Archive for May 2015

Industry leaders set cloud computing security benchmarks

May 28, 2015 0 Comments A+ a-




Security has long been the No. 1 cloud computing business concern. Although the apprehension is absolutely valid, cloud computing business decision and strategies are all too often driven by the many broadly shared misconceptions and misunderstandings. They include:
  • Public cloud is more easily breached that a private cloud
  • Any infrastructure that you manage or own is more secure than any cloud computing infrastructure
  • Cloud-hosted applications are technically no different than enterprise-hosted applications
  • The cloud service provider infrastructure and personnel will address and remediate all security issues
  • The end user has very little control over cloud security
  • A corporate network provides protection even when using cloud apps
  • Cloud platforms lack security features and cloud providers offer no visibility into their platform
  • Strong authentication mechanisms are sufficient for ensuring security
Although every one of these statements have been proven false, they continue to be socially propagated. While this is sometimes done for self-serving commercial reasons, perpetrators are often well-meaning individuals holding critical corporate responsibilities. This latter scenario has been driven by the lack of industry consensus on security and a dearth of nonvendor specific cloud security training and certifications. Because cloud computing is a young industry so this is understandable, but maintaining this view exacerbates the harm.

These troubling facts are why I was thrilled last month when cloud computing security industry leaders Cloud Security Alliance (CSA) and the International Information System Security Certification Consortium ((ISC)²) addressed this issue head-on by collaborating on the development and release of the Certified Cloud Security Professional (CCSP) Certification Program. Both nonprofits, their individual missions and goals are synergistic:

CSA: To promote best practices for providing security assurance within cloud computing and provide education on the uses of cloud computing to help secure all other forms of computing.



(ISC)²: To support and provide members and constituents with credentials, resources, and leadership to secure information and deliver value to society.


By stepping up to the challenge of cloud security certification, these organizations are explicitly addressing their missions.

Vendors are also stepping up. According to a recent CRN article, commercial cloud security platforms are helping enterprises mitigate the risks of using cloud-based applications and services. These offering are providing strong data protection capabilities by incorporating data loss prevention, data encryption and tokenization. Some cloud security companies provide identity and access
management capabilities while others monitor cloud-based systems for suspicious activity and provide policy enforcement, reporting and alerting capabilities. Cloud-based sandbox environments for controlling employee laptops, smartphones and tablets, regardless of their location, are in the marketplace as well.

A specific example of strong industry cloud security capabilities is Dell SecureWorks. It is positioned in the Leader’s Quadrant of Gartner’s Magic Quadrant for Global Managed Security Service Providers. In April 2015, the Info Security Products Guide recognized the company by announcing Dell as the Grand Trophy Winner as well as the winner of 12 additional awards, including one in cloud security for the Dell Cloud Access Manager.

The CCSP credential was designed to reflect the holder’s deep knowledge of cloud computing security. In order to gain this certification, a candidate must demonstrate hands-on information security and cloud computing experience. Certification requires a minimum of five years of cumulative, paid, full-time information technology experience, of which three years must be in information security and one year in one of six domains of the CCSP examination. It also requires:
  • Passing an exam;
  • A legal commitment to the code of ethics;
  • Endorsement from an appropriate certified professional; and a
  • Commitment to continuing professional education.
In providing the CCSP certification, CSA and (ISC)² have set a new benchmark for cloud security knowledge and competence. They have also established a reliable indicator for overall proficiency in cloud security and have gone a long way toward eliminating cloud computing security misconceptions and misunderstandings.

This post was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies.





Cloud Musings
( Thank you. If you enjoyed this article, get free updates by email or RSS - © Copyright Kevin L. Jackson 2015)



The Science and Art of Business Leadership

May 27, 2015 0 Comments A+ a-



Business leadership is both science and art. The scientific aspects revolve around finance, organization, products and service. Artistic aspects include relationships, market trajectories and business strategies. While many focus on the science through books and training, the art of business is best learned from real practitioners.  That is why I jumped at the chance to meet Dimension Data’s Steve Nola during the company’s analyst event, Perspectives 2015, in Prague, Czech Republic. Steve is the company’s ITaaS Group Executive and prior to this, served separate stints as Chief Executive Officer of the Cloud Business Unit and Dimension Data Australia region. Meeting over dinner, Steve shared his views on how businesses should deal with today’s dynamic information technology environment.

 In his opinion, cloud computing is destined to harness more of the IT market and organizations that participate in just about any industry must decide what they are going to do about it. 

“Cloud a key change agent for business and the critical skill in this environment is managing the rate of change within your enterprise”, says Steve. “This is crucial because change drives innovation and innovation fuels the internal experimentation needed to maintain marketplace relevancy.”

Businesses must also build and maintain an effective partner ecosystem. This actually reduces business risks as IT transitions to the “as-a-service” model. IT professionals must build and maintain a fluency in bridging technology to business outcomes. Companies must also use cloud services in order to tailor technology’s contribution to the chosen business strategy.

