Recently in Infrastructure Category

by Chris Richter, Vice President of Security Services

In just the last few months there have been scores of articles written about the security risks of cloud computing in enterprise data centers. With a broad brush, commentaries have painted cloud computing environments as insecure infrastructures where tenants can more easily view other tenants' data, and even hack into their virtual servers, launching attacks on neighboring virtual machines without the victim knowing. One writer compared cloud computing environments to a multi-tenant office building where thieves can break through walls and steal content from the other side. Such views are fomenting a general perception that cloud computing is synonymous with high security risk. While some of these concerns are well founded, many are not. I believe the generally negative opinion about cloud computing security is based on the belief that all cloud computing environments are created equal. They are not.

There seems to be as many definitions of cloud computing as there are blogs about this subject. Ultimately, what cloud computing comes down to is the architecture and processes supporting the provider's infrastructure. All cloud infrastructures are located in one or more physical data centers which host various forms of server virtualization, networking and storage systems deployed in a myriad of ways. Some cloud providers tie in services from third-parties to build a "community" of services that are delivered in the cloud. But the differences between providers lie in the practices governing how these systems are deployed, configured, and managed, all of which can also vary greatly. The same basic principals of data security that apply to dedicated infrastructures must also apply to cloud computing environments. If the IT environment is not properly architected and managed, security risks will abound.

While I would still argue that most cloud infrastructures are far more secure than most of the dedicated environments in existence, I am not suggesting that enterprises select a provider without proper due diligence. Providers should demonstrate the "guts" of their environment. At the very least they should be willing to share details regarding:

• How their virtual machines are segmented from those of other customers
• How their data is isolated and handled, both at rest and in motion
• Who has access to the network, security and server/hypervisor management components
• Standard and optional security controls
• Overall architecture of the service provider's cloud computing infrastructure
• Level to which the service provider works with the technology vendors whose products make up the environment
• Who those technology vendors are
• General practices used in the provisioning and management of components within the provider' infrastructure, including but not limited to patch management, change control, and monitoring

Without adequate transparency about how service providers help their customers manage IT security risks, the perception that all cloud computing environments are plagued with inherent security issues will persist. We, as an industry, can change that to ensure that enterprises no longer view security as an obstacle to embracing cloud computing.

by Bryan Doerr, Chief Technology Officer

For our inaugural blog, I think it's fitting to set a stage for what I hope are many postings and debates to follow that address activities, ideas, opinions, and successes related to infrastructure services and Savvis.

When I think about the changes occurring in infrastructure services, and more generally IT application development, it's clear to me that as an industry we're moving into a new phase - not simply incrementally improving. We're moving into an "experience economy" in IT infrastructure services, following the definition of this concept by B. Joseph Pine and James Gilmore in their book "The Experience Economy: Work Is Theater and Every Business a Stage." It's time for IT service providers to stage an IT experience that surpasses the value proposition of past services.

There is a convergence of industry and business forces that will enable this transformation. Service providers are being enabled by greater standardization and software abstraction leading to more portable and reliable software. Underlying physical capacities continue to rapidly increase leading to increased opportunities for virtualization, which leads to greater opportunities for economic benefits for scaling operations. Simultaneous with these changes in the underpinnings of applications, CIO's are again being asked--or told--to increase efficiency by lowering cost and increasing business benefits associated with their applications.

So, if there is a convergence toward the need for a new IT experience, what is that experience? Every service provider will create this according to their vision. The dominating characteristics of this new experience, at least for enterprises and medium-size businesses are control and choice. Greater IT control and choice through increased awareness and more service management options will empower CIO's to achieve more personal success and strategic relevance. Greater IT control and choice will result in lower costs coupled with higher reliability and agility, cementing business relationships between service provider and clients. The cloud computing paradigm being utilized in various types of IT services represents the first step of a new experience in IT services. More will follow.

I hope you visit this space often to see what is new at Savvis and to discuss topics of interest. The near future promises to be one of rapid change for IT service providers and Savvis will be engaged in contributing to the direction and nature of these changes. We welcome your participation in this process.