Welcome!

SDN Journal Authors: Gil Allouche, Lori MacVittie, Dana Gardner, Adrian Bridgwater, Michael Bushong

Related Topics: Cloud Expo, SOA & WOA, Open Source, Virtualization, Security, Big Data Journal, SDN Journal

Cloud Expo: Article

Cloud Is All About Security

An exclusive Q&A with Terry Woloszyn, Founder & CEO, Leeward Security Ltd.

"Open source has always provided a number of benefits, including easing adoption costs, propagating a better understanding of the technology, and allowing for faster evolution and commercialization of products and services based on it," noted Terry Woloszyn, Founder & CEO, Leeward Security Ltd., in this exclusive Q&A with Cloud Expo Conference Chair Jeremy Geelan. "This is clearly evident with the OpenStack and CloudStack," Woloszyn continued, "and others that have been quickly commercialized as offerings such as Rackspace."

Cloud Computing Journal: The move to cloud isn't about saving money, it is about saving time. - Agree or disagree?

Terry Woloszyn: It's actually both. Depending on the type of cloud - SaaS, PaaS, or IaaS, and whether it is private or public - the metrics that are used to determine the savings vary in weighting and importance. For example, the total cost of ownership in selecting, installing, configuring, managing, and ultimately replacing enterprise applications is quite large when compared to utilizing a public cloud SaaS equivalent. In this case, it's about saving time and money. On the other hand, utilizing a private cloud infrastructure as a host platform for enterprise applications is much more about saving time in provisioning, as the money difference is small, realized only in hardware utilization and platform management cost savings.

There are other metrics that factor into a selection decision as well, such as security, redundancy, disaster recovery, scalability, and more. It all comes down to the individual requirements of the selector when determining what "it's all about saving."

Cloud Computing Journal: How should organizations tackle their regulatory and compliance concerns in the cloud? Who should they be asking/trusting for advice?

Woloszyn: Unfortunately, regulatory compliance is a moving target. Depending on the jurisdiction, there may not even be a way to become compliant, as legislation at different levels of government may actually conflict, resulting in a bun fight between them that only the courts can settle, and may take years to do so.

Furthermore, cloud exacerbates the problem by spreading the compliance requirements across a plurality of jurisdictions, which results in more conflicting legislation. Great examples have emerged wherein data privacy compliance dictated by one jurisdiction outside of the US is impossible to achieve, thanks to PATRIOT, to be complied with if a US cloud is utilized. It may even be impossible to comply if the network traffic itself simply transits US territory. Again, legislators and regulators are only starting to realize that they no longer can legislate within their borders - that there is a global economic and technology reality that they must account for if their constituents are to remain competitive in the global markets.

As a result, trying to achieve 100% compliance may be impractical, as it is virtually impossible to understand where every bit is located and where they travel during the usage of the cloud, and what compliance requirements are incumbent on the users and providers as a result. One approach to resolve this is similar to ring security employed by systems today, with the core representing the local jurisdiction regulatory and compliance requirements, and the risks and costs for non-compliance. Each subsequent ring around the core represents regulatory and compliance requirements of lessening importance, along with corresponding risks and costs for non-compliance. The final ring represents no regulatory or compliance requirements, and no risks. By creating this type of framework and taxonomy, with the assistance of technologists, cloud providers, and legal counsel, it allows the adopter to quickly make assessments for existing and future cloud adoption, and easily allows for impact analysis of ever-changing technology, regulatory, and compliance requirements.

Cloud Computing Journal: What does the emergence of Open Source clouds mean for the cloud ecosystem? How does the existence of OpenStack, CloudStack, OpenNebula, Eucalyptus and so on affect your own company?

Woloszyn: Open Source has always provided a number of benefits, including easing adoption costs, propagating a better understanding of the technology, and allowing for faster evolution and commercialization of products and services based on it. This is clearly evident with the OpenStack, CloudStack, and others that have been quickly commercialized as offerings such as Rackspace. It makes for more consistency, faster adoption, and more robust offerings as everyone works towards the same results in the open source community, rather than the competitive development model of the 1980s and 1990s that only resulted in a handful of expensive, proprietary, half-solutions.

Cloud Computing Journal: With SMBs, the two primary challenges they face moving to the cloud are always stated as being cost and trust: where is the industry on satisfying SMBs on both points simultaneously - further along than in 2011-12, or...?

Woloszyn: Certainly from a cost perspective, cloud has become very affordable as a technology. However, the skills and labor costs associated with cloud adoption and management are still relatively high, making it a barrier for SMB adoption. As cloud becomes more ubiquitous, the skills become more accessible and affordable. As a result, like any technology, it is the large, early adopters that start, and it slowly cascades down through SMB, and eventually down to SOHO and individuals.

