Category Archives: Security

Oracle Introduces Oracle Government Cloud For North American Region

Oracle Introduces Oracle Government Cloud For North American Region

Tech giant Oracle launched the Oracle Government Cloud today in the North American region with an aim to strengthen its connection with government agencies as the top cloud service provider. The Oracle Government Cloud, in its essence, is an advanced form of the Oracle Cloud solution, delivering a broad and complete portfolio of public, private and hybrid cloud offerings.

Through a news release on its website, Oracle claimed that its new cloud solution is the ‘best-in-class’ option available in the market that offers ‘integrated capabilities across multiple service options’ for government agencies.

Oracle’s announcement comes on the back of the United States government’s latest Cloud First policy which stemmed from the critical financial reality of the country, as the US looks to reduce the cost of management and maintenance of its IT-related operations.

In the news release, Oracle stated that by deploying an innovative solution in the form of the Oracle Government Cloud, government agencies would be capable of availing themselves more agility and options as they manage operations and deliver constituent services.

With packages like the Oracle Service Cloud, Oracle RightNow Policy Automation and Oracle Learn Cloud, these agencies would also be able to streamline a breadth of business processes, from financial and human resources management to customer service and project management.

Oracle also announced that it would soon make services like Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) available to its government clients on the cloud platform. In an interview with the Wall Street Journal, Adelaide O’Brien, Research Director of IDC Government Insights said that the announcement from Oracle holds deep significance in terms of the current landscape of cloud technologies in the government sector.

With Oracle Government Cloud, Oracle provides government organizations with a secure, flexible platform that helps them realize new efficiencies, respond quickly to changes in legislation and policy and deliver excellent constituent service,” he opined in the interview.

The Wall Street Journal also quoted Mark Johnson, senior vice president of Oracle Public Sector, who stated that: “We are very excited to meet our public sector customers’ demands for a highly secure, robust suite of cloud solutions built for government.”

The maturity and transparency of the standards-based Oracle Government Cloud will enable agencies to confidently move mission-critical government applications to the cloud without compromising security, performance, or reliability,” he added. “We are committed to helping agencies enhance operational efficiency through the cloud,” the VP further said in the interview.

By Blake Adams

Three Tips For Tackling Bring Your Own Cloud (BYOC) Within Your Organization

Three Tips For Tackling Bring Your Own Cloud (BYOC) Within Your Organization

Three Tips for Tackling Bring Your Own Cloud (BYOC) Within Your Organization

It’s the latest tech acronym: BYOC or Bring Your Own Cloud. Personal cloud services are convenient, inexpensive, and always available. They also have the potential to wreak havoc on the enterprise in ways we haven’t seen in quite a while.

In a world where “Dropbox” is a ubiquitous name and SkyDrive comes pre-loaded on some PCs, employees think nothing of uploading company data to the same cloud they use for storing personal files. From a corporate viewpoint, personal cloud services provide another way for users to compromise security by storing important documents and data outside company walls. An added concern? Several services also make copies of uploaded files to other uncontrolled devices, such as home computers. Overall, when research shows 56 percent of information workers use devices that are unsupported by the network because their employer does not provide devices with similar capabilities, it’s clear we have a problem.

The knee-jerk response of many IT managers is understandable. As individuals responsible for the technical well-being of an organization, the mere thought of how employees can compromise proprietary data without second thought is enough to keep one sleepless for days. (“They’re uploading company financial documents to the same space as their vacation photos?”) No one would blame you for implementing a company-wide, zero-tolerance policy to restrict access and ban apps from the network; however, the first step to solving this growing issue is acknowledging the competition that IT has when it comes to being the final word on office-wide technical solutions.

It’s up to us to recognize that if a digital technology exists on a consumer level, it will eventually find its way into the office regardless of whether it is officially sanctioned, especially when said tools are faster, easier to use, and get the job done better. Instead of fighting an unwinnable war, a better use of time and energy lies in not attempting to turn back the clock or instituting a draconian policy, but finding a solution to the issue as it currently stands.  Here are three solutions to help tackle BYOC within your domain:

  • Reminder of Accountability

As is the case with most matters, getting out in front and communicating is key when it comes to matters of data security.  IT is no longer a silo. Today, it touches every area of the enterprise. With that in mind, end users are not left wandering alone in the dark. If your written policies are not up to date, an overhaul is in order to ensure protocol and expectations are set for all. Most importantly, employees understand how their actions can have the potential to endanger the intellectual capital of the organization. Ideally, policies take an approach that ensures the security of data on-premise, off-premise, and in the cloud.

