Cloud Security: Myths Busted - What Chief Security Officers Need To Know

Posted on November 1, 2011 by Sam Conforti

 

I found a very good White Paper on Cloud Security entitled Cloud Security Myths and Strategies Uncovered. I think the best way to start off is with the opening quote from the White Paper itself:

“In today’s evolving information economy, cloud computing offers immense opportunity. Whether companies have started their cloud journey or not, security concerns remain the largest inhibitor to adoption. Concerns around control, data privacy, and security abound. However, the technology and expertise required to build a trusted cloud is closer than imagined. Progressive CSOs are embracing a new strategic role as a true business enabler in partnership with business leaders, to make sure that the trusted cloud becomes a reality and enterprises can capitalize on cloud technology.”

Security concerns still abound with Cloud Computing and a fair number of adopters still opt for a private cloud environment. However, there is a trend towards a more hybrid approach, allowing enterprises to take advantage of the cost saving a public cloud provides. A majority of IT professionals surveyed indicated that their top priority was managing access to the data in the cloud. The White Paper suggests that “Virtualization” provides better visibility than the older legacy systems.

The White Paper then lists the three major Myths about Cloud Computing and provides the answer that debunks each one:

1.       The Cloud simply cannot be secure - YES IT CAN.

2.       Cloud Security is a new challenge – NO IT’S NOT.

3.       Compliance equals security – not necessarily … it is only an “as of” date.

The authors state that a successful and secure Cloud is one that has “Trust” as its foundation. The Trust Equation is as follows:

 

Control + Visibility= Trust

Control

·         Availability: Ensure access to resources and recovery following interruption or failure.

·         Integrity: Guarantee only authorized persons can use specific information and applications.

·         Confidentiality/privacy: Protect how information and personal data is obtained and used.

Visibility

·         Compliance: Meet specific legal requirements and industry standards and rules.

·         Governance: Establish usage rights and enforce policies, procedures, and controls.

·         Risk management: Manage threats to business interruption or derived exposures.

The White Paper goes on to say that the key to obtaining the visibility needed to control the Cloud is Virtualization. “Virtualization consolidates multiple physical components into a logical view so they can be administered from one place. This alleviates the complexity of managing and monitoring multiple moving parts across internal and external infrastructure.

When it comes to building a trusted cloud, Checklist for Your Trusted Cloud is as follows:

·         Use virtualization as your foundation.

·         Build control and visibility into your security framework.

·         Extend your security perimeter to include applications and endpoints.

·         Adopt the three-layer controls framework: controls enforcement, controls management, and security management.

·         Select a cloud vendor with offerings that can meet enterprise-class cloud security requirements across private and public clouds.

·         Ensure services are secured to a common standard, in a transparent and auditable fashion.

·         Tap prescriptive guidance from industry coalitions such as the Cloud Security Alliance (www.cloudsecurityalliance.org).

Tags: , , , , , , , , , , , , ,

Licensee's Bill of Rights by Forrester's R. Ray Wang

Posted on July 13, 2009 by Sam Conforti

 

 

So I’m sitting at my desk buried in work one day last week. As an aside, it appears that my writings on SaaS have sparked some interest and so I have been putting together some SaaS agreements for a couple of new clients. My email alert lets me know that an email has just arrived. It is an email from R. Ray Wang, Vice President of Forrester Research Inc. I have been reading a lot of Wang’s writings and research and have been quite impressed to say the least. I have even Blogged on some of his writings. He had a few kind words to say about my Blog and then he attached the latest update to the Enterprise Software Licensee’s Bill of Rights. I promised him that I would read this latest research work and mentioned in my email reply that it would probably be a treasure trove of vital and current information. Well I did read it and my comment hit that nail on the head. As a practitioner for over 20 years, with the last 10 years concentrated in this crazy world we call software licensing, this is a must read. As a Licensee, whether prospective or a veteran of ERP negotiations, perhaps a higher standard is in order, such as mandatory reading material. Here are some highlights from this latest work as detailed by R. Ray Wang:

  1. Surveyed 71 vendors and 101 end users.
  2. Built best practices from personal experience of 1000 contract strategy interactions.
  3. Resulted in the inclusion of 11 new rights that support new deployment options, cost savings, client best practices, and vendor lock in avoidance.
  4. Suggested seven simple steps to successfully negotiating enterprise software contract.

