Cloud Recovery

Thoughts and Topics Around Cloud Backup and Recovery

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 4 other followers

  • Subscribe

  • RSS Cloud Security

    • GoGrid Security Breach
      Bad news for GoGrid customers as today we received the following breach notification by email… Dear Valued Customer: In the normal process of reviewing our system activity, our Security Team discovered that an unauthorized third party may have viewed your account information, including payment card data. We immediately took action to protect our custom […]

  • RSS Cloud Computing Journal

    • Cloud Expo New York Speaker Profile: Chris MacGown – Piston Cloud Computing
      With Cloud Expo 2012 New York (10th Cloud Expo) now less than three three weeks away, what better time to start introducing you in greater detail to the distinguished individuals in our incredible Speaker Faculty for the technical and strategy sessions at the conference... We have technical and strategy sessions for you every day from June 11 through June 14 […]

Posts Tagged ‘Cloud Security’

« Previous Entries

Amazon CTO Counters Skepticism on Cloud Security

Posted by brennels on August 2, 2010

Jon Brodkin, Network World Wednesday, July 28, 2010

(07-28) 15:49 PDT – Amazon’s cloud computing division is planning to “raise the bar” on security, and provide better security than most enterprises can achieve on their own, says Amazon CTO Werner Vogels.

But some analysts believe Amazon is not transparent enough about its internal security practices, judging by comments after a presentation Vogels made at the Burton Group Catalyst conference in San Diego Wednesday.

Amazon called out over cloud security, secrecy

Vogels provided an optimistic view of cloud security, saying that cloud networks such as Amazon’s already provide better security, and disaster recovery, than most enterprises are capable of. “I believe the cloud is the area where we have to raise the bar for enterprise security,” Vogels said.”

Read the rest of the article on Networkworld.com

Posted in Amazon, Cloud Architecture, Cloud Computing, Cloud Providers, Security | Tagged: , , | Leave a Comment »

The Upgraded Security of Cloud Computing

Posted by brennels on June 22, 2010

“How often do you hear about the latest Microsoft worm? Take, for example, the Conficker worm of 2009 that infected over 15 million machines, giving “back door” access to hackers, and making mission critical data completely insecure. The fact of the matter is that PC security breaches happen all the time, but don’t fret, there may be a solution.”

“With the advent of cloud computing, there has also been an increase in the security capabilities of everyone who takes advantage of cloud computing. The reason for this is quite simple – the providers of cloud computing services concentrate far more resources towards the security of the services they provide than the average PC user ever could. Why? For one, they have to in order to survive. But also, by definition, cloud computing service providers must utilize an assortment of technology that resides within specialized datacenters. In turn, these datacenters are built from the ground up with security and reliability as the foremost objectives.”

Read the full article here on trackvia.com

Posted in Cloud Availability, Cloud Hosting, Cloud Providers, Security | Tagged: , | 1 Comment »

Cloud Computing: Early Adopters Share Five Key Lessons

Posted by amcanty on April 15, 2010

By Robert Lemos on Thu, April 15, 2010

“Look, Ma, no data center. Many of today’s start-up companies find cloud services such as Amazon EC2 essential to their business model. You can benefit from the lessons already learned by these early cloud adopters.

While some large enterprises have moved their information-technology infrastructure to a third-party managed service to save costs, small firms—especially startups—have come to rely on cloud services to cut initial outlays and help them focus on the core services and products.

Infrastructure-as-a-service offerings, such as Amazon’s Elastic Computing Cloud (EC2), typically are used by larger enterprises to give research-and development groups flexibility in resources. For startups, eliminating the large capital expenditure of a data center at the outset has allowed many to reduce seed money and keep their burn rates that much lower, says Oliver Friedrichs, CEO of antivirus firm Immunet, which launched its first product last August.

