Presentation on theme: "Funded by European Commission Andreas Hermsdorf / pixelio.de Questions & Answers on Cloud Issues."— Presentation transcript:
Funded by European Commission Andreas Hermsdorf / pixelio.de Questions & Answers on Cloud Issues
Short Disclaimer(s)! 2 The following questions have been derived following preparatory discussions with the organizers They have been tranlated from Spanish to English (which might imply some loss in semantics) The provided answers represent the presenter’s viewpoints and contribution to the round table discussion
Q1 – Public vs. Private Clouds for Security 3 Question: Are private clouds more secure than public ones? Is there a type of cloud infrastructure that is secure? Answer(s): Private clouds can be more secure than public ones, given that the physical ownership of the infrastructure provides greater control (e.g., control over physical servers, firewalls etc.) However, building a secure private cloud is challenging and requires significant expertise. In practice several private cloud offer similar/analogous levels of security as public clouds. Public Cloud services (high quality) tend to offer decent cloud services (including encryption and implementation of regulations). However, for sensitive data it is recommended that user implement encryption as well, and that they keep the management of the encryption keys. In practice SMEs do not have the time and resources to build a secure private cloud Public clouds tend to be more convenient and less costly Private clouds should be seriously considered when a large number of internal users/customers needs to be served
Q2 – Adherence to CSA Guidelines 4 Question: The Cloud Security Alliance (CSA) has identified some good practices (e.g., monitoring of traffic from clients, detecting possible illegal activities, identification of black-lists of IP addresses). Is the majority of the vendors applying these recommendations in their cloud access policies? Answer(s): In general CSA’s members promote and adopt its good practices and guidelines. There are examples of companies that implement CSA guidelines (e.g., Clone Systems http://www.clone-systems.com/).http://www.clone-systems.com/ There are also security auditors that perform audit based on CSA guidelines (e.g., SECLUD http://secludit.com/).http://secludit.com/ CSA is a trustful and reputable organization, with close collaborations with institutional stakeholders and global players with NIST, EC etc. Adherence to CSA Guidelines and Good Practices is therefore an asset for solution providers and something that end-users should seek for.
Q3 – SLA Violations 5 Question: Despite guarantees in the SLAs user expectations are sometimes not met. Is the problem due to insufficient advice or inability to read the «fine print» in the agreements? Answer(s): SLA = Contract between IT provider and a business to provide a certain level of service (e.g., availability, response time, maintenance windows, recovery time etc.) – Availability is most common SLA’s are in general difficult to understand (e.g., minimum SLA for the cloud services you are using does *NOT* translate into an overall SLA for your solution) and very expensive to meet (as the consaints become more stringent) Right approch: Be a pessimist - assume the worst possible case. Understanding SLAs is as important as reading the fine-print Fine-Print includes information about liabilities of the providers in case a service in not met – They are not enough especially if you are using multiple cloud services
Q4 – Cloud Adoption & IT Departments 6 Question: IT Departments (personnel) might be hesitant to accept a move to cloud computing. Is this a set back to adoption? Answer(s): Cloud Computing is not only about technology, but also about people, management and organization. The cloud can change the balance of power, impact politics, roles & responsibilities, especially in the IT department. Internal resistance can hinder the roll-out or use of cloud services. Acknowledge as a set back by 50% of (2785) senior IT professionals interviewed in the scope of VMware's Cloud Index 2013 (conducted by Forrester Consulting, October 2013).
Q5 – SME Cloud Providers vs. Giant Cloud Providers 7 Question: How could SME cloud providers strenghen their sales position against giant vendors? Answer(s): SMEs cloud providers cannot compete mainstream giant providers (e.g., Amazon, Google, Microsoft) in terms of economies of scale and cost-of-service. SMEs should focus on niche markets (i.e. Novel cloud-based products and services beyond conventional compute services, storage services etc.) SMEs could also offer more personalized & customized services to clients, for example through: Offering localized services (e.g., tailored to the needs of a region or country) Negotiating cloud contracts (beyond standard terms and conditions)
Q6 – Trusting data to a Provider that might go bankrupt 8 Question: Do you think that user companies might be hesitant to give their data to companies that might eventually go bunkrupt (e.g., due to financial problems)? Answer(s): This is a primary concern for cloud users Alleviation tips: A lot of research is needed prior to selecting a cloud provider A plan for porting your data to an alternative provider should exist Safest option: Keeping (for selective sensitive data) your own copy (e.g., in a NAS storage) Part of cloud contract: Options a provider offers in case of cease of service (e.g., download your data, help in porting to anotther provider etc.)
Thank you! 9 CloudingSMEs Accelerating the adoption, deployment and use of Cloud Computing by SMEs EU funded Project by 7th FRAME WORK PROGRAMM - FP7 No. 609604 Project Coordinator: UEAPME aisbl European Association of Craft, Small and Medium-Sized Enterprises Rue Jacques de Lalaingstraat 4 * B-1040 Brussels Tel.: +32 2 230 75 99 Fax: +32 2 230 78 61 Lorenzo Accardo, UEAPME email@example.com firstname.lastname@example.org Luc Hendrickx, UEAPME email@example.com firstname.lastname@example.org Contact
Partners 10 UEAPME aisbl European Association of Craft, Small and Medium-Sized Enterprises, Rue Jacques de Lalaingstraat 4, B-1040 Brussels, Belgium, Tel. +32 2 230 75 99, Fax +32 2 230 78 61, email@example.com, www.ueapme.comwww.ueapme.com EuroCloud Deutschland_eco e.V. Lichtstraße 43h, D-50825 Köln, Germany, Tel. +49 221-70 00 48-0, Fax +49 221-70 00 48-111, firstname.lastname@example.org, www.eurocloud.dewww.eurocloud.de Pan European ICT & eBusiness Network for SME SMESecretariat,4, Rue Jacques de Lalaing, B-1040 Brussels, Belgium, Tel. +32 22850726, Fax +32 22307861, email@example.com, www.pin-sme.euwww.pin-sme.eu Bundesverband IT-Mittelstand e.V. Augustastraße 78-80, D-52070 Aachen, Germany Tel. +49 241 1890 558, Fax +49 241 1890 555, firstname.lastname@example.org, www.bitmi.dewww.bitmi.de PROMIS@Service Sarl 21 Rue de Nassau, L-2213 Luxembourg, Tel. +352 273510 1, Fax +352 273510 28, email@example.com, www.promis.euwww.promis.eu EBS - Electronic Business Systems Ltd. Laskou 38, Papagos, 156 69, Attica, Greece, Tel. +30 210 674 7631, Fax +30 210 674 7601, firstname.lastname@example.org, www.ebs.grwww.ebs.gr Karlsruher Messe- und Kongress-GmbH Festplatz 9, D-76137 Karlsruhe, Germany, Tel. +49 721 3720-0, Fax +49 721 3720-2116, email@example.com, www.karlsruhe-messe.dewww.karlsruhe-messe.de Ecipa Lombardia Soc. Coop. Via Eraclito, 10 I-20128 Milano, Italia, Tel. +39 02 27000612, Fax +39 02 2571760, firstname.lastname@example.org, www.ecipalombardia.itwww.ecipalombardia.it