Security, Privacy and Compliance in the Cloud

I have been teaching Learning Tree’s Introduction to Cloud Computing Technologies course for almost two years now. I also teach the Cloud Security Essentials course. Each time I have taught these courses spirited discussions have arisen concerning the separate but related topics of Security, Privacy and Compliance.

For example students that come from a healthcare background have expressed interest regarding HIPAA compliance of various cloud providers. In addition people have expressed concerned about things like SAS 70, ISO 27001 and PCI.

As of June 24^th, 2012, it appears that Microsoft Azure core services have established HIPAA compliance. This should come as welcome news to anyone considering cloud computing for healthcare applications. It seems that Microsoft have been upping the ante recently with regard to various certifications and compliance. It was not too long ago that Microsoft published their Cloud Security Assessment. Now with this latest announcement they have even taken it a step further. At a minimum these moves by Microsoft will force other cloud providers to step up their games. I expect this trend to continue as cloud providers respond to these concerns to achieve competitive advantage. This will definitely be a benefit to consumers of cloud services.

Fundamentally the issues of Security, Privacy and Compliance in the public cloud come down to trust. Do you, as a consumer, have confidence that the vendor will do what they say they will do to achieve the desired goals on your behalf? In many cases a cloud provider can actually do a much better job of securing your data and complying with regulatory standards than you can. This is particularly true if you are in an organization whose first priority is not IT. It is not always easy to convince people of this, however!

My esteemed colleague, Bob Cromwell, has made what I think is a very poignant illustration of this concept:

Figure 1 Cloud Security Concerns

Twenty years ago many people did not accept the idea that online banking would ever evolve to what it has now become. Ten years (or less!) from now people will wonder what the big deal was with regard to security in the cloud. It will just become accepted as a way in which things are done.

Are there risks? Of course! Have cloud providers ever been breached? Yes. Will hackers become more sophisticated and will there be more breaches in the future? Yes, almost certainly. Does this mean you should ignore what is happening on the public cloud? No!

Cloud computing is here to stay. In a few years, perhaps, people won’t talk about cloud computing as a separate concept in IT. It will just have become an accepted way of doing things to get the job done for the lowest cost. IT resources will have become a commodity. This was best said way-back-when by Nicholas Carr in The Big Switch. It continues to be true today and it will ultimately be proven in the days to come.

Kevin Kell

Microsoft Azure – Or Is It ?

Microsoft Azure, the umbrella name for Microsoft’s cloud computing services has over the past week or so come under focus because of the direct competition from Amazon who released Elastic BeanStalk for .NET as an alternative to the Azure Platform as a Service (PaaS) and also SQL Server as part of their Relational Data Service (RDS) to challenge SQL Azure, Microsofts cloud based relational data service.

Faced with this daunting competition I was surprised, as an Azure user,  to receive the email below from Microsoft:

In the coming weeks, we will update the Windows Azure Service names that appear in the usage records you download. These are only name changes – your prices for Windows Azure are not impacted. The table below summarizes the changes:

Prior Service Name	New Service Name
Windows Azure Compute	Cloud Services
Windows Azure Platform – All Services	All Services
Windows Azure CDN	CDN
Windows Azure Storage	Storage
Windows Azure Traffic Manager	Traffic Manager
Windows Azure Virtual Network	Virtual Network
AppFabric Cache	Cache
AppFabric Service Bus	Service Bus
AppFabric Access Control	Access Control
SQL Azure	SQL Database
SQL Azure Reporting Service	SQL Reporting

My immediate reaction was that Microsoft were dropping the ‘Azure’ brand and then I wondered why. Pretty quickly the forums were buzzing with rumours and   speculation on why Microsoft have done this. Microsoft quickly moved to quash these as seen by the Twitter post below.

Microsoft claim that the name change is purely for billing purposes and that the services and the Azure brand remain as before. In context of the competition Azure is facing, surely it would be better for Microsoft to concentrate on improving the range of services , quality and price rather than cosmetic changes such as this that have done nothing other than cause confusion. Undoubtedly Azure is a strong cloud offering, but it is now just one of many, and the beauty of cloud computing is that if applied correctly for an organisation, enables them to move supplier with minimal disruption to existing services. The customer is no longer tied in to longer term contracts as they were before when they bought Microsoft products and had them installed on their own hardware. Today there is much more flexibility for customers and choice when they are buying computing services.