“It’s a big win for smaller companies to leverage the cloud because you are really saving a lot—it is really avoiding a large, up-front investment,” says Friedrichs. “Five years ago, we would have had to build out a data center and the sheer cost of that would have made it much more difficult to launch our business.”

Immunet has no datacenter of its own. Instead, the company uses Amazon’s EC2 to analyze malicious code for patterns that can help its product, Immunet Protect, recognize viruses and Trojan horses. The firm also uses the cloud to keep antivirus service available to its more than 125,000 users, adding new virtual servers as its user base grows.

The cost savings and scalability of infrastructure-as-a-service offerings are well known advantages. Yet, there are others. In interviews, three small companies that use the cloud—and one that does not—share the lessons learned from growing up with cloud infrastructure.

1. From IT management to software development

Foregoing a datacenter immediately saves small companies a significant cost: Server administrators and datacenter managers. Yet, rather than reduce headcount, many companies are instead using the reclaimed budget to invest in software developers that have experience working in the cloud.

“In a traditional data center, we would need an IT person to rack the system, maintain the servers, and own the hardware,” says Immunet’s Friedrichs. “So rather than hiring someone, we now have software developers that are writing on a very flexible platform that Amazon maintains.”

For sales forecasting and analytics firm Right90, the cost savings of moving its infrastructure to the cloud was too advantageous to ignore. Right90 didn’t start its business using third-party infrastructure, but the cost savings and flexibility of cloud services beckoned. Last year, the company moved out of its data centers in Calgary, Ontario and San Francisco, California and adopted Amazon EC2 with backup to servers located at the firm’s own offices. The lack of servers to manage has freed up Right90′s IT management team, says Arthur Wong, the firm’s CEO.”

To read the rest of the key lessons, click here!

Posted in Amazon, Cloud Architecture, Cloud Backup, Cloud Computing, IaaS | Tagged: , , , , , , | Leave a Comment »

Frustrations with Cloud Computing Mount

Posted by amcanty on April 9, 2010

By Patrick Thibodeau on Fri, April 09, 2010

“Cloud computing is seeing a shift in focus among its users from what it offers to what it lacks. What it offers is clear, such as the ability to rapidly scale and provision, but what it is missing seems to be growing by the day.

Cloud computing lacks standards about data handling and security practices, and even whether a vendor has an obligation to tell users whether their data is in the U.S. or not. And the industry is only beginning to sort out these issues through groups, such as the year-old Cloud Security Alliance.

The cloud computing industry has some of the characteristics of a Wild West boomtown. But the local saloon’s name is Frustration. That’s the one word that seems to be popping up more and more in discussions, particularly at the SaaScon 2010 conference here this week.

This frustration about the lack of standards grows as cloud-based services take root in enterprises. Take Orbitz LLC, the large travel company with multiple businesses that offer an increasingly broad range of services, such as scheduling golf tee times, and booking concerts and cruises.

As with many firms that have turned to cloud-based services, Orbitz is both a provider and user of cloud-based software as a service (SaaS) offering. Ed Bellis, chief information security officer at Orbitz, credits SaaS services, in particular, with enabling the company’s growth and allowing it to concentrate on its core competencies.

But in providing SaaS services, Orbitz must address a range of due diligence requirements among customers that are “all across the board,” and can vary widely to include on-site audits and data center inspections, he said.

A potential solution is a security data standard being developed by the Cloud Security Alliance that would expose data in a common format and give customers an understanding of exactly “what our security posture is today,” said Bellis.”

To continue reading, click here!

Posted in Cloud Architecture | Tagged: , , , , | 1 Comment »

More technology CFOs migrate to the Cloud

Posted by amcanty on April 8, 2010

“(CPI Financial Via Acquire Media NewsEdge) This year, according to an annual study by BDO, a majority (56 per cent) of chief financial officers (CFOs) at leading US technology businesses are currently using cloud computing in some capacity. Further, the vast majority (90 per cent) report their use of cloud computing will remain the same or increase this year.

