wade epa | information technology training





The Growth of Cloud Computing in China

By Christopher Morris, Tech Commentator

It is considered to be a facile reality nowadays that the cloud is close to change computing as we all know it and become a dominant technology within the very near future. technology insurance But while this has been accepted intellectually, and therefore the Western world has begun to embrace this exciting technology, the main target of attention with reference to this subject has so far been largely centered on the Western market. Few people have considered how cloud computing will develop and be developed within the so-called emerging nations and economies.

It hardly seems appropriate to explain China as an ‘emerging economy’ today. most of the people that concentrate on economic trends already recognize that the Far East nation will become an economic powerhouse, and therefore the world’s most prominent and powerful superpower, within the very near future. This has been evident for a few of the Western world’s most perceptive prognosticators for quite a while, but with China has become the world’s second-largest economy recently, the time's folks hegemony within the world economy appear to be seriously numbered.

Thus, the Chinese market is becoming a particularly fertile one for Western corporations and products, also as a crucial one in its title. And given the very fact that cloud computing is to become such a crucial facet of the IT industry, and a phenomenon which will feed into many other commercial industries also, it's natural that the cloud will get to be developed in China.

…the Chinese market is becoming a particularly fertile one for Western corporations and products

But given the rather restrictive attitude that the autocratic Chinese state has taken to Internet censorship, no-one is sort of sure yet how the cloud will develop in China. Certainly if one is to seem at the prevailing ‘net within the nation then it'll be very different in appearance thereto which were are familiar with within the West, because of the ‘Great Firewall of China’ which blocks out huge amounts of the web page from the Chinese public. So how will the good Cloud of China appear as if when it’s developed, how is that this process currently emerging, and what consequences will this have for the cloud and direction of the IT industry as a whole?

In fact, cloud computing in China is growing pretty rapidly, despite the very fact that the industry remains in its infancy. the amount of web-facing computers within the country has grown by nearly one-tenth within the last year alone, and therefore the overwhelming majority of this growth has been attributed to the cloud sector. the most important cloud computing provider in China, Aliyun (a spin-off from the enormous Alibaba), now has sixfold more web-facing computers than it did a year ago.

The largest cloud computing provider in China, Aliyun, now has sixfold more web-facing computers than it did a year ago.

This exponential growth has been achieved because of critical support from the govt. The Chinese government has targeted growth during this sector for much an equivalent reason that the industry has expanded rapidly within the United States; the technology makes data storage convenient, and maintenance costs related to cloud computing are extremely low.

Thus, the Chinese government declared the expansion of cloud computing to be a priority in its 12th Five-Year Plan, which was released in 2011, alongside a raft of other measures that are intended to stimulate next-generation industries within the country. the town of Beijing alone received quite $8 billion of support so as to construct servers and other cloud-related infrastructure.

The city of Beijing alone received quite $8 billion of support so as to construct servers and other cloud-related infrastructure.

It is hardly surprising then that Western corporations are already eyeing the Chinese market hungrily. Microsoft has already signaled its intention to tap into this potentially multi-billion dollar source of revenue by stepping up the promotion of its cloud services, Windows Azure, and Office 365, within the state, also as putting its promotional muscle behind smartphones and tablets produced by the computing giant which run the Windows Phone 8 platform. Microsoft launched Windows Azure in China recently, and Steve Ballmer, the chief executive of Microsoft has suggested that the firm’s revenue from the China market, comprising the mainland, Hong Kong and Taiwan, will surpass that from us within the near future.

However, it's not all clear sailing for the cloud in China. A report back to the United States-China Economic and censoring Commission has stated that laws in China which require foreign companies to partner with local firms could raise security concerns for Western companies, while the good Firewall of China itself features a seriously negative impact on Internet speeds; potentially hampering the industry’s development.

