Tag Archives: Public Cloud

Cloud Computing Compliance and Industry Standards

October 12, 2015 Kris Price

Though cloud computing is known as a trendy technology, it is not in any way new in the computer networking field. The truth is that telecommunication companies were the first cloud service providers and they established some expectations for customers as well as industry standards for the past decades. Fast forward to 2015, the expectations remain unchanged; the standards of the cloud computing industry has been similarly modelled as in the Telcos, with some additions that are triggered by nature of operations and the transaction types that occur in the new cloud applications.

Definition of standard may be linked to the type of cloud computing in use. The cloud may be public, hybrid or private clouds. Also, the mandate around the private clouds requires loyalty to defined process and well established control frameworks. Documentation, backup controls, and Service Level Agreements (SLAs), as well as infrastructure libraries for service management and business integration must be made available. In the public cloud, there must be adherence to established frameworks as well provision for audits under various compliance acts.

Standards adopted may be determined based on the type of industry. The industrial standard may be dictated by the country or segment of operation and industrial vertical. For instance, the health care industry will be governed by HIPAA, while Sarbanes Oxley governs the financial industry in the USA and Canada. There may be sets of requirements and regulation by the industry itself for access control, security, protection of data, segregation of duties and lots more. The requirements for SLA may differ from one segment to another based on the amount of data processed, company size, and the kind of data. The regulation of the country, where the the company (or industry and/or service provided) is located may have an influence on the kind of standards adopted. Current tools and the available processes will also affect the standards adopted for the cloud. Implemented standards. You will need to consider customers and/or industry practises inside and outside the company / industry at the same time to refine the standards that should be implemented.

The current standards or requirements already established by vendors globally will have a huge impact on the standardisations and expectations. This is always obvious when software usage and licensing is involved. Industries need to always be mindful of the restrictions as well as the components that are not defined clearly; and also create practises that will not lead to unforeseen expenses, any kind of violations or breaches. For the fact that cloud is a combination of variety of technologies, standards need to be followed strictly, along with integrated compliance standards that may come up in the context.

In fact, cloud computing service providers must always investigate important areas for compliance and determine the minimum expectations from the regulatory authorities, clients, and competitors within the industry vertical.

How Unpatched Software Give Way To Data Breaches?

July 3, 2015 Damien Garvey

It is a fact that IT related business is growing by leaps and bounds, and has changed the usage of organizational devices significantly within the last decade. With the growth of business, it has become essential to have some security measures. IT professionals have warned about risks associated with hyper-connectivity. Enterprises face great risks because the shortcomings of unpatched software are exposing data to cyber crime attacks. Therefore, it is the need of the hour to use advanced systems for data security.

Windows XP has lost its value due to security issues and instabilities which are associated with the operating system. When an OS developer like Microsoft cannot provide patches and critical updates to cope with security issues, the need for a new and well-defined operating system emerges.

What are the consequences of data breaches when complying with HIPAA (Health Insurance Portability and Accountability Act)?

HIPAA Breach Rule

HIPAA is an act related to accountability and health insurance portability. In order to give maximum protection and privacy to health information, federal law has set some rules and regulations. OCR (Office for Civil Rights) is responsible for enforcing security law. For data security, OCR gives notification to organizations when certain information is breached. When businesses do not apply latest software patches, customers could get affected by data breaches and their social security numbers and/or credit card numbers could be stolen; and as a result, HIPAA penalty could be levied. Organizations have been fined by OCR because many have become the victim of malware caused by failure in selecting software patches.

It is notable that HIPAA or OCR does not inform organizations to keep their software updated. When companies do not pay attention to software flaws and keep on working with patching software, issues such as data breaches become unavoidable.

How to Run System Smoothly?

To check data security, it is significant to use vigilant approach and observe applications of third-party against protection vulnerabilities. Unsecure data can be the result of supportive software or operating system that is functioning in the environment. To cope with data issues, security updates and advanced patches should be applied. For a small business or an enterprise, assistance of IT administrator is the only solution to get peace of mind.

In a nutshell, the penalty of data breaches should not be only in form of levying fines, but there must be some rules to meet the demands of industry. Organizations know methods to find out security risks and satisfactory solutions. In other words, patch your software and use updates to keep your data safe and secure. Organizations can improve ways of data protection by using cloud computing. As compared to public cloud, private cloud using companies are much more satisfied with security of data.

Are You SaaS Ready?

June 26, 2015 Rob Mackle

Experts state glibly: “SaaS is ready for you, even if you are not yet ready for SaaS!” But, what does “being ready for SaaS” imply? More important “What is SaaS?” Let us answer the second question first.

