowed customers to record, pause and replay their television content on/from servers located at Cablevision’s data center rather than on the customer’s Digital Video Recorder itself – in the cloud rather than on a local hard drive. A consortium of U.S. television and copyright holders challenged Cablevision in court arguing that Cablevision’s Remote Storage Digital Video Recorder (RS-DVR) infringed on copyrighted content laws in that, they were making copies of protected works and infringing on exclusive right of reproduction; briefly buffering/storing that content also infringes on exclusive reproduction rights; and by transmitting the data back to the customer, they were infringing on exclusive rights to public performance. In 2007, a district court found in favor of the copyright owner but in 2008, the decision was reversed by the Second Court of Appeals. The court clarified that Cablevision was not directly infringing copyright by offering a remote DVR service outside the customer’s home. Viewers could now record and save authorized TV content on a device within Cablevision’s infrastructure. This ruling, according to Josh Lerner, Harvard Business School’s Professor of Investment Banking, had a huge impact on U.S. venture capital moving to cloud computing. A risk was removed. In Europe, where the ruling had no authority, the venture investments in the cloud were much less. This is an important economic topic and ruling due to the relationship between venture, innovation and job growth. The ruling might also be relevant in Australia where Optus is facing the same legal challenge today. They started a service in July called Optus TV Now that does essentially the same thing as Cablevision’s. Allowing customers to record and watch the 15 free-to-air stations that are available. Customers can watch the content directly or over their smartphone or computer via the internet. In their July announcement they even included, ‘it is a breach of copyright to make a copy of a broadcast other than to record it for your private and domestic use. Optus accepts no responsibility for copyright infringement.’ Well, the owners of the copyright material being stored and retrieved are saying breach, especially the AFL and NRL, the football and rugby leagues. Optus is saying it’s no different than people recording on a personal DVR at home. It’ll be interesting to follow this. Back to the ‘funding the cloud’ story. Lerner’s study, 'The Impact of Copyright Policy Changes on Venture Capital Investment in Cloud Computing Companies,' he examines the impact and effect of the US Second Circuit Court of Appeals decision. The authors found that the decision led to additional incremental investment in U.S. cloud computing companies compared to Europe. Figure 1 of their paper: The same growth did not occur in Europe and in some cases, these types of services have been blocked from even getting to market. Imagine how much different services from Amazon, Apple and Google would be if the court did not reverse the 2007 ruling. ps Related: Clouds, copyright and venture capital: a multibillion dollar nexus? Optus offers free-to-air TV recording for those on the go Technology Neutral Copyright has a Positive Impact on Investment, Job Creation and Innovation in ITC The Cloudy Enterprise: Hours More Important Than Dollars The Business Intelligence--Cloud Paradox