  • Get the Enterprise Version

Recognizing the need for a collaborative mechanism that serves both management and end users, many consumer cloud services, including Evernote and Dropbox, offer enterprise versions that allow IT departments to centrally manage employee accounts. This is an essential approach that removes the risk of losing valuable data to bitter ex-employees and individuals who fancy themselves as gatekeepers. It also erases the uncertainty of who actually “owns” said documents, since this issue is not always so cut-and-dry when it comes to the personal versions.

  • The Best of Both Worlds

Sometimes the best of both worlds is achievable. A hybrid BYOC solution does exist – a secure personal cloud service that mimics the unique usability of services like Dropbox while hosted on the corporate network. VMware’s Octopus and Google Drive are two options that allow this. This approach recognizes the constantly changing manner in which the enterprise is communicating and empowers users to securely access their files anytime, anywhere, and from any device.

In an era where IT is no longer business-driven, but user-driven, IT managers must ultimately adopt a policy of treating the problem as opposed to the symptoms. By focusing on protecting the intellectual property at the heart of the BYOC dilemma, forward-thinking organizations that stay dedicated to meeting this goal will no doubt achieve differentiation and fare better than the competition. Most important, they will be taking strides to keeping proprietary data safe.

Dan TullyBy Dan Tully,

Dan Tully is executive vice president of Conduit Systems, an IT management services firm headquartered in Lincoln, Rhode Island.  Tully brings more than 20 years of computing experience to his customer base and has assisted some of New England’s largest companies address complex, technology-based issues. To reach him, email ddtully@conduitsystems.com.

Cloud Startup – Evolve IP

Cloud Startup – Evolve IP

Cloud Startup – Evolve IP

Migrate To From On-Premise to the Virtual Cloud via Evolve IP

Evolve-IP

The difference between an on-premise and cloud arrangement is that the former has less redundancy than the latter. This means that the cloud spreads the geographical scope of data in a number of locales, to insure against theft or disaster in a central datacenter. This is indeed the premise of the Pennsylvanian startup, Evolve IP, whose base is in Wayne. There are three major functions of this cloud services-provider, ranging from personifying desktops online to keeping data in various locales on secure servers, not mentioning operating a fully functional call center.

Each deserves mention next:

It is often that electronic devices like computers tend to degrade over life, which might derail certain departments of an organization where they continue in use. This is where the Evolve IP’s virtual desktop comes in. It aids at easing the staff’s access to files in that the user can toggle the hardware to the IP desktop which has technical help, efficiency and backup.The Company’s Remote Desktop

The other characteristic of this virtual desktop relates to the economical aspect of Software as a Service (SaaS). Evolve IP mentions that this option brings down the expenditure of owning a machine at the office by at least 70 percent. This also inversely means extending the lifespan of the machinery.

The final advantage is that there is enhanced productivity, in that the desktop is available in any remote locale for staff members. The admin, on the other hand, can update this toggled interface from a central office. This reduces instances of cloud insecurity if there are any.

Remote Servers

The advantage of collocation that has no boundaries is that it brings down instances of data destruction in a single datacenter. For Evolve IP, there is the extra touch of security in that its cloud platform has ever won recognition in this particular.

Redundancy is another essential ingredient that helps to increase accessibility and minimize the risk of data loss due to its role of decentralization. Evolve IP boasts of nationwide distribution of datacenters, each contributing a part of the total client’s server storage space. Among this includes backup and appropriate applications that can increase compatibility or utility of data.

If going for a private cloud with features of the more complex public sphere, then this startup has a solution in its virtual server. This is the ‘built-in’ scalability capability of the servers. Clients can expand the storage space, at will, and incorporate relevant applications.

Call Center and Remote Economy

Evolve IP also extends a call center with a purpose of offering contemporaneous analytics for users. If there is any alteration in the private cloud or virtual desktop that the user would want to make at a given time, then the apparently efficient, fast and accurate call center is the best way to do this change. This is because it comes with remote agents who are always on the standby to facilitate any such change.

