Articles Posted in Cloud Computing

Posted

Not too long ago a major supplier asked us what we are seeing in the cloud space. We thought the interchange might be of interest to readers of the blog — so here are some selected questions and our responses.

What impact have you seen or expect to see Cloud will have on the CIO Agenda?

We’ve seen:

Posted
By

With cloud services now obtaining as much press as the fallout from Kim Kardashian’s wedding, it seems safe to say that clouds are likely to be in the business forecast for the foreseeable future.

A strong answer to every IT infrastructure manager’s prayers, cloud computing can provide both a scalable on-demand combination of hardware, software and services, as well as helping fulfill corporate/social mandates for becoming greener.

The people over at Carbon Disclosure Project decided to commission a study into the potential impact of cloud computing on large US businesses. Released in July 2011, the report was independently produced by Verdantix and sponsored by AT&T.

By
Posted In:
Posted
Updated:

Posted
By

Given the great interest in “the cloud” from a business perspective, as well as Microsoft’s popularization of the concept with its “To the Cloud!” advertising campaign, it’s no wonder that many game providers are looking to the cloud as the next viable and profitable gaming platform. The cloud movement not only provides economic incentives through various subscription and pay-to-play models, but also helps defeat piracy by locking down game code and other intellectual property from potential thieves.

Cloud game providers have a lot to gain from virtualization, but moving to a cloud-based framework raises potential legal issues that should be considered.

LatencyThe first big issue for gaming providers considering moving to the cloud is both a practical one and a legal one – latency. Unlike digital downloads, streaming games require both down and upstream communications. Further, gaming often demands instant, real-time action, so any material latency will be noticed, especially for multi-player, FPS-type or other real-time games. Currently, some game providers have tried to satisfy gamers’ demand for real-time, low-latency play by operating in data centers that are physically close to the gamer. From a technical perspective, cloud gaming may present an issue because it could involve moving the game servers much farther away from the gamer, thus having the potential to lead to increased, or even significant latency. Another technical fix may be to use “tricks” similar to those used in non-cloud gaming to compensate for latency issues.

By
Posted In:
Posted
Updated:

Posted
By

On June 22, Pillsbury hosted the first annual Federal Cloud Security Summit, organized by the Washington, DC, chapter of the Cloud Security Alliance (CSA-DC). The keynote address was presented by Sonny Bhagowalia, former Deputy Associate Administrator with the GSA’s Office of Citizen Services and Innovative Technologies and current CIO of the State of Hawaii, and covered the GSA’s efforts and outreach to help drive Vivek Kundra’s 25-Point Plan and “Cloud First” initiative.

Among other things, Mr. Bhagowalia spoke extensively about the Federal Risk and Authorization Program (FedRAMP), its goals, its accomplishments and where it is headed. FedRAMP was created to support the government’s cloud computing initiative and is intended to provide a standard, cross-agency approach to providing the security assessment and authorization for agencies to use the services required under the Federal Information Security Management Act (FISMA). The idea is to facilitate the adoption of cloud computing services by federal agencies by evaluating services offered by vendors on behalf of the agencies. The evaluations are based on a unified risk management process that includes security requirements agreed upon by the federal departments and agencies. Because the services are vetted by the FedRAMP, theoretically each agency does not need to conduct its own risk management program – reducing duplication of effort, the time involved in acquiring services and costs.

A draft of FedRAMP requirements was released for comment in October 2010, and final release of the first version was expected by December 2010. Initially, the comment period was extended through January 2011 and the release delayed until the end of June, but according to this report, the requirements are now expected to be released sometime between August and October.

Posted

Cloud-based services give new meaning to the IT holy grail of “cheaper, better, faster” in the right circumstances. You might not even have to settle for just two. But it is important not to let the Cloud fog your thinking when it comes to configuring mission-critical IT-enabled services: adequate failover capabilities, and service levels that will support the operational imperatives of the business, are as important as ever.

It is typical, if not the norm, for Cloud service providers to offer only a single contractual service level – Availability – and then to define it in a way that wouldn’t pass the sniff test in a traditional IT services contract. For example, it is not unusual for a Cloud service’s Availability standard to be exceedingly low by customary data center standards – 98% or even 97% (versus 99.999% or even 99.9999%) – and then to make an already weak standard even weaker by contractual devices such as:

  • Excluding downtime during the provider’s weekly maintenance window -which may span 2 days or more during the weekend, with no limit on how long the service can be taken down during that period,

Posted

Providers are rushing head-first into the cloud revolution, marketing their latest cloud offerings and promoting the benefits of hosting data externally.

To The Cloud–Start-up–Windows 7 by windows-videos

But as customers analyze whether the cloud is the right fit for their technology and data, they need to carefully review whether the contract terms proposed by cloud providers truly work “in the cloud.” Customers may discover that cloud providers simply have taken their existing standard licensing agreements for software hosted at the customer site (or at least large parts of their existing agreements), slapped the word “cloud” on the document, and voilà! A new cloud contract!

Posted
By

On Friday, April 22, Pillsbury hosted a meeting of the Washington, DC, chapter of the Cloud Security Alliance (CSA-DC). Dr. Ramaswamy Chandramouli, Group Chair of the NIST Cloud Computing Security Working Group addressed members of CSA-DC representing local businesses, government agencies and various consulting and law firms regarding the work NIST is doing to develop a security architecture for cloud services.

Dr. Chandramouli’s presentation focused, among other things, on the various ways the software development life cycle (SDLC) needs to be adapted to address the move to cloud based services, including ways to maximize the ability to move applications from one cloud provider to another. According to Dr. Chandramouli, when moving to the cloud, a number of aspects of the SDLC need to be re-evaluated, from access controls and use of things like OpenID to the use of third party-provided digital libraries and APIs. As Dr. Chandramouli and a number of other participants at the meeting noted, the move to the cloud also requires an examination of your disaster recovery/business continuity planning.

Naturally, the discussion turned to last week’s Amazon EC2 outage, opinions about its cause and a discussion of its effects.

By
Posted In:
Posted
Updated:

Posted
By

Cloud computing is getting a lot of traction in a time of shrinking budgets. Industry experts speaking at NASSCOM 2011 are expecting cloud based services to be roughly a quarter of the outsourcing industry over the next two years.

So the business team is ready to move everything to the cloud. “But wait,” says the General Counsel, “if someone else has our email what happens if they get served with a subpoena? They won’t protect our information the same way we would.”

While there is no case law directly addressing discovery of corporate email held by cloud providers, there are some instructive analogs found in cases involving third-party email providers under the Stored Communications Act (“SCA”) and in cases addressing the concept of “control” under US Federal regulations that should be considered by large corporations thinking of migrating email to the cloud.

By
Posted In:
Posted
Updated:

Posted
By

Two recent events serve to highlight the importance of proper due diligence and appropriate contractual protections when dealing with cloud-based and other hosted service providers:

  • According to a lawsuit filed in US District Court in Hawaii by the producer of the syndicated children’s TV series “Zodiac Island,” an entire season of the show has been wiped out thanks to a fired employee at its data-hosting company who hacked into networked computers and destroyed its work. See WeR1-CyberLynk Complaint 110403