While virtualization is a necessary component of any IT modernization strategy, virtualization without optimization for cloud may preclude the necessary alignment of IT with today’s dynamic business models. This wise counsel highlights why business science and business art must be
synergistic. It also puts a spotlight on why a corporate IT ecosystem is also needed. Modern business models are created, launched, modified and retired quickly. In some industries such a cycle could transpire over a timeframe measured in hours. A traditional corporately owned IT platform is unable to economically deal with such a fast pace of change. This is why traditional IT support models in some verticals are rapidly giving way to shared IT infrastructures and IT as a service. Traditional architectures aren’t designed with an ability to cycle up and down. They are also not typically metered and monitored. Companies facing this type of industry disruption need trusted IT service partners. According to Steve, enterprise IT product vendors are being disintermediated by this transition to the IT service provider model. “2009 saw a $142B decrease in enterprise IT product industry revenue. That money went to the IT as a service market” 

Dimension Data itself is not immune to these forces. As a global IT service provider, it too needs to have a strong and reliable partner ecosystem. The importance of partners to Dimension Data has been made obvious by winning 23 channel partner awards at the most recent Cisco Partner Summit and Deloitte’s selection of its Managed Cloud Platform for the management firm’s business transformation clients.
 
The key takeaway from this discussion is that successful IT leaders effectively leverage both business science and business art as day to day leadership tools.

http://www.arnnet.com.au/article/569759/dimension-data-bring-tour-de-france-billions-cycling-fans/


( This content is being syndicated through multiple channels. The opinions expressed are solely those of the author and do not represent the views of GovCloud Network, GovCloud Network Partners or any other corporation or organization.)





Cloud Musings
( Thank you. If you enjoyed this article, get free updates by email or RSS - © Copyright Kevin L. Jackson 2015)



Packing My Bags For Prague and Dimension Data #Perspectives2015

May 15, 2015 0 Comments A+ a-

Prague is a beautiful city!  My last time was in June 2010 when Jeremy Geelan invited me to speak at CloudExpo Europe (see my blog post and video from that trip at "CloudExpo Europe 2010: Not Your Father's Prague"). And yes, that is the same Jeremy Geelan that is currently enduring the terrible earthquakes in Nepal (see my recent post on that in "Tweeps Are People Too!!")



This time I get to go there to learn more about Dimension Data. If you don't know about this global cloud service provider you really should look them up. Although Gartner evaluated them as a niche player in the 2014 Cloud Computing Magic Quadrant 2014, their so-called "niche" is enterprise hybrid cloud and they are very, very good at that niche!



Dimension Data, a subsidiary of NTT Group, has a reputation for consistent performance. Their large presence in Japan, the US, the UK, the Netherlands, Hong Kong, and South Africa gives them an unique ability to address the public and private global cloud computing platform requirements of enterprises in the US$1B-US$5B revenue range.  They also deliver these services from a single, unified architecture, the Managed Cloud Platform (MCP).

Recently this "niche" player has been honored as the Cisco Services Partner of the Year, garnering Cisco regional awards from the Americas, Asia, Australia, Europe and MEA (Middle East & Africa)! The company is also globally certified by SAP for cloud, hosting and SAP HANA, which delivers an unequaled ability to deploy hybrid SAP models that run on Dimension Data’s private MCP within the client’s data center. Not to be out done, EMC has also announced a high performance unified storage alliance with Dimension Data that is based on EMC's VNX storage technology. These are quite impressive accomplishments for a "niche player"!

At #Perspectives2015 I will find out more about this global provider, passing what I learn to my followers through Twitter. If you're going to also be in Prague, please let me know!

Big shoutout to my Prague Tweeps!
@PragueBob
 @fildaok
 @Prague_
@nakedslavin
@GrantPhillips


Dimension Data Global CEO Brett Dawson offers you a preview of the year's event in this short video - a glimpse in how Dimension Data is doing ever greater things for clients in our ambitious journey towards 2020.






( This content is being syndicated through multiple channels. The opinions expressed are solely those of the author and do not represent the views of GovCloud Network, GovCloud Network Partners or any other corporation or organization.)




Cloud Musings
( Thank you. If you enjoyed this article, get free updates by email or RSS - © Copyright Kevin L. Jackson 2015)



SAP/HANA Does Big Data for National Security

May 13, 2015 0 Comments A+ a-



Carmen Krueger, SAP NS2 SVP & GM

While SAP is globally renowned as a provider of enterprise management software, the name is hardly ever associated with the spooky world of intelligence. That is one reason why I jumped at the opportunity to talk with SAP executives responsible for the company’s work in that clandestine marketplace.

SAP National Security Services, Inc.™ (SAP NS2™) is an independent U.S. subsidiary of the company and offers a full suite of SAP enterprise applications, analytics, database, cyber security, cloud, and mobility software solutions. These offerings, however, are endowed with specialized levels of security and support needed to meet the unique mission requirements of US National Security Agencies and critical national infrastructure customers. SAP NS2 also provides secure consulting and support services from experts that hold current credentials in the national security space. Carmen Krueger, Senior Vice President & General Manager, Cloud Operations, focuses on the critical security requirements of national security clients that adopt and deploy SAP technologies.  Joining her in our discussion was Hunter Downey, NS2 Cloud Solutions Director.