The economical side of the remote call center lies in having all features of a fully-fledged cloud technology for only what is worth: this means paying only for the exact use. One of these is a phone system that creates a user’s frequency within the cloud that has no congestion as opposed to a public line. In other words, one has the PBX and Internet Service Provider and the network service, all in a single place, with the management role falling on this startup.

Pricing

The company uses a mainly ‘predictable’ means of operation, implying that one can already foresee how much phone call or server costs will turn out each month. A helpful pricing tool is a TCO Calculator, which one can download from the site to foresee calling costs.

Therefore, Evolve IP has managed quite well in making desktop, server and voice communication technologies all virtual. What makes the company deserve a firm place in the string of top North America cloud startups is that it provides all features at an economical cost. Finally, there is a scalability option for the private cloud for clients who want to enjoy all features efficiently.

By John Omwamba

SaaS: Secrets Of Churn Revealed

SaaS: Secrets Of Churn Revealed

SaaS: Secrets of Churn Revealed

In today’s business world, technology, specifically software, is ubiquitous in the business environment. It can help track shipments across continents, manage large numbers of employees and control inventories.

For years, companies have relied on software to run their own computer networks and internal structures. But in recent years, the traditional software license purchase has become old fashioned. Many customers and vendors are migrating to a SaaS (Software as a Service) business model.

SaaS is a web based software application delivery system. The SaaS model is simple; the enterprise vendor operates and hosts clients over the internet, and the client enjoys access to all business activities online. Customers pay the vendor monthly fees (annuity payments) (and are usually not required to buy extra equipment or software licenses for using the application).

Unlike traditional consumer oriented web host software, SaaS literally encapsulates the enterprises. This is why the demand for software licenses has remained flat, while SaaS has experienced a big boom. This demand is due, in large part, to its low costs. Business enterprises save on the costs incurred by IT related investments. SaaS fosters innovative ways to be efficient with tasks. It also offers a considerable decrease in deployment time.

Two Types of SaaS

SaaS is of two types; business application and development tools. Business application SaaS entails the software that helps businesses accomplish their tasks accurately and quickly. Examples include client management, such as CRM systems (customer relationship management) and marketing automation. Business Applications are very competitive and very specific. You can find a SaaS provider to satisfy your most complex or unique demands.

The Development Tools SaaS, covers a large industry that aims to provide software for product development and management. Examples include financial and accounting systems, UI (user interface) tools and disaster recovery tools.

In order to stay relevant and profitable, SaaS businesses are ‘on top of it.’ SaaS vendors work hard to develop their product; they do not use intuition to determine performance. They look to reports and numbers that highlight meaningful growth or weaknesses in the system.

SaaS owners should always seek to understand, test and apply key performance indicators. There are many SaaS business metrics that can be used to suit any given business. The 5 most common key metrics used in measuring business performance include; monthly recurring revenue, cost per acquisition, average revenue per customer, lifetime value and churn.

  • Monthly Recurring Revenue serves as a primary benchmark for progress. It is the steady cash flow from client sources, such as monthly subscriptions (measured by subscription monthly revenues owed by a customer over the duration of the months).
  • Cost per acquisition is used to determine the amount of money spent in acquiring the customers and the viability of the process. It is measured by adding the marketing and sales expenses over the average cost per new customer to the business.
  • Average revenue per customer is more straightforward. It is used to determine the revenue already received from customers.
  • Lifetime value of a customer, in essence, is his or her economic value to your company. This figure is determined in different ways, depending on your business model.
  • How many customers does your business lose per month? How many come back for your services? This is defined by churn. Churn measures the percentage of customers that your business loses over a specific duration of time.

A little More about Churn…

The total number of months that a customer stays with the business before cancellation can be determined using churn. SaaS customers often repurchase services every month, making it easy to calculate churn rates. Others purchase services a few times a year and so the churn has to be calculated annually.

Churn rates vary greatly depending on the type of SaaS business; at startups, the total churn is small and the customer base usually grows. When it comes to established companies, if no credible innovations and business adaptations are undertaken by the business, the growing customer base could mean an increase in churn. The higher a company’s churn rates, the longer it takes to break even and turn a profit.