SaaS is the abbreviation for “Software as a Service”. SaaS service providers deploy industry specific or generic web browser based applications on a subscription basis, over the Internet, to multiple enterprises or employees within an enterprise using shared public/private/hybrid cloud architectures.

SaaS readiness enforces due diligence for functional fit and data strategy. It highlights support requirements and draws attention to economics of the cloud. It is evident that SaaS readiness has a potential to transform thinking on information technology and to create a service centric approach to computing within the organisation.

Functional fit due diligence begins with an understanding that SaaS applications are built on generic business concepts and the process of getting the business SaaS ready presupposes that the business processes will be subsumed to generic pre-defined processes albeit compromises. However, the SaaS typicality can be cost effective and process standardisation may bring in reshape the experience curve for the enterprise. The opportunity cost of using enterprise expertise elsewhere may far outweigh the cost of employing them in designing on premise, differentiated applications.

Due diligence for data fit ensures that the criticality of data conversions and system interfaces are not underestimated. Getting ready for SaaS may involve getting the enterprise familiar with unfamiliar challenges. SaaS tools are typically Wizards that guide the user through a task and are generic constructs. Extraction, transformation and load options may be limited and overnight conversions may present difficulties that are associated with bandwidth availabilities. However, if the enterprise is looking for integrative processes, SaaS tools are most suitable. They blend with diverse systems such as Oracle and SAP or heavy duty enterprise resource planning software.

SaaS readiness acknowledges that the benefits of SaaS are important for the organisation growth strategy. IT infrastructure abstraction is not the only reason. The enterprise can now shift the risk of software acquisition and convert IT from a reactive cost centre to a value generating catalyst of growth. They can take advantage of SaaS Continuum in exchange for a small fee that can be budgeted for as operating expenses rather than as capital investments with long run implications. It is a decision point where political, technological, financial and legal considerations come together for the betterment of the organisation.

Understanding Architecture, Management and Chargeback Issues

June 19, 2015 Damien Garvey

The what, where, when and how of the cloud are persistent questions that must be answered correctly if a cloud deployment is to be successful. But, misconceptions can be handicaps and organisations often labour under a number of misconceptions. A little understanding of cloud architectures, management and chargeback can be useful in selecting the best fit solution to their needs.

Managing and using different cloud architectures

The cloud has evolved from the convergence of a number of technologies and approaches to computing. The underlying architecture is similar to and different from existing computing models and impacts on the operational and technological approaches to network configurations and security practises. Like all computing systems operating over a network, the cloud consists of a back end [the remote server(s)] and a front end (the client computers). The connecting network is the Internet. The servers, the applications and the storage devices at the backend provide a cloud of services to the customers. Cloud computing systems that cater to multiple clients are known as “public” clouds. When an entire cloud service system is dedicated to a single client, it is known as a “private” cloud. Hybrid clouds combine features of the public and private clouds.

The client machines connect to the remote server(s) and the applications using software called an “agent”. The agent is a special kind of software, known as middleware. It enables IT Administrators monitor traffic, administer the system and set rules and regulations for access and use of the information stores available in the remote server.

“Utility computing” is the unique selling point (USP) of the cloud. Organisations signing up for cloud services agree that the cloud makes it easier for the organisation to track and measure IT expenses per business unit. Chargeback becomes simpler as it is metered like electricity on a “pay per use” basis.

Chargeback mechanisms in the cloud take into consideration two factors:

What are the resources and metrics for chargeback?
How to account for excess capacity that is supplied on the fly?
The chargeback system is built on the assumption that customers tend to use average capacity rather than large capacity and hence offering scalable services does not automatically result in extensive usage of resources. Further, cloud vendors understand that successful chargeback systems separate infrastructure costs from service costs and that shared infrastructure is a combination of fixed and variable costs in which the percentage of fixed costs will decrease as number of users increase. Pricing will consequently, be, unit tiered; bundled or pay per use.

Top Ten Reasons to Leave your Cloud Backup Service Provider – Part II

April 29, 2015 Damien Garvey

In Part I, we discussed the five reasons that would make you leave your cloud backup vendor. They included:

1/ The lack of all operating systems support, mobile device support;
2/ Too much focus on appliances;
3/ Agreements not being executed as per SLAs;
4/ Confusing pricing structures; and
5/ Treating archived data and active data same way.

