Sunday, February 21, 2010

Why companies are calling in "The Cloud"

Cloud computing is a cost-efficient model for provisioning processes, applications and services while making IT management easier and more responsive to the needs of the business. Therefore, in the Indian IT world, where it is in nascent stage, various vendors are trying to reach the customers attention. Few Indian companies, besides large vendors are offering cloud-based platforms in India.

According to the reports from the research firm, IDC, the cloud computing is reshaping the IT marketplace, creating new opportunities for suppliers and catalyzing changes in traditional IT offerings. Further, the firm expects that global spending on IT cloud services to grow almost threefold, reaching $42 billion by 2012.

To know more about the companies that support the cloud click here.

Outsourcing goes green!

Many outsourcing giants are seizing the green market and investing heavily in reducing their carbon footprint. At the same time technology outsourcing is expected to rise significantly if organizations are to deal with the financial burden of compliance with environmental regulation in-house.

Last year the UK government announced its intention to introduce new rules to ensure departments consider environmental sustainability when making procurement decisions, helping the government to meet its target of cutting emissions, waste and water across facilities.

The guidelines have created a new level of expectations for outsourcing providers, with environmental concerns entering the formal selection process for suppliers.

To read more of the whole story click here.

Thursday, February 11, 2010

The Top 5 Draws of Technology!

Lighter weight services and services based on social media and web 2.0 are gaining efficacy from the traditional cost based services. While earlier CIO's were more concerned about cutting the straps of their budget; today they have changed their perspective to shift to a more agile and flexible model.

While earlier services showed that Business Intelligence was a top draw, this dogma has changed now, with virtualization and cloud based services gathering momentum. To read more of the report click here.

The Green Switching Technology

Even the Telecommunication industry says: Green = Profit, as this industry is the largest user of electricity and every consumer wants his/her connection 24x7. This is one of the reasons why operators have to invest in secondary options to keep their business going.

But power can soon become a limited resource for operators, and that's why they are actively looking at green networking products and solutions, to combat the ever diminishing man made resource. Green Switching, one of the newest technologies on offer, helps small businesses cut carbon emissions as well as their costs. To know more about Green Switching and what industry experts have to say about it click here.

Monday, February 8, 2010

Security Risk and Complaince for Cloud Computing Model

IT has long struggled with the issue of securing the information and the underlying assets in tradition IT environments. There have been debates around how much security is enough. Over a period of time, various models have evolved to enable an enterprise get a grip over the information security issue. Most approaches encourage taking a risk based approach to measure adequacy of existing controls & identify areas of improvement to bring the risk to an optimum risk level.

Now, with the evolution & popularity of Cloud computing model in the recent time, it has added new dimensions to the concept of information security. There is a lot of discussion is taking place within the IT industry but there is still a haze around the security, risk & compliance issues. I believe that with time, a clearer picture is likely to emerge as Cloud service providers realize the importance to address concerns around information security and emergence & adoption of standards.

In my opinion, key issues around security, risk & compliance in Cloud computing model are:-

Governance – one of the concerns customers have expressed is the loss of governance over the service that is now provided in the Cloud. The control now resides with the Cloud service provider on issues like location of data, implementation of security controls and their functioning etc. This lack of overall control and hence over some of the topics that can potentially impact security, risk & compliance issues is a serious concern for the organizations exploring the use of Cloud based services.

Access Control – how do you control the access to the information residing in the Cloud? While models are emerging to control the end user access like OpenID etc, one of the key issues is around control access for the privileged users like administrators.

Data location within Cloud – this is another important concern since it has lot of regulatory & compliance issues. The location of data residing in Cloud also has implications on legal jurisdiction and implications of regional/country specific data privacy requirements.
For example – some of my customers especially in non-US geography have specifically expressed concerns around the implication of US patriot act on the Cloud computing services.

Securing Data at Rest – how secure is the information residing on the Cloud in a shared environment? Information segregation and encryption are key topics that are being discussed to address concerns around information assets in the Cloud.

Regulatory compliance – Organization do need to understand that while the responsibility of security the underlying assets may rest with the Cloud services providers, the responsibility & accountability to secure the information still rests with the enterprise. Traditional IT organizations are faced with lot of audit (internal & external) & security certifications like ISO27001/SAS 70 etc to demonstrate an acceptable level of presence & effectiveness of security controls. Similarly there will be a need for the Cloud service providers to accommodate their customers internal & external audit requirements along with an acceptable demonstration of presence of security controls within the Cloud services offered by them.

Incident Response & Forensics – another important point of concern is around support during incident response and forensics. Due to the shared nature of the Cloud based services and the fact that the service provider can host the data in any of the data centres, establishing log/audit trails to enable Incident Response and to support forensics can be a challenging task.

Organizations are realizing that when using a Cloud computing services, there is a limit to the security controls that can be implemented and enforced. One needs to rely on the controls that are implemented by the Cloud service provider and trust these controls are adequate and working the way they Ire designed. Similarly, there is also a limitation on how much audit information can be generated, collected in a tamper-proof format, retained and if that is adequate to satisfy an organizations audit requirements.

I believe that while enterprise will continue to use public Clouds, the IT spend on setting up private Clouds will increase over a period of time. Public Cloud services will be used to host non-critical services by the organizations while they will use the Cloud computing model within their organizational boundaries to benefit from the concept of Cloud computing while ensuring security, risk & compliance issues are within their control. I are most likely to see emergence of industry standards and also some guidance movement by government bodies on the topics of security, risk and compliance for Cloud services.

Disclaimer: This post has been written by Tajeshwar Singh, who is an Enterprise Solution Architect from HCL  ISD. To read more of his posts go to www. Inthepassing.wordpress.com.