The type of SaaS you offer – and the industry of the SaaS product – have a direct effect on churn. For example, an invoicing application is something crucial to business. Once implemented into a company’s system, there will most likely be a low churn rate. On the other hand, a SaaS entertainment application is more dispensable, so it attracts a higher churn. When budgets become too tight, this will be the first type of service to be cancelled.

A high churn, usually double digits, is a wakeup call for businesses; the product they are offering is not meeting the customer’s expectations. At this point, they should no longer focus on marketing or growing the product. The priority is diagnosing the problem and fixing it- in order to avoid losing any more customers. SaaS providers can easily pin point the problem via feedback; by talking to their customers and asking for suggestions, they can improve the quality of their product.

For those customers who have cancelled; analyze why the customers have left or opted to use a competitor’s product. For potential customers ; approach via surveys, focus groups or test studies, and ask for their opinion on the product.

Getting the churn rate under control is detrimental in sustaining a SaaS business. Thrive to get customer feedback and maintain a good one-on-one relationship. Take the proper measures to retain customers and increase the client base; offer low competitive rates while offering quality services.

SaaS MRR churn‘ is an extension of SaaS customer churn rate. As the name suggests, it focuses on the erosion of SaaS ‘monthly recurrent revenue’ lost. This loss is the result of customers not renewing their contracts with a SaaS vendor.

Churn is always expected to happen no matter how good a SaaS product is. Most experts consider 3% or lower to be an acceptable churn value. Business owners should not worry themselves too much as long as this rate is maintained.

SaaS is the most popular software option available today. The successful operation of a SaaS business is dependent on a number of factors, one of the most important factors being churn rate. If you keep your churn under control, your business will be well on its way to a profitable future.

By Roy Saar,

roy-saarRoy Saar is an Angel investor & Venture Capitalist with Mangrove Capital Partners, a bold but patient venture capital firm helping innovative entrepreneurs start and grow global, disruptive companies was involved in the launch of Wix and Polaris Solutions. Roy was also the founder of Sphera Technologies (sold to Parallels in 2007), which was one of the very first software platforms for SaaS providers. Roy seats on the boards of: WIX, PlanetSoho, WalkMe, RFcell & Polaris Solutions.”

IT as a Service (ITaaS), What Businesses Are In For

IT as a Service (ITaaS), what Businesses are in for

There are so many models under XaaS that it is becoming hard to keep track of them all. We have PaaS, SaaS, IaaS, NaaS, and MaaS just to name a few of the more common ones and we have new ones being developed as we speak. Now let’s add another one to that list. IT as a service just recently came into the scene and from the name alone it seems that it sounds like “Everything as a Service.” However, this is not really a service model, but rather a new delivering model or operating platform. How’s that for confusing?

ITaaS does not really belong under XaaS, I just wanted to hammer it down back there. ITaaS in simple terms basically means that IT is being offered as a service along with whatever services and technology that entails. The service revolves around various IT services, rather than technology, being offered mostly through the cloud. But physical delivery is often used in conjunction with remote services as well.

Though this has been around for a while in some form or another, the cloud is the best enabler for ITaaS which allows service providers global reach with very powerful tools that help customers achieve their goals. And since legacy apps are not really going away anytime soon, there are still a lot of business that use COBOL apps and similarly old programs, ITaaS packages services and applications to be used by different users within the organization. In fact, most ITaaS providers provide services to their own organization rather than to third party customers.

But organizations going into ITaaS make some very bad fundamental decisions. They tend to be too technology-centric, which is not normally bad, but it can have some dire repercussions in this case. They focus on how to deploy hybrid cloud systems on top of their existing systems and then focus on how to deliver the services that they require. This often ends up as half-baked and overly pricey ventures. The correct approach would be to become customer-centric. If an organization is serious about ITaaS, it should start its planning with the business users and the applications and services they need and not with the technology management wants.

They should start by asking questions like:

  1. What applications and services do the users and developers need in order to be efficient and/or be innovative?
  2. How will the overall business process change when these applications and services are deployed?
  3. Will it actually promote innovative and cost-effectiveness and can our IT pull this off?

In short, it should be user demand that drive the ITaaS design and approach rather than infrastructure.

