Kategorie: Analysis

Kategorien
Analysis

Cloud computing requires professional, independent and trustworthy certifications

I had written about a year ago on the sense and nonsense of cloud seals, certificates, associations and initiatives. At that time I already come to the conclusion that we need trustworthy certifications. However, the German market looked rather weak and was represented alongside EuroCloud with other advocacy groups as the „Initiative Cloud Services Made in Germany“ or „Deutsche Wolke“. But there is a promising independent freshman.

Results from last year

„Cloud Services Made in Germany“ and „Deutsche Wolke“

What initiatives generally have in common is to try to steer as many providers of cloud computing services as possible in their own ranks with various promises. Especially „Cloud Services Made in Germany“ jump on the supposed quality feature Made in Germany, and promises to „more legal certainty in the selection of cloud-based services …“.

And exactly this is how „Cloud Services Made in Germany“ and „Deutsche Wolke“ position themselves. With weak criteria, both of them are very attractive for vendors from Germany, which in turn can advertise with the „stickers“ on their websites. But in the criteria nothing is discussed in any way about the real quality of a service. Is the service really a cloud service? How is the pricing model? Ensures the provider a cloud computing conformal scalability and high availability? And many more questions that are essentially important to evaluate the quality of a cloud service!

Both initiatives have in any case credentials in their form. However, they should not be used as a quality criterion for a good cloud service. Instead, they belong to the category „Patriotism: Hello World, look we Germans can also do cloud.“

EuroCloud and Cloud-EcoSystem

In addition to these two initiatives, there are the association EuroCloud and Cloud-EcoSystem, both advertise with a seal and certificate. EuroCloud has its SaaS Star Audit. The SaaS Star Audit is aimed, as the name implies, exclusively to software-as-a-service provider. Depending on the budget, the provider may be honored by one to five stars by the EuroCloud federation, but must also be a member of EuroCloud. The number of stars says something about the scope of the audit. While with one star only „contract and compliance“ and a bit „operating infrastructure“ are being checked, five stars also check processes and security intensively.

The Cloud-EcoSystem by contrast has with its „Cloud Expert“ a quality certificate for Saas & Cloud Computing consultants and with its „Trust in Cloud“ one for cloud computing providers. A „Cloud Expert“ after the definition of the Cloud-EcoSystem should offer providers and users a decision guidance. In addition to writing, creating professional articles and checklists an expert also carry out quality checks. Furthermore, a customer should be able to trust that the advisor has certain properties of criteria for „cloud experts.“ So every „cloud expert“ should have a deep understanding and basic skills, and have references available and provide its self-created documents on request. Basically, according to the Cloud-EcoSystem, it is about to shape and present the Cloud-EcoSystem.

The „Trust in cloud“ certificate should serve as guidance for companies and users and establish itself as a quality certificate for SaaS and cloud solutions. On the basis of the certificate users receive the opportunity to compare cloud solutions objectively and come to a secure decision. The certification is based on a set of 30 questions, divided into 6 categories each of 5 questions. The questions must be answered by the examinee with Yes or No and also be proved. If the cloud provider answers a question with Yes, he receives a „cloud“. The checklist includes the categories of references, data security, quality of provision, decision confidence, contract terms, service orientation and cloud architecture.

Both EuroCloud and the Cloud-EcoSystem go the right way and try to evaluate providers based on self-imposed criteria. However, in this case two points should be questioned. First, these are associations, that means as a provider you have to be a member. It is legitimately asked which association member can fail an examination – independence? Furthermore, both create their own requirements catalogs, which are not comparable. Just because a provider has a „seal of approval“ of two different associations, which evaluate according to different criteria, does not mean at all that the cloud service also provides real quality – confidentiality.

The pros get into the ring: TÜV Rheinland

Regardless of all the organizations that have come together specifically for the cloud, TÜV Rheinland has launched a cloud-certification. TÜV itself is most likely aware of the testing and acceptance of cranes, fun rides and the general inspection for the car. But also have more than 15 years of experience in the IT areas of consulting and certification with regard to compliance, risk management and information security.

The cloud-certification process is extensive and has a price. A first look at the audit process and the list of requirements shows that the TÜV Rheinland has thus developed a very powerful tool for the testing of cloud services and infrastructures.

Starting with a „Cloud-Readiness Check“ first security, interoperability, compliance and data privacy are checked for their cloud-based suitability and a plan of action is created. This is followed by the review of the „cloud design“ in which the concept and solution are examine carefully. Among others, topics such as architecture but also the network security and access controls are examined. Afterwards, the actual implementation of the cloud solution is considered and quality checks are carried out. After, the preparation of the certification follows and later the actual certification.

The cloud requirements catalogue of the TÜV Rheinland comprises five main areas, which are in turn subdivided into a number of sub-elements. This includes organizing processes, organizational structure, data security, compliance / data privacy and processes. All in all a very profound requirement catalog.

In a called reference project TÜV Rheinland requires eight weeks for the certification of an international infrastructure-as-a-service provider.

