Welcome!

@CloudExpo Authors: Pat Romanski, Zakia Bouachraoui, Yeshim Deniz, Liz McMillan, Jason Bloomberg

Related Topics: @CloudExpo, Java IoT

@CloudExpo: Blog Post

Choosing Your Cloud Vendor

Questions impacting your service deployment

Expanding on the " introduction to cloud computing" article, here are some additional suggestions for choosing  a cloud service model  provider.

In a typical Cloud Computing data centre, an application set will generally be hosted over Virtual Machines running on a large number of Physical Machines
.

Total Cost of Ownership (TCO) is a definite factor when considering a move for some enterprise services into the cloud. There are certainly arguments both for and against the merits, especially when considering the impact of risk on an enterprise that choses to transfer risk with the adoption of a cloud service.

However as a customer you should ensure resources are in place to safeguard the maintenance and management of your identity management and authentication systems. Keep in mind that in the dynamic cloud computing environment traditional security practices may not fully apply and when designing your service/s for deployment in the cloud.

As customers you need to be clear that for every anticipated gain from such a deployment you will be giving up something else e.g.change in security metrics and loss of control of resources.

When drafting your Service Level Agreement (SLA) ensure that the provider explains items such as, their facilities to include business continuity plans, backup facilities, rack space, power, cooling, networking, physical security, logical security, (everything transferred to the cloud should be secured to the same level as you would implement at your enterprise to secure your applications in their Demilitarized Zone (DMZ)).

Conversely, be clear on the fact that once in the cloud any sort of communication that is not locked into your known and configured security processes is subject to being intercepted and/or compromised - a worse case sceanario, of course; but  IT risk management should be about preparing for the worst case sceanario.

With a cloud engagement you need to ensure that there are no conflicts between your security policies and protocols and that of the cloud vendor. A good rule of thumb is to look at how the cloud vendor will monitor systems, implement and configure firewall rules, anti-virus, intrusion detection/intrusion prevention systems and their protocol for log collection as well as packet filtering.

Bear  in mind that with the cloud there must be more of a focus on defining means to securing your services residing within this environment rather than an overt concern over network security.

So summarising some questions that should be resolved are:

  • 1) Does the vendor's implemented design meet your services requirements seamlessly?
  • 2) Will the cost of the cloud service be flexible and decrease over time and implementation?
  • 3) Does the cloud vendor's Business Continuity planning meet your Business Continuity requirements?
  • 4) Will your Cloud Computing vendor be able to provide an audit trail of all user activities within your cloud space? With respect to this question enterprise management may opt not to have audit teams deployed to each cloud vendor they may contract with simply because that is not economically healthy for enterprise operating revenues.
  • 5) How strong are their service and support platforms as well as company financial longevity?

More Stories By Jon Shende

Jon RG Shende is an executive with over 18 years of industry experience. He commenced his career, in the medical arena, then moved into the Oil and Gas environment where he was introduced to SCADA and network technologies,also becoming certified in Industrial Pump and Valve repairs. Jon gained global experience over his career working within several verticals to include pharma, medical sales and marketing services as well as within the technology services environment, eventually becoming the youngest VP of an international enterprise. He is a graduate of the University of Oxford, holds a Masters certificate in Business Administration, as well as an MSc in IT Security, specializing in Computer Crime and Forensics with a thesis on security in the Cloud. Jon, well versed with the technology startup and mid sized venture ecosystems, has contributed at the C and Senior Director level for former clients. As an IT Security Executive, Jon has experience with Virtualization,Strategy, Governance,Risk Management, Continuity and Compliance. He was an early adopter of web-services, web-based tools and successfully beta tested a remote assistance and support software for a major telecom. Within the realm of sales, marketing and business development, Jon earned commendations for turnaround strategies within the services and pharma industry. For one pharma contract he was responsibe for bringing low performing districts up to number 1 rankings for consecutive quarters; as well as outperforming quotas from 125% up to 314%. Part of this was achieved by working closely with sales and marketing teams to ensure message and product placement were on point. Professionally he is a Fellow of the BCS Chartered Institute for IT, an HITRUST Certified CSF Practitioner and holds the CITP and CRISC certifications.Jon Shende currently works as a Senior Director for a CSP. A recognised thought Leader, Jon has been invited to speak for the SANs Institute, has spoken at Cloud Expo in New York as well as sat on a panel at Cloud Expo Santa Clara, and has been an Ernst and Young CPE conference speaker. His personal blog is located at http://jonshende.blogspot.com/view/magazine "We are what we repeatedly do. Excellence, therefore, is not an act, but a habit."

CloudEXPO Stories
Headquartered in Plainsboro, NJ, Synametrics Technologies has provided IT professionals and computer systems developers since 1997. Based on the success of their initial product offerings (WinSQL and DeltaCopy), the company continues to create and hone innovative products that help its customers get more from their computer applications, databases and infrastructure. To date, over one million users around the world have chosen Synametrics solutions to help power their accelerated business or personal computing needs.
All in Mobile is a place where we continually maximize their impact by fostering understanding, empathy, insights, creativity and joy. They believe that a truly useful and desirable mobile app doesn't need the brightest idea or the most advanced technology. A great product begins with understanding people. It's easy to think that customers will love your app, but can you justify it? They make sure your final app is something that users truly want and need. The only way to do this is by researching target group and involving users in the designing process.
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to advisory roles at startups. He has worked extensively on monetization, SAAS, IoT, ecosystems, partnerships and accelerating growth in new business initiatives.
Whenever a new technology hits the high points of hype, everyone starts talking about it like it will solve all their business problems. Blockchain is one of those technologies. According to Gartner's latest report on the hype cycle of emerging technologies, blockchain has just passed the peak of their hype cycle curve. If you read the news articles about it, one would think it has taken over the technology world. No disruptive technology is without its challenges and potential impediments that frequently get lost in the hype. The panel will discuss their perspective on what they see as they key challenges and/or impediments to adoption, and how they see those issues could be resolved or mitigated.
Lori MacVittie is a subject matter expert on emerging technology responsible for outbound evangelism across F5's entire product suite. MacVittie has extensive development and technical architecture experience in both high-tech and enterprise organizations, in addition to network and systems administration expertise. Prior to joining F5, MacVittie was an award-winning technology editor at Network Computing Magazine where she evaluated and tested application-focused technologies including app security and encryption-related solutions. She holds a B.S. in Information and Computing Science from the University of Wisconsin at Green Bay, and an M.S. in Computer Science from Nova Southeastern University, and is an O'Reilly author.