September 9, 2008 at 8:26 pm
· Filed under innovation, misc, web2.0
Source: http://research.saugatech.com/fr/researchalerts/466RA.pdf
Author: BRUCE GUPTILL
…
Saugatuck sees the following factors at work behind the resurgent browser aggression:
- The browser is the client. With SaaS and Web 2.0, the browser becomes, in effect, the client software. Control of the user interface enables control of the user interaction and relationship. The browser provider thus plays a strategic role in the adoption of SaaS, Web 2.0, and Cloud Computing.
- Advertising revenue. Browser vendors are at the center of the search engine wars, which are currently targeting web-based, search-engine-driven advertising revenues.
- Simple forward progression of IT. All IT, especially software, gets more powerful and more complex over time. Users expect and demand more from even the simplest technologies over time. Vendor/user relationships depend upon this. Browser providers want and need to protect these relationships.
- Virtualization of IT. More sophisticated browsers can provide server and OS transparency or independence for SaaS or web-based applications. As users and SaaS providers increasingly adopt various forms of virtualization and multiple OSes (e.g., Windows, Linux, etc.), the browser can provide compatibility for a wide range of web-based applications (i.e., SaaS). One reason browsers have to become more powerful and sophisticated is the advancement of IT virtualization. The user infrastructure is becoming its own cloud, extending to and including multiple outside clouds.
- Device transparency. Functionally-rich browsers can enable a single version of a web-based application to support devices ranging from varying displays on PC, to PDAs, to smart phones, using different OSes and with vastly different capabilities need to be able to interact/interoperate with these multiple clouds in order for users to do business.
…
Permalink
July 18, 2008 at 12:30 am
· Filed under cloud, innovation, security
Source: http://www.infoworld.com/…/Gartner_Seven_cloudcomputing_security_risks_1.html
…
Cloud computing is fraught with security risks, according to analyst firm Gartner. Smart customers will ask tough questions and consider getting a security assessment from a neutral third party before committing to a cloud vendor, Gartner says in a June report titled “Assessing the Security Risks of Cloud Computing.”
Cloud computing has “unique attributes that require risk assessment in areas such as data integrity, recovery, and privacy, and an evaluation of legal issues in areas such as e-discovery, regulatory compliance, and auditing,” Gartner says. (Compare security products.)
Amazon’s EC2 service and Google’s Google App Engine are examples of cloud computing, which Gartner defines as a type of computing in which “massively scalable IT-enabled capabilities are delivered ‘as a service’ to external customers using Internet technologies.”
[ Learn more about what cloud computing really means and the new breed of utility computing and platform-as-a-service offerings. ]
Customers must demand transparency, avoiding vendors that refuse to provide detailed information on security programs. Ask questions related to the qualifications of policy makers, architects, coders and operators; risk-control processes and technical mechanisms; and the level of testing that’s been done to verify that service and control processes are functioning as intended, and that vendors can identify unanticipated vulnerabilities.
Here are seven of the specific security issues Gartner says customers should raise with vendors before selecting a cloud vendor.
-
Privileged user access. Sensitive data processed outside the enterprise brings with it an inherent level of risk, because outsourced services bypass the “physical, logical and personnel controls” IT shops exert over in-house programs. Get as much information as you can about the people who manage your data. “Ask providers to supply specific information on the hiring and oversight of privileged administrators, and the controls over their access,” Gartner says.
-
Regulatory compliance. Customers are ultimately responsible for the security and integrity of their own data, even when it is held by a service provider. Traditional service providers are subjected to external audits and security certifications. Cloud computing providers who refuse to undergo this scrutiny are “signaling that customers can only use them for the most trivial functions,” according to Gartner.
-
Data location. When you use the cloud, you probably won’t know exactly where your data is hosted. In fact, you might not even know what country it will be stored in. Ask providers if they will commit to storing and processing data in specific jurisdictions, and whether they will make a contractual commitment to obey local privacy requirements on behalf of their customers, Gartner advises.
-
Data segregation. Data in the cloud is typically in a shared environment alongside data from other customers. Encryption is effective but isn’t a cure-all. “Find out what is done to segregate data at rest,” Gartner advises. The cloud provider should provide evidence that encryption schemes were designed and tested by experienced specialists. “Encryption accidents can make data totally unusable, and even normal encryption can complicate availability,” Gartner says.
-
Recovery. Even if you don’t know where your data is, a cloud provider should tell you what will happen to your data and service in case of a disaster. “Any offering that does not replicate the data and application infrastructure across multiple sites is vulnerable to a total failure,” Gartner says. Ask your provider if it has “the ability to do a complete restoration, and how long it will take.”
-
Investigative support. Investigating inappropriate or illegal activity may be impossible in cloud computing, Gartner warns. “Cloud services are especially difficult to investigate, because logging and data for multiple customers may be co-located and may also be spread across an ever-changing set of hosts and data centers. If you cannot get a contractual commitment to support specific forms of investigation, along with evidence that the vendor has already successfully supported such activities, then your only safe assumption is that investigation and discovery requests will be impossible.”
-
Long-term viability. Ideally, your cloud computing provider will never go broke or get acquired and swallowed up by a larger company. But you must be sure your data will remain available even after such an event. “Ask potential providers how you would get your data back and if it would be in a format that you could import into a replacement application,” Gartner says.
Permalink
July 14, 2008 at 9:21 pm
· Filed under cloud, web2.0
Source > http://refresh.gigaom.com/…defogging-cloud-computing-a-taxonomy/
- Applications in the cloud (Salesforce and other SaaS vendors exist here today) provide turnkey end-user software, normally browser-based, with a specific functional focus. They are the easiest to start ‘consuming,’ but also the least flexible. They grow out of the ASP world of the late ‘90s and encompass the SaaS offerings of today.
- Platforms in the cloud (Google’s AppEngine, Mosso, Heroku are good examples) offer turnkey environments into which a developer can plug in code written within certain guidelines or restrictions (programming language, data-store model, etc.), and scaling is performed “behind the curtains” by the platform.
- Infrastructure in the cloud (Amazon Web Services, Flexiscale, and others) is the most flexible offering, providing compute and storage resources in a primitive, close-to-bare-metal API interface, that can be leveraged in a multitude of ways with few restrictions – but which also require more up-front work to design and implement. This is where our company RightScale focuses – we offer a cloud management platform for low-level ‘infrastructure in the cloud’ resources that preserves flexibility and power, while offering quick deployment and easy management.
Permalink
