I can remember back in the day when we connected to the Internet via a modem and were charged by the minute while accessing the “Information Superhighway”. Now, the Internet and really, the network it runs on, has pretty much become invisible to the naked eye. Just as we expect the lights to turn on when we flick a switch, we also pretty much expect the internet to always beon and always available without thinking twice about it. Internet service providers have gotten past the point of only wanting Wi-Fi in your house to now working on providing connectivity to the entire city, giving the metro user internet access from inside and outside of your home or office.
There are threats to the cloud and there are risks within the cloud. A recent article from Tech Target Search Security blog spurred several thoughts. The main claim here is that there are not enough people who can differentiate threats and risks enough to talk to business leaders who may know very little about security, but do know the business. I have been known to state that there are prominent threats to my data once stored in the cloud and that we should plan to alleviate those threats to reduce our overall risk. But what is the risk?
VMware vCenter 5.1 implemented a new security feature, Single Sign-On (SSO), that uses the Security Assertion Markup Language (SAML) to exchange security tokens. This combats an extremely well known and prevalent attack within the virtualization management trust zones: SSL Man in the Middle (MiTM) attacks. However, vCenter still supports the old SSL methods as well for backwards compatibility and to allow management when SSO is not in use. However does this change how we look at virtualization and cloud management security best practices? Is this a launch point for implementing other authentication techniques?
Through a variety of initiatives including the Insime spin-in and the acquisition of Cloupia, Cisco is signalling that it is heading in the direction of becoming a management software vendor for virtualization and the cloud. This amounts a sharpening of the competitive knives with respect to VMware, and may position Cisco to become a factor in the disruption of the legacy management software businesses of IBM, BMC, HP and CA.
Waratek is a one-off company with a disruptive technology (remember VMware was like this once) that forces you to reset your undertanding of how things could work. Waratek’s big idea is that you virtualize as high up the stack as you can because that gives you the best benefit in terms of sharing infrastructure.
Putting an entire N-tier application system into a private or hybrid cloud appears to create something that does not fit into the existing definitions for IaaS, PaaS, or SaaS. We need to determine if a new category of cloud computing is warranted. And then if it is, we need to find some appropriate and non-offensive name and acronym for it.
At a dinner party recently, I was asked “does information want to be free?” This question is based on information that exists within the cloud today or tomorrow: Data in the Cloud. It is an interesting question with a fairly ready answer. Information is Power, it is people not information that controls information. Granted we have a massive abundance of information within the cloud today, is it trying to be free, or are people trying to make it free to everyone? In addition, is all this information even true or accurate?