Cloud and clear

Clarity on cloud computing has proved elusive, so CXO speaks to three industry experts about the pressing questions that the cloud perennially poses.

“'Private cloud' is not much more than dedicated hosting. The need to manage the physical hardware is removed, but you don't get any of the economics of scale that you get with a 'public' cloud.”
-Adrian Joseph

Many large companies will have a number of concerns with cloud computing, the primary one being that of security. How does your business ensure that the cloud is secure?

Adrian Joseph. Security is at the heart of every Google application from its very conception, and Google Apps has been built with security in mind from day one. What's more, the scale of our operations means that our investment in security can be much greater than that of an average businesses. That's why, with the technology and processes we have in place, as well as over 100 security staff, including some of the world's foremost security experts working around the clock, we believe that the cloud might actually offer better security than many traditional IT infrastructures.

There are some specific challenges each CIO needs to consider. Firstly, a cloud-based solution reduces the chance of data loss. Staff are less likely to have confidential files stored on their laptops or USB sticks, and are less likely to email documents to their personal email addresses if they want to continue to work on them at home - both common causes of the breach of confidential information.

Secondly, in terms of physical security and availability, we replicate users' data to multiple servers across multiple data centres and locations. If a disaster strikes in a particular region, the data remains secure and available.

Thirdly, there is the patching problem - while traditional systems may take up to 60 or even 90 days to patch for vulnerabilities, the homogeneous nature of cloud solutions such as Google Apps allows for instant patching of the entire infrastructure.

In addition, external auditors perform regular detailed security reviews of our processes and Google Apps is SAS 70 level II and FISMA certified.

Trevor Dearing. The cloud changes the game completely for security as we move to a world where users are mobile and resources virtual - the old concept of providing a physical boundary will disappear. We have to abandon the previous idea of security being like a castle with all the applications on the inside and all the users on the outside. Instead we must think about a model that is more like a hotel where a user is given a pass key based on their identity and this gives them access to certain resources within various rooms.

Juniper Networks has developed security solutions that deliver security as a service for a virtual network. This approach is based on identity management, application identification and automated management.  We have developed a series of open platforms that allow third parties to develop specialist applications to further secure the network.

Sunjay Gupta. Data security is the top most concern among enterprises adopting cloud services. Wipro offers most stringent security measures in its data centres and applications within the cloud. A robust design, best of breed technologies & practices based on ISO20000 ITIL standards lend consistency to the cloud solution monitored on a 24/7, 365 days a year basis.

Multiple layers of physical security controls are in place in the datacentre - 24/7 security guards, access control systems. Datacentre is divided into multiple security zones & access control policies are enforced to ensure restricted & authorised access to sensitive areas.

Wipro has implemented a robust Intrusion Prevention System for networks carrying highly sensitive information. To protect storage, Wipro has defined Zoning and LUN masking only for pre-defined authorised hosts. OS hardening is performed on a regular basis. Separate VLAN and virtual firewall for each customer is offered to protect the network layer.

URL filtering is available and can be configured upon customer requirement through a robust firewall mechanism. Secure access is allowed using SSL-VPN. Servers facing Internet are protected by a minimum one layer of firewall, and backend database servers are protected with two layers of firewall.

Wipro advises enterprises to link cloud security with their Organisational Security Policy. In case of very high company sensitive data, enterprises are advised to retain the setup within their datacentres on dedicated setup. However for less critical data, they can look at Cloud after doing a detailed risk/control assessment of the service provider.

Leading companies face increased hardware and storage costs, but they also have an understandably greater desire to maintain full control of their servers. How would you address these concerns?

AJ. What we hear from our customers is that, faced with the ever increasing pressures to  make their business more competitive and more efficient, they prefer to focus on projects that add real business value rather than purely supporting their IT infrastructure. They tell us that, since deploying Google Apps, their IT teams spend less time managing email systems and more time looking at ways to use technology to transform their companies.

Cloud computing offers an opportunity to make immediate cost savings on hardware, storage and other resources, but more importantly offers a new way of working. For example, one of our customers is providing a communication and collaboration environment to over 35,000 staff, including 10,000 mobile workers who have never had access to any IT tools in the past.

In another example, account managers at a global ad agency share calendars with their business partners, enabling them to coordinate groups of people a lot faster than before. They also use video chat to review campaign ideas by bringing together experts in multiple countries, enabling them to tap into their global workforce.

TD. This obviously depends on the services being offered by the provider. The technology is available to extend a customer's virtual network into the cloud and right into the datacentre. This means that the resources in the cloud can be part of the customer's infrastructure as long as the network can support it. It does become important that the network being used can support the new techniques required to manage the cloud environment and that any potential savings and improvements are not negated by a slow old network.

SG. Leading companies do analyse their IT and IS landscape and categorise their applications into business-critical and context applications. They take a two-step approach. First, transitioning few of the context applications on cloud or alternative shared services environment. These applications would have light SLA requirements and the non-availability in some situations would not impact the business severely. This route is adopted to reduce the increasing costs and, at the same time, evaluate the performance, availability and security aspects of Cloud computing to begin with.

