Elastic Security

Icon

Security for the Cloud

March 30, 2011 • 14:57 0

IT Consumerization vs DevOps?

There are two terms that are referred to significantly often in discussions about cloud computing, its drivers, and its impact. The first term is DevOps – a combination of the terms development and operations. It refers to the fact that the tasks of developers and system administrators get increasingly closer in a cloud-based IT world where infrastructure resources become programmable fostering application centric deployment and agile development processes. System administrators are supposed to write sophisticated scripts to automate large parts of operations and think as a developer. (Interesting Links: [here][here] and [here])

The other term is “IT Consumerization” – it refers to the observation that applications, tools, and technologies from the consumer world find their way into the enterprise. This movement has several drivers: employees that are getting more and more mobile are necessarily forced to access their data from different locations and devices (laptops, mobile phones, PCs). As a consequence, enterprise IT infrastructures become ubiquitous and heterogenous: the former one-size-fits approach of IT departments to centralize administration, management, and security of every PC, is no longer feasible today with the number of increasing devices and accelerated technological progress. Thus, employees are given more and more control about what devices and tools they can pick (BYOT – “Bring You Own Technology”). This movement opened the door into the enterprise for SaaS tools like GMail or Salesforce – but also for cloud infrastructure services such as Amazon EC2: quickly need a demo-machine? need some machines for load-testing? need to share some really big files? Amazon EC2 offers the immediate solution to it – without following the lengthy processes of the IT department that may result in rejection of the demand or a purchase with a delivery that takes several weeks. Speed and simplicity play an important role here. (Interesting Links: [here][here] and [here])

While people assume that both are just two sides of the same medal, I find they are somehow conflicting movements. The DevOps movement requires highly skilled IT workers that combine the competences of developers and system administrators and that are able to write sophisticated automation scripts. IT Consumerization means a shift from classical heavy-weight tools (such as HP OpenView, for example) to a broad variety of simpler tools (mostly SaaS tools) that focus on specific use-cases, have a much smaller feature set than classical tools, and are far easier to use. Those tools (let’s cite Pingdom for monitoring as an example, but also the EC2 Management Console) take away a lot of the burden of administrators, extremely simplify their work, and thus even allow less-skilled people to manage a big part of the IT needs of a company.

Is there an error in my reasoning? Where’s the breakup? Feedback welcome!

Filed under: Cloud Computing, Discussions, ,

March 25, 2011 • 18:10 0

Security THE differentiator between cloud computing offerings

I’ve read a very interesting and different post about security in cloud computing and more precisely IaaS (Infrastructure as a Service).

Tons of articles and surveys about security being the major obstacle to cloud computing and lots of FUD are current, but Andreas M. Antonopoulos dared to offer a new perspective of security as THE differentiator of IaaS offerings. I have especially like the part:

“Security is like a liquor license to a restaurant — an opportunity to up-sell each customer with a high-profit margin product to balance out the dismal or loss-leading margins of the core product. Security is the single most profitable differentiator that a service provider can add to IaaS to have any hope of making money. Security is brand-sensitive, labor-intensive, infinitely customizable and difficult to scale. That makes security the perfect differentiator that can add value to a bland IaaS offering.”

As a security provider for IaaS I’ve to strongly agree with this new perspective and we are currently working with hosting companies and IaaS providers in order to make this perspective come true.

For us, the main challenges ahead:

  • Heterogeneity: There are several cloud stacks (AWS, OpenStack, VMWare, Nimbula, Eucalyptus just to name a few), so it is hard to build solutions for all and  moreover they offer different functionality
  • Focus: Security is a real and hard problem (please check the guidelines of the Cloud Security Alliance if you want to go deeper), but we have to focus on customers needs with an incremental approach and try to build solutions for each need (there is no silver bullet)

What do you think about these challenges?

Thanks Andreas for the refreshing article

Filed under: Uncategorized

March 23, 2011 • 16:30 0

Impressions from CloudOps Summit

Last week I attended the CloudOps Summit in Frankfurt. The motto of this conference was “Run the Cloud” and the central idea to show how cloud computing is already used today, how hands-on solutions and architectures look like, how cloud systems are operated, and what tools are already available.

While web-startups almost immediately understand the advantages of public cloud infrastructures such as Amazon EC2, Rackspace or GoGrid and already use those intensively to avoid up-front investments into hardware, scale their infrastructure dynamically to their needs, and benefit from a pay-per-usage model, established enterprises are much more hesitant in adoption – mostly due to security concerns, fear of vendor lock-in, the costs for migrating their legacy data, or the constraints of remaining compatible with existing software. This leads to the funny situation that the big ones listen carefully to learn from the new and small ones.

The conference started with a couple of short 6-minute “lightning talks” and was followed by parallel tracks about architecture, management, operations, and presentations of startups.