Continuing on this list, the remaining five reasons are:

6/ Bandwidth – Does your vendor throttle your bandwitdth connections? Remember that it takes days and weeks to recover data from an online depositories; and your Internet connection should be fast. Your backup vendor needs to optimise their bandwidth using the latest technologies for better data transfer in your network.

7/ Data Centre Location – At least one copy of your data should always be stored far away from your primary source data. It is recommended that your secondary storage to at least be 2,000 miles away from your primary location. Does this vendor have a geo-dispersed secondary data centre?

8/ Vendor Lock – Is there flexibility for your data? Do you have the ability to backup your data in private, public, or hybrid or a combination of two or more? Is it possible to deploy a third party solution as add on, for instance, salesforce.com, Google Apps, etc?

9/ DRaaS – Disaster Recovery as a Service is not offered by this vendor due to the limitations of the software. In case of a disaster, you need to make sure that your data becomes available quickly and that you are covered for disaster recovery and business continuity. Your vendor always talks about backup and avoids discussing recovery. If DRaaS is not provided, how are you going to recover after a disaster hits? You must be able to instantly access critical data within minutes of a disaster.

10/ Periodic Research of the Vendor – Relationship stays healthy if it is monitored. You need to research about your vendor periodically. If too many complaints are published on the web, or at the local better business bureau (BBB) or at the consumer protection agency, it is a clear indication what is happening at the company. Check to see if the vendor is engaged in the industry. Does the vendor issue frequent meaningful press releases? Does it participate in forums and webinars? Does the vendor post educational blogs and articles on a regular intervals? How about case studies and whitepapers? Any social media activities?

Conclusion
Business relationships are critical for both a vendor and a client to be happy and stay in the relationship. Vendors should be responsible to delivering quality services as agreed to in the SLAs. Service providers should be able to deliver the same quality service to all clients no matter how small or big an organisation is; especially, in the case of a disaster or a virus attack. The vendor should try their best to understand the clients business needs, goals and challenges (including the IT competency levels) and work with you efficiently.

Functionality, Quality, Price—The Evaluation Parameters for the Cloud

April 10, 2015 Damien Garvey

IT budgets do not scale in proportion to IT needs. Data growth outstrips infrastructure and headcount growth. The CIO is forced to compromise.

What if the enterprise could become instantly IT enabled with very little investment in infrastructure, software or HR?

Utility computing in the cloud serves the enterprise with what they need, when they need it, through any channel and any kind of device. The technology integrates and automates the value chain, adapts easily and innovates constantly. Risk and environmental responsibilities are well orchestrated and everything is streamlined to deliver ‘best fit’ services. Functionality, quality and price are definitely attractive.

Cloud computing enhances the efficiency and functionality of the enterprise. Cloud storage systems are developed to support “on demand” utility computing models — SaaS, PaaS and IaaS — with intent to deliver IT as a service over the Internet. Users can scale up or scale down on infrastructure or space instantly and pay only for what they use. Mobile and remote computing technologies are made available for disparate parts of the business and mobile workers can synchronise their activities with that of the parent business from wherever they are. Employees can collaborate with each other or access business applications from the central server. User and usage management policies can be implemented by exploiting the functionality inbuilt into the cloud application.

Quality of service delivery is the unique selling point (USP) of cloud vendors. QOA distinguishes them from the competition and builds trust in business relationships with their customers. Cloud vendors are conscious that their services are evaluated on the basis qualitative factors, such as design and delivery of security systems, compression and de-duplication of data or speed of backup and recovery. The way the services are packaged together also makes a difference.

Economies of scale, deriving from multi-tenancy computing models, make the cloud attractive to cash strapped enterprises. The pay per use model, typical to the utility services sector enables small and medium enterprises with small budgets garner and use resources that were earlier only available to their larger brethren. Additionally, CAPEX vanishes and is replaced by OPEX. This makes it wholly attractive to managements who do not want to invest scarce resources in IT infrastructure to the detriment of other business activities.

Support services provided by the cloud shrinks IT expertise requirements within the enterprise. Hardware and software maintenance in the cloud is the responsibility of the cloud vendor. The vendor is also committed to ensuring high availability of customer information and 99.9% uptime. Responsibility for mirroring, replication, de-duplication, compression and secure storage of information is transferred to the cloud vendor. A single IT Administrator can manage the database and maintain offsite copies of the data for additional data availability.

We at Backup Technology, offer the best of the breed public, private and hybrid cloud services to our customers unfailingly. We anticipate customers’ every need and work towards providing them with the functionalities they require without compromising on quality. Our pay per use pricing model is economical and wholly affordable. For more information, please do visit our website: www.Backup-Technology.com.