Tuesday, January 24, 2012

IBM leading in application infrastructure and middleware space

I'll say again that 2011 was a good year for IBM, and especially for WebSphere.
I'm hoping that I can make it to Impact 2012!

Monday, January 9, 2012

Privacy in a Public Cloud

[This article was submitted for future publication on ThoughtsOnCloud.com]

Remember the skepticism around online shopping and e-commerce sites back in the day when the web was young? Everyone was afraid of giving out their credit card information over the Internet, for fear it would be intercepted. We eventually got over that fear, thanks to encryption technologies such as Secure Sockets Layer (SSL), which make e-commerce much safer today. That same technology also plays a role in cloud security, and that is one thing to consider, along with other security issues when moving your application to the cloud.

Public cloud versus on-premises
You basically have the same security issues and considerations for deploying applications on the cloud as you do for running them on premises. The difference is that on cloud, some of those issues are handled by your cloud service provider. The important thing to consider is how far the cloud service provider's responsibilities extend, and where your responsibilities as the client, or virtual machine (VM) instance owner, take over.

First, thoroughly investigate your cloud service provider's policies. Treat them like any other outsourced service. Check their references. Clearly define the service level agreements (SLAs) in your contract. SLAs can cover things like backups, up time, disaster recovery, change management, and so on. Audit your cloud provider or consider third-party audits to ensure that those policies are enforced.

For example, the IBM SmartCloud Enterprise has many mechanisms in place to offer a safe and secure environment, such as:

  • Firewall and intrusion protection system (IPS) between guest VMs and the Internet
  • IP-filtering technology and multiple IP addresses per instance for enabling security zones
  • Optional virtual private network (VPN) and virtual local area network (VLAN) isolation of account instances
  • Encrypted connections: IBM is isolated from customer VMs through customer secure shell (SSH) keys and server passwords
  • Hypervisor-based (kernel-based virtual machine) isolation with client-configurable firewall rules
  • Public images patched and scanned regularly
  • Patch servers for private images
  • Root access for customers to guest virtual machines, allowing further hardening of VMs
  • No sharing of private images between accounts on the cloud
  • Access to the portal and APIs, which requires a user ID and password
Users must comply with IBM's stringent security policies, and are subject to regular security scans.

Not all cloud providers offer the same kind of protection, so do your homework!

Image — or instance — is everything
As a VM instance owner on the IBM SmartCloud, you have root access and control over that instance as if it were one of your own on premises, and you are responsible for security on the instance itself. That means that it is up to you to configure access to that resource, install and run anti-virus software on it, and so on. Treat it like any other client in your enterprise; it is just as vulnerable to threats and attack. This blog post lists several useful links to articles about securing and managing your instances.

Get started with the IBM SmartCloud Enterprise: This article describes how to securely connect to, configure the firewall of, and manage (encryption) keys for your instances. You should take care of these tasks immediately upon creating your instances. Determine who will need access to your instances, determine the firewall ports that need to be open or closed, and be prepared to use and manage keys for access.

Why key management is important
IBM SmartCloud employs encryption so you can control access to your applications and data in the cloud. However, encryption alone does not guarantee security. Keys must also be stored and managed properly.

Secure multi-user access to IBM Cloud instances with VNC and SSH: Provides a detailed description of how to configure cloud instances and clients for secure access.

IBM SmartCloud Enterprise tip: Integrate your authentication policy using a proxy: Describes how to create a proxy bridge between your homegrown applications and the IBM SmartCloud. This bridge can allow you to implement finer-grained access control that cannot be directly implemented in the IBM SmartCloud portal. In other words, you can use this technique to control not only who can access, but how, where, or when they can access data.

IBM SmartCloud Enterprise tip: Secure access for Android devices: Describes how to set up secure access to a cloud instance for Android mobile devices.

Cloud security considerations: This good general article is about high-level cloud security concepts. This is just the tip of the iceberg, but it does give a very concise overview.

Extra credit
Model-driven cloud security: This article discusses the challenges of cloud application security policy automation and describes how it can be achieved through a model-driven security architecture and deployment.

Thursday, January 5, 2012

Cloud for “Everyman”

[This article was submitted for future publication on ThoughtsOnCloud.com]

There is a lot of discussion here about cloud for business, but what about cloud for Everyman – the average Joe – the man on the street? How will cloud computing change life for the average person? In short, cloud has already changed things significantly, and will continue to have an impact on our lives for years to come.

A cloud of sound

There are numerous applications now available for people to create, record, upload, and share music with the world. As a musician, I think this is awesome and amazing. I can share my favorite songs with my friends on social networks, and I can listen to their favorite songs – all for the price of “a song” (essentially, for free). I wonder how this has affected the music business, and how it will impact the future of the music industry? I imagine that it has provided more opportunities to musicians, and made music more accessible to a wider audience. It has been a boon to the independent artists and small record labels, but have the big record companies suffered as a result? I grew up in an era of mega-rock stars and arena tours, but those days are gone. They will be the stuff of legends that I will tell my grand kids.

A cloud of words

If you want to publish your own book or magazine, there are many options available to you, thanks to cloud. Actually, cloud has made the term self-publishing essentially meaningless. All of the publishing tools that you could possibly need are now provided on the cloud – everything from editing and production, to distribution and finding an audience. It has taken self-publishing quite a number of steps further than merely making a book. The distinction is more a matter of “corporate” publishing (the big companies) versus independent presses and smaller co-ops. For the rest of us, this means that if we have Internet connection, we can find something to read about anything. ANYTHING. The history of the Belgian lute? How to make beef jerky? Card games of the middle ages? It's all there.

A cloud of images

...and most of those images are of cats. Seriously. Do you know anyone with a cat who hasn't posted a photo of it on the Internet? But it's not just about the Internet. The Internet gives us the network to share our books and music and images with the world, but cloud gives us the tools and services that make it possible for us to create those books, songs, and images. We are not merely uploading our photos, we are editing them, collecting them into albums, turning them into videos with sound, and so on.

We will soon rely on cloud for all kinds of services. When we go shopping, the cloud will send coupons for the products we want to buy directly to our smart phone or mobile device. When we seek medical care, our diagnosis will come from the cloud. When we are traveling in a foreign country, cloud will translate for us.

How has cloud changed your world?