Tag Archives: Private Cloud

CEO Perspectives 3: Reconsidering Security

Posted on by
Reply

When the subject of cloud computing comes up, one question seems to always be lurking in the backs of our minds: Is it secure?  This is particularly true for real-time systems.  Indeed, many engineers are reluctant to share their data even with their own company’s IT department, much less put it on the cloud.  Yet pressure from management, associates, and customers to access data from real-time systems is causing more and more companies to consider cloud-based solutions.  When they take a serious look, they may find themselves reconsidering their assumptions about security.

The inescapable fact of computers is that there will always be security threats.  Andrew McAfee put it this way: “The only way to have 100% computer security is to have zero computers.”  All systems, cloud-based or not, need to implement security.  What’s different about a cloud-based system?

When you think of cloud computing, think aggregation.  Cloud companies bring together many customers to provide top-quality software and services at very competitive prices.  The successful ones also provide top-quality security, because the size of their customer base makes them good targets for hackers.  To fend off attacks and protect their business, cloud companies thus need to expend more effort on security than most other companies.  They need to hire the best security experts, and maintain a higher standard of vigilance than a typical factory or water treatment plant.

An "Access Denied" message.A recent blog on CloudTech by ZapThink  mentions these factors in a comparison of public and private clouds.  They point out several ways that a private cloud, which tends to be more do-it-yourself in terms of security, can actually be less secure than a public cloud.  Factors such as infrequent hardware updates, less stringent testing, variable staff capabilities, and a lack of awareness of security risks even within firewalls all contribute to the possibility of less-than-optimal levels of security on home-grown systems.

In addition to external threats of malicious hackers, there is also the question of internal security.  You may have analysts in the head office, technicians out at a remote site, and operators on a production line all accessing the system, but different parts of it.  Different groups need to be identified, and individual authentication capabilities built into the security model on that basis.  The article “What Every CEO Needs to Know About the Cloud” states that because cloud computing was originally developed for individuals or peer groups rather than corporate systems, this has been a weak point for some cloud providers.  Vendors are aware of this issue, and most are expecting to provide administrative security functionality in their systems fairly soon.

The lesson here for anyone considering putting real-time data on the cloud is that there is no need to throw out the baby with the bathwater, citing lack of security.  For external threats, cloud systems may actually offer more protection than an in-house system.  These threats can be mitigated further by ensuring that all firewalls stay closed, and that there is a one-way flow of data to the cloud.  For internal confidentiality, any envisioned cloud system should be able to provide authentication and authorization as well as a traditional platform.  If there is as yet limited choice for such a system, more will become available soon.  Demand for cloud computing continues to grow.

Is There a Hybrid Cloud in Your Future?

Posted on by
2

According to a recent entry in IBM Cloudchat, the idea of a hybrid cloud is “poised to take flight” this year.  Last month we had the opportunity to join a Twitter discussion with IBM Distinguished Engineer and CTO Cloud Standards Christopher Ferris and IBM VP Scott Hebner, along with a number of other experts in the field of cloud computing to look at the potential for hybrid cloud systems.  Among other things, it seems that the hybrid approach may lend itself well to real-time cloud systems.

Definition
We started off by defining what “hybrid cloud” means.  Chris Ferris reminded us of the NIST definition: “in which two or more cloud types are discrete but networked together such that a burst of activity beyond the capabilities of one cloud is shifted for processing to another.”  In other words, a hybrid cloud is a linked combination of two or more types of cloud systems, such as public, private, or community.  Most of our discussion focused specifically on hybrids of public and private cloud systems.Hybrid cloud, one possible scenarioParticipants were quick to expand on this basic definition.  There was some agreement that a hybrid cloud should provide “seamless integrated management and usage of different cloud services and in-house IT.”  This brings up two important ideas that may be implied but are not clearly spelled out in the NIST definition.  First is the necessity for a well-integrated way to coordinate between the two or more types of cloud in the hybrid.  Second, there is a practical need to consider effective coupling with in-house systems.  This is particularly true for many real-time systems.

Benefits and Risks
The benefits and risks of hybrid systems were summed up in this comment by Marcus Erber: The “benefit is to get the best of each world. Risk is the complexity of the environment.”  Some of the specific benefits mentioned by other participants included:

  • Cloud bursting, which is the ability to handle sudden, heavy computing loads.
  • Scaling resources, such as processing power or storage capacity, possibly in a more planned and controlled manner.
  • Maintaining internal control & security on selected systems or data, which is often significant for industrial and mission-critical applications.
  • Accessing public cloud resources from within your firewall, which is similar to the requirement for real-time cloud systems to reverse the client/server relationship.

One overall comment was that a hybrid cloud provides the benefits of scalability and lower costs associated with the public cloud, while allowing companies to keep mission critical applications managed in-house (in a private cloud).

The risks were felt to be similar to those of the public cloud in a general sense, with the added challenge of integration between the two systems.  Some of the specific risks and challenges highlighted were:

  • Difficulty of achieving interoperability between cloud systems
  • A need for maturity of cloud APIs
  • Harder to achieve service levels specified in SLAs (Service Level Agreements)
  • Matching SLAs between private and public cloud providers
  • Avoiding vendor lock-in

As with other aspects of cloud computing, the general feeling among participants was that the benefits outweigh the potential risks, and the challenges can be met.  Even if we take in all the optimism with a grain of salt, there is some reason to expect to see a hybrid cloud in your future.

