Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Tuesday, October 12, 2010

Interest Growing in Private Cloud Computing

Merrill Lynch says the public and private cloud infrastructure will be a $160 billion market by 2011.  While there’s still plenty of room for growth among enterprises for straight ahead, consolidation-oriented server virtualization projects, many organizations are looking to take their virtualization deployments to the next level.  By shaping their data centers into elastic and self-service platforms akin to those built by large cloud computing outfits such as and

“Customers are quickly moving beyond the core hypervisor and focusing on mobility, self-provisioning, and metering and chargeback capabilities,” said Matt Eastwood, group vice president of Enterprise Platforms at IDC.  Eastwood, along with a host of analysts, pundits and vendors, have a name for these next-generation virtualization deployments: the private cloud.

Settling on a precise definition of the term isn’t easy, since the term “cloud,” on its own, remains rather nebulous, but for the purposes of initiating a discussion, let’s say that the private cloud boils down to a set of scalable, dynamically provisioned, IT services which, unlike the public cloud, are hosted within an organization’s corporate data center.

All the elasticity and convenience of a public cloud service, with the same option to go hug your servers that IT admins have always had—-or so the sales pitch goes.

CA Technologies swept up a bunch of startups and recently released CA 3Tera AppLogic 2.9, a turnkey platform that facilitates the rapid delivery of application-centric public and private clouds.

And CA is far from alone: A broad swath of vendors, from server manufacturers on up has some product targeted at building and/or maintaining the private cloud.

At this year’s VMworld, VMware announced a slew of products to enhance vSphere with private cloud functionality, such as support for pooling virtual infrastructure resources for delivery as catalog-based services, and for chargeback models to measure and assign costs of virtual machines.

Amazon EC2 or weren’t built in a day, and companies that are in the business of providing utility compute services as their core business will always boast more resources, know-how and sheer scale than will be available to any single private enterprise.

With that said, there’s value in maintaining your own private IT resources that’s not easily obtained from the public cloud, particularly where security, compliance and legal discovery are concerned.

What’s more, a lack for public cloud-size scale doesn’t mean that organizations can’t derive real benefits from organizing your infrastructure into a more cloud-like form.

For enterprises already embracing x86 server consolidation to boost utilization and agility, combining multiple departmental virtual server farms into a single private cloud can, if executed well, lead to more efficient use of these resources.

“It isn’t necessarily that public cloud services are insecure by nature, but rather that they are not under a company’s direct control,” said Scott Crenshaw, vice president and general manager of the Cloud at Red Hat.

According to Eric Chiu, president and CEO of Hytrust, “the challenge becomes how to thrive in a multitenancy environment while preserving VM and data segregation as well as separation of duties.”

Assess the current regulatory environment and make sure that you can build a private cloud that is compliant today and hopefully in the future, or at least be updated when future changes occur.

Organizations must demonstrate compliance with regulatory requirements such as HIPAA (Health Insurance Portability and Accountability Act), Sarbanes-Oxley Act and PCI, even as these regulations change.

Managing virtual sprawl is one thing, but building a secure environment that preserves security controls over applications, data, personnel and the virtual machines is another.

“Many enterprises realize one day that they have terabytes or petabytes of files and they literally have no idea what is in them,” said to Steve Akers, CTO and founder of Digital Reef, a company that provides e-discovery and governance solutions.

Several current initiatives offer on-premise, cloud-like options for customers that entail the possibility of tapping a hybrid model in the future—-you organize your internal stuff in a cloud-like way, you get more flexibility internally, and you get the option of hitting up public cloud resources to solve that elusive scale or capacity bursting bit of the equation when you need it and when you’re comfortable with it.

A DMTF (Desktop Management Task Force) initiative, OVF promises to facilitate portable VM packaging, among other things, but difficulties regarding portability of VM’s remain.

Posted on 10/12