Click here to close now.

Welcome!

SDN Journal Authors: Liz McMillan, Lori MacVittie, Pat Romanski, Roger Strukhoff, Elizabeth White

Related Topics: Cloud Expo, Microservices Journal, Open Source, Virtualization, Security, Big Data Journal, SDN Journal

Cloud Expo: Article

Cloud Is All About Security

An exclusive Q&A with Terry Woloszyn, Founder & CEO, Leeward Security Ltd.

"Open source has always provided a number of benefits, including easing adoption costs, propagating a better understanding of the technology, and allowing for faster evolution and commercialization of products and services based on it," noted Terry Woloszyn, Founder & CEO, Leeward Security Ltd., in this exclusive Q&A with Cloud Expo Conference Chair Jeremy Geelan. "This is clearly evident with the OpenStack and CloudStack," Woloszyn continued, "and others that have been quickly commercialized as offerings such as Rackspace."

Cloud Computing Journal: The move to cloud isn't about saving money, it is about saving time. - Agree or disagree?

Terry Woloszyn: It's actually both. Depending on the type of cloud - SaaS, PaaS, or IaaS, and whether it is private or public - the metrics that are used to determine the savings vary in weighting and importance. For example, the total cost of ownership in selecting, installing, configuring, managing, and ultimately replacing enterprise applications is quite large when compared to utilizing a public cloud SaaS equivalent. In this case, it's about saving time and money. On the other hand, utilizing a private cloud infrastructure as a host platform for enterprise applications is much more about saving time in provisioning, as the money difference is small, realized only in hardware utilization and platform management cost savings.

There are other metrics that factor into a selection decision as well, such as security, redundancy, disaster recovery, scalability, and more. It all comes down to the individual requirements of the selector when determining what "it's all about saving."

Cloud Computing Journal: How should organizations tackle their regulatory and compliance concerns in the cloud? Who should they be asking/trusting for advice?

Woloszyn: Unfortunately, regulatory compliance is a moving target. Depending on the jurisdiction, there may not even be a way to become compliant, as legislation at different levels of government may actually conflict, resulting in a bun fight between them that only the courts can settle, and may take years to do so.

Furthermore, cloud exacerbates the problem by spreading the compliance requirements across a plurality of jurisdictions, which results in more conflicting legislation. Great examples have emerged wherein data privacy compliance dictated by one jurisdiction outside of the US is impossible to achieve, thanks to PATRIOT, to be complied with if a US cloud is utilized. It may even be impossible to comply if the network traffic itself simply transits US territory. Again, legislators and regulators are only starting to realize that they no longer can legislate within their borders - that there is a global economic and technology reality that they must account for if their constituents are to remain competitive in the global markets.

As a result, trying to achieve 100% compliance may be impractical, as it is virtually impossible to understand where every bit is located and where they travel during the usage of the cloud, and what compliance requirements are incumbent on the users and providers as a result. One approach to resolve this is similar to ring security employed by systems today, with the core representing the local jurisdiction regulatory and compliance requirements, and the risks and costs for non-compliance. Each subsequent ring around the core represents regulatory and compliance requirements of lessening importance, along with corresponding risks and costs for non-compliance. The final ring represents no regulatory or compliance requirements, and no risks. By creating this type of framework and taxonomy, with the assistance of technologists, cloud providers, and legal counsel, it allows the adopter to quickly make assessments for existing and future cloud adoption, and easily allows for impact analysis of ever-changing technology, regulatory, and compliance requirements.

Cloud Computing Journal: What does the emergence of Open Source clouds mean for the cloud ecosystem? How does the existence of OpenStack, CloudStack, OpenNebula, Eucalyptus and so on affect your own company?

Woloszyn: Open Source has always provided a number of benefits, including easing adoption costs, propagating a better understanding of the technology, and allowing for faster evolution and commercialization of products and services based on it. This is clearly evident with the OpenStack, CloudStack, and others that have been quickly commercialized as offerings such as Rackspace. It makes for more consistency, faster adoption, and more robust offerings as everyone works towards the same results in the open source community, rather than the competitive development model of the 1980s and 1990s that only resulted in a handful of expensive, proprietary, half-solutions.

Cloud Computing Journal: With SMBs, the two primary challenges they face moving to the cloud are always stated as being cost and trust: where is the industry on satisfying SMBs on both points simultaneously - further along than in 2011-12, or...?

