it is the same, then, with my wife's jewelry, my wife's diamond earrings -- I'll put them during a safe safe-deposit. I'll back that rather than keeping them at my house. I do not know that the bank president isn't wearing them in the dark when I'm not there, but again, I trust the bank, because the bank has certain controls, because the bank has been in business, because the bank has independent auditors very almost like the way we're operating. Also, to not belabor the bank analogy, but not all banks are created equal and not all cloud computing vendors are created equal. As cloud computing is becoming more and more popular and an excellent buzz phrase, we see people not really within the cloud computing world label their products as cloud, also as smaller providers which will not have an equivalent sort of security controls that we've in situ. How is that getting to reassure a chief information security officer (CISO) who is employed to having the ability to audit and control his own infrastructure, from the rack bolts all the high to system logs?
EF: Yes, you are doing need to relinquish some control, but it doesn't suggest you are making it less secure. You're actually making it safer. we've 25 million users using the system. what percentage of IT shops have that sort of scale? we would like to form it very clear that while we are the custodians of the info, while we're storing that data, processing that data; you are still the owner of that data. It doesn't belong to Google; we're only getting to use that data during thanks to serving you, the user. If it's Edu or Apps Premier, we're not serving ads against that data, either. It's one thing to require our word for it -- I could sit here and tell you all the wonderful things we do, but per annum an independent auditor comes in and takes a glance in the least the confidentiality, integrity and availability controls that we've in situ in Apps. they provide an independent opinion that they are in situ and operating sufficiently, which comes in terms of a SAS 70 report. And we're going further: we've announced that we're within the process of getting FISMA-certified and accredited at a moderate level. That involves some 250 criteria controls created by NIST that we're showing we meet.
Certain data has got to stay within the EU unless you've got shark repellent, and since of that Google has filed for shark repellent and practiced the shark repellent principles of notice and onward transfer. We run a really robust privacy center that details specific controls around all of our products. How does one do satisfy a possible customer with the knowledge that Google Apps is secure? EF: I feel it's our job to supply enough details to customers to form informed, technical decisions. a few months ago, I spent each day and a half with a US intelligence agency; then time, they said, "Wow, that's actually safer than what we provide. We wish we could do what you are doing ." We are during a very unique situation, therein we control the whole stack. For one, we build our own servers, we design our own chips, we write our own OS, we write our own applications, etc. in order that gives us tremendous security advantages. And two, just the way our architecture works is fundamentally different! I exploit mail as an example…the Apps technical method of doing it [is] taking all my mail [for example], chopping it up into many small pieces, spreading that throughout the whole environment, so trying to compromise one user becomes, statically speaking, harder than winning the lottery.
Put that on top of other things it's really hard for organizations to try to, like role-based security and least-privileged access. I think it's our job to tell them; I visited Google slightly below just three years ago from a financial services company where I used to be the chief security officer. I completely understand where they're coming from, right? It's still their data, it's getting to be their head on the block if something happens thereto. it's their responsibility to know how it's being protected, and it's our responsibility to offer them that information to form a risk-based decision.ISACA auditors cautiously endorse cloud with new guidelinesISACA releases guidelines for governance on cloud
IT bean counters' organization Information Systems Audit and Control Association(ISACA) has released a white book on cloud computing from the auditing and assurance perspective, which might be described as only slightly less conservative on new technology than Ned Lud. The cloud may be a major change in how computing resources are going to be utilized, and intrinsically are going to be a serious governance initiative within adopting organizations, requiring the involvement of a broad set of stakeholders," the ISACA concludes
. In large part, the paper bangs the drum for an increasingly familiar litany of concerns: know your legal risks, understand your provider's operation and confirm your choice of cloud computing are often shoehorned into your existing risk assessment frameworks. The white book includes this gem, which offers backhanded insight into the present state of enterprises IT operations which will be trying to urge ready for cloud computing: If not already a part of the business's governance or system development life cycle process, the move to cloud computing essentially dictates that a corporate information security officer or director be included altogether further governance and system development life cycle processes." Azure AppFabric releases remake officially costs money
Microsoft is now billing for AppFabric, marking the official start of the Azure service as fully supported and covered under Azure's SLAs. AppFabric is Microsoft's software service bus-like service that ties together on-premise applications and Azure cloud resources. it's also officially launched v1.o of the AppFabric Software Development Kit.