…laws in China which require foreign companies to partner with local firms could raise security concerns for Western companies

Nonetheless, the potential for expansion in China is clear. The country has the world’s largest population of Internet users, and by the top of 2013, there'll be 500 million smartphones online in China. the state also will soon boast the world’s largest number of English speakers, a triad of things which is certain to mean that the Chinese cloud market is soon up there with the most important within the world.

PCI Compliance within the Cloud: What you would like to understand 

By Gilad Parann-Nissany, CEO of Porticor

Cloud Computing – the exciting words of the technology sector this decade: if you’re not already doing it, you’re missing out. Articles are written. Experts are crowned. Events are attended. We all agree – the cloud presents opportunities for cost savings, elasticity, and scalability.

But for companies that are bound by Payment Card Industry Data Security Standard (PCI DSS), securing financial data in “the cloud” presents new issues.

How is that the Cloud Different? Securing brick and mortar businesses was one thing, securing data centers and hardware was another level, but securing the foggy boundaries of the cloud presents a replacement set of challenges.

The skills and knowledge you acquired within the data center are still very relevant to the cloud world. However, the foremost obvious change is that physical walls are not any longer available to guard your systems and data. Cloud Encryption is that the answer – producing “mathematical walls” to exchange the physical ones.

…securing the foggy boundaries of the cloud presents a replacement set of challenges. Cloud Encryption is that the answer – producing “mathematical walls” to exchange the physical ones.

Are these challenges manageable? Yes.

Should you take them on? Yes.

Should you roll in the hay alone? Oh no…

PCI Compliance and Encryption within the Cloud: The Challenges

Six of the twelve requirements of PCI DSS touch on the necessity for encryption and key management within the cloud, and on proper management of those systems. the most challenges in complying with PCI and operating publicly or hybrid clouds are:

Protection methods like hashing and encryption (part of requirement 3)

Encrypting transmission over networks (requirement 4)

Securing systems and applications (requirement 6)

Restricting access to data (requirement 7)

Assigning unique accountability (requirement 8)

Tracking and monitoring access (requirement 10)

These are unequivocally big topics. But you unequivocally don't get to take them on alone. Solutions, like our Virtual Private Data (VPD), combine state of the art encryption with patented key management to enable organizations to effectively suits PCI DSS within the cloud.

Protection Methods: the answer 

PCI DSS stresses the importance of protection methods like hashing and encryption

PCI DSS stresses the importance of protection methods like hashing and encryption since “If an intruder circumvents other security controls and gains access to encrypted data, without the right cryptographic keys, the info is unreadable and unusable thereto person.” Our solution was designed with certain elements especially with PCI Compliance in mind, sporting features such as:

Strong hashing (SHA-2) and encryption (AES-256) to render PAN unreadable.

Key-splitting and homomorphic key encryption to guard the integrity and security of the keys.

Only partial keys are stored in any location, and people parts also are encrypted.

Exact mathematical descriptions and proofs of strength of protocols, which are validated by leading cryptographic experts.

Supports AES 256 and RSA public keys from 1024 to 4096 bits, and secure storage of keys of all major cryptosystems of any length.

Encrypting Transmission: the answer 

According to the PCI standard, sensitive information must be encrypted during transmission over networks that will be accessed by malicious individuals. Whichever solution you employ, confirm that:

All communications within the system are always encrypted.

SSL/TLS is usually enabled and can't be transitioned .

There are mechanisms for issuing certificates for SSL/TLS encryption on a per-customer per-project basis.

Your solution supports IPsec communications between cloud servers.

Securing Systems: the answer 

Choose an answer that helps you update the newest software patches quickly and simply .

Requirement six emphasizes the importance of keeping systems up so far with “the last released, appropriate software patches” so as to eliminate security vulnerabilities that would be exploited by hackers or inside threats. Choose an answer that helps you update the newest software patches quickly and simply .