Woloszyn: Certainly from a cost perspective, cloud has become very affordable as a technology. However, the skills and labor costs associated with cloud adoption and management are still relatively high, making it a barrier for SMB adoption. As cloud becomes more ubiquitous, the skills become more accessible and affordable. As a result, like any technology, it is the large, early adopters that start, and it slowly cascades down through SMB, and eventually down to SOHO and individuals.

As for trust, SMBs actually seem to trust more than the enterprise adopters. This is because more cloud vendors have succeeded in promoting security and trust of their brand through standards compliance, certification, and customer recognition. SMBs are aware that the cloud vendors are likely more secure an offering, for example, than the SMB themselves could provide.

Cloud Computing Journal: 2013 seems to be turning into a breakthrough year for Big Data. How much does the success of cloud computing have to do with that?

Woloszyn: Big Data, like other enterprise-scale technologies, would only be within reach of large enterprises without the support of cloud. Cloud has a democratization effect on new technology adoption, and allows for economies of scale that would otherwise be unaffordable by most organizations. This makes Big Data accessible by a much larger group of adopters, by virtue of cloud support.

Cloud Computing Journal: What about the role of social: aside from the acronym itself SMAC (for Social, Mobile, Analytics, Cloud) are you seeing and/or anticipating major traction in this area?

Woloszyn: There was a time when having a website was a requirement for organizations to be considered "real" and viable. Organizations without a website were viewed as either too small, or not viable, or not even trustworthy. Today, a website is mandatory for all organizations to do business. The same pattern is being followed for Social. Organizations now see an emerging requirement for social participation in order to be recognized as "real." The convergence of mobile and social and cloud has accelerated the growth of social as the primary and preferred interaction channels between the consumers and business, and between businesses themselves. Without a social presence, organizations today will simply not survive against those that actively exploit social media in their sales, marketing and other business functions.

Cloud Computing Journal: To finish, just as real estate is always said to be about "location, location, location", what one word, repeated three times, would you say Cloud Computing is all about?

Woloszyn: Cloud is all about "Security, Security, Security," where Cloud provides the security in cost savings, the security in access and availability, and the better security against present and future threats.