Independent and trustworthy cloud certifications are mandatory

The quality and usefulness of certificates and labels stand and fall with the companies that are responsible for auditing and their defined criteria. Weak requirements catalogs meet neither an honest statement, nor will they help to illustrate the clear differences in quality of cloud solutions for the buyer. On the contrary, IT decision-makers in doubt rely on these supposedly tested services, whose quality is another matter. In addition, in cloud computing it is not about to install a software or a service. At the end it is consumed only and the provider is responsible for all other processes that would otherwise have taken the customer himself.

For this reason, independent, trustworthy, and above all professional certifications are necessary to ensure an honest statement about the quality and property of a cloud service, its provider and all downstream processes such as security, infrastructure, availability, etc. As a provider one should be honest with themselves and at the end decide on a certification, which focuses on professional lists of criteria, not just scratch the surface but deeply immersed in the solution and thus make a credible statement about the own solution.

Kategorien
Analysis

GigaOM Analyst Webinar – The Future of Cloud in Europe [Recording]

On July 9 Jo Maitland, Jon Collins, George Anadiotis and I talked about the opportunities and challenges of the cloud in Europe and countries such as Germany or the UK, and gave an insight into the cloud computing market in Europe. The recording of the international GigaOM analyst webinar „The Future of Cloud in Europe“ is online now.

Background of the webinar

The European Commission unveiled its “pro cloud” strategy a year ago, hoping to reignite the stagnant economy through innovation. The Commissioner proclaimed boldly that the cloud must “happen not to Europe, but with Europe”. And rightly so. A year later, three GigaOM Research analysts from Europe Jo Collins (Inter Orbis), George Anadiotis (Linked Data Orchestration) and Rene Buest (New Age Disruption) – moderated by Jo Maitland (GigaOM Research) – looked at who the emerging cloud players are in the region and their edge over U.S. providers. They digged into the issues for cloud buyers in Europe and the untapped opportunities for providers. Can Europe build a vibrant cloud computing ecosystem? That’s a tough question today as U.S. cloud providers still dominant the industry.

Questions which were answered

  • What’s driving cloud opportunities and adoption in Europe?
  • What are the inhibitors to adoption of cloud in Europe?
  • Are there trends and opportunities within specific countries (UK, Germany, peripheral EU countries?)
  • Which European providers show promise and why?
  • What are the untapped opportunities for cloud in Europe?
  • Predictions for the future of cloud in Europe.

The recording of the analyst webinar

Kategorien
Analysis

Cloud computing is a good remedy against shadow IT

Cloud computing is always represented as a great promoter of shadow IT. This has still its accuracy and I also have always strongly advocated the topic. But, with the right IT strategy, shadow IT can preemptively be prevented, be controlled and even eliminated through cloud computing. This is no simple way for all involved but worthwhile.

Reasons for a shadow IT

Shadow IT is not a cloud computing phenomenon. In any larger company one or the other developer has its own server under the table or IT projects somewhere have self-installed MySQL databases, in the worst case outside the company at a hoster. Users have, as long as they have the appropriate rights to install, their own software solutions in use by which they can be more productive than with their prefixed solutions. What are the reasons for a shadow IT?

  • Employee dissatisfaction with used technologies.
  • IT technologies do not meet the desired purpose.
  • IT departments are too slow.
  • IT departments do not deliver according to the desired requirements.
  • Due to cost pressure resources are cancelled.

How a shadow IT does express?

  • Own server under the table.
  • Workstation becomes a server.
  • Use of cloud infrastructures.
  • Own credit card is used, and then charged over expenses.
  • Undeclared or approved self-installed software.
  • Use of cloud-services and -software.

How does cloud computing help?

One just have to look at the reasons of the employees to understand, why they recourse to the shadow IT. The rebels among us left aside, it’s primarily about the dissatisfaction and the helplessness of the people who want to do their work more productive. At the end of the day and regardless of the technology it is about communication and mutual understanding. That an IT department may not have the speed, such as a public cloud provider is quite normal and very easy to follow, otherwise the IT could be the provider instead of the consumer. But there are ways and means not to miss the market too fast.

  • Do not prohibit everything and be open to requests.
  • Communicate and demand of employees ideas.
  • Establish think tanks and innovation teams who drive constantly new trends in the business.
  • Offering own self-services.
  • Allowing quick access to resources similar to public cloud providers.
  • Middleware as a service portal for employees, over which access is granted to internal and external cloud services.

Cloud computing is not the non plus ultra solution for shadow IT and definitely a driver of this problem. But at the same time cloud computing can help to counteract this over the years grown phenomenon. The relevant concepts and technologies are available and need to be implemented.

A promising approach is to create an own service portal for employees, over which these get a controlled access to internal and external cloud services. This can be either used for infrastructure (virtual servers and storage) or software and platforms. The IT department becomes more and more a service broker and is able to ensure, through the use of external resources (hybrid model), that the employees can expect a high quality service. Thus, for example, a server can be provided to a developer within five minutes instead of several weeks.

