Security News Curated from across the world
Launched at the beginning of 2010, the 1&1 Dynamic Cloud Server provides dynamic adaptation of RAM, CPU cores and disk space to deal with changes in server load.
To use the new iPhone app for mobile administration, customers need only insert their 1&1 contract number and password once, and then view all relevant server details in real-time.
http://www.thewhir.com/web-hosting-news/101910_Web_Host_11_Launches_Server_Management_App_for_iPhone_iPad
Sondergaard started by talking about how it usually takes about 10 years from when a technology appears until it really changes business, citing the PC, mobile phone, and Internet as example. He noted that while the IBM PC appeared in 1981, it didn’t reach an installed base of 100 million units until 1990. Twenty years ago, Tim Berners-Lee sent the first Web request; by late 1996, there were less than half a million Web sites; but today there are 250 million sites and 1.8 billion Web users. Global IT traffic is doubling every 2 years, and the information we create is moving from 275 exabytes per year to 275 exabytes per day by 2020.
Social computing will blur the lines between enterprise and personal computing, and social networking within and between organizations will massively improve productivity.
Context-aware computing means many more connected devices with sensors that understand the location, language, feelings and dreams of consumers by using patterns to determine your desires.
Pattern-based strategy uses predictive analytics on both structured and unstructured data, but it’s more about a business framework that lets us seek and model patterns, and then adapt accordingly.
Each of these trends is disruptive, he said, but the combination is an “unimaginable force” that will transform not just IT, but business and government.
But while IT budgets grew from $1.2 trillion in 2000 to $2.4 trillion now, overall, they aren’t growing very fast, he said. He said that while IT departments have been internally focused on optimizing processes and costs for the past 20 years, now it was more about business processes.
And he said that while the IT vendor industry is changing — through mergers and acquisitions creating “supervendors” — the four big trends in IT directions will bring this strategy into question.
Eric Knipp said the old rules of IT as a “black box” were ending, as users now have unprecedented IT resources. As a result, CIOs and IT managers must transform themselves from controllers to implementers; implementing “smart control” — managing technology in tighter concert with business goals.
Knipp said the concept of creating IT systems that are “built to last” is obsolete and is being replaced by a new dynamism of “built to change.”
He talked about layering the applications portfolio to systems of record that need to be stable and secure, like a GL; systems of differentiation that you don’t know how long they will last, such as pricing; and systems of innovation, built for ad hoc projects or collaboration.
Nick Jones and Research VP Hung LeHong talked about how all the information available via sensors, social networks, and advanced analytics, were changing all industries from retail, to warehouses, to construction.
Jones said that cloud computing enables quantum change in the economics of IT, letting CIOs save as much as 50 percent of operational costs; and this can allow the funds for IT departments to innovate.
http://blogs.pcmag.com/miller/2010/10/four_big_trends_changing_compu.php
This is not to say the challenges outweigh the benefits, but that these must be thought through carefully, so that proper commercial decisions are made to deal with the risks.
Data protection: data must be processed within the European Economic Area, unless there is adequacy of protection established outside the EEA, or consent requirements have been met in respect of data subjects;
Regulatory compliance: if an organisation is operating in a regulated industry, it must ensure that the associated compliance obligations can be maintained (audit rights and appropriate controls, for example);
Security and confidentiality obligations — although an obvious and important point, consideration needs to be given as to how to verify such measures; Service levels and compensation mechanisms — with the infrastructure in the cloud, this becomes more vital, together with considerations associated with measurement (delineating between the cloud provider’s infrastructure responsibilities, and those which lie within the domain of the customer);
Escrow considerations – worth thinking about, in case the service provider disappears, or the contract terminates early;
Business continuity and disaster recovery — cloud computing can give rise to robust business continuity and disaster recovery measures if properly implemented.
http://itlaw.computing.co.uk/2010/10/cloud-computing-blue-sky-thinking-or-head-in-the-clouds.html
For example, an IT administrator would be able to guess CA Client Automation’s functionality based on the name, as opposed to the previous generally-named CA IT Client Manager, he said. When additional modules are “plugged in” at a later date, the applications automatically detect and share data, making it very scalable, said Shopp.
CA Process Automation documents, automates and orchestrates a range of processes across platforms, applications and IT groups, CA said.
CA Configuration Automation identifies and standardizes device configurations and tracks cross-device dependencies, CA said.
The enhancements to existing products include new hypervisor support and management tools for public, private and hybrid clouds.
CA Client Automation integrates and automates a wide range of client device management tasks such as bare metal buildups and rebuilds, patch management, Windows 7 migration, and remote desktop support, CA said. The enhancements include dynamic management of mixed workloads for virtualized resources, the ability to schedule workloads in public couds such as Amazon EC2, and the ability to manage, monitor and troubleshoot business workloads. These stand-alone modules are also available in three preintegrated packages aligned with specific business services: hybrid clouds, Cisco UCS and data centers.
http://www.eweek.com/c/a/Virtualization/CA-Technologies-Revamps-Cloud-Automation-Suite-492569/
One element of the technology, OpenCloud Bridge, is a secure tunnelling technology which allows data and workloads to be transferred between internal corporate networks and external third-party cloud platforms.
