IBM reviews: Securing cloud data without vendor lock-in
By Carol Ko 30-Dec-2010
What have been your customers' three biggest concerns about cloud computing/ cloud services in 2010? How have you addressed their challenges?
Moung: Security is often cited as the top barrier to adoption. IBM is seeing increased recognition that security can be managed effectively in a cloud environment. The IBM Cloud is secure by design, meaning IBM built the IBM Cloud and offerings to be secure. IBM also recognizes that certain workloads will have different security requirements and has been helping clients assess what level of risk is appropriate for their environment. We've also just announced six new offerings that directly address cloud security concerns. These include professional security assessments for cloud, hosted vulnerability and event log management, and managed backup cloud.
|A recent demonstration in Korea of IBM's Engineering Design cloud running in the US was commented as having better connectivity than the client's existing environment which was less 25 miles away.|
Latency and application performance are also concerns of clients. IBM helps address this by leveraging the IBM Cloud Reference Architecture and Common Cloud Management Platform, which manage application performance and allow for a better cloud deployment to minimize network connectivity issues. For example, a recent demonstration in South Korea of IBM's Engineering Design cloud running in the US was commented as having better connectivity than the client's existing environment which was less 25 miles away.
Clients are also justifiably seeking a clear sense for the ROI and business benefits they will achieve with cloud. IBM has a number of adoption and ROI tools that it is using with clients to help shape the scope of cloud project. IBM also has numerous client success stories with great cost savings that it has been using to address this concern.
Clients wish to avoid being locked into proprietary cloud platforms and are seeking open standards to enable portability and choice. IBM is pro-actively engaging with emerging cloud standards bodies to accelerate the development and adoption of standards as well as trying to avoid fragmentation of standards.
A few discussions about cloud compliance and industry standards are going on in the ICT community at present? What's your take on this?
Moung: As cloud computing continues to increase in adoption questions about regulatory and business compliance and governance will continue to remain top of mind. Industry and open based standards are just one example of where discussions and actions are taking place. IBM believes this is valuable and necessary. Because cloud computing is a delivery methodology that is about putting the power into the hands of the end user and removing the traditional constraints of the IT environment, current regulations, policies and standards may be insufficient to provide the necessary controls and security an organization needs. Therefore new standards and policies need to be put into place and regulations will then need to be modified to accommodate this delivery model that is showing great gains in cost savings, business flexibility and overall productivity.
IBM is personally involved in these discussions spanning a wide array of topics within the cloud computing category. Such as:
- Virtualization with a goal not to be locked into a single hypervisor to allow for greater environment flexibility. IBM is working with DMTF (Distributed Management Task Force) and Apache in this area;
- Cloud APIs are always an area of discussion and how "open" vendors will be to allow for the quick easy migration of cloud workloads from one cloud to another, possibly from different providers. IBM is working with DMTF, Apache, Simple Cloud, Redhat, Rackspace and Zend, to name just a few;
- Security is a top issue for organizations in using cloud delivered solutions and IBM is actively engaged in building standards in several security aspects -- identity, access management, application and process, governance and risk management, data and information, and network, server and end point security both logical and physical. IBM is again working with several partners including DMTF, The Open Source Initiative,Oasis, ENISA (European Network and Information Security Agency), and the recently created Cloud Security Alliance;
- Service level agreements and the ability of the cloud provider to insure services performance and access to services is a critical focus for most organizations. The goal here is to assure standardization of SLAs for customer/end user comparison, and deliver visibility to the cloud environment sufficient to meet auditability and compliance requirements. IBM is working on this with TM Forum, NIST (National Institute of Standards and Technology -- US Government), and The Open Source Initiative;
- And finally the ongoing management and "orchestration" of the cloud computing solutions to insure reliability, speed, and a cost effective delivery of cloud computing solutions. Here IBM is partnering with Oasis, and DMTF to discuss and help develop standards.
For cloud computing delivery to become effective and pervasive it will be necessary to adopt standards and controls that are readily accepted by the industry and not to be locked in an organization to any one vendor, design, or methodology. IBM is a strong believer in leveraging standards and open source as a means to furthering the penetration and impact of cloud computing.