The market and therefore associated marketing for computing services has changed rapidly over the last few years putting the customer most definitely in control. This means that companies must be aware and take into account these market changes to remain competitive. Failure to do so will mean customers will rapidly move to other suppliers who provide a better service. Microsoft have much to gain from cloud computing over the next few years, but also much to possibly lose if they do not evolve with the market. Last weeks announcement suggests they have some way to go if they are to handle customers in the cloud world appropriately.

Chris Czarnecki

Microsoft Azure is Helping To Clean Up London’s Streets

Recently I posted about how the UK government were very slow in their adoption of Cloud Computing and as a result were missing out on potentially significant financial savings as well as more efficient ways of operating. This morning when I opened my newspaper there was an article headlining how Cloud Computing has helped transform a local Councils rubbish collection. The article caught my attention !

Lewisham Council in the UK, under severe financial pressure required an innovative solution to manage the local clean up of waste and graffiti at a reduced cost. Their solution is a Web site where anybody who spots a problem, members of the public included, are urged to upload a photo to a Web site. The council’s environment department then deals with the problem and provides an update with new photos showing the cleaned up site. The solution provided has resulted in the time taken to process a complaint being cut by 87% and the associated office case work cut by 21%. The spend on cleaning is at the level of 2002/3. The added benefit is that the system actually makes money now as it is used to promote cleaning and collection contracts to third parties.

At this point, the solution sounds like a neat use of standard Web technology and not related to the cloud. The key is what happened as a result of this projects success. Many other Councils in the UK have expressed interest in this approach. The fact the the software is written as a cloud based service running on Microsoft Azure, means that other Councils can use the software with no modification as it will scale in compute power and storage according to demand on a pay per use basis. So one core application can serve all the Councils in the UK. The advantages of this are significant as the application can be rolled out immediately, cost is directly proportional to use and each Council does not need to re-invent the wheel, whether with new infrastructure or software implementation. The total computing administration costs are minimal and centralised also. London Mayor Boris Johnson has today launched a London scheme based on the software to help clean up London.

This is an example of innovative use of Cloud Computing technology, in what has started with a simple solution driven by financial pressures, providing a country wide solution that is actually generating revenue. Interestingly, it did not come from any Government top down initiative but rather was driven in a bottom up manner. Key to enabling this has been the pay-per use Cloud Computing technology. Congratulations to the team at Lewisham council – they have demonstrated that with creative thinking and use of new technology, highly efficient, effective revenue generating systems can be developed. Hopefully there will be more stories like this emerging over the next few months, enabled by Cloud Computing. If you would like to know how Cloud Computing can help your organisation why not consider attending Learning Tree’s Cloud Computing course.

Chris

Microsoft Azure Does Open Source

Yes, that’s right.

It may or may not be widespread knowledge but Microsoft has been quietly supporting open source for years. Many people continue to think of Microsoft as a company that sells proprietary software. They certainly are that but they are also involved heavily in open source. They do not, in my opinion, get enough credit for their efforts there.

PHP is a technology that is popular with the open source community. There are many freely available applications written in PHP that could be incorporated into a cloud based solution. With the latest release of the Windows Azure SDK for PHP and the Windows Azure Tools for Eclipse it is easier than ever for programmers to deploy their PHP applications to the Azure cloud.

The SDK gives PHP programmers a set of classes that can be used to program against Azure storage (blobs, tables and queues) and Service Management. There are also additional SDKs for App Fabric and OData as well as drivers for SQL Server. The Eclipse tools offer an end-to-end solution that enables the developer to program, test and deploy PHP solutions onto Azure.

Version 2.0 of the Eclipse Tools (developed by Soyatec) was announced at PDC10. This version offers many new features including integration with the Development Fabric, support for Worker Roles, MySQL integration and deployment from within the IDE.

In addition to the SDKs, drivers and Eclipse tools there is also support for the command line developer to leverage scripting skills in deployment of existing PHP applications. Finally, there is the Windows Azure Companion which makes it pretty easy to deploy finished open source community applications (such as WordPress, SugarCRM, Drupal and others) onto Windows Azure without having to know a lot about the underlying details.

The following screencast demonstrates creating a PHP Azure application from within Eclipse.

To learn more about Windows Azure consider attending Learning Tree’s Azure programming course. For an introduction to PHP you may like to come to Introduction to PHP for Web Development.

Kevin