As for trust, SMBs actually seem to trust more than the enterprise adopters. This is because more cloud vendors have succeeded in promoting security and trust of their brand through standards compliance, certification, and customer recognition. SMBs are aware that the cloud vendors are likely more secure an offering, for example, than the SMB themselves could provide.

Cloud Computing Journal: 2013 seems to be turning into a breakthrough year for Big Data. How much does the success of cloud computing have to do with that?

Woloszyn: Big Data, like other enterprise-scale technologies, would only be within reach of large enterprises without the support of cloud. Cloud has a democratization effect on new technology adoption, and allows for economies of scale that would otherwise be unaffordable by most organizations. This makes Big Data accessible by a much larger group of adopters, by virtue of cloud support.

Cloud Computing Journal: What about the role of social: aside from the acronym itself SMAC (for Social, Mobile, Analytics, Cloud) are you seeing and/or anticipating major traction in this area?

Woloszyn: There was a time when having a website was a requirement for organizations to be considered "real" and viable. Organizations without a website were viewed as either too small, or not viable, or not even trustworthy. Today, a website is mandatory for all organizations to do business. The same pattern is being followed for Social. Organizations now see an emerging requirement for social participation in order to be recognized as "real." The convergence of mobile and social and cloud has accelerated the growth of social as the primary and preferred interaction channels between the consumers and business, and between businesses themselves. Without a social presence, organizations today will simply not survive against those that actively exploit social media in their sales, marketing and other business functions.

Cloud Computing Journal: To finish, just as real estate is always said to be about "location, location, location", what one word, repeated three times, would you say Cloud Computing is all about?

Woloszyn: Cloud is all about "Security, Security, Security," where Cloud provides the security in cost savings, the security in access and availability, and the better security against present and future threats.