Kategorien
Analysis

The cloud computing market in Germany 2013

The significance of cloud computing continues to increase in Germany. If you believe in local market researchers the interest in on-demand services continues unabated and is even increasing steadily. The same can be said for the vendor side. Periodically, new services or even providers appear on the market. In particular, the software-as-a-service (SaaS) market is enjoying growing popularity in Germany. Infrastructure-as-a-service (IaaS) providers are similarly well represented, but should not make the same mistakes as their international competitors. For platform-as-a-service (PaaS) provider is still enough space.

Cloud demand in Germany with steady growth

Believing in the figures from market researcher Techconsult, already a third of smaller German companies use cloud solutions. The greatest demand is there from the mittelstand preferred from trade, banking and insurance industry. Large corporations and medium-sized companies are among the leaders in the use, but also the small ones catching up rapidly. In the last year, only eight percent of small-and medium-sized companies planned to use cloud solutions, this year it’s already 24 percent .

29 percent of companies in the trade industrie are interested in cloud computing. This is an increase by 21 percent compared to last year. In service industries every fourth company relies on cloud services, on-year increase of over ten percent. The biggest interest comes from the field of banking and insurance. 33 percent of the companies in these industries rely therefore on cloud technologies, although the cloud was considered in the previous year rather skeptical.

Conferences show a similar behavior

At the first Amazon Web Services Summit in 2010 in the Berlin Kalkscheune manageable 150 participants could be counted. Meanwhile, Amazon has moved to the Berlin Conference Center, reaching 1,500 participants, so many that monitors had to be placed outside. The situation is similar with Salesforce. The as a SaaS CRM provider well known company welcomed at this year’s Customer Company Tour 13 up to 1,800 visitors, according to their own account.

Compared to the masses, that regularly rush on American conferences these numbers are rather Peanuts. In Germany, however, very good odds.

Distribution of the cloud computing provider in Germany

What the examples of Amazon and Salesforce show: Both companies are cloud service providers and do not trade with virtual resources. Even if Amazon was the first IaaS provider on the market and is considered as a prime example, it is about the web services around the infrastructure that provide the customers with the actual value. It’s the same with Salesforce. Started as a hybrid of SaaS and PaaS provider, the CRM vendor directed its platform to the future and topics such as The Internet of Things.

In the two points above, most of the German cloud providers stumble. The IaaS market in Germany is highly developed. In addition to many subsidiaries of international companies more and more vendors from Germany are looking for their place in this cloud segment. However, all rely on the same strategy and make the same mistake as many international vendors to gain IaaS market share. First, they focus exclusively on virtual resources (computing power, storage space) and provide no added value services around it, see Amazon AWS. Second, corporate customers are addressed exclusively. Developers are not be considered. From a financial perspective this is attractive, but means that developers must inevitably avoid to U.S. based providers, as there are no similar German but also European alternatives.

The largest cloud market in Germany is provided by the SaaS provider. Here, many famous IT players attend but also increasingly young companies with innovative ideas. SaaS offerings are primarily driven by market places from major service providers such as Deutsche Telekom or Fujitsu. Both collect, for them, high-quality services under one roof and provide an assorted offer, companies can choose from. A special characteristic of many German SaaS solutions is the fact that they take care of the construction of the necessary cloud infrastructure and consciously set on a German data center. Issues such as the future security of their own solution and trust by the customer are the main decision criteria.

The market for PaaS provider is still very open. The number of providers that are launched directly from Germany, can be counted on one hand and is very manageable. Moreover, two out of three set on IaaS offers from U.S. provider. In addition to some international competitors, here are still opportunities for a PaaS, which is operated directly in Germany. However, the large (German/ European) IaaS providers are asked to give young entrepreneurs and developers the ability to develop such a solution faster.

Germany is on a good way to the cloud

At the end of the day it can be said, that the German cloud computing market has a well balanced ratio of XaaS solutions. However, there is still some potential left behind by not addressing the important group of startups and developers with appropriate services for them, and this therefore having to avoid to overseas provider.

The distinguished figures in terms of cloud adoption in Germany show that the confidence in the provider is growing steadily and the understanding for the value of cloud services has reached. But it also shows that the providers have worked on themselves and are willing to eliminate the concerns and criticisms of their potential customers.

Kategorien
Analysis

Survey: Your trust in the Cloud. Europe is the safe haven. End-to-end encryption creates trust.

After the revelations about PRISM I had started a small anonymous survey on the current confidence in the cloud, to see how the scandal has changed on the personal relationship to the cloud. The significance of the result is more or less a success. The participation was anything but representative. With at least 1499 visits the interest in the survey was relatively large. A participation of 53 attendees is then rather sobering. Thus, the survey is not representative, but at least shows a trend. In this context I would like to thank Open-Xchange and Marlon Wurmitzer of GigaOM for the support.

The survey

The survey consisted of nine questions and was publicly hosted on twtpoll. It exclusively asked questions about trust in the cloud and how this can possibly be strengthened. In addition, the intermediate results were publicly available at each time. The survey was distributed in German and English speaking countries on the social networks (Twitter, Facebook, Google Plus) and the business networks XING and LinkedIn because this issue affects not a specific target audience, but has an impact on all of us. This led on twtpoll to 1,442 views across the web and 57 views of mobile devices and ended with 53 respondents.