Hunter Downey, NS2 Cloud Solution Director
Kevin: Carmen, Hunter, thank you both for spending the time to talk with me.  Just to set a level playing field for my readers, what is SAP?

Carmen: SAP is a global enterprise software company that offers a full suite of world-class enterprise applications, analytics, database, cyber security, cloud, and mobility software solutions. Corporately our goal is to make a material impact on making the world better.

Kevin: Why is cloud computing so important to public sector organizations?

Carmen: Cloud computing is critical because it combines convenience with speed and delivers the innovation needed for addressing the public sector’s current inability to leverage leading edge technologies. It enables resource pooling that drives efficiencies, cost savings and improved resource allocations. The various cloud computing service and deployment models also provide flexibility to organizations while allowing them to remain within their specific mission limits and requirements.

Hunter: With cloud computing organizations are able to extract physical resources and give them to agencies as needed.  These resources can grow and contract over time, adapting to the users. IT infrastructure is now morphing into a platform that give agencies an ability to focus dollars towards more strategic needs.

Kevin: How are public sector policies when it comes to cloud computing?

Carmen: The cloud computing adoption process has matured significantly. DoD’s new policy has set in motion a re-interpretation of current policies that actually favor cloud. There are, however, still some open questions on the policy, change management and organizational risk management processes. The new policy has put a “set of guardrails” around the cloud computing decision making process. Although procedural backlogs remain, things are moving forward and enablers are now in place.

Kevin: How should agencies approach the adoption of cloud computing?

Carmen: In adopting cloud, decision makers must clearly understand the goals of the organization and see cloud computing as an enabler and strategic underpinning of specific business outcomes. Cloud computing enables collaboration between functional owners, information technology leads and the information assurance organization. All too often functional owners run ahead of other organizational stakeholders.  This leads to organizational misalignment and adoption missteps. It is also vitally important to get the organizations “cloud jargon” in line. The mixing of marketing terms and technical descriptions often leads to serious misunderstandings during the cloud computing adoption process.

Kevin: SAP provides ERP software which is typically considered a difficult application to move to the cloud. Why is this? Has this changed?

Carmen: ERP applications are not more or less difficult to move to the cloud than other applications. ERP is, however, mission critical so organizations normally assign higher levels of risk to such a transition. These risks are not typically associated with technical barriers but are mostly organizational change management issues.

Hunter: The value in transitioning ERP to the cloud is often much more substantial because it gives the organization news ways of accessing and using information. It is also often easier to try out new capabilities.

Kevin: SAP’s cloud portfolio has really expanded over the past couple of years. Are you leading your customers to the cloud or following them there?

Hunter: We are side-by-side with our customers as they move to the cloud. We are not being presumptive in any way but work closely with hem in defining technical requirements and strategies.

Kevin: What are the nuances in the selection of an appropriate cloud deployment model?

Carmen: A community cloud, like IC ITE (Intelligence Community Information Technology Environment) is always a viable option for national security organizations. Private cloud environment are also a popular choice. Over the next two years SAP’s ability to offer NIST, FedRAMP and Trusted Internet Connection (TIC) compliant environments will expand. Today we currently have a secure HANA cloud offering in place as a PaaS (Platform-as-a-Service). It complies with all export and FedRAMP requirements. A Human Resource Management (HRM) SaaS (Software-as-a-Service) offering that meets all DoD requirements is also being built.

http://hana.sap.com/abouthana/what-is-hana.html
 
Kevin: What is HANA and how does it relate to cloud computing?

Hunter: HANA is an in-memory, column-oriented, relational database management system. Its architecture is designed to handle both high transaction rates and complex query processing on the same platform. This approach has completely transformed the database industry by combining database, data processing, and application platform capabilities in a single in-memory platform. The platform also provides libraries for predictive, planning, text processing, spatial, and business analytics.

HANA has been adopted to support many national security use cases. It is being used as a platform for data analytics, situational awareness, digital documents and geospatial analysis. Since the database is stored in RAM (Random Access Memory) it provides the easiest known method for accessing and using information. When you combine HANA and the cloud in a national security focused PaaS, there is no need for agencies to procure and incorporate any new hardware.

Kevin: What's next for agencies after they've adopted a cloud infrastructure?

Carmen: Decision makers should make the adoption of cloud computing risk free. They should also look across all their different programs in order to identify where cloud can deliver strategic value to the enterprise. Also highlight your successes in cloud. Cloud computing shortens the timeline between understanding an information gap and addressing these gaps. It does this by eliminating programmatic silos that prevent the free flow of information. Embrace this new approach and don’t be so prescriptive when addressing information shortfalls. Learn how to listen to the data and how to learn from it.


( This content is being syndicated through multiple channels. The opinions expressed are solely those of the author and do not represent the views of GovCloud Network, GovCloud Network Partners or any other corporation or organization.)




Cloud Musings
( Thank you. If you enjoyed this article, get free updates by email or RSS - © Copyright Kevin L. Jackson 2015)



Subscribe to: Posts (Atom)