By Abdul Salam

Evolution Of The IT Department In The Age Of The Cloud

Evolution Of The IT Department In The Age Of The Cloud

Evolution of the IT Department in the Age of the Cloud

There’s no question that the cloud presents a disruptive technology that inevitably leads to rethinking – and often restructuring – the objectives of internal IT departments.

An internal IT department – once considered critical to the success of the business enterprise – has, in many cases, become obsolete. With cloud-delivered applications eliminating the need for hosting multiple versions of software on servers, testing for compatibility and applying security patches, the need for internal IT staff managing an infrastructure has been diminished. The result is that cloud-based companies function more efficiently, have more secure data and operate more profitably.

Raj Sabhlok recently posted an article titled 7 Reasons Why IT Won’t Disappear Anytime Soon. I prefer to think that internal IT departments are in a transitional phase which will result in more strategic, meaningful work than managing an IT infrastructure. Internal staff can be repositioned to create more value for the company. In fact, we find that internal staff that act as a liaison between our cloud ERP solution and their companies frequently move into higher levels of responsibility due to their comprehensive understanding of workflow, processes and technology.

Inteva Products, a global Tier One supplier of automotive parts, provides an excellent example of the benefits that derive from a company transitioning from an on-premise, legacy ERP platform to a cloud-based alternative. After deploying The Plex Manufacturing Cloud, Inteva Products was not only able to have real-time visibility into its MES functions which improved inventory control, it also developed more efficient, streamlined work flows which improved many processes, including production control & logistics (PC&L), tool tracking and enhanced financial reporting. Now management can view consolidated financials at any time and make accurate, real-time allocations across the company.

Improved operational operations wasn’t the only benefit Inteva Products enjoyed thanks to the cloud – it also reduced its monthly expenditures on IT by a third while transitioning its IT staff from the IT technologist role to business analysts, a much more strategic, challenging and rewarding position.

Plex has brought us more flexibility in staffing and allowed us to avoid the sort of two-tier IT group required by SAP – where most of the team was dedicated to managing the infrastructure, and only a small percentage were involved in business development,” said Inteva Products CIO Dennis Hodges. “In contrast, about 80 percent of our IT team members today are business analysts. They are able to focus on strategic support of our business units. This has improved the overall alignment between the IT department and the rest of the business.”

Particularly with companies embracing the bring your own device (BYOD) trend for its obvious cost benefits and convenience, outsourcing what used to be an internal function and repositioning staff to positively impact business development is proven to be a smarter way to conduct business.

Much like the world has changed into a global economy with competitors not limited by geography, businesses must adapt or gradually lose market share to their more modern and nimble competitors.

The cloud offers companies the opportunity to focus on their mission critical goal of producing a better product at a lower cost and not be concerned with mundane and unnecessary concerns like software version compatibility, server maintenance and security patches.

IT functions can safely and securely be outsourced to outside vendors focused on delivering technology solutions in a cost effective fashion. Existing technology staff can provide more value by transitioning to the business analyst role and provide the intelligence that helps inform decision making at the enterprise.

I maintain that technology has never been more important for a business, and in many ways we can consider this era the golden age for IT.

Jason-Prater

By Jason Prater, Plex Systems

Jason Prater is the vice president of development and leads the product and platform development teams. Jason leads Plex Systems’ cloud development process, design through deployment, providing the vision and day-to-day leadership of product and platform development teams. From previous experience in manufacturing, Prater brings a focus on building meaningful enhancements to the Plex Manufacturing Cloud that support manufacturers’ evolving needs and boost operational performance.

VMworld Survey: Enterprises Still Unwilling To Look Outside For Private Cloud

VMworld Survey: Enterprises Still Unwilling to Look Outside for Private Cloud

Attendees Also State Concerns Over Shadow IT as a Result of Public Cloud Services

SAN FRANCISCO and PASADENA, Calif. – VMworld 2013 – August 29, 2013 – 87 percent of private cloud users deploy on their own infrastructure instead of through a hosted third-party, according to a survey of VMworld 2013 attendees conducted by Metacloud, Inc., which deploys and supports private clouds for some of the world’s largest companies. Reduced cost (38 percent) tops security (34 percent) as the reason attendees gave for deploying a private cloud.