CFOs cite cost flexibility (32 per cent), increased scalability (32 per cent) and improved business ability (29 per cent) as the driving reasons for embracing cloud computing instead of provisioning IT services from their own data centre.

The majority of tech CFOs (64 per cent) are familiar with cloud computing. Still, despite the allure of cost savings, some CFOs (44 per cent) have resisted the shift to the cloud and list security concerns (39 per cent), the hassle and expense (29 per cent) and limited application features (14 per cent) as their reasons.

“Security threats remain the top concern for tech CFOs looking to implement cloud computing within their organisation, but this risk is substantially minimised given world-class cloud providers, such as Amazon and Microsoft and the emergence of numerous other vendors now competing in the space,” said Jay Howell, a Partner in the Technology Practice at BDO.

“Cost savings have proved cloud computing’s strong ROI potential, and this is driving continued investment, resulting in increasing robustness and business ability of cloud-based applications.”

For the full article, click here!

Posted in Cloud Computing | Tagged: , , , , , , , | Leave a Comment »

GSA’s cloud computing success a blueprint for rest of government

Posted by amcanty on March 31, 2010

Updated: 2010-03-29

“The General Services Administration’s Office of Citizen Services and Communications implemented cloud computing last May, and the branch of the federal government reports that the move has been a success, according to the Federal Times.

Prior to implementing the system, the GSA used an outdated series of computer hardware and software that made it difficult to achieve any real efficiency. It also made it nearly impossible for the department to update other software as the rest of the programs struggled to work with newer programs or its hardware failed to support the new application.

IT employees at the GSA enjoy the new system as well because they can use their skills to develop new systems and learn new programs rather than maintain outdated systems that malfunctioned nearly every day.

“[The employees] didn’t like what their job was, but they didn’t want that job to go away,” Mark Pietrasanta, chief technology officer of the GSA’s cloud computing vendor, told the news provider. “Now they can learn new technologies instead of crisis control.”

President Barack Obama’s demand that government become more technologically efficient and modern has resonated as more government organizations, including the military, are moving toward cloud computing.ADNFCR-2178-ID-19695428-ADNFCR

For the full article, click here!

Posted in Cloud Architecture, Cloud Availability, Cloud Backup, Cloud Computing, Cloud Hosting, Cloud Providers | Tagged: , , , | Leave a Comment »

Is Cloud Computing More Secure?

Posted by amcanty on March 25, 2010

Mar 24, 2010, By Dan Lohrmann

I recently received an e-mail advertising an upcoming online seminar. The intriguing title was Cloud Computing — Faster, Better, Cheaper, Greener and More Secure. I paused, reread the session description and thought, “Oh, dear.” If this premise is true, let’s just move everything onto the cloud right now. We can save beaucoup bucks in government and sleep better at night at the same time. But while I can buy the first four outcomes, I’m not buying the last — that it’s more secure — at least not yet. Here’s why.

First, I want to offer the obligatory praise for cloud computing in general and the undeniable efficiencies available to state and local governments in particular. Yes, Michigan — the government I work for — has an exciting cloud strategy, like many other states. In fact, most technology vendors I know have one or more game-changing cloud offerings.

But this is about cloud security and specifically whether cloud computing is more secure than whatever your government is doing now. If you currently have weak security controls, you may be tempted to hand over your sensitive data to a cloud provider — but read on before you do.

Proponents argue that the “big boys” like Microsoft and Google can secure systems better than most companies or government employees. At a recent panel discussion in Grand Rapids on this topic, I was challenged by other panelists with one-liners like: “Do you really think your security team is better than Google’s?”

“Perhaps not. But that’s not my point.”

So what are a few of the most pressing cloud security problems?

  • Our duty is to protect sensitive information, not just systems. Even if large cloud providers can protect servers better, your legal responsibility is to secure the information end-to-end.

For the rest of the aricle, click here!

