Cloud Computing Security

Multi-Tenancy and Applications In the Cloud

Monday, August 16, 2010 by Bob Roudebush

I saw an interesting article on multi-tenancy last week concerning this from Lori MacVittie. In the article she writes, "Tenancy becomes more granular and, at the very bottom layer, at IaaS, you’ll find that the tenant is actually an application and that each one has its own unique set of operational and infrastructure needs. Two applications, even though deployed by the same organization, may have a completely different – and sometimes image conflicting – set of parameters under which it must be deployed, secured, delivered, and managed."

Many times multi-tenancy is tied in the cloud computing world is tied more closely with technical architecture considerations than it is the business drivers behind how applications are deployed. In order to reap the advantages of cloud computing, though, it's important to understand not just the technical complexity of deploying an application in a cloud hosting environment but also what the potential benefits and/or challenges of that deployment will be as it relates to the business impact. When choosing candidates for the cloud, you must understand and base your decision on both.

Innovation Summit: Advantages of Cloud Computing?

Monday, July 19, 2010 by BlueLock Cloud Experts

At the Purdue Innovation Summit last week Ruth Nickolich submitted a great question to the BlueLock team: What are the advantages of cloud computing?

This is a question that has been asked, and answered many times and in many ways. From the BlueLock perspective, the major advantages of cloud computing are as follows:

The real advantage of Cloud Computing, especially when using an Infrastructure as a Service (IaaS) offering which provides managed services as part of the solution, is that you're saving on more than just communications, power, cooling and facilities. You're moving hardware and (potentially) software costs to the service provider as well as the most expensive part, the staff-related costs. - via Bob Roudebush
While security is a major concern when it comes to cloud computing, looking at a move to the cloud not only draws attention to the security measures in the cloud, but also the security measures you are taking in house. How do they measure up? A lot of BlueLock clients get better security from the cloud than in-house. - via Alicia Gaba
Cloud Computing allows you to shift capital-intensive infrastructure costs to operating expenses, which can save your organization thousands of dollars in the long run. Check out how DECA Financial cut 91% of their infrastructure costs in the first year alone
Better matching of revenue to expenses
Rapid provisioning and speed to market
Competitive advantage - they are able to spend IT time on their application and core business drivers rather than the day-to-day worries of managing the infrastructure

Still looking for more? Check out BlueLock's "Advantages of Cloud Computing" Blog.

Rights and Responsibilities in Cloud Computing (via Gartner)

Monday, July 19, 2010 by Alicia Gaba

Gartner recently released six "rights" and one "responsibility" for cloud service users/clients to help enable better business relationships between vendor and client. This list, although short, is actually quite exhaustive in terms of outlining some major topics a client should cover BEFORE entering a cloud hosting agreement.

Gartner's list of Cloud Computing Rights & Responsibilities:

The right to retain ownership, use and control one’s own data - Service consumers should retain ownership of, and the rights to use, their own data.

The right to service-level agreements that address liabilities, remediation and business outcomes - All computing services - including cloud services - suffer slowdowns and failures. However, cloud services providers seldom commit to recovery times, specify the forms of remediation or spell out the procedures they will follow.

The right to notification and choice about changes that affect the service consumers’ business processes - Every service provider will need to take down its systems, interrupt its services or make other changes in order to increase capacity and otherwise ensure that its infrastructure will serve consumers adequately in the long term. Protecting the consumer’s business processes entails providing advanced notification of major upgrades or system changes, and granting the consumer some control over when it makes the switch.

The right to understand the technical limitations or requirements of the service up front - Most service providers do not fully explain their own systems, technical requirements and limitations so that after consumers have committed to a cloud service, they run the risk of not being able to adjust to major changes, at least not without a big investment.

The right to understand the legal requirements of jurisdictions in which the provider operates - If the cloud provider stores or transports the consumer’s data in or through a foreign country, the service consumer becomes subject to laws and regulations it may not know anything about.