Of course reproduction of this research work is strictly prohibited. Regardless of the prohibition, space constraints in this Blog prevent me from adequately commenting on all the salient points. I do not think Wang or Forrester would mind if I whetted your appetite the best way I know how – with Wang’s own words in the Executive Summary.

For Business Process & Applications Professionals

Executive Summary 

July 7, 2009

 

An Enterprise Software Licensee’s Bill Of Rights, V2

 

Forrester Redefines 47 Basic Rights That Licensees Should Expect From Vendors

 

This is the 10th document in the “Building A Long-Term Apps Strategy” series.

 

 

by R “Ray” Wang

with Paul D. Hamerman, Andrew Magarie, and Ralph Vitti

 

 

“Of all the assets that an enterprise acquires, enterprise software brings with it the most unusual, onerous, and restrictive set of constraints. In most cases, licensees may not resell, reuse, or share their license. Licensees often encounter numerous grievances across the software ownership life cycle from selection to implementation, utilization, maintenance, and retirement. Poor economic conditions have kept vendors from raising prices for now; however, rapid vendor consolidation has eliminated choice and customer leverage in the market. Upon economic recovery, enterprises can expect price increases in software categories where only a handful of solution providers compete. Fortunately, advances in new deployment options (e.g., software-as-a-service, platform-as-a-service, cloud computing, managed services, and virtualization) may slowly shift the pendulum in favor of the customer. Forrester’s updates to its 2006 Enterprise Software Licensee Bill Of Rights (LBoR) reflect these new best practices from more than 1,000 interactions. CIOs, business process and apps professionals, enterprise architects, and procurement experts should immediately review and incorporate these best practices into their vendor relationships, contract strategies, and packaged apps strategies.”

 

 

For information on hard-copy or electronic reprints, contact Client Support.

 

R. Ray Wang’s Blog is A Software Insider’s Point of View.

  

Tags: , , , , , , , , , , , , , , , , , , ,

Technology Predictions for 2009

Posted on January 27, 2009 by Sam Conforti

Jeff Vance, president of Sandstorm Media, a marketing services firm focused on emerging technology trends, has an article in CIO Update entitled 5 Hot Trends for 2009. This article is the next in his series of predictions as evidence by his article last year entitled 5 Hot Trends for 2008. He begins with an honest critique of his 2008 predictions. I admit I was too eager to find out what was anticipated for this year and so I skipped right to the 2009 predictions. After reading the latest predictions, I confess that my first thoughts were, “Well how good did you do last year?” and so it was easy to find out. Depending on your patience, either order is fine. I’ll give you a brief synopsis of his 2009 predictions and leave it up to you to decide if you agree and need to check his score from last year. For 2009 Vance sees the following unfolding:

1.       Major Mergers and Acquisitions: Vance expects some big names to come in and buy at bargain prices.  One place to look is in the wireless market-space.

2.       Disappointing sales in the mobile market space:  The recession will cause consumers to delay purchases of new handsets with all those nonessential features. One business model to watch is pay-as-you-go.

3.       Virtualization is a winner in 2009: And the reason is obvious, cost. Seems like the recession plays a big part in most predictions for this year. Quicker ROI and less upfront cost will be the tipping point for most technology winners. Vance sees virtualization marching past the servers and moving to desktops and quite possibly the mobile desktop sector as well.

4.       Businesses crack down on social networking: Lack of worker productivity and data leakage are the two main reasons.