Through OpenCloud Bridge, external cloud environments — such as Amazon’s EC2 or Rackspace’s Cloud Server – appear to be an extension of an organisation’s internal network. The technology will work on any virtual hypervisor but requires both sides of the data transfer to be using Citrix’s NetScaler server technology, meaning that currently not all cloud services are currently able to use OpenCloud Bridge.
Users of OpenCloud Bridge will also be able to move virtual machines and workloads between VMWare and Citrix virtual machines using the OpenCloud Bridge technology.
However, moving data between software-as-a-service applications — from Microsoft Dynamics CRM to Salesforce.com, for example – isn’t currently on Citrix’s agenda, as application-to-application data transfer requires significant changes to the way the data is packaged and structured, something that will need cross-vendor support before it can be implemented.
…VMWare, which allows movement of applications on virtual machines between off-premise and on-premise environments through its vFabric technology but only if they remain within the VMWare stack.
“My view is Citrix have hung their hat on the open source banner, an open stack [which] they’re hoping the service providers take up to enable customers to be able to enter and exit cheaply and quickly whereas VMWare are hoping in their tie-ups with people like Salesforce.com that their platform, based on a proprietary vCloud API, will be adopted by people so they can link service providers into their stack,” Ovum senior analyst Roy Illsley told silicon.com.
OpenCloud Access works in conjunction with the Citrix Receiver technology, a client-based system to allow users to access internal and external cloud applications in an application store-style interface.
http://www.silicon.com/technology/networks/2010/10/15/citrix-looks-to-build-bridges-in-the-cloud-39746449/
“Customers are quickly moving beyond the core hypervisor and focusing on mobility, self-provisioning, and metering and chargeback capabilities,” said Matt Eastwood, group vice president of Enterprise Platforms at IDC. Eastwood, along with a host of analysts, pundits and vendors, have a name for these next-generation virtualization deployments: the private cloud.
Settling on a precise definition of the term isn’t easy, since the term “cloud,” on its own, remains rather nebulous, but for the purposes of initiating a discussion, let’s say that the private cloud boils down to a set of scalable, dynamically provisioned, IT services which, unlike the public cloud, are hosted within an organization’s corporate data center.
All the elasticity and convenience of a public cloud service, with the same option to go hug your servers that IT admins have always had—or so the sales pitch goes.
CA Technologies swept up a bunch of startups and recently released CA 3Tera AppLogic 2.9, a turnkey platform that facilitates the rapid delivery of application-centric public and private clouds.
And CA is far from alone: A broad swath of vendors, from server manufacturers on up has some product targeted at building and/or maintaining the private cloud.
At this year’s VMworld, VMware announced a slew of products to enhance vSphere with private cloud functionality, such as support for pooling virtual infrastructure resources for delivery as catalog-based services, and for chargeback models to measure and assign costs of virtual machines.
Amazon EC2 or Salesforce.com weren’t built in a day, and companies that are in the business of providing utility compute services as their core business will always boast more resources, know-how and sheer scale than will be available to any single private enterprise.
With that said, there’s value in maintaining your own private IT resources that’s not easily obtained from the public cloud, particularly where security, compliance and legal discovery are concerned.
What’s more, a lack for public cloud-size scale doesn’t mean that organizations can’t derive real benefits from organizing your infrastructure into a more cloud-like form.
For enterprises already embracing x86 server consolidation to boost utilization and agility, combining multiple departmental virtual server farms into a single private cloud can, if executed well, lead to more efficient use of these resources.
“It isn’t necessarily that public cloud services are insecure by nature, but rather that they are not under a company’s direct control,” said Scott Crenshaw, vice president and general manager of the Cloud at Red Hat.
According to Eric Chiu, president and CEO of Hytrust, “the challenge becomes how to thrive in a multitenancy environment while preserving VM and data segregation as well as separation of duties.”
Assess the current regulatory environment and make sure that you can build a private cloud that is compliant today and hopefully in the future, or at least be updated when future changes occur.
Organizations must demonstrate compliance with regulatory requirements such as HIPAA (Health Insurance Portability and Accountability Act), Sarbanes-Oxley Act and PCI, even as these regulations change.
Managing virtual sprawl is one thing, but building a secure environment that preserves security controls over applications, data, personnel and the virtual machines is another.
“Many enterprises realize one day that they have terabytes or petabytes of files and they literally have no idea what is in them,” said to Steve Akers, CTO and founder of Digital Reef, a company that provides e-discovery and governance solutions.
Several current initiatives offer on-premise, cloud-like options for customers that entail the possibility of tapping a hybrid model in the future—you organize your internal stuff in a cloud-like way, you get more flexibility internally, and you get the option of hitting up public cloud resources to solve that elusive scale or capacity bursting bit of the equation when you need it and when you’re comfortable with it.
A DMTF (Desktop Management Task Force) initiative, OVF promises to facilitate portable VM packaging, among other things, but difficulties regarding portability of VM’s remain.