The right to know what security processes the provider follows - With cloud computing, security breaches can happen at multiple levels of technology and use. Service consumers must understand the processes a provider uses, so that security at one level (such as the server) does not subvert security at another level (such as the network).

The responsibility to understand and adhere to software license requirements - Providers and consumers must come to an understanding about how the proper use of software licenses will be assured.

This list brings light to what BlueLock is already doing right to better our relationships with our own clients. Based on the Gartner list provided, we are certainly in the right place.

1. Our clients do own and control their own data. We just provide and help manage the infrastructure platform.
2. BlueLock's Service Level Agreement (SLA) addresses liabilities, remediation and business outcomes the organization follows in the case of a service fall down.
3. BlueLock sends notifications and updates to our clients prior to, during and after any changes or updates to our environment that may or may not affect our client's environments. We even ask that our clients make us aware of any changes or updates on their end so that we can plan together to better alleviate any chance of disruption.
4. Technical limitations and service requirements are always discussed in the sales process.
5. We provide legal documentation upfront.
6. Our security procedures are very important to our clients, and therefore, our clients want and need to know what security processes we follow and adhere to.
7. Software license requirements are important - BlueLock must stay true to its software providers, and therefore, our clients must stay true to them as well.

To learn more about BlueLock's cloud hosting services, contact us or visit our website.

The Dark Side of Cloud Computing

Wednesday, June 23, 2010 by Matt Hunckler

With great power comes great responsibility. At least, that's what I learned from Spiderman comic books.

And what better way to illustrate this point than to look at it through the lens of an IT consultant? Cloud computing is a powerful weapon in the toolbox available to any organization. But some of the features that make cloud technology a value-building business tool are the same features that enable hackers, spammers, and other villains of the web to exploit innocent people (newbies and experienced users alike).

Welcome to the dark side of The Cloud – where virtualization is used to power hacking, malicious malware attacks, and sinister spamming campaigns. Lern more about this underworld of the web in this Whiteboard Wednesday video:

What do you think? How can we work together to make the web a more secure place?

Announcing the BlueLock vCloud Express Cloud Monkey Use Case Contest!

Wednesday, June 16, 2010 by Alicia Gaba

The BlueLock vCloud Express Cloud Monkeys Use Case contest begins today!

Former, current and new BlueLock vCloud Express Beta users will compete for these prizes:

The first ten submissions will receive a stuffed cloud monkey
The top five finalists will receive a FlipCam which they will use (and keep!) to create a recognition video for the application to compete for the Grand Prize - an Apple iPad!
The Grand Prize winner will receive the engraved Apple iPad!

Open for submissions by current, former and new Beta users, the contest runs from June 16 – September 6 and looks to surface the most innovative use cases of BlueLock’s vCloud Express.

During the 12-week contest, BlueLock vCloud Express developers enter by filling out a simple questionnaire on the BlueLock Web site between June 16 and July 7 2010 that includes a description of the BlueLock vCloud Express use case and why it deserves to win. Participants can promote their own use case through Twitter and other social media outlets. Submissions will be voted on by an open community of voters and judged by BlueLock and VMware on cloud applicability, creativity/innovation, time savings and cost savings to select the top five use cases. The first ten submissions will receive a BlueLock “Cloud Monkey” stuffed animal and the five finalists will receive FlipCams with the option to document their use cases in a two minute “Recognition Video.” Finalists who submit Recognition Videos will then be judged by BlueLock and VMware for the Grand Prize, with the winner receiving an engraved Apple iPad.

“The functionality of BlueLock vCloud Express has proven to be unique and of value to our clients, driving us to design some of the same features into our other solutions within BlueLock CloudSuite,” said Kim Graham Lee, Chief Marketing Officer, BlueLock. “We are excited to not only learn more about how developers have been using vCloud Express, but to also highlight the most unique and interesting use cases.”