Restricting Access: the answer 

Systems and processes must be in situ to limit access supported got to know and consistent with job responsibilities. This requirement relates both to the info itself and to the management and storage of the encryption keys. Encryption may be a good way to isolate data within the cloud. It depends in fact on keeping the encryption keys safe and ensuring no unauthorized person has access to encryption keys. the answer to the present is sort of straightforward: administrators should never be ready to see the keys that are wont to encrypt cardholder data. Keys should be managed by name, and therefore the value is always hidden. Since Administrators don't know the keys, they're unable to decrypt the info.

Assigning Accountability: the answer 

Assigning a singular identification (ID) to every person with access ensures that every individual is unique in charge of his or her actions, in order that operations on critical data and systems are often traced.

Tracking and Monitoring: the answer 

Logging mechanisms and therefore the ability to track user activities are critical in preventing, detecting, or minimizing the impact of a knowledge compromise. Your logs must be secure and stored in a way that they can't be modified.

PCI compliance […] these provisions protect your customers, which successively, protect you.

PCI Compliance within the Cloud: Is it well worth the Effort?

Complying with PCI DSS isn't almost the legality – it's simply good business. There are many requirements for PCI compliance. Perhaps life would be easier without them. But these provisions protect your customers, which successively, protect you. PCI compliance doesn't need to be cost-prohibitive. visible technologies It doesn't need to take tons of your time. But it absolutely does need to be done and it unequivocally is well worth the effort.

About the Author & Porticor

Gilad Parann-Nissany is the Founder and CEO of Porticor, a cloud computing security pioneer. Porticor infuses trust into the cloud with secure, easy to use, and scalable solutions for encoding and key management. Porticor enables companies of all sizes to safeguard their data, suits regulatory standards like PCI DSS, and streamline operations.

Top 10 Things to think about Before Moving to the Cloud

By Neil Cattermull, Director of Cloud Practice, Compare the Cloud

Introduction

The cloud is here to remain and it is sensible to use it. The market is already developing and changes will occur over the subsequent few years which will allow you to possess even more choices than today. Microsoft will inevitably offer an entire hosted solution, alongside Oracle, VMware, and lots of, many others. We also are seeing disparate systems on disparate platforms (AWS, Google, and others) being linked together, managed by complicated orchestration products. the best problem with all of those platforms and services is probably going to be the support element, so when choosing cloud for your business, confirm you're asking the proper questions:

1. What cloud services does one need?

In order to settle on the choice that's best suited to your business, it's vital to know exactly what cloud services you would like.

In order to settle on the choice that's best suited to your business, it's vital to know exactly what cloud services you would like. There are numerous on the market, from full infrastructure hosting and application delivery to managed backup and disaster recovery services. albeit you simply want to maneuver one or two of your services to the cloud at the instant, believe whether you'll want to increase this in years to return. Choosing a provider that gives all of them could offer you more flexibility at the end of the day. one among the features of a cloud solution is its ability to proportion and right down to match your size, but you ought to still make sure that the provider’s capabilities match your plans for growth.

2. Who am I dealing with?

Many cloud companies don't actually have their own infrastructure but resell from others. This needn't be a drag – it's common practice for a cloud provider to sell services via a channel of smaller resellers – but you ought to confirm you recognize who is really providing them! it's quite possible that you simply will receive better support from a smaller value-add reseller, but you would like to understand whose customer you're , and who is ultimately liable for the services you're buying.

3. What about the contract?

Standard hosted contract terms are often 24 – 36 months, with shorter terms generally attracting higher costs. Some cloud providers, however, are now beginning to offer 12 months or less contract or “pay as you grow” option. this will be helpful if the provider is new to you or maybe new to the marketplace, and can allow you to measure the sort of service you'll receive without making an extended-term commitment.

4. The Service Level Agreement

Don’t get tied into a service that just isn’t working for you.

This is vital. Don’t get tied into a service that just isn’t working for you. Check the terms and conditions for material breaches and downtime. Many providers offer compensation but this is often likely to be insignificant compared to a loss of service for your business if your entire company’s infrastructure is running remotely. an honest provider will offer you the choice to terminate the service if the SLA is consistently breached but beware there are many providers that will not.