Intel releases Enomaly the way to guide
Chip-maker Intel has published a white book on using cloud-making software Enomaly to create a personal cloud. Virtualization and provisioning platform Enomaly got started with a lift from Intel in 2005 and apparently remains on the brink of the IT monolith. The extent of the account isn't clear, but the white book may be a sign that there's a minimum of a technical partnership between startup and therefore the behemoth Intel. Medical management firm turns to cloud computing Schumacher Group has turned to cloud computing to provide much of the IT needed to manage over 2,000 doctors working in emergency rooms in twenty states. With good reason. The Lafayette, La. practice management firm switched its IT focus to the cloud after hurricanes swept through the Gulf Coast in 2005, narrowly missing its data centers. We weren't directly impacted by the storms but had we been 40 to 50 miles to the west, it might are a special story." said Schumacher's CTO Doug Menafee.
Schumacher was also heavily involved within the rescue and relief efforts after the storms, and Menafee said that have convinced him to distribute as many of his IT operations as he could to mitigate risk and obtain more functionality with less equipment on the bottom. He also said it had been a chance for him to bring the firm, founded in 1997, up so far technologically. The company was behind the technology curve, so tons of what we brought on was not new." he said. Salesforce.com, Google Apps, Workday and Tangierweb now provide the company's CRM, office productivity, HR and scheduling respectively. About "70% to 80% of our processes involve some quite cloud service -- the rest lives in two multimillion-dollar data centers." he said. His biggest chore is connecting patient records, which Schumacher still stores and handles itself for compliance and security reasons, with affiliated physicians. He uses data integration software from forged iron to handle that task. Schumacher handles quite three million patient records and houses quite 65 million images in its own infrastructure, Menafee said.
apart from housing that data, the most important benefit to using Software-as-a-Service (SaaS) was financial. "It's the reduction in staff needed to manage infrastructure -- the most important benefit is to my wallet," he said. The SaaS model allows the corporate to form changes quickly, too, by shuffling services around. Menafee said if he proposes or is directed to form a change that would have 1,000,000 dollar impact, he'd better be ready to execute If I even have to inform the CEO it's getting to take six to seven months to try to that, that's a reasonably big deal" he said. It's having the ability to select and choose between available services instead of developing applications in-house and integrating them. SaaS doesn't necessarily yield huge cost savings
Despite the advantages, SaaS isn't necessarily a magic money saver. For one thing, cloud computing's heavy connectivity demands drive bandwidth costs up. Schumacher had fiber run to its operations center. That's not cheap.
And, despite the marketing hype, cloud-based services can actually be costlier to run compared to purchasing infrastructure and applications in-house. Nobody should look to SaaS or other forms of cloud computing to chop overhead, because that's not happening, Menafee warned. cloud technology companies What customers will find, if their business needs are right, maybe a long-term return which will justify pay-as-you-go services. If you check out a three-year ROI on the cloud it's getting to be break-even" he said. "If you've got it over five years, you are going to return out ahead," he said, for an easy reason. Three years is that the average lifecycle of knowledge center hardware- at that time, companies won't need to invest capital in new iron; they're going to just still pay operational costs. Menafee said he constantly compares in-house solutions to cloud solutions and can always go where the financials add up; he is not philosophical about his technology. information technology consulting
For us, the entire cloud side the equation -- the vendors say you've to be within the cloud, but I say it's to be a business need," he said. "I check out both options; I do not say I'm getting to look outside first." Balancing on-premises, cloud IT It's getting to be a hybrid world" said Chandar Pattabhiram, VP of product & channel marketing at forged iron Systems, the info integration specialist Schumacher users. Established businesses have already got working IT operations and are not racing to place everything into the cloud, albeit they just like the possibilities. "The same companies that just like the cloud have already made investments in on-premise; they are not just getting to throw that way," he said. Pattabhiram said that while not all his customers were getting to be cloud-centric, all of them were moving to cloud computing a minimum of to a point within the near future. Informal research bears him out: A recent survey by speculator organization the Sand Hill Group said that 80% of respondents expect to spend between 7-10% of their IT budget on cloud services information technology colleges Avanade reports that quite 60% of respondents to its survey are getting to use cloud services, and 23% of enterprises are already doing so; the overwhelming majority using SaaS