“As a top VMware vCloud service provider partner, BlueLock has been able to help shape vCloud Express as it continues to demonstrate that they are ahead of the curve in understanding their clients’ needs in the evolving cloud computing space,” said Mathew Lodge, Senior Director-Cloud Product Marketing, VMware. “We are looking forward to learning about how beta users have taken advantage of the dynamic combination of the industry-leading VMware platform and BlueLock’s secure and reliable cloud hosting and infrastructure expertise.”

BlueLock vCloud Express is a reliable, on-demand, pay-as-you-go infrastructure solution that ensures compatibility with internal VMware environments and with VMware Virtualized™ services worldwide. The technology allows users to create virtual machines as needed and add compute capacity via an online interface. Users pay only for the compute and storage space they use. Since being selected by VMware as one of only five companies worldwide to offer vCloud Express and launching in September 2009, BlueLock has reached 1,100 beta users of the product.

Participants can be past, current or new BlueLock vCloud Express beta users and can submit more than one application. For additional contest details, visit www.bluelock.com.

Start-ups, Enterprise Companies and The Cloud

Thursday, June 10, 2010 by Brian Wolff

Ping Li from Accel Partners wrote a very interesting article this week about how some of the companies that his firm have funded are leveraging cloud computing. He made a couple of points that I find particularly interesting:

The first is that VC companies are making it a “pre-condition” of funding that the funded company leverage the cloud vs. buying traditional infrastructure.

Even more interesting and more powerful is his second point: that most of these companies didn’t need that encouragement – there is no way their company could exist if they didn’t launch in the cloud – it just wouldn’t be possible to build the scale, complexity or cost without using a cloud infrastructure provider.

His article got me thinking about all the other companies in the “universe” and the book by Nicholas Carr, The Big Switch. In the book, Nick tells the story of Henry Burden and “Burden’s Wheel”. Burden realized in the late 1800’s that he could locate his manufacturing company next to a river, build a huge water wheel to generate electricity and then automate many of the manufacturing processes, thereby lowering his cost, increasing production and crushing the competition. Mr. Burden, no doubt, needed a very specialized group of people to build and maintain this elaborate “power system”, however, by the early 1900s, commercial power was introduced that turned his internal power generating systems into an enormous cost that other manufacturers did not have to bear. Sound familiar?

Many others have done a better job than I could in this post about the difference between power and data - that really isn’t the point. The point is that there are companies today that have launched very successfully without any internal IT systems – which means no IT capital costs, no/minimal IT labor costs and maintenance costs that larger companies today bear with their own internal IT systems. There are other differences, of course, namely, that large established companies have huge legacy systems that may not necessarily be appropriate for the cloud, however, they do have very large costs supporting other systems that are considered important but not critical that may be perfect candidates to be migrated to the cloud. By moving these environments to the cloud they have the opportunity to reduce their overall cost and enable their existing IT departments to focus on building more valuable systems to drive more business value.

In start-up companies, pure cloud hosting is the preferred route to market – in large companies it’s not going to be an all-or-nothing proposition – it’s going to be a “hybrid” approach. With a hybrid approach, enterprise companies create a secure connection between their private cloud and a public cloud (today a secure VPN or MPLS connection) and then move less critical workloads to the public cloud.

At BlueLock, we like to say that we’ve been in the cloud a “lifetime”, and we have the good fortune to be serving many companies in both of these camps: start-ups (many that are SaaS companies specifically); and large enterprise clients that sought to leverage the cloud to lower their costs and focus their valuable IT resources on projects and systems that drive more business value.

In July, I’m going to be presenting to software company CEOs at SaaS University in Washington, DC on the topic of “Infrastructure Choices”, where I’ll put a spotlight on the cost differences between building your own internal infrastructure vs. moving to the cloud. I will also be discussing many considerations that companies face such as security and SLAs, two issues that should be top of mind when deciding which cloud is right for you.