Of the 195 enterprise IT professionals polled at the VMworld Expo during August 25 – 27:

  • Almost three quarters (73 percent) of respondents reported that their organization currently has a portion of their computing requirements being handled by the cloud with a majority, 48 percent, opting for private cloud over public or hybrid cloud services.
  • Over half (51 percent) of respondents expect to increase their workloads running in the cloud in the next 12 months, with only 4 percent expecting to decrease their cloud use over the next year.“The survey results reaffirm what we’ve been seeing in the market, that when it comes to cloud computing, companies prefer to have complete control of their cloud, while also minimizing the costs of cloud computing,” said Sean Lynch, CEO of Metacloud. “Metacloud’s platform offers users the best of both worlds by combining the simplicity of the public cloud with the performance, security and cost advantages of the private cloud — all on a company’s existing infrastructure.

Almost half of attendees aren’t concerned with shadow IT (47 percent). However, the vast majority (67 percent) of those who do believe shadow IT is a problem found that the easy accessibility of public cloud services has been a major driver in the growth of shadow IT at their company.

When end users hit obstacles in gaining access to data or collaborating with coworkers, many resort to ‘non-approved’ methods to make that happen, thereby opening the enterprise up to Shadow IT issues. Carbon|OS’s tenant management system empowers end-users with access to the resources they need when they need them without the roadblock of having to request assistance from IT administrators. This greatly enhances enterprise agility and helps eliminate the key drivers of shadow IT,” said Metacloud Founder and President Steve Curry.

Delivered as a service, Metacloud’s Carbon|OS empowers businesses to scale dynamic applications quickly by combining the power of OpenStack with critical enhancements for the enterprise. Metacloud’s Carbon|OS includes 24×7 proactive support from Metacloud’s in-house cloud team to ensure maximum performance at all times. The team monitors, troubleshoots, upgrades, handles capacity planning, and performs bug fixes, enabling extraordinary service levels and helping Metacloud customers to extract maximum value from their private cloud investments.

# # #

About Metacloud

Founded in 2011 and headquartered in Pasadena, California, Metacloud deploys and supports private cloud solutions for some of the world’s largest enterprises. The company’s full-lifecycle cloud model, consisting of OpenStack-based software deployed on their clients’ existing hardware, allows them to deliver a production-ready, easy-to-consume cloud infrastructure at a fraction of the cost of competitor solutions. Metacloud is backed by Canaan Partners, Storm Ventures, and AME Ventures and is led by industry veterans from Yahoo! and Ticketmaster. Metacloud is an OpenStack Foundation member and an active contributor to the project. For more information, visit www.metacloud.com or connect with Metacloud on LinkedIn, Twitter and Facebook.

CIAA: What Should Matter Most For Cloud Security

CIAA: What Should Matter Most For Cloud Security

Cloud Security

Everyday there are more articles citing security as the top concern holding back public cloud adoption. While cloud means many things to different people, so does the term security. In discussions with business and industry experts, security concerns really boil down to the classic CIA—now CIAA—triad: confidentiality, integrity, availability and the more recently appended “audit”.

Public cloud security concerns seem to be more focused on Infrastructure as a Service (IaaS) for sensitive type workloads and on newer Software as a Service (SaaS) services. Even with the latest concerns around PRISM and the intercepting of data on cloud servers, the economic viability of cloud computing is too good to hold back. Gartner has predicted 17.7% CAGR in public cloud services usage through 2016.

Below is a break down of CIAA and how it can be adapted to cloud security needs today.

Confidentiality is about limiting access or placing restrictions on information, and in order to do that successfully, information needs to be categorized according to its sensitivity and business risk level. Once that assessment has been made, organizations can use workloads of a lower risk level as a starting point for getting comfortable with public cloud services. Not all public cloud providers are created equal and a growing number have well established data handling and security procedures. Some cloud providers have tailored their services to different verticals such as healthcare, government and retail mostly for compliance reasons, but many also cater to some of the more stringent needs around data protection.

However, both cloud providers and consumers would benefit from a model where cloud services could be universally classified according to different levels of trust.  The Open Data Center Alliance has promoted such a model in its Provider Assurance usage model with categories ranging from bronze for less sensitive data to platinum at the higher level.