For their business critical applications, they continue to host it at their primary in-house datacentres, which they perceive to be giving them higher control on their IT assets and confidence of recovering from any breakdown situation through personnel attention at site.

Wipro supports the above approach by helping clients analyse their business applications landscape, categorising them in terms of business criticality, evaluating its interdependencies and suggesting a roadmap to a cloud-based approach.

The greater scale offered by virtual cloud computing is obvious, but how easy is it for an IT manager to support and transfer data across multiple clouds?

AJ. Interoperability is a key component for the simplicity of data transfer. Right now it's down to each vendor to make it easier to transfer data in and out of their cloud-based systems. I think there is still a lot of work for the industry to do in terms of standardising that. At Google, we feel very strongly that the customer owns the data and we would like it to be as easy as possible to move data in and out of Google products. We have already done a lot of work on the consumer front with the launch of our data liberation initiative (www.dataliberation.org) and we would individually support a customer wishing to transfer to another solution.

TD. Once again this is a network issue and depends on the services being used. If it is pure application as a service then it can be easily accessed by traditional IP networks. However, if you are taking any platform services - and especially cloud bursting type services - then potentially everything will need to be in the same layer-two domain. Many service providers are now offering virtual LAN or line services based on VPLS, which do allow the extension of an existing customer network across a service provider infrastructure.

SG. This is one of the biggest challenges that stares at IT operations staff and in a way limits their ability to migrate types of workloads across multiple clouds. The challenges are not only around technology but also around managing mindset change. Another aspect that comes into play is the bandwidth requirements that data will impose on networks. Innovative solutions have been deployed but these add to the latency and hence, again, become a limiting factor. However, given the fact that compute, storage and bandwidth follow Moore's law, it is possible that technological challenges will be overcome. Vendors are working on securing data-in-flight as well. However, the most important aspect that will still remain is the mindset change, which requires a touch-and-feel approach.

What are the greater benefits of the public and private cloud, and how can the hybrid cloud enable greater control without compromising on storage costs and capacity?

AJ. 'Private cloud' is not much more than dedicated hosting. The need to manage the physical hardware is removed, but you don't get any of the economies of scale that you get with a 'public' cloud. To give you an idea of the immense scale that the Google cloud handles, over one billion searches happen on Google.com every day. Every minute, 24 hours of video is uploaded to YouTube. We have over 3.5 million servers distributed across our global data centres. Google Apps runs on this same platform, enabling our developers to create applications quickly, without needing to know where the code executes, how it scales, how it gets backed up or how to build in fault tolerance. I've talked about the number of security experts that Google employs - this is another example of the scale that a true cloud offering brings - it would be a very costly exercise for our customers to do that individually. You just don't get the same scale or cost benefits with a 'private' cloud.

As for 'hybrid cloud', we definitely see it as a matter of course that our customers integrate their existing on-premise solutions with our cloud offerings, and that continues to be an important part of our enterprise computing strategy.

TD. The hybrid cloud appears to be the solution that is becoming most popular. The virtualisation technologies adopted in the public cloud can have some real benefits in the enterprise network so giving rise to the private cloud. The cost savings of being able to outsource non-critical services are very attractive but many organisations are not comfortable in giving away the core of their business. The hybrid cloud offers the best of both worlds but does create some new challenges around management, especially with an environment with a multitude of different management systems.

It is important, therefore, that the management of the network and security is integrated with the management of the applications, storage and servers. This can only be adopted by the adoption of open standards and products with published APIs. It is important as we move into the cloud world that adoption of these types of products become routine.

SG. The benefits of Private cloud are full control on data and servers, increased resource utilisation and sharing across enterprise. The benefits of Public cloud are reduced CAPEX, infinitely scalable in compute and storage requirements and more focus on core business processes and innovation by releasing unused resources.

Hybrid clouds enable greater control as the most critical workloads reside on private cloud and less critical applications move to public cloud. By leveraging public cloud, enterprises pay on usage basis, save on storage cost and provision for extended capacity as per business needs.

Biographies

Trevor Dearing has been part of the networking and security industry for nearly 30 years. He has been involved in initial implementations of many of the new innovations that have taken place, including Ethernet, PCs, IP Telephony and virtualisation. He currently works as Director of Enterprise Marketing for EMEA at Juniper and managed the launch of Juniper's switching portfolio.

Sanjay Gupta leads the Productised Solutions Group of Wipro Technologies. Sanjay has been with Wipro since 1988 and has held responsibilities across sales, post sales support and key account management in India and the US. Gupta is an electronics engineer, holding a MBA from Indian Institute of Management Ahmedabad.

Adrian Joseph is Managing Director of Google Enterprise, EMEA. Joseph joined Google over three years ago with 15 years of blue chip sales, marketing and supply chain experience. Prior to Google, he spent six years at Ford Motor Company, and was the main Board Director for Trafficmaster, where he was responsible for sales and marketing. Adrian holds an Economics degree and an MBA from Manchester Business School.