More Stories By Pat Romanski

News Desk compiles and publishes breaking news stories, press releases and latest news articles as they happen.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@CloudExpo Stories
Explosive growth in connected devices. Enormous amounts of data for collection and analysis. Critical use of data for split-second decision making and actionable information. All three are factors in making the Internet of Things a reality. Yet, any one factor would have an IT organization pondering its infrastructure strategy. How should your organization enhance its IT framework to enable an Internet of Things implementation? In his session at Internet of @ThingsExpo, James Kirkland, Chief Ar...
"We help companies that are using a lot of Software as a Service. We help companies manage and gain visibility into what people are using inside the company and decide to secure them or use standards to lock down or to embrace the adoption of SaaS inside the company," explained Scott Kriz, Co-founder and CEO of Bitium, in this SYS-CON.tv interview at 15th Cloud Expo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
SAP is delivering break-through innovation combined with fantastic user experience powered by the market-leading in-memory technology, SAP HANA. In his General Session at 15th Cloud Expo, Thorsten Leiduck, VP ISVs & Digital Commerce, SAP, discussed how SAP and partners provide cloud and hybrid cloud solutions as well as real-time Big Data offerings that help companies of all sizes and industries run better. SAP launched an application challenge to award the most innovative SAP HANA and SAP HANA...
SAP is delivering break-through innovation combined with fantastic user experience powered by the market-leading in-memory technology, SAP HANA. In his General Session at 15th Cloud Expo, Thorsten Leiduck, VP ISVs & Digital Commerce, SAP, discussed how SAP and partners provide cloud and hybrid cloud solutions as well as real-time Big Data offerings that help companies of all sizes and industries run better. SAP launched an application challenge to award the most innovative SAP HANA and SAP HANA...
"SAP had made a big transition into the cloud as we believe it has significant value for our customers, drives innovation and is easy to consume. When you look at the SAP portfolio, SAP HANA is the underlying platform and it powers all of our platforms and all of our analytics," explained Thorsten Leiduck, VP ISVs & Digital Commerce at SAP, in this SYS-CON.tv interview at 15th Cloud Expo, held Nov 4-6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
"Verizon offers public cloud, virtual private cloud as well as private cloud on-premises - many different alternatives. Verizon's deep knowledge in applications and the fact that we are responsible for applications that make call outs to other systems. Those systems and those resources may not be in Verizon Cloud, we understand at the end of the day it's going to be federated," explained Anne Plese, Senior Consultant, Cloud Product Marketing at Verizon Enterprise, in this SYS-CON.tv interview at...
P2P RTC will impact the landscape of communications, shifting from traditional telephony style communications models to OTT (Over-The-Top) cloud assisted & PaaS (Platform as a Service) communication services. The P2P shift will impact many areas of our lives, from mobile communication, human interactive web services, RTC and telephony infrastructure, user federation, security and privacy implications, business costs, and scalability. In his session at @ThingsExpo, Robin Raymond, Chief Architect...
SYS-CON Media announced that Centrify, a provider of unified identity management across cloud, mobile and data center environments that delivers single sign-on (SSO) for users and a simplified identity infrastructure for IT, has launched an ad campaign on Cloud Computing Journal. The ads focus on security: how an organization can successfully control privilege for all of the organization’s identities to mitigate identity-related risk without slowing down the business, and how Centrify provides ...
Bit6 today issued a challenge to the technology community implementing Web Real Time Communication (WebRTC). To leap beyond WebRTC’s significant limitations and fully leverage its underlying value to accelerate innovation, application developers need to consider the entire communications ecosystem.
The definition of IoT is not new, in fact it’s been around for over a decade. What has changed is the public's awareness that the technology we use on a daily basis has caught up on the vision of an always on, always connected world. If you look into the details of what comprises the IoT, you’ll see that it includes everything from cloud computing, Big Data analytics, “Things,” Web communication, applications, network, storage, etc. It is essentially including everything connected online from ha...
Cloud Expo 2014 TV commercials will feature @ThingsExpo, which was launched in June, 2014 at New York City's Javits Center as the largest 'Internet of Things' event in the world.
SYS-CON Events announced today that Windstream, a leading provider of advanced network and cloud communications, has been named “Silver Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place on June 9–11, 2015, at the Javits Center in New York, NY. Windstream (Nasdaq: WIN), a FORTUNE 500 and S&P 500 company, is a leading provider of advanced network communications, including cloud computing and managed services, to businesses nationwide. The company also offers broadband, p...
The 4th International DevOps Summit, co-located with16th International Cloud Expo – being held June 9-11, 2015, at the Javits Center in New York City, NY – announces that its Call for Papers is now open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's large...
Verizon Enterprise Solutions is simplifying the cloud-purchasing experience for its clients, with the launch of Verizon Cloud Marketplace, a key foundational component of the company's robust ecosystem of enterprise-class technologies. The online storefront will initially feature pre-built cloud-based services from AppDynamics, Hitachi Data Systems, Juniper Networks, PfSense and Tervela. Available globally to enterprises using Verizon Cloud, Verizon Cloud Marketplace provides a one-stop shop fo...
Leysin American School is an exclusive, private boarding school located in Leysin, Switzerland. Leysin selected an OpenStack-powered, private cloud as a service to manage multiple applications and provide development environments for students across the institution. Seeking to meet rigid data sovereignty and data integrity requirements while offering flexible, on-demand cloud resources to users, Leysin identified OpenStack as the clear choice to round out the school's cloud strategy. Additional...
The major cloud platforms defy a simple, side-by-side analysis. Each of the major IaaS public-cloud platforms offers their own unique strengths and functionality. Options for on-site private cloud are diverse as well, and must be designed and deployed while taking existing legacy architecture and infrastructure into account. Then the reality is that most enterprises are embarking on a hybrid cloud strategy and programs. In this Power Panel at 15th Cloud Expo (http://www.CloudComputingExpo.com...
We are all here because we are sold on the transformative promise of The Cloud. But what good is all of this ephemeral, on-demand infrastructure if your usage doesn't actually improve the agility and speed of your business? How must Operations adapt in order to avoid stifling your Cloud initiative? In his session at DevOps Summit, Damon Edwards, co-founder and managing partner of the DTO Solutions, will highlight the successful organizational, process, and tooling patterns of high-performing c...
Software-driven innovation is becoming a primary approach to how businesses create and deliver new value to customers. A survey of 400 business and IT executives by the IBM Institute for Business Value showed businesses that are more effective at software delivery are also more profitable than their peers nearly 70 percent of the time (1). DevOps provides a way for businesses to remain competitive, applying lean and agile principles to software development to speed the delivery of software that ...
Docker offers a new, lightweight approach to application portability. Applications are shipped using a common container format and managed with a high-level API. Their processes run within isolated namespaces that abstract the operating environment independently of the distribution, versions, network setup, and other details of this environment. This "containerization" has often been nicknamed "the new virtualization." But containers are more than lightweight virtual machines. Beyond their small...
The move in recent years to cloud computing services and architectures has added significant pace to the application development and deployment environment. When enterprise IT can spin up large computing instances in just minutes, developers can also design and deploy in small time frames that were unimaginable a few years ago. The consequent move toward lean, agile, and fast development leads to the need for the development and operations sides to work very closely together. Thus, DevOps become...