More Stories By Pat Romanski

News Desk compiles and publishes breaking news stories, press releases and latest news articles as they happen.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@CloudExpo Stories
SYS-CON Media announced today that @WebRTCSummit Blog, the largest WebRTC resource in the world, has been launched. @WebRTCSummit Blog offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. @WebRTCSummit Blog can be bookmarked ▸ Here @WebRTCSummit conference site can be bookmarked ▸ Here
Health care systems across the globe are under enormous strain, as facilities reach capacity and costs continue to rise. M2M and the Internet of Things have the potential to transform the industry through connected health solutions that can make care more efficient while reducing costs. In fact, Vodafone's annual M2M Barometer Report forecasts M2M applications rising to 57 percent in health care and life sciences by 2016. Lively is one of Vodafone's health care partners, whose solutions enable o...
SYS-CON Events announced today that Ciqada will exhibit at SYS-CON's @ThingsExpo, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Ciqada™ makes it easy to connect your products to the Internet. By integrating key components - hardware, servers, dashboards, and mobile apps - into an easy-to-use, configurable system, your products can quickly and securely join the internet of things. With remote monitoring, control, and alert messaging capability, you will mee...
SYS-CON Events announced today that GENBAND, a leading developer of real time communications software solutions, has been named “Silver Sponsor” of SYS-CON's WebRTC Summit, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. The GENBAND team will be on hand to demonstrate their newest product, Kandy. Kandy is a communications Platform-as-a-Service (PaaS) that enables companies to seamlessly integrate more human communications into their Web and mobile applicatio...
Public Cloud IaaS started it's life in the developer and startup communities and has grown rapidly to a $20B+ industry, but it still pales in comparison to how much is spent worldwide on IT: $3.6 trillion. In fact, there are 8.6 million data centers worldwide, the reality is many small and medium sized business have server closets and colocation footprints filled with servers and storage gear. While on-premise environment virtualization may have peaked at 75%, the Public Cloud has lagged in ado...
Dave will share his insights on how Internet of Things for Enterprises are transforming and making more productive and efficient operations and maintenance (O&M) procedures in the cleantech industry and beyond. Speaker Bio: Dave Landa is chief operating officer of Cybozu Corp (kintone US). Based in the San Francisco Bay Area, Dave has been on the forefront of the Cloud revolution driving strategic business development on the executive teams of multiple leading Software as a Services (SaaS) ap...
The best mobile applications are augmented by dedicated servers, the Internet and Cloud services. Mobile developers should focus on one thing: writing the next socially disruptive viral app. Thanks to the cloud, they can focus on the overall solution, not the underlying plumbing. From iOS to Android and Windows, developers can leverage cloud services to create a common cross-platform backend to persist user settings, app data, broadcast notifications, run jobs, etc. This session provide...
SYS-CON Events announced today that BroadSoft, the leading global provider of Unified Communications and Collaboration (UCC) services to operators worldwide, has been named “Gold Sponsor” of SYS-CON's WebRTC Summit, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. BroadSoft is the leading provider of software and services that enable mobile, fixed-line and cable service providers to offer Unified Communications over their Internet Protocol networks. The Compa...
The 5th International DevOps Summit, co-located with 17th International Cloud Expo – being held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA – announces that its Call for Papers is open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the...
DevOps tasked with driving success in the cloud need a solution to efficiently leverage multiple clouds while avoiding cloud lock-in. Flexiant today announces the commercial availability of Flexiant Concerto. With Flexiant Concerto, DevOps have cloud freedom to automate the build, deployment and operations of applications consistently across multiple clouds. Concerto is available through four disruptive pricing models aimed to deliver multi-cloud at a price point everyone can afford.
ProfitBricks has launched its new DevOps Central and REST API, along with support for three multi-cloud libraries and a Python SDK. This, combined with its already existing SOAP API and its new RESTful API, moves ProfitBricks into a position to better serve the DevOps community and provide the ability to automate cloud infrastructure in a multi-cloud world. Following this momentum, ProfitBricks has also introduced several libraries that enable developers to use their favorite language to code ...
What exactly is a cognitive application? In her session at 16th Cloud Expo, Ashley Hathaway, Product Manager at IBM Watson, will look at the services being offered by the IBM Watson Developer Cloud and what that means for developers and Big Data. She'll explore how IBM Watson and its partnerships will continue to grow and help define what it means to be a cognitive service, as well as take a look at the offerings on Bluemix. She will also check out how Watson and the Alchemy API team up to off...
The IoT Bootcamp is coming to Cloud Expo | @ThingsExpo on June 9-10 at the Javits Center in New York. Instructor. Registration is now available at http://iotbootcamp.sys-con.com/ Instructor Janakiram MSV previously taught the famously successful Multi-Cloud Bootcamp at Cloud Expo | @ThingsExpo in November in Santa Clara. Now he is expanding the focus to Janakiram is the founder and CTO of Get Cloud Ready Consulting, a niche Cloud Migration and Cloud Operations firm that recently got acquir...
The 17th International Cloud Expo has announced that its Call for Papers is open. 17th International Cloud Expo, to be held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, APM, APIs, Microservices, Security, Big Data, Internet of Things, DevOps and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding bu...
SYS-CON Events announced today that robomq.io will exhibit at SYS-CON's @ThingsExpo, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. robomq.io is an interoperable and composable platform that connects any device to any application. It helps systems integrators and the solution providers build new and innovative products and service for industries requiring monitoring or intelligence from devices and sensors.
The world's leading Cloud event, Cloud Expo has launched Microservices Journal on the SYS-CON.com portal, featuring over 19,000 original articles, news stories, features, and blog entries. DevOps Journal is focused on this critical enterprise IT topic in the world of cloud computing. Microservices Journal offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. Follow new article posts on T...
SYS-CON Events announced today that Litmus Automation will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Litmus Automation’s vision is to provide a solution for companies that are in a rush to embrace the disruptive Internet of Things technology and leverage it for real business challenges. Litmus Automation simplifies the complexity of connected devices applications with Loop, a secure and scalable clou...
In 2015, 4.9 billion connected "things" will be in use. By 2020, Gartner forecasts this amount to be 25 billion, a 410 percent increase in just five years. How will businesses handle this rapid growth of data? Hadoop will continue to improve its technology to meet business demands, by enabling businesses to access/analyze data in real time, when and where they need it. Cloudera's Chief Technologist, Eli Collins, will discuss how Big Data is keeping up with today's data demands and how in t...
SYS-CON Media announced today that @ThingsExpo Blog launched with 7,788 original stories. @ThingsExpo Blog offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. @ThingsExpo Blog can be bookmarked. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago.
As Marc Andreessen says software is eating the world. Everything is rapidly moving toward being software-defined – from our phones and cars through our washing machines to the datacenter. However, there are larger challenges when implementing software defined on a larger scale - when building software defined infrastructure. In his session at 16th Cloud Expo, Boyan Ivanov, CEO of StorPool, will provide some practical insights on what, how and why when implementing "software-defined" in the dat...