The survey should not be considered as representative for this reason, but shows a tendency.

The survey results

Despite the PRISM scandal the confidence in the cloud is still present. 42 percent continue to have a high confidence, 8 percent even a very high level of confidence. For 15 percent the confidence in the cloud is very low; 21 percent appreciate the confidence is low. Another 15 percent are neutral towards the cloud.

The confidence in the current cloud provider is balanced. 30 percent of respondents still have a high level of confidence, 19 percent even a very high level of trust in their providers. This compares to 15 percent each, which have a low or very low confidence. 21 percent are undecided.

The impact on the confidence in the cloud by PRISM leads to no surprise. Only 9 percent see no affect for them; 8 percent a little. 32 percent are neutral. However, 38 percent of the participants are strongly influenced by the PRISM revelations and 13 percent most intensive.

62 percent of the participants used services of cloud provider, which are accused of supporting PRISM. 38 percent are at other providers.

As to be expected, PRISM has also affected the reputation of the cloud provider. For 36 percent the revelations have strongly influenced the confidence, for 13 percent even very strong. However, even 32 percent are neutral. For 11 percent the revelations have only a slight influence. For 8 percent is no influence at all.

Despite of PRISM 58 percent want to continue to use cloud services. 42 percent have already played with the idea to leave the cloud due to the incidents.

A clear sign goes to the provider when it comes to the topic of openness. 43 percent (very high) and 26 percent (high) expect an unconditional openness of the cloud provider. 25 percent are undecided. For only 2 percent (low) and 4 percent (very low) it does not matter.

74 percent see in a 100 percent end-to-end encryption the ability to increase confidence in the cloud. 26 percent think it as no potential.

The question of the most secure/ trusted region revealed no surprises. With 92 percent Europe counts after the PRISM revelations as the top region in the world. Africa received 4 percent, North America and Asia-Pacific each 2 percent. For South America was not voted.

Comment

Even if the revelations about PRISM to cause indignation at the first moment and still continue to provide for uncertainty, the economic life must go on. The tendency of the survey shows that confidence in the cloud has not suffered too much. But at this point it must be said: Cling together, swing together! We all have not precipitate into the cloud ruin overnight. The crux is that the world is increasingly interconnected using cloud technologies and the cloud thus serves as a focal point of modern communications and collaboration infrastructure.

For that reason we can not go back many steps. A hardliner might naturally terminate all digital and analog communication with immediate effect. Whether that is promising is doubtful, because the dependency has become too large and the modern corporate existence is determined by the digital communication.

The sometimes high number of neutral responses to the trust may have to do with that we all has always played the thought in the subconscious, that we are observed in our communication. Due to the current revelations we have it now in black and white. The extent of surveillance, meanwhile also of the disclosure of TEMPORA by the British Secret Service, has surprised. Related to TEMPORA, hence the survey result for Europe as a trusted region is disputable. But against surveillance at strategic intersections in the internetalso the cloud providers themselves are powerless.

Bottom line the economic-(life) has to go on. But at all the revelations one can see, that we can not rely on governments, from which regulations and securities are repeatedly required. On the contrary, even these have evinced interest to read data along. And one we must always bear in mind again. How should laws and rules help, when they are broken again and again by the highest authority.

Companies and users must therefore now assume more responsibility, take the reins in their hands, and provide the broadest sense for their desired security (end-to-end encryption) itself. Numerous solutions from the open source but also from the professional sector help to achieve the objectives. Provider of cloud and IT solutions are now challenged to show more openness as they may want to do.

Graphics on the survey results

1. How is your current trust in the cloud in general?

2. How is your current trust in the cloud provider of your choice?

3. How does the PRISM uncoverings influence your trust in the cloud?

4. Is your current cloud provider one of the accused?

5. How does the PRISM uncoverings influence your trust in the cloud provider of your choice?

6. Did you already think about to leave the cloud e.g. your cloud provider due to the PRISM uncoverings?

7. How important is the unconditional openness of your provider in times of PRISM and surveillance?

8. Do you think a 100% end-to-end encryption without any access and other opportunities of third parties can strengthen the trust?

9. In your mind which world region is the safest/ trustworthiest to store data in?

Kategorien
Analysis

How to protect a companies data from surveillance in the cloud?

With PRISM the U.S. government has further increased the uncertainty among Internet users and companies, and therefore strengthened the loss of confidence in U.S. vendors enormously. After the Patriot Act, which was often cited as the main argument against the use of cloud solutions from US-based providers, the surveillance by the NSA be the final straw. From a business perspective, under these present circumstances, the decision can only be to opt out of a cloud provider in the United States, even if it has a subsidiary with a location and a data center in Europe or Germany. That I already pointed out in this article. Nevertheless, the economic life must go on, which can also work with the cloud. However, here is a need for pay attention to the technical security, which is discussed in this article.

