Cloud Computing Implementation, Management, and Security

Cloud Computing Implementation, Management, and Security book PDF free download

Gartner, in a February 2, 2009, press release, posed the question of why, when “the cloud computing market is in a period of excitement, growth and high potential. . . [we] will still require several years and many xiii xiv Cloud Computing changes in the market before cloud computing is a mainstream IT effort”?1 In talking with government and industry leaders about this, it became clear that the individual concerns and variables that were negatively impacting business leaders’ thought processes regarding cloud computing (and there- fore preventing what could be even more growth in this market) could be boiled down to one addressable need: a lack of understanding. Let’s take this case in point: GTRA research showed that the most common concern about implementing cloud programs was security and privacy, a finding supported by an IDC study of 244 CIOs on cloud computing, in which 75% of 2 respondents listed security as their number-one concern. It is true that moving from architectures that were built for on-premises services and secured by firewalls and threat-detection systems to mobile environments with SaaS applications makes previous architectures unsuitable to secure data effectively. In addition, at a March 2009 FTC meeting discussing cloud computing security and related privacy issues, it was agreed that data man- agement services might experience failure similar to the current financial meltdown if further regulation was not implemented. In short, some execu- tives are simply too scared to move forward with cloud initiatives. However, this concern, while valid, is not insurmountable. Already there are countless examples of successful cloud computing implementa- tions, from small organizations up to large enterprises that have low risk tol- erance, such as the U.S. Department of the Navy. The security community is also coming together through various initiatives aimed at education and guidance creation. The National Institute of Standards and Technologies (NIST) is releasing its first guidelines for agencies that want to use cloud computing in the second half of 2009, and groups such as the Jericho forum are bringing security executives together to collaborate and deliver solutions. As with any emerging technology, there exists a learning curve with regard to security in a cloud environment, but there is no doubt that resources and case studies exist today to help any organization overcome this. The same types of pros and cons listed above can be applied to other concerns facing executives, such as data ownership rights, performance, and availability. While these are all valid concerns, solutions do exist and are being fine-tuned every day; the challenge is in bringing executives out of a state of unknown and fear and giving them the understanding and 1. “Cloud Application Infrastructure Technologies Need Seven Years to Mature,” Gartner, Inc., December 2008. 2. “IT Cloud Services User Study,” IDC, Inc., October 2008. knowledge necessary to make informed, educated decisions regarding their cloud initiatives. In this book, Drs. Rittinghouse and Ransome do a tremendous job of educating, dispelling myths, and giving detailed examples and steps which will provide the reader with a proper understand of cloud computing, its risks, and how to implement and manage an effective cloud strategy. This is all done is a manner that is reader-friendly but with enough detailed techni- cal language to be complete, and not so much that a nontechnical leader will be lost. In the Introduction and Chapter 1, Drs. Rittinghouse and Ransome lay the foundation for the reader’s proper understanding of cloud computing, detailing its history and evolution and discussing how new technologies such as virtualization played a huge role in the growth and acceptance of cloud computing. Chapter 2 then educates us on the different types of ser- vices which can be delivered from the cloud, providing detail on Software- as-a-Service (SaaS), Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), Monitoring-as-a-Service (MaaS), and Communication-as-a-Service (CaaS). Chapter 3 dives into the heart of what it means to build a cloud net- work, including a look at the roles that service-oriented architecture (SOA and open source software play in the process. Following this, Chapter 4 is dedicated entirely to the topic of virtualization, a critical component of any cloud network and one of the technologies which is a foundation of cloud concepts. Security and privacy, one of the largest areas of concern for anyone building a cloud network, are covered in Chapters 5 and 6. These chapters look at how federation in the cloud and federated services and applications can be used to increase security, build trust, and mitigate risk. Dr. Ron Ross, a senior computer scientist at NIST, recently said, “You’re never going to have complete trust. We don’t live in a risk-free environment—we have to manage risk, not avoid it.” These chapters give the reader a wealth of guid- ance, practical applications, and process, which can be used to keep risk at an acceptable level in any cloud network. Chapter 7 shifts focus to look at common standards in cloud comput- ing, including standards for application development, messaging, and secu- rity. Social networking and collaboration is the focus of Chapter 8, in which the authors discuss end-user access to cloud computing (You Tube, Face- book, etc.). Chapter 9, the book’s final chapter, discusses in detail how Foreword xv xvi Cloud Computing mobile Internet devices react with cloud networks—a topic which is critical now and will only increase in importance as users expect more and more applications to be delivered to their smartphones and other mobile devices. We feel that completing this book, readers will have a thorough, well- rounded understanding of cloud computing, the knowledge necessary to overcome fears, and will be armed with the guidance necessary to make smart, strategic decisions regarding their cloud initiatives. Ultimately, this book will play a part in ushering in the “cloud revolution” and will help overcome the lack of understanding currently preventing even faster adop- tion of cloud computing. Kelly Yocum Parham Eftekhari Co-Founders, Government Technology Research Alliance Kelly Yocum and Parham Eftekhari are the co-founders of the Government Technology Research Alliance (GTRA), an organization that provides gov- ernment CXO leaders a forum in which to collaborate, strategize, and create innovative solutions for today’s most pressing IT needs. Kelly is GTRA’s executive director and is responsible for strategic direction, business devel- opment, and work with solution and technology providers for the GTRA Government Council. She also serves as the CEO for GOVTek, a collabora- tive online information resource for government technology executives and industry experts. Kelly was formerly CEO of ConVurge, a business intelli- gence conference company, where she founded several councils for govern- ment technology including SecureGOV, ArchitectureGOV, MobileGOV, and HrGOV, which are currently managed by GTRA. She invented a unique government-to-industry collaboration model, called GTRA Round- table Meetings, which foster an innovative discussion forum for government and industry experts. Parham Eftekhari serves as director of research and curriculum develop- ment for GTRA, where he is responsible for overseeing all research con- ducted with senior government technology executives and industry leaders on technology and leadership issues. Parham’s areas of expertise include transparency/open government, enterprise architecture, security, virtualiza- tion, information sharing, social networking/Web 2.0, knowledge manage- ment, green IT, records management, mobility, and cloud computing. Parham is also responsible for growing GTRA’s councils with key govern- ment leaders and assisting in the government-to-industry collaboration model. Parham is also vice president of GOVTek, where his primary focus is to oversee the content, research, and resources shared on the site. Parham formerly served as director of technology research for Proactive Worldwide, managing the full life cycle of competitive intelligence, strategic, and market assessment research studies. Together, Parham and Kelly run the semiannual GTRA Council Meeting Symposia, which bring together executive-level decision makers from both the public and private sectors to collaborate, share ideas, and discuss solutions to current challenges. This forum is a unique model for government and technology collaboration in which the concepts of cloud computing and the cloud’s value to the next generation of consumers and practitioners in both government and commercial sectors are presented.