5.       IT Spending saves the economy: Admittedly this may be too brash of a boast, but look for major IT expenditures to support a fundamentally changed economy due to the global recession. Regulatory agencies will look to data mining in an effort to detect fraud and forestall market collapses.

So what do you think? If you are interested on how well Vance’s 2008 predictions turned out, read the article, (HINT: he wasn’t too far off).

 

Tags: , , , , , , , , , , ,

Oracle's Financials Look Bright Ahead of "Oracle OpenWorld 2008" as the Acquisition of BEA comes to the Fore

Posted on September 22, 2008 by Sam Conforti

 

It is important to note that Oracle does not have the familiar 12/31 year end, but rather a 5/31 fiscal year end.  Ahead of their conference “Oracle OpenWorld 2008” held in San Francisco this year, Oracle released a wave of glowing financial successes for its first quarter for 2009.

·         Net Income increased 28% to $1.1 Billion

·         Revenues increased 18% to $5.3 Billion

The second quarter is more in question.

·         Non-GAAP revenues could fluctuate anywhere between a 12-15% increase or drop as low as only a 9% increase due to currency fluctuations

·         Non-GAAP EPS should be around 26¢ due to earnings split between higher and lower tax jurisdictions.

The forecast for new software license revenues are also susceptible to the fluctuating currency markets with estimates at 5% - 15% without fluctuations and 2% to 12% if fluctuations are taken into account.  Kenneth Chin, and analyst for Gartner, focused on this broad range and stated:

"Foreign currency had a plus seven percent impact on earnings this quarter, and they see a minus three percent impact for the next quarter, which can be fairly significant.  There's nothing to say that, if the dollar moves more quickly and becomes stronger, that the negative impact wouldn't hit five percent or more."

Fifty percent (50%) of Oracle’s business is license revenue and maintenance fees.  The fastest growing part of their business is middleware.  Larry Ellison, Oracle CEO, is confident that they have or soon will replace IBM in this market space.  For a more complete commentary on the second quarter’s outlook and beyond see Richard Adhikari’s article Oracle Sees Tougher Days Ahead. 

With a broader portfolio of software products to bring to the market the emphasis this week at the San Francisco conference will be on the $8.5 billion purchase of BEA.  The BEA middleware products “are key to Oracle's service oriented architecture (“SOA”) strategy.

Oracle’s next major release will be 11g, expected by the end of the 2009 fiscal year.  BEA will be an integral part of its latest Web and SOA platforms release. 

Also of note is Oracle’s Green Program and its virtualization initiative.  To read the details on the tremendous increase in savings on these two programs and the Integration of the BEA software products into Oracle’s latest offerings see Oracle's Big Show will be BEA's Coming Out Party.

  

 

Tags: , , , , , , , , , , ,

Sun Let's Software Vendors Run SaaS Without Code Rewrites

Posted on April 25, 2008 by Sam Conforti

 

Andy Patrizio reports for InternetNews.com on a new offering from Sun Microsystems that will allow software vendor’s customers to convert from an on premise version of their application to SaaS using existing technologies.  The good news is that this conversion can be done without rewriting code, which in some cases can take many engineers an inordinately long period of time to design and then test the new architecture.  This is all made possible through Sun’s new “virtualization service”.  Sun or a Sun partner will then host the application.  Of course the service only “supports applications hosted on a Sun server using Solaris, Solaris' Containers virtualization technology and xVM, Sun's virtualization software.”


The advantage to this service was explained by Vince Vasquez, business development manager for SaaS programs at Sun:


"People see the demand for on-demand but they are stuck with a year or more of development time without actually knowing if there's a market there for their product.  With virtualization, they can get into that market right now."


If this is of interest, I strongly recommend reading Patrizio’s article entitled, Sun Latest to Help App Vendors Get 'SasSy'.  In it Patrizio reports on the success to date of this service with a case study and also discusses pricing and Sun’s 90-day free trial offer.


Tags: , , , , , ,