Time to Embrace a Security Management Plane in the Cloud

There’s an old saying that change is the enemy of security. To avoid disruptive changes, many cybersecurity professionals strive for tight control of their environment and this control extends to the management of security technologies. Experienced cybersecurity professionals often opt to install management servers and software on their networks so that management and staff “owns” their technologies and can control everything they can.

Now this type of control has long been thought of as a security best practice so many CISOs continue to eschew an alternative model: a cloud-based security management control plane. 

Topics: Cybersecurity SaaS SIEM CISO software-as-a-service (SaaS) SOAPA

The gold standard for data protection keeps evolving

Yes, of course, data protection has to evolve to keep up with how production platforms are evolving, but I would offer that the presumptive ‘gold standard’ for what is the norm for those on the front lines of proactive data protection is evolving in at least three different directions at the same time. 

Here is a 3-minute video on what we are seeing and what you should be thinking about as the evolutions continue.

Topics: Data Protection SaaS Virtualization

Cloud-Powered Data Protection — Definitions and Clarifications

We continue to see a great amount of interest in combining “data protection” and “the cloud” – but also a great deal of confusion, in that there isn’t such thing as “the cloud.”

Topics: Data Protection Information and Risk Management SaaS cloud storage software-as-a-service (SaaS)

Your SaaS Application needs to be Backed Up!

As I mentioned in my Data Protection Predictions for 2015 video, SaaS backup should be on the top of anyone's mind who is running for the clouds: namely Office 365, SalesForce, or GoogleApps. According to ESG’s 2015 IT Spending Intentions Survey's five-year outlook for SaaS, over half of IT organizations will move from on-premises Exchange servers and File/Collab platforms to cloud-based SaaS services, with many already on their way:

Topics: Data Protection SaaS software-as-a-service (SaaS)

Amazon and SaaS are winning IT hearts and minds

Amazon Web Services (AWS) seems to be winning more than just IaaS business lately, they seem to also be winning the hearts and minds of the client base they serve. What’s more, these Amazon devotees aren't just limited to newer, “Internet age” companies; they also seem to be making serious inroads with older, more traditional corporations as well. As evidence, ESG conducted a recent survey of existing AWS clients and found that nearly 80% of those Amazon customers that have been in business between 1-10 years and 10-50 years, cite Amazon as either their most strategic technology vendor or one of their most strategic vendors. Even some percentage of older and more established companies (i.e., those 50 years old and up) that otherwise might be considered more conservative and risk averse, identify Amazon as either a strategic partner or valued technology partner.

Topics: Cloud Computing SaaS Amazon AWS

EMC’s Data Protection Portfolio Now “Spans” Cloud-based Workloads

There are several “disruptive” trends in IT.  And when vendors talk about disruptive, it's usually in regard to some new feature/service that does things differently. But from my perspective, one of the most disruptive trends in data protection is that traditional workloads are leaving the data center.  According to ESG’s 2014 IT Spending Intentions Survey research report, traditional workloads like “file/collaboration” and “e-mail” are moving from data centers to cloud-providers, e.g., Office365 and GoogleApps.

Topics: EMC Data Protection SaaS Cloud Platforms & Services

HP Acquires Eucalyptus

HP announced on September 11, 2014 that they had entered into an agreement to acquire Eucalyptus. Eucalyptus is a vendor of private IaaS services. Eucalyptus is a startup with fewer than 100 employees and around $55 million in venture funding. Eucalyptus doesn’t have an application development and deployment (AD&D) play but could certainly provide the foundation for a private PaaS. HP, despite their unusual acquisition of Mercury Interactive back in 2006, is otherwise not in the AD&D business. However, Eucalyptus does put HP a partnership or acquisition away from PaaS, so let’s look at the potential motivation of the deal.

The Eucalyptus acquisition is about helping HP customers gain better leverage from their investments. Eucalyptus is a way to show material value to HP’s installed back of server, storage, and networking customers and show that HP can be forward-looking. This is also a low risk acquisition for HP for two reasons. First the acquisition didn’t cost HP that much (less than $100 million, it is rumored) and second, the Eucalyptus technology will help build out HP’s Helion brand, which will enhance its private IaaS appeal.

Topics: Cloud Computing Application Development & Deployment Enterprise Software SaaS Systems Management Public Cloud Service Cloud Platforms & Services

Do you need an Oracle to see the Cloud?

Last week was an interesting week where I started out in New Hampshire in single digit weather with promise of 2 new snow storms and ended it in Palm Springs, CA where the temperatures were "unseasonably" warm in the 90s. Personally, I’ll take unseasonably warm anytime anywhere. The reason I was in Palm Springs was for an Oracle Cloud Summit. The summit happened to be right in the thick of the BnP Paribas Open – a pro tennis event held at the Indian Wells Tennis Garden that has two large stadiums, a ½ dozen small ones and several dozen courts. Needless to say – about as 180 degrees in every way from freezing, snowy New England.

And speaking of 180 degrees – Oracle has come a long way since their CEO’s 2008 proclamation about the cloud. Take Oracle’s acquisition of assets like Nimbula, which they are leveraging to help them manage and orchestrate cloud resources – public and private.

Topics: Cloud Computing Oracle SaaS Systems Management Public Cloud Service Cloud Platforms & Services

Gravitating to the Cloud

If you are a CIO/IT manager at an enterprise there seems to be a lot of promise but also hype when it comes to the cloud. And god forbid you get a real and consistent definition of what cloud is. That said, there are so many people talking about it and so many great ideas and offerings, there just has to be some reality in it all. Right?

Topics: Cloud Computing SaaS Public Cloud Service Cloud Platforms & Services

How do you back up SaaS? I'd like to know

You can’t have an IT “modernization” discussion without bringing up the cloud. And in the realm of data protection, that comes in a few obvious flavors:

Backup as a Service (BaaS) – where your data is backed up either directly to a cloud provider or first to a local appliance and then to that provider. The latter gives you faster restore and other performance-related benefits, but the end result is the same.

Disaster Recovery as a Service (DRaaS) – where entire parts of your infrastructure, usually whole VMs, are replicated to a cloud provider, with the ability for you to bring those VMs online and resume business services from the provider’s infrastructure after a crisis. Some DRaaS solutions even provide BaaS as a side benefit.

Cloud-Storage for your On-Premises Backup – where your existing backup solution is working fine, but you’d like another copy of your data outside of the building – and cloud economics are interesting. Great, add cloud-based storage as a target to your on-premises backup server …or back up (BaaS) your backup server to the cloud. Either way is okay.

But instead of talking about data protection AS a service … what about data protection OF a service?

Many of us put our data into SaaS (software as a service) solutions today – e.g. SalesForce. We assume that SalesForce (or any other SaaS solution) has multiple points of presence on the Internet, and that they have resiliency between sites. The assumption is that if a site were to have a crisis, the other site(s) would still be available. For some large SaaS solutions, that may be enough – though it can still be hard to document (or test) when doing a BC/DR audit.

But what about if the SaaS provider goes dark?

Maybe out of business? Perhaps a victim of Denial of Service attacks or broad data corruption (that is then replicated between sites). What is your plan?

Do you back up the data from your SaaS provider?

In what format(s) is the backup in?

Is the data readable or importable into a platform that you own?

How would you bring the functionality back online for your local users? for your remote users?

Most importantly, have you tested that recovery?

This is not a blog post where I offer you answers, but one that I wanted to pose some questions for discussion.

Topics: Cloud Computing Backup Data Protection Information and Risk Management SaaS Public Cloud Service