Integrity is focused on maintaining and assuring the accuracy and consistency of data. To do that, standards have to be implemented to ensure that data cannot be tampered with, and is only accessed by those who have the correct permissions. In addition to the data classification measures in the previous paragraph, integrity can also be ensured by putting in place strict monitoring controls – think threat data analytics and SIEM, encryption, and tokenization. In a public cloud IaaS model the application of these controls will be split between the provider and the end user. Part of establishing appropriate controls and being able to attest and report against these will be derived from drawing up SLAs and reviewing controls over time to ensure that they meet your organization’s needs.

Availability is simply ensuring that data or a service is available when needed.  For the nature of today’s real-time transactions, even data or services with a lower risk level usually require high availability. Public cloud outages are often highly publicized, but the reality is that these are few and far between. Additionally, with the correct precautions, the impact of such outages can be lessened.

For organizations with limited IT staff, select a cloud provider that offers complete cloud redundancy. Onramps are often used to migrate data to the cloud, and a side benefit of that is that they can also provide cloud mirroring, which allows data to be written to two cloud providers at the same time. This is an ideal strategy as the chances of both providers having an outage at the exact same time would be extremely rare.

Audit refers to the examination and confirmation of controls around data and the IT infrastructure. This is perhaps the most complex aspect of the CIAA concept, as it can be difficult to navigate a maze of emerging regulatory standards—some of which have conflicting clauses. The good news is that the Cloud Security Standards Cloud Controls Matrix provides a cross walk of multiple standards and regulations broken down by cloud model. The benefit is a unified audit framework that organizations can use to audit once and report against multiple requirements simultaneously.

Remember that levels of confidentiality, integrity, availability and audit depend on the context—not just cloud context. Business, technical and human risk, governance and other regulatory standards will all condition how CIAA pertains to a particular cloud instance.

By Evelyn de Souza

CloudTweaks Comics
Cloud Infographic – Big Data Analytics Trends

Cloud Infographic – Big Data Analytics Trends

Big Data Analytics Trends As data information and cloud computing continues to work together, the need for data analytics continues to grow. Many tech firms predict that big data volume will grow steadily 40% per year and in 2020, will grow up to 50 times that. This growth will also bring a number of cost…

Moving Your Enterprise Apps To The Cloud Is A Business Decision

Moving Your Enterprise Apps To The Cloud Is A Business Decision

Moving Your Enterprise Apps Whether it be enterprise apps or any other, if there is any heavy data that is going to be transacted in and through an app, then affiliating it with the Cloud becomes a must. And then an important question arises: How do you decide when to integrate your enterprise app with…

5 Predictions For Education Technology

5 Predictions For Education Technology

Education Technology Although technology has fast influenced most sectors of our world, education is an area that’s lagged behind. Many classrooms still employ the one-to-many lecturing model wherein the average student is catered for while a few are left behind, and others bored. Recently, there’s been a drive to uncover how to use technology successfully…

Cloud Infographic: Programming Languages To Build Your Cloud

Cloud Infographic: Programming Languages To Build Your Cloud

Programming Languages What programming languages are the building blocks to help develop and facilitate these present and future cloud platforms? Where can we learn and develop these skills in order to help us build our own careers? A couple of options would be to visit sites such as Stackoverflow which can provide you with a good source of information.…

What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

DDoS Attacks October 21st, 2016 went into the annals of Internet history for the large scale Distributed Denial of Service (DDoS) attacks that made popular Internet properties like Twitter, SoundCloud, Spotify and Box inaccessible to many users in the US. The DDoS attack happened in three waves targeting DNS service provider Dyn, resulting in a total of about…

Consequences Of Combining Off Premise Cloud Storage and Corporate Data

Consequences Of Combining Off Premise Cloud Storage and Corporate Data

Off Premise Corporate Data Storage Cloud storage is a broad term. It can encompass anything from on premise solutions, to file storage, disaster recovery and off premise options. To narrow the scope, I’ve dedicated the focus of today’s discussion to the more popular cloud storage services—such as Dropbox, Box, OneDrive—which are also known as hosted,…

Cloud Infographic – Disaster Recovery

Cloud Infographic – Disaster Recovery

Disaster Recovery Business downtime can be detrimental without a proper disaster recovery plan in place. Only 6% of businesses that experience downtime without a plan will survive long term. Less than half of all businesses that experience a disaster are likely to reopen their doors. There are many causes of data loss and downtime —…