If you’re interested in attending the event as BlueLock’s guest – register for the event and use this code: BLUELOCK100 to receive a $100 discount off the cost of registration.

If you have a comment or would like to contact me, you can reach me at bwolff@bluelock.com.

The Root of Cloud Computing Security Concerns

Tuesday, June 8, 2010 by Bob Roudebush

Budding Buddists are most likely familiar with the idea that "The root of all suffering is desire." When it comes to Clould Computing Security, it's my observeration that at the root of all security concerns about moving data and applications to the cloud is control.

Kevin Fogarty at CIO.com wrote an interesting article last month titled "Cloud Computing Poses Control Issues for IT". In the reality show that is Cloud Computing, "Security" plays a convincing foil to the main character known as "Advantages of Cloud Computing" but rarely, if ever, does the decision come down to which encryption algorithm you're using for sensitive data or whether or not you're using an IPSec or a SSL VPN solution.

For us geeks there are always heated, emotional debates about which technology has more speeds and feeds or which is a more elegant solution to a problem. However, most IT managers and architects are willing to accept the argument that large service providers are able to acheive economies of scale as well as economies of security by making large investments in security technology and even larger investments in good security professionals then spreading those costs over their client base. The real issue is whether or not the organization is willing to give up control of data and systems to another company.

Imagine on one end of the control spectrum Dedicated Private IT where the organization controls the entire stack - Data, App/Services, VM/Server and Storage. The only portion of the stack which the organization has to share control of is the Network - because few organizations have the ability to provide the connectivity available from private telecommunications companies. On the other end of that spectrum is Public SaaS solutions where the organization shares control of the Data (they decide what can go into the cloud and what can't) but the App/Services, VM/Server, Storage and Network is under the sole control of the service provider. Even if the service provider is far more qualified to care for the outsourced service than the IT organization itself, the company's executive team may not be willing to give up that much control.

Public Infrastructure as a Service (IaaS) solutions may provide the middle ground in this control struggle necessary for companies to be willing to start ot move to Cloud Computing. Most Public IaaS models place the responsibility for managing the Network, Storage and Server portions of the computing stack; the company still maintains access and administrative control to the VM, App/Services and the Data. This allows organizations to rely on service providers to manage the security of the underlying infrastructure but makes it easy to lock out the service provider and maintain control of everything else.

CloudCamp Nugget

Friday, June 4, 2010 by Bob Roudebush

I attended my first CloudCamp event last night as a BlueLock employee. I am thankful to have been about to participate in plenty of good discussions around cloud hosting, the advantages of virtualization and the benefits of cloud computing. During the Cloud Computing Security unconference session there were a lot of great ideas shared - one in particular from a CISSP (security) type who does security and compliance audits of companies.

If you're into IT security and compliance, you should really check out the National Institute of Standards and Technology (NIST). They have a library of publications on a variety of topics - you can see them all here. You can narrow your search to specific topic areas like Computer Security, Information Technology or even Disaster Resilience. It's certainly worth bookmarking.

Keeping Current with Cloud Computing

Wednesday, June 2, 2010 by Matt Hunckler

Cloud technology is rapidly evolving with new products, services, and organizations each with their own unique perspectives and value propositions. But with so much going on, how can one stay current with cloud computing?

In this special edition of Whiteboard Wednesday, Bob Roudebush talks us through how he stays on top of cloud news – from security and services to companies and user groups. We cover different SaaS aggregation and curation tools to help manage your information flow. And for those who like a more interactive way of digesting their news, we also talk about how to find great info with Twitter, Facebook, and other social media.

Let us know what you think:

TechPoint Mira Awards 2010: And the winner is....BlueLock!

Monday, May 31, 2010 by Kim Graham Lee

Congratulations to the entire BlueLock team for winning the 2010 Techpoint Mira IT Gazelle Award! After a few months of competing for the award with other noteworthy finalists, the five panels of judges voted and our cloud computing company took top honors for this prestigious recognition. The IT Gazelle Award is given each year to recognize fast-growing technology companies that have been in business less than three years since initial commercialization.