Affected parties

This whole issue is not necessarily just for companies but for every user of actively communicating in the cloud and shares and synchronized its data. Although the issue of data protection can not be neglected in this context. For companies it is usually still more at stake when internal company information is intercepted or voice and video communication is observed. At this point it must be mentioned that this has nothing to do primarily with the cloud. Data communication was operated long before cloud infrastructures and services. However, the cloud leads to an increasingly interconnection, and act as a focal point of modern communications and collaboration infrastructure in the future.

The current security situation

The PRISM scandal shows the full extent of the possibilities that allows U.S. security agencies, unimpeded and regardlessly access the global data communication. For this, the U.S. government officially use the „National Security Letter (NSL)“ of the U.S. Patriot Act and the „Foreign Intelligence Surveillance Act (FISA).“ Due to these anti-terror laws, the U.S. vendor firms and their subsidiaries abroad are obliged to provide further details about requested information.

As part of the PRISM revelations it is also speculated about supposed interfaces, „copy-rooms“ or backdoors at the providers with which third parties can directly and freely tap the data. However, the provider opposed this vehemently.

U.S. vendors. I’m good, thanks?

While choosing a cloud provider* different segments are considered that can be roughly divided into technical and organizational areas. In this case the technical area is reflecting the technical security and the organizational the legal security.

The organizational security is to be treated with caution. The Patriot Act opens the U.S. security agencies legally the doors if there is a suspected case. How far this remains within the legal framework, meanwhile many to doubt. At this point, trust is essential.

Technologically the data centers of cloud providers can be classified as safe. The effort and investment which are operated by the vendors cannot be provide by a normal company. But again, 100% safety can never be guaranteed. If possible, the user should also use its own security mechanisms. Furthermore, the rumors about government hits by the NSA should not be ignored.

About two U.S. phone companies confirmed reports are circulating that are talking about direct access to the communication by the NSA and strong saved rooms that are equipped with modern surveillance technologies. In this context, the provider of on-premise IT solutions should also be considered how far these are undermined.

From both terms and the current security situation, U.S. vendors should be treated with caution. This also applies to its subsidiaries in the EU. After all, they are even not able to meet at least the necessary legal safety.

But even the German secret service should not be ignored. Recent reports indicate that the „Federal Intelligence Service (BND)“ will also massively expand the surveillance of the internet. This amounts to a budget of 100 million Euro, of which the federal government already released five million EUR. Compared to the NSA, the BND will not store the complete data traffic on the Internet, but only check for certain suspicious content. For this purpose he may read along up to 20 percent of the communication data between Germany and abroad, according to the G 10 Act.

Hardliners have to adjust all digital and analog communication immediately. But this will not work, because the dependency has become too large and the modern business life is determined by the communication. Therefore, despite surveillance, other legal ways must be found to ensure secure communication and data transmission.

* In this context a cloud provider can be a service provider or a provider of private cloud or IT hardware and software solutions.

Requirements for secure cloud services and IT solutions

First, it must be clearly stated that there is no universal remedy. The risk shall be made ​​by the user, who is not aware of the dangerous situation or who has stolen corporate data on purpose. Regardless of this, the PRISM findings lead to a new safety assessment in the IT sector. And it is hoped that this also increases the security awareness of users.

Companies can obtain support from cloud services and IT solutions, which have made ​​the issue of an unconditional security to be part of their leitmotif from the beginning. Under present circumstances these providers should preferred be from Europe or Germany.

Even if there are already first reports of implications and influences by the U.S. government and U.S. providers to the European Commission, which have prevented an „Anti-FISA“ clause in the EU data protection reform, exist no similar laws such as the U.S. Patriot Act, or FISA in Europe.

Therefore also European and German IT vendors, which are not subject to the Patriot Act and not infiltrated by the state, can help U.S. users to operate their secure data communication.

Criteria for vendor selection

On the subject of security it is always about trust. This trust a provider only achieved through openness, by giving its customers a technologically look in the cards. IT vendors are often in the criticism to be sealed and do not provide information on their proprietary security protocols. This is partly because there are also provider willing to talk about it and make no secret. Thus, it is important to find this kind of provider.

In addition to the subjective issue of trust, it is in particular the implemented security, which plays a very important role. Here it should be ensured that the provider uses current encryption mechanisms. This includes:

  • Advanced Encryption Standard – AES 256 to encrypt the data.
  • Diffie-Hellman und RSA 3072 for key exchange.
  • Message Digest 5/6 – MD5/MD6 for the hash function.

Furthermore, the importance of end-to-end encryption of all communication takes is getting stronger. This means that the whole process, which a user passes through the solution, is encrypted continuously from the beginning to the end. This includes inter alia:

  • The user registration
  • The Login
  • The data transfer (send/receive)
  • Transfer of key pairs (public/private key)
  • The storage location on the server
  • The storage location on the local device
  • The session while a document is edited

In this context it is very important to understand that the private key which is used to access the data and the system only may exclusively be owned by the user. And is only stored encrypted on the local system of the user. The vendor may have no ways to restore this private key and never get access to the stored data. Caution: There are cloud storage provider that can restore both the private key, as can also obtain access to the data of the user.