Posted in Cloud Architecture, Cloud Computing, Cloud Hosting, Cloud Providers | Tagged: , , , , | Leave a Comment »

Innovation and Risk in the Clouds

Posted by amcanty on February 11, 2010

The relationship between innovation and risk is closely intertwined (Part 1 of 3)

By Ray DePena

February 10, 2010 01:30 PM EST

“Do you have reservations about cloud computing?  You are not alone.  Cloud computing is no panacea.  You may wonder then why I’m a cloud computing advocate.  Well, simply put, it has the best business model potential I have seen in the marketplace since the advent of the Internet.

While it is true that the underlying technologies have existed for some time, they have now matured to a degree that SaaS, PaaS, and IaaS economic business models are viable.

Still many have doubts.  So I will share my perspective in a 3 part article on Innovation, Risk, and Organizations.

The relationship between innovation and risk is closely intertwined.  In innovation there is opportunity, and opportunity rarely presents itself without threats or risk.

In order to fully leverage cloud computing, organizations will have to restructure not only how they manage their applications and IT governance, but their business processes, people, resources, risk, communications, and ultimately, their organizational culture.

Andy Grove, former Chairman and CEO of the Intel Corporation, declares that a corporation is a living organism; it has to continue to shed its skin. Methods have to change. Focus has to change. Values have to change. The sum total of those changes is transformation.

Cloud computing is more than just another outsourcing option, it presents an opportunity to transform your organization into an innovation powerhouse.

The question is, will your organization make the transition?

It is true, an organization has to have the people, resources, culture, processes, and strategic focus necessary to be innovative and continually transform, but what is the alternative?  Stagnation? Obsolescence? Being left behind? Isn’t it better to establish and sustain an innovative business advantage than to be in continual pursuit of the mythical silver bullet?”

For the rest of the article, click here!

Posted in Cloud Architecture, Cloud Availability, Cloud Computing | Tagged: , , , , , , | Leave a Comment »

Transitioning to Cloud Computing

Posted by amcanty on February 4, 2010

Auditability must be a goal

By Robert Grapes

February 3, 2010 03:00 PM EST

“The drive toward cloud computing continues to be a dominant infrastructure deployment theme for organizations looking to reduce costs, increase storage and optimize mobility. What many fail to realize is the trend towards cloud computing is continually forcing IT managers to rethink fundamental security issues as a barrage of new attacks and exploits continue to assault the cloud every day.

Compelling for any business model, cloud computing delivers a scalable, accessible and high-performing computing infrastructure that comes at an appealing price for organizations.

Similarly, operating in the cloud allows for the convergence of new and emerging technologies. Providing appeal to both the provider and the consumer, cloud computing enables new application deployment and recovery options, as well as new application business models. However, cloud computing may not be the panacea that the press and many organizations make it out to be. We must have trust and confidence in the platform on which we are deploying our applications and data. We must be able to maintain control of the information that drives our business. Ultimately, we must be able to prove that trust to our auditors. The solution, having not yet been defined, could be deemed “auditability.”

Cloud computing is made possible and viable through its use of new and emerging technologies. These same technologies also introduce new security threats that if left unaddressed could prove to be the Achilles’ heel of cloud computing. Auditability stems from an understanding of the threats and risks that face an application and its associated data. It is deployed to any system or platform and makes certain the commensurate security measures are taken to mitigate risks and monitor and address the threats. Traditional security risks and more sophisticated attacks are all threats that plague the deployment of applications and data in the cloud. It’s of the utmost importance that organizations understand and increase the auditability of their cloud computing deployments to ensure the best security solutions are in place to protect their systems.

