See your link here
Security and the cloudy cloud: A revolution for the infrastructure?
5 comments- TAGS:abrevity, Akorri, Cirrus, classification, Cloud, compliance, compute, Control, data center, data loss prevention, DLP, governance, hosted, IBRIX, ICM, offshore, Reflex Security, regulation, risk, security, service provider, storage, virtualization
- IT TOPICS:Emerging Technology, Management, Security, Servers & Data Center, SOA & Web Services, Storage
A reader recently dropped a comment on my other post about security and control issues in the cloud. For the record, that other post was about defining the cloud (I define cloud stuff as being about the infrastructure and services underneath any hosted environment - not the hosted services themselves).
I agree with his concerns, but from my vantage point, the industry is on it, and we're going to see some seriously revolutionary capabilities pop up for the cloud that address security and much more. For his part, the reader referenced Mumbai (implying the cloud is about offshore), but the cloud isn't necessarily about offshore, and in fact I think cloud models are hindered by offshore. But successfully engaging the cloud is about "what else does it need, and what do we get that justifies our participation in it."
Addressing security issues is absolutely a critical component, and is one of these areas in which we should be asking ourselves the question, "what else do we get?" In the hosted virtual infrastructure as one aspect of the cloud (what I call virtual private data centers, involving the full range of infrastructure vs just compute) the possibilities are pretty interesting.
You see some folks like Reflex Security coming up with solutions that could have far reaching capabilities in a virtual infrastructure or cloud context, and potentially even provide better security and isolation capabilities there than you can achieve in your own infrastructure. On other fronts, you see some really far reaching capabilities for deep information classification that really creates a new generation of governance, risk, and compliance management - kind of a combination of data loss prevention, and deep awareness of data content that can allow you to do some proactive control not just at the packet level, but around information, who's using it, etc. Nobody is quite to the ideal yet, but I think of folks like Varonis, Abrevity, Njini, SmApper, etc. You shouldn't miss the fact that these very aspects have a potential litigation and regulation angle as well.
The thing about the cloud is that all of these technologies could be deployed as software services within a virtual context, and encompass everything going on in your cloud environment. Now you have an environment that you know has no physical stragglers or departmental servers or unknown physical attack vectors (assuming you've done your due diligence at the physical layer).
Moreover, with a defense-in-depth type approach in the cloud, you may get real benefit from economies of scale, and be able to harness many more layers of security than you ever could on your own. You might get real sophisticated stuff by the service provider's infrastructure to start with, and then start layering in your own stuff in a virtual environment.
There's a whole slew of vendors that can enable different capabilities at the software layer in the cloud - maybe Akorri enables better SLA management, maybe Surgient or someone enables better automated infrastructure adaptation and resource utilization, etc. There's really no end to the possibilities here - look at the comment Carter George from Ocarina left on an earlier de-dupe post. Sure, there's interesting opportunity for compression in Polyserve, what we call primary capacity optimization, but think about the opportunities around deploying that same technology or de-dupe throughout the virtual infrastructure and then granularly managing its application.
Now look at some recent technology that IBRIX is rolling called Cirrus, which is a total example of what I've defined as cloud-based Storage, file storage, in the InfoStor piece. Even without a virtual infrastructure, they have a backend architecture where you could plug-in classification services, policy engines, etc. that act upon stored files, and might be triggered by various API events. Pretty killer stuff, even just for collaborative file storage.
The thing is, while these services enable some killer service provider possibilities, they are revolutionary at the enterprise level. Any large enterprise should be turning some of their gears around whether this has application in their environment. Can you get more capabilities in an internal service provider model that delivers either file storage or entire virtual private data center hosting (security, scalability, automation, better service alignment, clear SLAs, etc.)?
Interesting implications, but still, today, who's harnessing it? At the strict service provider cloud level, there's lots of room for innovation and leadership, and few solutions today. Mine is a long term view, and I'm waiting for the players to step up and enable some sophisticated capabilities in this idealized version of the location abstracted, remotely hosted cloud. You see it starting to happen. IBRIX is maybe the first throw down around truly cloud-based technology from an out of the box solution, but trust me, there's a lot more to come.
Beth Pariseau wondered will the recession drive users to the cloud? It won't be just the recession, but it may be a matter of the recession intersecting with the economies to be reaped from the cloud combined with new capabilities.
Print
Email this
Digg this