TechPoint Mira Awards 2010 – IT Gazelle from BlueLock LLC on Vimeo.

What a great story BlueLock has.

Founded in 2006 and created to provide Infrastructure-as-a-Service (we were the first Wikipedia entry for IaaS)
On an exciting growth trajectory in a rapidly expanding market
Revenue of $9.2M in '09 and cash flow positive
Recently secured $2.5M in growth capital
Adding 118 jobs and investing $35M over the next 5 years
Nationally recognized player in cloud computing space

Of course, the most exciting part of our story is the incredible group of clients with whom we work. Thank you for trusting us as your cloud hosting partner. You certainly share in this award with us.

Check out the video from the awards ceremony and live the exciting moment with us as our CEO, John Qualls, accepts on behalf of all BlueLockers!

And the Cloud Race is on...

Sunday, May 30, 2010 by Kim Graham Lee

Today is a big day in Indianapolis! It's the annual running of the Indianapolis 500. While members of my family are there, I opted to stay home and get a jump-start on the week ahead.

Things are very exciting and very busy these days helping drive the BlueLock car in the cloud computing space and race. The field has grown since our Indianapolis-based company first launched in 2006 focused on providing Infrastructure as a Service. Recently, Cloud Computing Journal shared its listing of the Top 250 Players in the Cloud Computing Ecosystem up from 150 it shared in January. BlueLock was there. My guess is that there may be a Top 500 list before too long.

Winning in the BlueLock playbook isn't about being listed on a cloud list. It's about driving real value for our clients and helping them cross the finish line. We are an important member of their technology pit crew responsible for ensuring that the engines are running well. With almost four years under our belt, we have spent our lifetime in the cloud and have important experience (including important learning from the mistakes) unlike many of the new entrants.

As the cloud race continues and it will, the field will eventually clear and the best cloud companies still on the track will be those that provide real value--security, reliability, scalability, cost effectiveness. Keep watching and who knows...maybe BlueLock will be an Indy 500 car sponsor someday!

Custom Security in the Cloud

Sunday, May 16, 2010 by Jake Robinson

In my previous post, I mentioned some challenges made by Dan Lohrmann, CTO for the State of Michigan. Mr Lohrmann had some great insight into the challenges within within the Cloud Computing Security domain. Let's talk about 3 specific challenges:

Who owns the end to end security?
Who owns the responsibility in the event of a breach?
Who owns the logs?

Now, before I answer these, we need to look at how the answers between cloud computing providers will vary. Let's take a look at what I refer to as the "XaaS stack."

Let's say we move to the top of the stack to SaaS. This means we don't need to invest the manpower to handle our platform and infrastructure. This is great when a turnkey SaaS solution will meet all of our security requirements.

We need to realize however, the higher we move up the stack, we lose 3 valuable abilities: Visibility, Control, and Customization.

So let's get back to our questions. Answering within the context of IaaS, the answers become clear:

Who owns the end to end security?
IaaS gives you full control over the end to end security. You can utilize controls and procedures you already have in place, without having to conform to a Cloud Computing Provider's proprietary system.

Who owns the responsibility in the event of a breach?
You have complete control and responsibility of every security aspect of your cloud infrastructure.

Who owns the logs?
You have 100% log visibility. The logs are in your Cloud Infrastructure, and thus belong to you.

In summary, more specific security requirements simply mean that you will need to start lower in the stack. Cloud hosting can meet any need you throw at it, just ask Logiq3!

Cloud Computing for the Enterprise?

Wednesday, May 12, 2010 by Alicia Gaba

I don't believe anyone really thinks all enterprise data centers will begin rushing to the clouds anytime soon (although there are a few that already have). That's quite far-fetched. However, that doesn't mean they won't begin testing out the waters (or the clouds).