Threat and Risk Assessment
Threat and risk assessments provide insight to the potential weaknesses of systems and applications that could be exploited by an attacker for malicious purposes. Often these assessments identify weaknesses that could provide opportunities for damage through simple negligence. An attack analysis, as part of these assessments, places one in the mindset of an attacker for the purposes of identifying all the possible ways a system could be breached. One should not be afraid of performing an attack analysis on existing systems and applications as it is better to find potential areas to exploit prior to deployment than by a malicious attacker once in production. To make an attack analysis more thorough, one should include external and internal attacks, static and dynamic analysis attacks, and manual and automated attack types. The more tests that are run, the more resilient the auditability reports will be to auditor scrutiny and the more confident an organization will be placing applications and data into the cloud.

Virtualization
Virtualization is the cornerstone technology upon which the cloud computing infrastructure is built. Without it, the capital and operating costs of the cloud would simply outweigh the return. With it, providers are able to deliver near-instant recovery options and portability, using snapshots and elastic computing capabilities. This offers cloud consumers the benefit of on-demand utilization of resources to meet peak computing needs without requiring the overhead and cost of standby and latent computing power, all at very reasonable costs.”

For the rest of the article, click here!

Posted in Cloud Computing, Security | Tagged: , , , , , | Leave a Comment »

Cloud Computing Gains Momentum but Security and Privacy Issues Persist

Posted by amcanty on September 28, 2009

Sep 25, 2009, By Hilton Collins

“It’s official: Cloud computing has arrived — and it appears to be the hit of the party. The Pew Internet & American Life Project released survey results in September 2008 reporting that 69 percent of Americans who are online use Web-based e-mail, store data or use software applications over the Internet. In October 2008, the market research firm IDC forecast that spending on IT cloud services would reach $42 billion by 2012.

Government agencies are starting to use cloud computing for storage, applications or development; these services are hosted on a remote server in order to save money on implementation and management. Cloud services are increasingly pervasive and may forever transform how government employees access and manage digital information.

Cloudiness Ahead

But with so many clouds on the horizon for IT, some people worry about potential storms ahead.

“What tends to worry people [about cloud computing] are issues like security and privacy of data — that’s definitely what we often hear from our customers,” said Chris Willey, interim chief technology officer of Washington, D.C.

Willey’s office provides an internal, government-held, private cloud service to other city agencies, which allows them to rent processing, storage and other computing resources. The city government also uses applications hosted by Google in an external, public cloud model for e-mail and document creation capabilities.

Cloud computing is delivered to users via three main delivery models: software as a service, platform as a service and infrastructure as a service (known as SaaS, PaaS and IaaS, respectively). With SaaS, customers use applications stored on a provider’s server. In a PaaS environment, the provider gives customers tools to create their own applications that are stored on the provider’s server. IaaS allows customers to rent networking, storage or other IT resources from providers to support in-house infrastructure.

In all arrangements, the clients’ data wind up in someone else’s hands somewhere along the way. For government, citizens’ data is sacred, as is data involving internal business processes. Even when a third-party provider is reputable, it’s understandable to experience a tinge of anxiety. You can’t control another company’s activities the way you can your own.

“For the last 15 years, people have been used to the client-server model,” said Kevin Paschuck, vice president of public sector for RightNow Technologies, a company that delivers SaaS. “They’ve been used to hugging their servers. They walk out the door, and they can see their data and their hardware. They control their own destiny.”

But remote hosting can inhibit that feeling of control.

“I don’t know exactly where my data is,’” said Tim Grance, a computer scientist in the Computer Security Division of the National Institute of Standards and Technology. “It could be cut into tiny little pieces and dispersed across a large geographical area, and that inherently makes people nervous.”

These qualms, however, don’t just come from apprehension about the activities of third-party partners. They may stem from external threats too. If an agency’s server is hacked, the agency’s employees know how they’ll handle it, but they don’t know how someone else might. It’s a given that Salesforce.com, Amazon.com and other big companies aren’t slouches in the security department, but their size makes them attractive targets for cyber-attacks.

For the full article, click here!

Posted in Cloud Computing | Tagged: , , | Leave a Comment »

« Previous Entries
 
Follow

Get every new post delivered to your Inbox.