Furthermore, there are vendor which discuss the control over the own data. This is indeed true. However, sooner or later it is inevitably to communicate externally and then a hard end-to-end encryption is essential.

Management advisory

In this context, I would like to mention TeamDrive, which I have analyzed recently. The German file sharing and synchronization solution for businesses is awarded with the Data Protection Seal of the „Independent Centre for Privacy Protection Schleswig-Holstein (ULD)“ and is a Gartner „Cool Vendor in Privacy“ 2013. From time to time TeamDrive is described as proprietary and closed in the media. I can not confirm this. For my analysis TeamDrive willingly gave me extensive information (partly under NDA). Even the self developed protocol will be disclosed on request for an audit.

More information on selecting a secure share, sync and collaboration solution

I want to point out my security comparison between TeamDrive and ownCloud, in which I compared both security architectures. The comparison also provides further clues to consider when choosing a secure share, sync and collaboration solution.

Kategorien
Analysis

Survey: How is your current trust in the cloud?

After the revelations on PRISM I have started a small anonymous survey to see what is the current situation with the confidence in the cloud and how the scandal has changed on the personal relationship to the cloud.

The questions

  • How is your current trust in the cloud in general?
  • How is your current trust in the cloud provider of your choice?
  • How does the PRISM uncoverings influence your trust in the cloud?
  • Is your current cloud provider one of the accused?
  • How does the PRISM uncoverings influence your trust in the cloud provider of your choice?
  • Did you already think about to leave the cloud e.g. your cloud provider due to the PRISM uncoverings?
  • How important is the unconditional openness of your provider in times of PRISM and surveillance?
  • Do you think a 100% end-to-end encryption without any access and other opportunities of third parties can strengthen the trust?
  • In your mind which world region is the safest/ trustworthiest to store data in?

To participate in the survey please choose this way:

Your trust in the Cloud! – After the PRISM uncoverings how is your trust in the cloud?

Kategorien
Analysis

Google Compute Engine: Google is officially in the game

Google officially gets in the battle for market share in the infrastrucuture-as-a-service (IaaS) area. What was only determined for a selected group of customers starting one year ago, the company from Mountain View has now made available for the general public as part of the Google I/O 2013. It’s about their cloud computing offering, Google Compute Engine (GCE).

News about the Google Compute Engine

With App Engine, BigQuery and Cloud Storage, Google has steadily expanded its cloud portfolio since 2008. What was missing was an infrastructure-as-a-service solution that can be used as needed to start virtual machines. The Google Compute Engine (GCE) released Google to its I/O 2012 in a closed beta, to use virtual machines (VM) with the Linux operating system on the Google infrastructure, which is also used by Gmail and other services.

Together with the Google I/O 2013, the GCE has now reached the general availability. Furthermore, Google has launched the Cloud Datastore, a by Google fully managed NoSQL database for non-relational data. Independent from the GCE the service provides automatic scalability, ACID transactions, and SQL-like queries and indexes. In addition, there is a limited preview of the PHP programming language for App Engine. With that Google wants to address developers and users of open source applications such as WordPress. Beyond that, the integration has been improved with other parts of the cloud platform such as Cloud SQL and Cloud Storage. Further, Google looks at the feedback of its users, that it should be possible to develop simple modularized applications on the App Engine. In response, it is now possible to partition applications into individual components. Each with its own scaling, deployment, versioning and performance setting.

More news

Other major announcements include more granular billing, new instance types as well as an ISO 27001 certification:

  • Granular billing: Each instance type is now billed per minute, where 10 minutes will be charged at least.
  • New instance types: There are new micro and small instance types that are meant to process smaller workloads inexpensive and require little processing power.
  • More space: The size of the „Persistent Disks“, which can be connected to a virtual instance have been extended up to 8.000 percent. This means that now a persistent disk can be attached with a size of up to 10 terabytes to a virtual machine within the Compute Engine.
  • Advanced routing: The Compute Engine now supports based on Google’s own SDN (Software Defined Network) opportunities for software-defined routing. With that instances can act as gateways and VPN server. In addition it can be use to develop applications so that they run in the own local network and in the Google cloud.
  • ISO 27001 certification: The Compute Engine, App Engine and Cloud Storage are fully certified with ISO 27001:2005.

Developer: Google vs. Amazon vs. Microsoft

First, the biggest announcement for the Google Compute Engine (GCE) is its general availability. In recent months, the GCE was held up by every news as THE Amazon killer, although it was still in a closed beta, and thus there was no comparison at eye level. The true time reckoning begins now.

Many promise from the GCE that Google creates a real competitor to Amazon Web Services. The fact is that the Google Compute Engine is an IaaS offering and Google due to its core business, have the expertise to build highly scalable infrastructures and to operate them highly available. The Google App Engine also shows that Google knows how to address developers, even if the market narrows here with increasingly attractive alternatives.