Some highlights from the Lightening talks

Jean-Paul Schmetz explained in his keynote that cloud computing means that everything becomes software in the cloud – storage, memory, CPU – they all have become resources that can be created and destroyed programatically on demand. Hardware are fixed assets that requires planning, budgeting, and thus accurate predictions of the future, something very hard to achieve in a world of constantly-changing requirements and needs.

Chris Boos sees in cloud computing the big opportunity for system administrators to ged rid of the boring part of operations and maintenance and to concentrate on the interesting and challenging tasks of creating new things. Cloud computing and its inherent need for automation actually liberate the rare IT experts and revalue their skills.

Nicolas Plögert from Sharewise showed how his company outsourced almost all non-critical business processes to more than a dozen of web-services – communication, billing, customer relations management to name a few.

Florian von Kurnatkowski told us that even the automative industrie wants to make their internal network (ENX) more flexible by transforming it into a cloud infrastructure.

Startups

In the startup tracks (in which I presented Elastic Detector, our cloud security monitoring service) there were a couple of interesting products around cloud infrastructures:

ScaleUp builds software that helps providers to build their own public clouds. There focus is on account management, provisioning, and managing the “point of purchase”, i.e. the spot where providers and consumers meet.

Scalarium provides a SaaS product that allows to deploy and scale web-application for Amazon EC2.

CloudSafe allows to store and share critical documents in the cloud. All data is encrypted and different access models are supported.

CentralStationCRM is a CRM SaaS product targeting small companies that are over-whelmed by the complexity of products like Salesforce.

SemYou aims to combine the simplicity of an app-store with the flexibility of SaaS applications. There goal is that users can activate any kind of web-application with a single click on their computer that will run transparently in the cloud.

Impossible Software allows to create “dynamic videos” where logos and brands can be integrated in video templates.

Thanks to the organizers for their great work and looking forward to another CloudOps Summit in Frankfurt next year! All presentations are available behind this link.

Filed under: Cloud Computing, Discussions, Solutions,

March 9, 2011 • 16:49 0

CloudyScripts Supports New Amazon EC2 Region: Asia Pacific (Tokyo)

Amazon announces that a new AWS Region in Tokyo is supported (see AWS blogpost for more information).

CloudyScripts WebSite

CloudyScripts has been updated in order to support this new AWS Region.

This AWS Region is available in all the following CloudyScripts:

  • Convert Instance-store AMI To EBS-booted AMI: Takes an instance-store AMI, instantiates it, copies the boot-data to a temporary EBS volume, takes a snapshot of this EBS volume and registers the snapshot as EBS-booted AMI. As a result, the new AMI behaves exactly as the original AMI, but boots from an EBS volume.
  • Copy Ami to Different Region: Creates a copy of a given AMI and make it available in another region. Therefore, instances are created in both regions that perform copying (via rsync) of all files from a volume in the original region based on a snapshot created for the original AMI to a clean volume in the target region. After successful copying, a snapshot is performed in the target region and registered as AMI.
  • Download a Snapshot: Allows to download a snapshot as zip-file. Therefore, the script starts up an instance with a web-server, creates and attaches an EBS volume from the specified snapshot, zips the snapshot data, and makes it available as download link for 5 minutes.
  • Copy Snapshot To Different Region: Creates a copy of a given snapshot and make it available in another region. Therefore, instances are created in both regions that perform copying (via rsync) of all files from a volume in the original region based on the specified snapshot to a clean volume in the target region. After successful copying, a snapshot is performed in the target region.
  • Encrypt Storage Using dm-crypt: Allows you to encrypt an EBS storage using the dmcrypt tool. The script transforms an EBS volume (which must already be attached to an instance) into a dm-encrypted volume, creates a file-system (ext3), and mounts it to the specified path.

CloudyScripts Community AMI

The CloudyScripts Community AMI has also been updated in order to support this new AWS Region. This AMI can be found in EU East (Northern Virginia) Region with the current AMI ID ami-f291639b.

Any feedback is greatly appreciated, so do not hesitate to contact us.

/fred

Filed under: AWS, Cloud Computing, , , , ,

March 8, 2011 • 17:05 0

Elastic Detector Launch

We have launched a private beta program in December 2010 and first of all we would like to thank all our beta testers for their feedback and comments.

For the last 2 months we have been busy improving Elastic Detector by integrating new features that suit your needs such as more powerful graphs and daily reports. Such features are built on top of our auto-check technology, that allows to ensure the security of your infrastructure with near zero configuration.

We are really excited to announce that the first version of Elastic Detector is ready.

Elastic Detector helps you to achieve full visibility of your Amazon EC2 deployment and monitors your security groups. You may give it a free try for 1 month. Configuration takes only 2 minutes,and then you may check Elastic Detector improving the security of your infrastructure in real time.

We will be very happy to count you among the Elastic Detector Community and we are committed at continuously securing your infrastructure on Amazon EC2.

Filed under: AWS, Cloud Computing, Elastic Security, IaaS, SaaS

Twitter Updates

Follow

Get every new post delivered to your Inbox.