5. Where is my data?

There are numerous reasons why you ought to know this. If you are doing not know where your IP (intellectual property) or data is, then how are you able to get this back if you fall out together with your provider? it's YOUR data and you would like to understand where it's. an honest provider will offer you access thereto, regardless of the circumstances, at very short notice. Beware “safe harbor” agreements too. Although they're designed for data protection, they often fail to face up if challenged. If you're offered one, have it checked thoroughly by a lawyer.

6. Security

You must make sure that your provider has acceptable security to safeguard your business.

This is a really important point and it should be right up there with “should I even have cloud services for my business?” At the top of the day, your data is accessible from the web (and we all use it in one form or another). you want to make sure that your provider has the acceptable security to safeguard your business. ISO standards are an honest base to grade the provider’s competency during this area, but there are many other standards that will even be adhered to. Note that if you're regulated by an administration like the FCA (FSA of old) or HIPAA (health care), additional security standards are required. confirm these aren't just a tick-in-the-box accreditation – challenge the provider on what they provide.

7. Internal policies

As well as being good security practices, security policies for your business are essential for cloud services. ‘Password123′ isn't good enough!

Staff will use applications to share information, whether you recognize it or not. on average, internet users have 25 password-protected applications they manage, but only six (or less) unique passwords. employing a cloud password management platform that permits employees with one password to access all their applications (single sign-on) will help to supply a far better experience while securing company access and data.

8. Check for hidden costs

One major problem with all the choices available today is to normalize the offerings and obtain a good comparison. you'll compare features and functions with a touch of research – using comparison tools like those on Compare the Cloud – however, providers differ not only in functionality but also in costs and billing methods.

Make sure you get to the rock bottom of the provider’s pricing. For example:

CPU costs: 2 Core (@2.5GHz) with 2GB RAM costs £x.xx /instance/month

Storage costs: Cost of 1 GB usable storage, SAN/NAS supported 10TB base infrastructure = £x.xx/GB/month

Backup costs (£x.xx/GB backed-up)

Network costs: (£x.xx/GB/month transferred in and/or out)

9. Availability

Consider how your company’s business handles network, system, and other failures. Does the cloud infrastructure got to be highly resilient, or can individual parts fail without causing a serious service interruption?

A good cloud provider will have a replicated copy of your infrastructure (for their own internal disaster recovery plan).

A good cloud provider will have a replicated copy of your infrastructure (for their own internal disaster recovery plan). Some providers will charge you for this and a few providers will simply not have this and gloss over the discussion with you. an honest start would be to debate where your provider is hosting your service – data center – and ask about the Tier level. Every data center is often graded by this tiering (and should be) and therefore the results are going to be obvious for you to know once you receive them.

Tier 1 = Non-redundant capacity components (single uplink and servers).

tier 2 = Tier 1 + Redundant capacity components.

Tier 3 = Tier 1 + Tier 2 + Dual-powered equipment and multiple uplinks.

Tier 4 = Tier 1 + Tier 2 + Tier 3 + all components are fully fault-tolerant including uplinks, storage, chillers, HVAC systems, servers etc. Everything is dual-powered.

A Tier 4 data center is taken into account because the most robust and less susceptible to failures. Naturally, the only maybe a Tier 1 data center employed by small businesses or shops.

10. When it all goes wrong

So you now have a cloud service or multiple services, and it all goes horribly wrong. How does one migrate faraway from the incumbent failing provider? confirm that you simply aren't handcuffed to large exit bills and contract penalty clauses. information technology training

There are some test cases where clients were asked to pay extortionate fees just to stay their cloud services running after the firm went into financial hardship.

If your business is considering a move to the cloud and you would like some advice, contact Compare the Cloud’s Cloud Practice Group and we’ll provide you some free advice and details on other ways we could also be ready to help make your transition a smooth and happy on