What would a hybrid cloud look like for a real-time system?  This is worth looking at in more detail, in our next blog.

The Private Cloud Option

Posted on by
Reply

What comes to mind when you hear the phrase “cloud computing”?  Despite all the benefits, do you get a vague feeling that somehow you’re going to be handing over control of your system or your data to someone else?  That’s not surprising.  The common understanding of a cloud system is called a “public cloud,” where anyone can sign up and start uploading programs and data alongside anyone else.  Of course, there are security safeguards in place, but you share the cloud infrastructure and hardware with others.

There are other options for cloud computing.  One of these is a private cloud.  The most recent draft copy of “Cloud Computing Synopis and Recommendations” from NIST (The National Institute of Standards and Technology of the US Dept. of Commerce) defines a private cloud like this: “The cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on premise or off premise.”

This opens new possibilities.  Suddenly cloud computing is not something “out there.”  It can be managed on-site by your own IT staff, using your own hardware.  Or you can outsource the operation and still have exclusive use of the cloud computing resources.  Either of these kinds of private clouds (on-site or off-site) can be used to support real-time systems.  Each has its own inherent advantages and drawbacks.An on-site private cloud deployed at a single location does not rely on outside networking, and is easier to secure.  But the upfront costs are higher, especially if you build and maintain it yourself.  Also, there are fewer resources available for “cloud bursting,” or handling sudden, heavy computing loads when you are using an on-site cloud.  So you lose some of the key advantages of a cloud system.An off-site private cloud, on the other hand, would be less expensive to implement up front, and would be more flexible in providing additional resources on short notice.  But it would run partially, at least, on external networks and more effort would be needed to implement security.

In a way, we can view on-site and off-site private clouds as sort of stepping stones towards a public cloud.   As you move up the steps, your costs go down and flexibility increases.  But to gain those benefits, you need to depend more on external networks or the Internet, and to keep a close eye on external security.

One approach to trying out cloud computing for a real-time system could be through implementing a private cloud.  This would give an opportunity to gradually gain valuable experience in cloud computing.  For example, you might want to experiment first with an on-site system, and once the kinks are worked out, move to an off-site private cloud.  Then sometime down the road, you could move to a public cloud.

Or, there’s another possibility–a hybrid cloud.  We’ll talk about that next week.

Predictions for the Cloud for 2012

Posted on by
2

Every month the IBM cloudchat invites a deluge of tweets about a topic related to cloud computing.  A few weeks ago they asked for predictions for the cloud for 2012.  The replies from the all-star panel of Dr. Srini Chari, Judith Hurwitz, and Amy Wohl, as well as many others around the world came thick and fast—hundreds of tweets raining in during the hour-long session.

During the storm it was almost impossible to read, much less to ponder implications.  But I’ve had a few days now to digest the content a bit, and thought I’d share a few of these predictions, along with how they might apply to real-time cloud computing.  Here are some of the answers to the question:  Looking ahead into 2012, what predictions do you have for the industry?

Broad acceptance
Tweets like, “The cloud debate is over, it’s how do I get there now!“, “customers are no longer asking if cloud but when cloud,” and “Cloud is here to stay, evolution after distributed computing. No turning back,” make it clear that everyone was on the same page.  The common wisdom is that cloud computing will become widely accepted.  In fact, Judith Hurwitz went so far as to say, “companies that have ignored the cloud model might not figure out how to remain competitive,” and Srini Chari added, “no IT system except top secret installations can exist in isolation.

Growth
As you might expect, it was widely agreed that cloud computing will continue to grow.  Predictions included increased private cloud adoption, significant growth in hybrid cloud, and further adoption by small and medium-sized businesses.  This tweet from Tina Williams at IBM sums it up: “Everything as a service.

Implications
There is significant expectation that widespread acceptance and growth will lead to a greater number of cloud applications in both the business and consumer markets.  A number of tweets mentioned more mobile apps.  Amy Wohl pointed out that “Consumer applications will continue to push business applications to keep up.“  Another implication for general lifestyle change is that more and more people will be working and collaborating across the Internet.

Challenges
A variety of challenges were mentioned, ranging from technical issues like data latency to business concerns like pricing.  Among these, you could sense an awareness of a need for expanding our vision.  “In 2012 people will finally realize that cloud is ‘not your parents IT infrastructure’ – new approaches for better outcomes,” tweeted Angel Luis Diaz, of IBM.

What about real-time cloud computing?
All of these predictions have strong implications for real-time cloud computing in 2012.  Widespread acceptance and growth of the cloud means that people working with industrial and embedded systems may start looking for cloud-based solutions.  We expect that with increased implementation of real-time industrial applications in the cloud, consumer apps using real-time data won’t be that far behind.  In fact, they may lead the pack.  Either way, any kind of real-time cloud system, industrial or consumer, will depend on an infrastructure that is neither your parents’ IT infrastructure, nor an industrial SCADA system, nor even what we typically see for cloud computing.  Real-time cloud computing will certainly require “a new approach for better outcomes.”