Welcome!

@CloudExpo Authors: Elizabeth White, Yeshim Deniz, Zakia Bouachraoui, Pat Romanski, Liz McMillan

Related Topics: @CloudExpo, Java IoT

@CloudExpo: Blog Post

Choosing Your Cloud Vendor

Questions impacting your service deployment

Expanding on the " introduction to cloud computing" article, here are some additional suggestions for choosing  a cloud service model  provider.

In a typical Cloud Computing data centre, an application set will generally be hosted over Virtual Machines running on a large number of Physical Machines
.

Total Cost of Ownership (TCO) is a definite factor when considering a move for some enterprise services into the cloud. There are certainly arguments both for and against the merits, especially when considering the impact of risk on an enterprise that choses to transfer risk with the adoption of a cloud service.

However as a customer you should ensure resources are in place to safeguard the maintenance and management of your identity management and authentication systems. Keep in mind that in the dynamic cloud computing environment traditional security practices may not fully apply and when designing your service/s for deployment in the cloud.

As customers you need to be clear that for every anticipated gain from such a deployment you will be giving up something else e.g.change in security metrics and loss of control of resources.

When drafting your Service Level Agreement (SLA) ensure that the provider explains items such as, their facilities to include business continuity plans, backup facilities, rack space, power, cooling, networking, physical security, logical security, (everything transferred to the cloud should be secured to the same level as you would implement at your enterprise to secure your applications in their Demilitarized Zone (DMZ)).

Conversely, be clear on the fact that once in the cloud any sort of communication that is not locked into your known and configured security processes is subject to being intercepted and/or compromised - a worse case sceanario, of course; but  IT risk management should be about preparing for the worst case sceanario.

With a cloud engagement you need to ensure that there are no conflicts between your security policies and protocols and that of the cloud vendor. A good rule of thumb is to look at how the cloud vendor will monitor systems, implement and configure firewall rules, anti-virus, intrusion detection/intrusion prevention systems and their protocol for log collection as well as packet filtering.

Bear  in mind that with the cloud there must be more of a focus on defining means to securing your services residing within this environment rather than an overt concern over network security.

So summarising some questions that should be resolved are:

  • 1) Does the vendor's implemented design meet your services requirements seamlessly?
  • 2) Will the cost of the cloud service be flexible and decrease over time and implementation?
  • 3) Does the cloud vendor's Business Continuity planning meet your Business Continuity requirements?
  • 4) Will your Cloud Computing vendor be able to provide an audit trail of all user activities within your cloud space? With respect to this question enterprise management may opt not to have audit teams deployed to each cloud vendor they may contract with simply because that is not economically healthy for enterprise operating revenues.
  • 5) How strong are their service and support platforms as well as company financial longevity?

More Stories By Jon Shende

Jon RG Shende is an executive with over 18 years of industry experience. He commenced his career, in the medical arena, then moved into the Oil and Gas environment where he was introduced to SCADA and network technologies,also becoming certified in Industrial Pump and Valve repairs. Jon gained global experience over his career working within several verticals to include pharma, medical sales and marketing services as well as within the technology services environment, eventually becoming the youngest VP of an international enterprise. He is a graduate of the University of Oxford, holds a Masters certificate in Business Administration, as well as an MSc in IT Security, specializing in Computer Crime and Forensics with a thesis on security in the Cloud. Jon, well versed with the technology startup and mid sized venture ecosystems, has contributed at the C and Senior Director level for former clients. As an IT Security Executive, Jon has experience with Virtualization,Strategy, Governance,Risk Management, Continuity and Compliance. He was an early adopter of web-services, web-based tools and successfully beta tested a remote assistance and support software for a major telecom. Within the realm of sales, marketing and business development, Jon earned commendations for turnaround strategies within the services and pharma industry. For one pharma contract he was responsibe for bringing low performing districts up to number 1 rankings for consecutive quarters; as well as outperforming quotas from 125% up to 314%. Part of this was achieved by working closely with sales and marketing teams to ensure message and product placement were on point. Professionally he is a Fellow of the BCS Chartered Institute for IT, an HITRUST Certified CSF Practitioner and holds the CITP and CRISC certifications.Jon Shende currently works as a Senior Director for a CSP. A recognised thought Leader, Jon has been invited to speak for the SANs Institute, has spoken at Cloud Expo in New York as well as sat on a panel at Cloud Expo Santa Clara, and has been an Ernst and Young CPE conference speaker. His personal blog is located at http://jonshende.blogspot.com/view/magazine "We are what we repeatedly do. Excellence, therefore, is not an act, but a habit."

CloudEXPO Stories
While a hybrid cloud can ease that transition, designing and deploy that hybrid cloud still offers challenges for organizations concerned about lack of available cloud skillsets within their organization. Managed service providers offer a unique opportunity to fill those gaps and get organizations of all sizes on a hybrid cloud that meets their comfort level, while delivering enhanced benefits for cost, efficiency, agility, mobility, and elasticity.
Isomorphic Software is the global leader in high-end, web-based business applications. We develop, market, and support the SmartClient & Smart GWT HTML5/Ajax platform, combining the productivity and performance of traditional desktop software with the simplicity and reach of the open web. With staff in 10 timezones, Isomorphic provides a global network of services related to our technology, with offerings ranging from turnkey application development to SLA-backed enterprise support. Leading global enterprises use Isomorphic technology to reduce costs and improve productivity, developing & deploying sophisticated business applications with unprecedented ease and simplicity.
DevOps has long focused on reinventing the SDLC (e.g. with CI/CD, ARA, pipeline automation etc.), while reinvention of IT Ops has lagged. However, new approaches like Site Reliability Engineering, Observability, Containerization, Operations Analytics, and ML/AI are driving a resurgence of IT Ops. In this session our expert panel will focus on how these new ideas are [putting the Ops back in DevOps orbringing modern IT Ops to DevOps].
Darktrace is the world's leading AI company for cyber security. Created by mathematicians from the University of Cambridge, Darktrace's Enterprise Immune System is the first non-consumer application of machine learning to work at scale, across all network types, from physical, virtualized, and cloud, through to IoT and industrial control systems. Installed as a self-configuring cyber defense platform, Darktrace continuously learns what is ‘normal' for all devices and users, updating its understanding as the environment changes.
Enterprises are striving to become digital businesses for differentiated innovation and customer-centricity. Traditionally, they focused on digitizing processes and paper workflow. To be a disruptor and compete against new players, they need to gain insight into business data and innovate at scale. Cloud and cognitive technologies can help them leverage hidden data in SAP/ERP systems to fuel their businesses to accelerate digital transformation success.