A lack of diversification

Having a look at the compute engine, we see instances, storage, and services for the storing and processing of structured and unstructured data (Big Query, SQL Cloud and Cloud Datastore). Whoever sees Google as THE Amazon killer from this point, should scale down its expectations once a little. Amazon has a very diversified portfolio of cloud services that enables to use the Amazon cloud infrastructure. Google needs to tie in with it, but this should not be too difficult, since many Google services are already available. A look at the services of Amazon AWS and the Google Cloud Platform is worthwhile for this reason.

Hybrid operation for applications

Google may not be underestimated in any case. On the contrary, from a first performance comparison between the Google and Amazon cloud, Google emerged as the winner. This lies inter alia in the technologies that Google is constantly improving, and on its global high-performance network. What is particularly striking, Google now offers the possibility to develop applications for a hybrid operation in the own data center and for the Google cloud. This is an unexpected step, since Google have been rather the motto „cloud only“. However, Google has been struggling lately with technical failures similar to Amazon, which does not contribute to the strengthening of trust in Google.

A potshot is the new pricing model. Instances are now charged per minute (at least 10 minutes of use). Amazon and Microsoft still charge their instances per hour. Whether the extension of the „Persistent Disks“ up to 10 terabytes will contribute a diversification we will see. Amazon is also under developers regarded as the pioneer among IaaS providers, which will make it not easier for Google to gain market share in this segment. In addition, Google may assume that, next to ordinary users, developers also do not want to play Google’s „service on / off“ games.

Amazon and Microsoft are already one step ahead

Where Google with its SaaS solution Google Apps massively tries to penetrate corporate customers for quite some time, the Compute Engine is aimed primarily at developers. Amazon and Microsoft have also begun in this customer segment, but long since begun to make their infrastructures respectively platforms attractive for enterprise customers. Here is still much work for Google, if this customer segment is to be developed, which is inevitably. However, in this area it is about much more than just technology, but about creating trust and to consider organizational issues (data protection, contracts, SLAs, etc.) as valuable.

Google’s problem: volatility

No doubt, Google is by far the most innovative company on our planet. But equally the most volatile and data hungriest. This also developers and especially companies both observed and should ask the question how future-proof the Google cloud portfolio is. If the compute engine is a success, don’t worry about it! But what if it is for Google(!) a non-seller. One remembers the Google Reader, whose user numbers were not sufficient enough for Google. In addition, the compute engine has another KPI, revenue! What does Google do when it’s no longer economic?

Kategorien
Analysis

Rackspace differentiated its IaaS cloud offering with a higher-value support

Rackspace currently does everything it can to fight for market share in the infrastructure-as-a-service (IaaS) area against the Amazon Web Services. After the poor results in Q1/2013 no easy task. As the driving wheel behind the OpenStack movement, the former managed hosting provider attempts to anchor the topic of open source in the cloud and marketed OpenStack as the Linux of the cloud. But Rackspace challenge is not only to prepare well against Amazon. Even from within its own OpenStack rows more and more competitors grow up, all offering the same technology, API and services based on OpenStack. Be mentioned here only big names like HP, IBM and Red Hat. Due to this very similar range of services – what is a homemade problem – it is difficult for Rackspace to differentiate from the competition, on the one hand, the seemingly all-powerful Amazon Web Services, but also Windows Azure and Google, on the other hand the own OpenStack camp. Rackspace now seems to focus on his well-tried and true strengths, their „Fanatical Support“ and wants to help businesses and developers intensively in the use of the Rackspace cloud services.

Help on the way to the cloud

Even as a simple managed hosting provider Rackspace has help its customers with infrastructure management. For its OpenStack based cloud-platform the standard support has now been extended. Customers will now also receive support at the application level including debugging of the application that runs on the Rackspace cloud. This means that the interaction with the customer to be significantly enhanced by not only advice the basics, but even developer-specific know-how. It even goes so far that Rackspace engineers analyze the source code of the application on request and make suggestions for an effective use on the Rackspace cloud and in particular with the Rackspace APIs and SDKs, or even help during the complete development. For developers it should be made easier to understand how their own native application works on the Rackspace cloud and OpenStack.

Support as diversification

Now you may think: Support as diversification? In times of self-service and automation in the cloud? Yes exactly, that’s not so far-fetched and not an unwise move. Necessity is the mother of invention. Rackspace has always placed much emphasis on its support, and enjoys an excellent reputation.

Furthermore, one should remember that, despite the fact of self-service and the associated terms of easy receiving resources to build a virtual infrastructure respectively to develop an own cloud-enabled application, cloud computing is not easy! I have recently described that in the article „Cloud Computing ist not simple!“ and named Netflix as a very positive example. There are just a few user-companies that have permeated cloud computing such as Netflix who have written with their Simian Army like the Chaos Monkey or the Chaos Gorilla test software for a scalable and highly available operation in the cloud. However, if one looks what huge efforts Netflix makes, which are also associated with costs, cloud computing is not something to take lightly, if you want to use it seriously.

For this reason, it is a logical and for me right step by Rackspace to expand their support and help where it matters in the cloud, the scalable and available development of applications that take into account of the characteristics of the cloud. Whether that is enough to catch up Amazon with big steps I dare to doubt. But within the providers that also rely on OpenStack, it is a good way to differentiate themselves from the competition.

