Welcome!

@CloudExpo Authors: Roger Strukhoff, Yeshim Deniz, Pat Romanski, Elizabeth White, Zakia Bouachraoui

Related Topics: @CloudExpo, Microservices Expo

@CloudExpo: Article

To Cloud or Not to Cloud

Vendors need to dial back a bit on the marketing hype and focus more on real-time solutions

I've been asked quite a few times, "when will it be a good time to get into cloud computing?" by potential clients. My answer is typically it depends... I know, I know.... not much direction there, but really it all depends. Why ?

Well, some may state, "we all know of the much beaten security concerns, and we will ensure that systems on our end are secured and synced to work in tandem with the vendors' security."

Can one ensure some degree of monitoring by the implementation of an Intrusion Detection System (IDS) residing within the system hosting the gateway into the cloud?

The intent of such an implementation can be to monitor the cloud gateway system's software for anomalies, variances from expected traffic and quantity of access into an enterprise's cloud service.But will it be effective enough?

We all remember the buzz and the alarm over adopting the cloud that the occurred from the Bitbucket-EC2 debacle last year and the stories about the back and forth that left Bitbucket's services unavailable for an "eternity" in "internet time" until the EC2 team acknowledged an issue.

Were they hacked? They were DDoSed as most of you already know. Hacking as we know it today, is a for profit enterprise. But can hacking in the cloud become a common instance considering the large enterprises that are vendors, the clients they can or are providing services for, and the levels of security, disaster recovery and back up plans that these vendors claim are in place?

Maybe, but I believe that there is a good chance that any such instance can be caught and dealt with in a manner more expeditious due to the processes in place at these larger vendor facilities than it would at a smaller enterprise. I am not saying that a smaller enterprise can not mitigate an attack, just that the larger cloud vendor will have more resources to act with.

According to some, the cloud is a hackers trove of resources to say launch a DDoS attack. My question is then, to date how many such attacks have occurred with regard to a cloud deployment? Less than a dozen I believe in the last nine months, this simply because there is no real profit in a DDoS within this environment. Unless of course the aim for whatever reason is to stop traffic to a site and disrupt operations as in the case of Bitbucket.

Amazon's response to this situation was it was localized to this company's instance and no other enterprise sharing the system was affected. They further went on to state that they will provide guidance to companies to combat such an attack via Elastic Load Balancing and Auto-Scaling. If the enterprise affected was say a twenty man operation with no large customers to get on the horn to Amazon, would the outcome have been different? One can only hope that the answer to this is no, however as consumers we know the merits of shopping around, right?

So where does this leave us, is it reasonable to get some cloud services? Of course it is, cost savings aside,( in fact that will soon be a non-issue as this ecosystem matures) the general public is growing to expect real time satisfaction to their needs that are increasingly governed by IT.

As a result and in order to stay competitive, profitable and  "in the game", enterprises will be driven to adopt some type of cloud service. A good start should be a private cloud and then scale out to a public or hybrid as needed, with of course effective SLA agreements.A good rule of thumb as many have mentioned -don't put anything into a public cloud that you cannot risk losing.

Market Confusion?  As consumers or potential consumers of a cloud service customers are bombarded by the proliferation of cloud vendors and/or cloud services, or more correctly claims for services being offered. In order to get the best out of your cloud service, there must be a mutual understanding, agreement and clarity of need. Look at the offerings of multiple vendors and if feasible spread your requirements between vendors.

In order to ensure a level of comfort and security when it comes to cloud adoption and alleviate some concerns for end-users or tenants of the cloud; vendors need to dial back a bit on the marketing hype and focus more on real-time solutions that can be verified by neutral industry and/or academic researchers.

Everyone involved in IT want their cloud solutions to be effective and time managed and the for-profit sector expects a maximum ROI. In order to achieve a modicum of, across the board trusted computing, compatibility and success within this ecosystem; look to a consortium of vendors that are working toward ensuring that any design and implementation of a software stack across platforms maintains a level of vendor neutrality.

This will give an assurance of you the customers' best interest primarily and cloud vendor profit following, by a vendor's or vendors aim to design cloud applications for resilience, effective management of data and data replication as well as the expected latency that can occur between a spread of multiple providers.

More Stories By Jon Shende

Jon RG Shende is an executive with over 18 years of industry experience. He commenced his career, in the medical arena, then moved into the Oil and Gas environment where he was introduced to SCADA and network technologies,also becoming certified in Industrial Pump and Valve repairs. Jon gained global experience over his career working within several verticals to include pharma, medical sales and marketing services as well as within the technology services environment, eventually becoming the youngest VP of an international enterprise. He is a graduate of the University of Oxford, holds a Masters certificate in Business Administration, as well as an MSc in IT Security, specializing in Computer Crime and Forensics with a thesis on security in the Cloud. Jon, well versed with the technology startup and mid sized venture ecosystems, has contributed at the C and Senior Director level for former clients. As an IT Security Executive, Jon has experience with Virtualization,Strategy, Governance,Risk Management, Continuity and Compliance. He was an early adopter of web-services, web-based tools and successfully beta tested a remote assistance and support software for a major telecom. Within the realm of sales, marketing and business development, Jon earned commendations for turnaround strategies within the services and pharma industry. For one pharma contract he was responsibe for bringing low performing districts up to number 1 rankings for consecutive quarters; as well as outperforming quotas from 125% up to 314%. Part of this was achieved by working closely with sales and marketing teams to ensure message and product placement were on point. Professionally he is a Fellow of the BCS Chartered Institute for IT, an HITRUST Certified CSF Practitioner and holds the CITP and CRISC certifications.Jon Shende currently works as a Senior Director for a CSP. A recognised thought Leader, Jon has been invited to speak for the SANs Institute, has spoken at Cloud Expo in New York as well as sat on a panel at Cloud Expo Santa Clara, and has been an Ernst and Young CPE conference speaker. His personal blog is located at http://jonshende.blogspot.com/view/magazine "We are what we repeatedly do. Excellence, therefore, is not an act, but a habit."

CloudEXPO Stories
BMC has unmatched experience in IT management, supporting 92 of the Forbes Global 100, and earning recognition as an ITSM Gartner Magic Quadrant Leader for five years running. Our solutions offer speed, agility, and efficiency to tackle business challenges in the areas of service management, automation, operations, and the mainframe.
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throughout enterprises of all sizes.
Darktrace is the world's leading AI company for cyber security. Created by mathematicians from the University of Cambridge, Darktrace's Enterprise Immune System is the first non-consumer application of machine learning to work at scale, across all network types, from physical, virtualized, and cloud, through to IoT and industrial control systems. Installed as a self-configuring cyber defense platform, Darktrace continuously learns what is ‘normal' for all devices and users, updating its understanding as the environment changes.
AI and machine learning disruption for Enterprises started happening in the areas such as IT operations management (ITOPs) and Cloud management and SaaS apps. In 2019 CIOs will see disruptive solutions for Cloud & Devops, AI/ML driven IT Ops and Cloud Ops. Customers want AI-driven multi-cloud operations for monitoring, detection, prevention of disruptions. Disruptions cause revenue loss, unhappy users, impacts brand reputation etc.
OpsRamp is an enterprise IT operation platform provided by US-based OpsRamp, Inc. It provides SaaS services through support for increasingly complex cloud and hybrid computing environments from system operation to service management. The OpsRamp platform is a SaaS-based, multi-tenant solution that enables enterprise IT organizations and cloud service providers like JBS the flexibility and control they need to manage and monitor today's hybrid, multi-cloud infrastructure, applications, and workloads, including Microsoft Azure. We are excited to partner with JBS and look forward to a long and successful relationship.