Indeed, SaaS goes a long way when it comes to startups, but what about companies that have dozens (or thousands) of employees trained to work with applications designed when Apple was cool the 1st time around and cloud meant visible moisture? These companies have terabytes of data that these legacy apps know how to work with and the newer SaaS apps don’t. Some say – give it enough time and everybody will eventually migrate to SaaS. People will get trained and data will get converted. I agree, with the caveat that ‘enough time’ could mean decades. There is an example from the past that leads me to believe that.

Cobol is a programming language that was created before I was born. When I went to school, they had stopped teaching Cobol because the predicition was that it would be obsoleted by newer languages. Apps were slated to be rewritten to take advantage of such innovations as PL1, Pascal and C. Well, according to a dude from IBM as recently as in 2009 there were still ”250bn lines of Cobol code working well worldwide. Why would companies replace systems that are working well?”.

Old software never dies. That maxim leads me to believe that we will see legacy apps in the enterprise datacenters and in the cloud driving the demand for IaaS for years to come. IaaS in the public cloud gives enterprise a chance to take advantage of the cloud without having to undergo a painful migration to SaaS. And of course when these legacy apps deal with sensitive or mission-critical data they will need to be cryptographically protected and performance–monitored. And this is where our CloudLink product excels.

AFORE combines cloud infrastructure security and manageability with performance monitoring to protect mission critical data in motion and at rest.  It provides secure storage in the cloud and gives enterprises complete and exclusive control of the keys used to encrypt data stored there.  CloudLink also provides an SLA-monitored secure VPN between the enterprise and cloud data centers.  Its Layer 2 Ethernet extension functionality allows organizations to extend their networks directly into the cloud, avoiding much of the effort associated with IP address re-assignment of workloads when attempting to failover to the disaster recover site.

Encryption and regulatory compliance
As evidence of this, consider that the Health Insurance Portability Accountability Act (HIPAA) mandates the use of encryption for patient health information (PHI). In addition, of the four mechanisms the Payment Card Industry Data Security Standard (PCI-DSS) lists for secure storage of cardholder personal account numbers (PANs), encryption is the only mechanism which preserves the integrity of the information and allows it to be retrieved later. HIPAA and PCI also both have requirements for the secure disposal of media used to store sensitive information. An added benefit of encrypting data at rest is that it addresses data remanence issues, meaning that the data remain protected even if the media are not adequately wiped before disposal.

A recent survey of health care providers on HIPAA and data protection (Data Privacy and security: How hospitals and providers view HIPAA mandates and data protection technologies SearchHealthIT.com Data Privacy and Security Report) reveals a general understanding of the benefits data encryption brings. 40% of the health care respondents surveyed plan to purchase encryption technologies within the next year to help achieve HIPAA compliance and nearly half of respondents said that they are planning to spend more on clinical data encryption within the next two years. The report goes on to state that “HIPAA officials have said that when encrypted patient data is lost, it doesn’t count as a data breach and therefore is not a violation.”

Deploying data encryption easily and cost-effectively
Given the need for data encryption, the question becomes “how can cloud service providers deploy it without disrupting existing systems and at minimal cost?” In addition, “how can service providers ensure that only their customers have access to sensitive cardholder data, personal health information, etc.?”

AFORE CloudLink delivers secure multitenancy by providing customer-controlled encrypted storage and SLA-monitored secure VPN, allowing cloud service providers to host regulatory-compliant multitenant infrastructures without the need to dedicate hardware to each tenant. Deployment of virtual machines using encrypted storage is seamless, and customers own and control the encryption keys, allowing them to retain complete control of their data, in motion and at rest. Cloud service providers benefit by being able to offer HIPAA and PCI-compliant infrastructure services and customers benefit by being able to stay compliant while realizing the benefits of cloud computing.

Thanks Dell.

Securing the cloud is a big undertaking, but one has to start somewhere. We at AFORE are used to building products on a solid foundation, so we took a similar approach to Cloud security. We have built a Cloud Trusted Multitenacy platform out of a few foundational blocks:

Connect
Embracing the cloud starts with building an on-ramp to the cloud. Just vanilla VPN does not do it for customers with mission-critical workloads. Tools such as ‘ping’ and ‘traceroute’ that most IT folks use to gauge the operation of their connection are so last century. We think Cloud IaaS customers deserve better. Things like carrier-grade performance monitoring tools that give them precise historical throughput, latency and packet loss data. Or fault management capabilities that allow isolating network failure down to a specific vSwitch port.

Encrypt
It’s not enough to give custodians of sensitive data a policy-based protection. Only strong cryptographic protection, for data in motion and at rest, gives them the desired peace of mind. Not to mention that it goes a long way towards passing a security audit.

Observe
Some threats and attacks the existing technology cannot protect against. We thought it would be useful to combine protection with detection by installing a remotely controlled “security camera” inside the Cloud-based virtual datacenre and reporting the offending behavior by co-tenants, intruders and administrators.

Control
Being able to add, modify or delete workloads at will, assign enterprise IP addresses, withdraw encryption keys to render data under attack instantly unusable… In other words, to maintain the complete ownership of their assets in the cloud – this is what puts customers in control.

Manage
Nothing is as crucial for successful deployment to the cloud as the ease and robustness of management tools. Role-based authentication, ability to use the browser, compliance with data logging standards – all this makes difficult life of an enterprise IT manager easier and contributes to the success of cloud deployments.

This new CloudLink blog will deal with issues related to enabling Trusted Multitenancy in the Cloud. This subject is related to several key disciplines that we pride ourselves being experts in: networking, security and virtualization. This is what we look forward to discussing with you. That and occasional fun topics, like keeping those college kids in check ☺

image from sitetrail.com

There is an evolution in the young Cloud Service Provider market taking shape.  With high cost savings, immediate access to increased capacity and lower operational expense, the Cloud Service Provider is an attractive partner for government and enterprises.  But mass deployment to the cloud is restricted by the lack of security and compliance.

With more and more concerns being expressed and more security compliance requirements being imposed on Cloud deployments, Cloud Service Providers need to move to proving that there is trust in their Cloud Service offering.

Cloud providers that invest in network encryption, storage encryption for data at rest, IT management best practices, SLA for both performance and security policy and compliance with industry security standards to build the trusted cloud, will be the premium class of providers.  These Trusted Cloud Providers will be able to capture the most lucrative of the enterprise and government markets.

With the $100+B market (depending on which analyst you agree with) Cloud Service market emerging and with standards such as the US Federal Risk and Authorization Management Program (FedRAMP), the Trusted Cloud providers will rise above the commoditization of Cloud services and be the winners in this market.