However, as EMC CEO Joe Tucci explained at EMC World, "IT infrastructure has gotten too complex, too inefficient, too inflexible, and too costly...You’re managing a lot more with the same or less resources.”

A recent article outlined the benefits of the enterprise data center alongside the benefits of cloud computing.

Today's data center benefits:

Trust
Control
Reliability
Security

Cloud Computing benefits:

Dynamic
Cost-efficient
On-demand
Flexible

“In a way, the attributes of one are the negative of the other,” Tucci said.

The question is - how does the enterprise access the best of both worlds?

The answer is simple, and it probably the same if you were to ask someone from EMC, VMware or BlueLock. The answer is private cloud computing.

What is private cloud computing? It refers to what some call internal cloud computing and describes an offering that emulates cloud computing on private networks which allows companies to access the advantages of cloud computing without the pitfalls, such as data security, corporate governance and reliability concerns. Companies must still buy, build and manage the cloud, which isn't the case in the public cloud realm, but there are still many benefits. One of those benefits that BlueLock clients have accessed, is the ability to connect their private cloud to the public cloud for bursting and/or disaster recovery.

Learn more about private cloud computing today.

What does Cloud Computing mean to you?

Monday, May 10, 2010 by Alicia Gaba

Cloud Computing means many things to many people. It excites, motivates, and even scares some. But what does it mean to you?

The advantages of cloud computing have been touted again and again - from flexibility, speed, versatility, convenience, and cost effective to green, secure and scalable. But what makes cloud computing so interesting is that everyone has different thoughts and views around what it really does for them and means to them.

So first things first, what is cloud computing? At BlueLock we describe it in terms of 5 major things: on demand self-service, broad network access, resource pooling, rapid elasticity and measured service. It is provided in three different service models: software-as-a-service (SaaS), platform-as-a-service (PaaS) and infrastructure-as-a-service (IaaS). (BlueLock does IaaS.)

But what's the real value of the cloud? These are the major values our clients have seen:

Transitioning IT infrastructure costs from Capex to Opex
Opportunity to lower overall costs
Better match expenses to revenue
Rapid provisioning (speed to market)
Competitive advantage

But again, I must ask, what does cloud computing mean to you?

Cloud Computing: IT's role in governance

Friday, April 30, 2010 by Alicia Gaba

With cloud computing becoming more and more pervasive, IT's role is morphing towards one of governance rather than control. Internal departments are going out and accessing resources from the cloud rather than waiting on their internal IT departments to come around and get to their requests. IT must be more and more aware and ready to govern the use of outside IT resources such as software-as-a-service (SaaS) and infrastructure-as-a-service (IaaS), which in some companies is a fire-able offense.

Internal IT must make decisions - they need to choose what to provide (SaaS & IaaS) and make those options easy and accessible to their business units. Why? Because leaving those business units to their own devices can be a huge risk. They may be putting the company or its client's data at security risk.

There are many benefits of cloud computing, but the right people must make the right decisions around where your data is stored and what options are OK for business units to use. Cloud computing security must always be top of mind, especially when sensitive data is involved.

Whiteboard Wednesday: Making the Move to the Cloud

Wednesday, April 21, 2010 by Matt Hunckler

OK, so you've made the choice to leverage the awesome power of cloud computing. Now what?

In this Whiteboard Wednesday video, Jake Robinson and I cover the fundamental steps for migrating to the cloud. We discuss everything from data migration and server migration to resource allocation and cloud security considerations.

Here's our take on getting started with cloud technology. What do you think?

Cloud Computing: Trust is King

Wednesday, April 21, 2010 by Alicia Gaba

Some may argue cloud computing, specifically infrastructure-as-a-service, is moving towards a commodity (I think we're already seeing this) - but does that mean relationships don't matter? I say no. No matter how commoditized the Infrastructure-as-a-service or "cloud hosting" markets get, trust and relationships will continue to be a major factor in choosing and staying with a provider.