Kategorien
Analysis

Enterprise Cloud Portal: T-Systems consolidates its cloud portfolio

With its Enterprise Cloud Portal German Telekom subsidiary T-Systems presents its first cloud service-wide offering for corporate customers. On the portal, companies can inform about the cloud solutions from T-Systems, test them and order directly. The currently offered services include solutions for mobile device management, Dynamic Services for Infrastructure and the Enterprise Marketplace. A look at the site shows that great emphasis was placed on the compatibility with tablets.

Past the IT department

With its cloud portal T-Systems want to enable also non-technical users in large companies to access specific cloud solutions. The cloud provider refers to a study by Gartner, which says that up to 2015, about 35 percent of IT spending are selected and managed outside the IT department. Be mentioned here, for example, marketing, purchasing and accounting.

Mobile Device Management

The mobile device management from the cloud should help businesses in the administration of mobile devices with different operating systems, such as iOS and Android via a standardized web platform. In addition to security settings, control access rights to functions and applications can be made. In case of loss of the device, the data can be deleted remotely. A test of the mobile device management is free for the first four weeks for up to three mobile devices.

Dynamic Services for Infrastructure

For infrastructure-as-a-service (IaaS) two offerings are ready: On the one hand, the „Dynamic Services for Infrastructure“ (DSI) from a hosted private cloud. Secondly, the „DSI with vCloud Datacenter Services“ as a hybrid variant. The management of the resources does the client itself via a web-based portal or using its own VMware management software. Clear pricing models to make the cost of the infrastructure transparent. Thus, for example, a server from the hosted private cloud costs from 9 cents per hour in the package „Small“. For the hybrid solution the package price for a virtual data center in the smallest version is exactly at 999,84€ per month.

Enterprise Marketplace

The Enterprise Market Place includes, among other things, further IaaS solutions including operating systems for Linux and Windows Server, platform-as-a-service (PaaS) solutions, including Tomcat and Microsoft SQL Server as well as a growing number of software-as-a-service (SaaS) offerings like Doculife, CA Nimsoft TAXOR, TIS, WeSustain, Metasonic, ARAS, Tibco Tibbr, Sugar CRM, Microsoft Enterprise Search and Microsoft Lync. In addition, companies should therefore be given the opportunity to apply a variety of applications highly safe in need-based formats, but also can migrate to host their own applications. The full availability of the Enterprise Market Place is planned for this summer. Currently, there is already a preview on the cloud portal.

Comment

With the Enterprise Cloud Portal T-Systems summarizes his entire cloud portfolio together under one umbrella. I had analyzed „The cloud portfolio of T-Systems“ in an article for the German Computerwoche in 2011. At that time the offering was made of single and independent services. However, already at that time I came to the conclusion that T-Systems has a very well sophisticated and well-rounded cloud portfolio. This can be seen now in the consolidated Enterprise Cloud Portal. From SaaS over PaaS to IaaS and other solutions for mobile devices can be found. With it T-Systems is one of the few providers that have a full cloud stack and which is now even bundled into a single portal.

Especially in the Enterprise Marketplace is a lot potential. At this year’s CeBIT, I could take a first look at it which was in my opinion at this time still in an alpha state. Some basic and necessary essential functions for an IaaS offering, automatic scalability and high-availability may be mentioned only, were still missing. But that was in March and I’m assuming that T-Systems has already made ​​more progress here. In addition, I have already heard from a reputable source, that T-Systems/ Telekom will gradually change their cloud infrastructure to OpenStack, which will also give the Enterprise Market Place another boost in compatibility.

Where T-Systems sees an advantage for non-technical users in enterprises, should cause worry lines for IT managers. Indeed, I am also of the opinion that the IT department will become and even need to be a service broker. However, I think it is quite questionable if each department can simply run off and buy IT services externally as desired. Certainly, the blame lies with the IT departments themselves because they have built up a bad reputation over the years and are considered as slow and not innovative. I have philosophized about it here two years ago in detail (cloud computing and the shadow IT).

A certain supervisory authority in the form of a service broker is still necessary, because otherwise it is an uncontrolled proliferation of external services about which one will lose track. This can be controlled, of course, if one obtains the services from a single provider. And that is exactly the goal of T-Systems and its extensive Enterprise Cloud Portal. A customer should explicitly and across departments, refer the services from the T-Systems Cloud in order to avoid sprawl and to keep track. The question is whether this can be set internally by the customers that way. Because there are plenty of other services in the sea.

In the end I would like to address a topic that is currently causing a stir in the end customer market, but offers corporate customers a great advantage. The end-to-end offering of services. T-Systems is due to its situation, to be a subsidiary of Deutsche Telekom, one of the few cloud providers who can offer a service level from the services at application level or even virtual machine level in the data center, including the data line. This enables customers to maintain a continuous Quality-of-Service (QoS) and a comprehensive Service Level Agreement (SLA), which many other cloud providers can not afford.