How Formal Verification Can Thwart Change-Induced Network Outages and Breaches

How Formal Verification Can Thwart Change-Induced Network Outages and Breaches

How Formal Verification Can Thwart  Breaches Formal verification is not a new concept. In a nutshell, the process uses sophisticated math to prove or disprove whether a system achieves its desired functional specifications. It is employed by organizations that build products that absolutely cannot fail. One of the reasons NASA rovers are still roaming Mars…

The Future Of Cloud Storage And Sharing…

The Future Of Cloud Storage And Sharing…

Box.net, Amazon Cloud Drive The online (or cloud) storage business has always been a really interesting industry. When we started Box in 2005, it was a somewhat untouchable category of technology, perceived to be a commodity service with low margins and little consumer willingness to pay. All three of these factors remain today, but with…

Cloud Infographic: IoT For Automotive Deconstructed

Cloud Infographic: IoT For Automotive Deconstructed

IoT For Automotive Deconstructed The IoT automotive industry is moving rapidly with many exciting growth opportunities available. We’ve written about some of the risks and benefits as well as some of the players involved. One thing for certain as that the auto industry is starting to take notice and we can expect the implementation of a…

The Rise Of BI Data And How To Use It Effectively

The Rise Of BI Data And How To Use It Effectively

The Rise of BI Data Every few years, a new concept or technological development is introduced that drastically improves the business world as a whole. In 1983, the first commercially handheld mobile phone debuted and provided workers with an unprecedented amount of availability, leading to more productivity and profits. More recently, the Cloud has taken…

The Future Of Cloud Storage And Sharing…

The Future Of Cloud Storage And Sharing…

Box.net, Amazon Cloud Drive The online (or cloud) storage business has always been a really interesting industry. When we started Box in 2005, it was a somewhat untouchable category of technology, perceived to be a commodity service with low margins and little consumer willingness to pay. All three of these factors remain today, but with…

Adopting A Cohesive GRC Mindset For Cloud Security

Adopting A Cohesive GRC Mindset For Cloud Security

Cloud Security Mindset Businesses are becoming wise to the compelling benefits of cloud computing. When adopting cloud, they need a high level of confidence in how it will be risk-managed and controlled, to preserve the security of their information and integrity of their operations. Cloud implementation is sometimes built up over time in a business,…

Don’t Be Intimidated By Data Governance

Don’t Be Intimidated By Data Governance

Data Governance Data governance, the understanding of the raw data of an organization is an area IT departments have historically viewed as a lose-lose proposition. Not doing anything means organizations run the risk of data loss, data breaches and data anarchy – no control, no oversight – the Wild West with IT is just hoping…

Cloud Security Risks: The Top 8 According To ENISA

Cloud Security Risks: The Top 8 According To ENISA

Cloud Security Risks Does cloud security risks ever bother you? It would be weird if it didn’t. Cloud computing has a lot of benefits, but also a lot of risks if done in the wrong way. So what are the most important risks? The European Network Information Security Agency did extensive research on that, and…

The Fully Aware, Hybrid-Cloud Approach

The Fully Aware, Hybrid-Cloud Approach

Hybrid-Cloud Approach For over 20 years, organizations have been attempting to secure their networks and protect their data. However, have any of their efforts really improved security? Today we hear journalists and industry experts talk about the erosion of the perimeter. Some say it’s squishy, others say it’s spongy, and yet another claims it crunchy.…

3 Keys To Keeping Your Online Data Accessible

3 Keys To Keeping Your Online Data Accessible

Online Data Data storage is often a real headache for businesses. Additionally, the shift to the cloud in response to storage challenges has caused security teams to struggle to reorient, leaving 49 percent of organizations doubting their experts’ ability to adapt. Even so, decision makers should not put off moving from old legacy systems to…

Moving Your Email To The Cloud? Beware Of Unintentional Data Spoliation!

Moving Your Email To The Cloud? Beware Of Unintentional Data Spoliation!

Cloud Email Migration In today’s litigious society, preserving your company’s data is a must if you (and your legal team) want to avoid hefty fines for data spoliation. But what about when you move to the cloud? Of course, you’ve probably thought of this already. You’ll have a migration strategy in place and you’ll carefully…