Trust is king. Clients want a brand they can trust and a provider who cares. We've seen many prospects choose BlueLock because of the VMware brand, clients like Pathagility and Indigo BioSystems. Indigo BioSystems, a technology provider for scientific research organizations, was at Amazon EC2, but just couldn't do what they needed - they needed VMware. At BlueLock they got the security and management they needed on a VMware platform; two things they didn't find at Amazon. Pathagility, a web-based platform for generating, managing and reporting on clinical data, needed security and compliance as well - on a platform built for mission-critical applications. They chose BlueLock because of the relationship (and VMware, of course).

The VMware brand is also the reason why vCloud Express has been such a hit. People are out there looking for a self-service platform based on VMware, and now they have it.

Commodity or not, trust is and will continue to be king in the cloud.

Is the Cloud Too Big for You?

Tuesday, March 30, 2010 by Katie LeGrand

Cloud computing has been getting a lot of media buzz lately. Words like virtualization, scalability, load balancing, and enterprise level solutions are hanging in the air. Sounds like something for big businesses, running huge databases with complex applications. How can cloud computing impact or be of value to the small business? Is cloud computing just for the big boys?

Absolutely not! Cloud computing is a dream come true for small business and start-ups. Small biz has some of the same IT issues as the big boys, and in some instances the need for cloud computing services is even more critical for small biz. Data loss could mean the death of your business. Security breaches might very well be the end of your enterprise. Controlling your cost structure is often a critical break-point.

First lets talk about scalability. What does this really mean for the small business? It means that you don't have to purchase and maintain excess capacity. The typical server utilizes about 20% of its resources. Can you afford any sort of capital investment that is only 20% utilized? Probably not. Why purchase a lot of computing fire power that you will not likely use? You can't afford the waste. Run your data and applications on a virtual machine, you will be utilizing on average 80% of the capacity you are paying for. If you think you are going to need greater capacity later, that's cool too. With Bluelock, you can scale up anytime you need to, for any increment you need, in hours, not weeks. Our cloud computing solutions allow you to respond to the real time demands of your business, lowering your investment risk, and giving you greater flexibility.

The flip side is also true--hit a dry patch in your business, or perhaps in response to expected seasonal fluctuations, you can scale down your capacity just as easily. No wasted investment. No capital commitment. No idle equipment. Total freedom in how much you use and when. In its essence, cloud computing offers a form of fiscal liquidity yielding a competitive advantage that your business just can't live without.

Whiteboard Wednesday: Cloud Computing Security

Wednesday, March 24, 2010 by Matt Hunckler

BlueLock expert, Jake Robinson, and I are back this week to explore the topic of security in the cloud. This week, we take a look at the fundamental building blocks of cloud security.

We discuss virtual firewalls, like those from Checkpoint, and how they can be integrated into a cloud computing environment to protect your data. Intrusion prevention systems (IPS) and intrusion detection systems (IDS) can also help inspect data that is transefered and prevent your system from getting hacked -- a proactive defense for your infrastructure. These basic tools not only protect your data, but can help you comply with regulations and standards like PCI, SarbOx, and HIPAA.

Security: The Thunder in the Cloud

Tuesday, March 23, 2010 by Jake Robinson

Every Information security buff knows the Triad of Information Security:

Confidentiality: No unauthorized users can access our data.

Integrity: No unauthorized users can modify our data.

Availability: My data is there when I need it.

Security in Cloud Computing should be no different.

I recently read an article by Michigan's CTO, Dan Lohrmann with some great questions around Cloud Computing Security.

Some of Mr. Lohrmann's challenges were:

Who owns the end to end security?
Who owns the responsibility in the event of a breach?
Who owns the logs?
Where does the data live (geographically)?
As my security requirements increase, does the cost become prohibitive?

Over the next series of blog posts, we'll discuss these and other Cloud Computing Security Challenges.

Have a specific security challenge? I want to hear it!