Saturday, February 21, 2009

Security Issues Receive Focus at IDC’s Cloud Computing Forum

The IDC Cloud Computing Forum took place on Wednesday, 2/18/2009 at the Stanford Court hotel atop San Francisco’s Nob Hill. Due to a schedule conflict, I wasn’t able to attend, but several reporters had filed their stories by the Saturday morning deadline for this post.

Sessions included:

    • Achieving High Performance with Cloud Computing in Uncertain Times
    • Building the Business Case for Cloud Computing
    • Building Your Own Internal Enterprise Cloud
    • Managing the Complexities of Security, Privacy and Compliance in the Cloud
    • New IT Models for Growth and Innovation
    • Next Generation of Server and Storage Virtualization
    • Powering the Cloud: Addressing Electricity Use and Efficiency for The Next Generation Data Center

but Security, Privacy and Compliance topics got most of the column-inches.

Cloud Computing Brings Challenges, Opportunities by Mark Long of CIO Today concentrated on Joseph Tobolski’s and Marie Wieck’s keynotes:

"For organizations eager to delay, reduce or eliminate capital spending, the pay-as-you go cloud computing model is proving to be attractive," says Joseph Tobolski, the director of cloud computing at Accenture. But as is the case with other earlier technological advances, "Cloud computing brings major challenges as well as big opportunities," noted Tobolski.

"As with many popular new technology trends, there are probably as many definitions out there as there are different analysts and vendors," said Marie Wieck, vice president of middleware services at IBM. "In IBM's view it's really a fundamental extension of the Internet computing model, and it is a platform that provides the ability for companies to access services and resources much more quickly."

IDC sees a number of opportunities for cloud computing to catch on in the government, health care and manufacturing industries, which typically invest heavily in IT systems and infrastructure Relevant Products/Services and are currently looking for ways to achieve cost savings. "The nature of cloud computing also makes it suitable for the budget- and resource-constrained SMEs, where not requiring in-house teams to deploy and manage the solutions is a huge advantage," the firm's analysts said.

How to Prepare for the Cloud by Richard Adihikari of quotes IDC chief analyst Frank Gens and Tobolski:

"If you have that service-oriented delivery model good [that] CIOs have been working on for the last decade, add scalability, self service provisioning and pay-per use-options, you have the private enterprise cloud," Gens said. "You can then easily pull in some of the services you need from external cloud service providers."

[T]he problem of security is not as big an issue as many fear, both speakers said. "You have to ask yourself, what are you comparing, say, Amazon's security to," Gens said. "Your own security? If you're a mid- to low-level enterprise, Amazon's probably going to beat you."

However, enterprises must ensure their internal systems are efficient before going to the cloud, warned Joseph Tobolski … . "If you're inefficient on the inside and add cloud stuff, you're going to get into a lot of trouble."

Cloud security fears are overblown, some say by James Niccolai of IDG News Service writes:

It may sound like heresy to say it, but it's possible to worry a little too much about security in cloud computing environments, speakers at IDC's Cloud Computing Forum said on Wednesday.

Security is the No. 1 concern cited by IT managers when they think about cloud deployments, followed by performance, availability, and the ability to integrate cloud services with in-house IT, according to IDC's research.

"I think a lot of security objections to the cloud are emotional in nature, it's reflexive," said Joseph Tobolski … . "Some people create a list of requirements for security in the cloud that they don't even have for their own data center."

Security, Privacy And Compliance In The Cloud by InformationWeek Analytics’ Roger Smith leads with:

One of the more interesting panel discussions at the IDC Cloud Computing Forum on Feb 18th in San Francisco was about managing the complexities of security, privacy and compliance in the Cloud. The simple answer according to panelists Carolyn Lawson, CIO of California Public Utilities Commission, and Michael Mucha, CISO of Stanford Hospital and Clinics is "it ain’t easy!"

"Both of us, in government and in health, are on the front-lines," Lawson proclaimed. "Article 1 of the California Constitution guarantees an individual’s right to privacy and if I violate that I’ve violated a public trust. That’s a level of responsibility that most computer security people don’t have to face. If I violate that trust I can end up in jail or hauled before the legislature," she said. "Of course, these days with the turmoil in the legislature, she joked, "the former may be preferable to the later."

Stanford’s Mucha said that his security infrastructure was built on a two-tiered approach using identity management and enterprise access control. Mucha said that the movement to computerize heath records nationwide was moving along in fits and starts, as shown by proposed systems like Microsoft’s Health Vault and Google’s Personal Health Record. "The key problem is who is going to pay for the computerized of health records. It’s not as much of a problem at Stanford as it is at a lot of smaller hospitals, but it’s still a huge problem."

AMD: Considering the chips that comprise the cloud by Jacqueline Emigh starts:

In all the talk lately about "the cloud," the topic of computer processors doesn't always happen to float by. But it should, according to AMD's Margaret Lewis.

AMD's Lewis focused much of her remarks on how AMD's hardware virtualization works hand-in-hand with software virtualization technologies such as hypervisors to support cost effective cloud computing. Cost performance benefits can accrue across areas that run the gamut from infrastructure to energy use, she said. Cloud infrastructures perform better when cloud resources are kept as close as possible to users, for reduced network overhead, she elaborated later, in an interview with Betanews.

Quad-core AMD Opteron chips are being used as the underlying processor behind implementations of Microsoft's Azure virtualization software, for instance. "We [have] lots of other examples, too, many of them involving very advanced approaches to virtualization," she told Betanews. [Emphasis added.]

Stay tuned for additional stories from the IDC Cloud Computing Forum as they appear on the Web.