Cloud Management and Security: Being Ready
Well it seems like yesterday since my participation at TM Forum Management World 2010 in Nice, France, during May 17 2010 week. Specifically, I participated in a wonderful session, Opportunities, Business Models & Requirements for Cloud Providers.
Having just returned from Paris, France where I had presented at the Cloud Telco 2010 Conference, I could not help but pick up on common themes of Cloud Management and Security and will state that management and security are absolute table stakes when developing a sustainable Cloud-based service architecture blueprint. Further, another theme for discussion was the role of network virtualization (not a new concept by the way) specific to the network infrastructure enablement e.g. multi-tenancy. Architecturally, considerations such as proximity of the network to the data center infrastructure itself as to mitigate latency and ensure the required quality of service when moving virtual machines were also common topics for discussion at these venues. Oh yes, it is no surprise that with the launch of Cisco’s CRS-3, we have integrated the Network Positioning System (NPS), that implements L3-L7 best path for content.
However, in focusing on cloud management there is the notion of “on demand” as opposed to hours, days and weeks. Therefore cloud management autonomic flow-through provisioning may be the norm and will consequently have implications to OSS systems as these move to cloud management architecture as I highlighted at the Cloud Telco 2010 Conference in my presentation last week:
In the context of cloud security, there are few fundamental questions-considerations that may serve as inputs to developing a cloud security blueprint and by no means comprehensive, such as:
- Where is my data?
- Geographical location of data
- Who is accessing it on the physical and virtual servers?
- Is it segregated from others?
- Can I recover it?
- What is the threat vector for cloud services?
- How do I identify the weakest link in cloud services security chain?
- Would centralization of data bring more security?
- Federated trust and identity issues
- Who would manage risk for my business assets?
- And, can I comply with regulatory requirements
Finally, next week the ITU-T will kick off it’s first Focus Group meeting in Cloud computing, June 14-16, Geneva, Switzerland.
I do look forward to hearing your thoughts on cloud management and cloud security.