Cloud Upgrades and Issues

The GigaOm Structure conference included numerous new technologies to ease cloud-based analytics, data storage, and security. Additionally, Oracle Inc. detailed the cloud enhancements coming in its next version of Java Enterprise Edition (EE), while numerous holes were noted at major cloud providers.

Focal Points:

• Startup vendors at the GigaOm Structure conference showcased their new designs to overcome the scalability limitations faced when deploying traditional, relational database management systems (RDBMS) in the cloud. NimbusDB claims user requirements are low for its software, which it says delivers scalability by simply adding new hardware when required and allowing the system to manage typical needs like redundancy, failover, and growth automatically. Xeround has built a distributed MySQL database service that can run in-memory and distribute itself across multiple virtual nodes and data centers. With 2,000 customers in beta and general availability arriving last week, the company claims to be cloud platform agnostic and targets the sweet spot for its customers’ database between 2 gigabytes (GB) and 50 GBs. ParAccel also allows for its databases to run in-memory; however, the company is targeting data analytics workloads around 25 terabytes (TBs) in size.  Cloudant has developed a noSQL database capable of managing both structured and unstructured data aimed at shortening application lifecycles by bypassing the modeling phase. The company’s states that its platform integrates search and real-time analytics, and that “tens of thousands of applications” ranging in size from 1 GB to 100 TB are running atop its platform in public clouds.
• Also at the GigaOm Structure conference, a new startup named Bromium, founded by former executives from Citrix Systems, Inc., Phoenix Technologies, Ltd., and Xensource, announced it has raised $9.2 million in capital. The company is developing a hypervisor capable of running on multiple processor platforms to secure virtualized environments including application clouds and virtual desktop systems. The company's CTO, Simon Crosby, argues that "the vast majority of attacks on enterprise clouds happen through unprotected clients" and believes its hypervisor-based solution can thwart a great many of those attacks. Elsewhere, Oracle detailed the upcoming cloud-oriented upgrades for Java Enterprise Edition 7 (EE 7). Due in the late 2012, Java EE 7 will incorporate platform as a service (PaaS) capabilities to allow for easy deployment of Java applications in the cloud. Changes will include a new runtime environment, the inclusion of JCache caching for temporary in-memory Java caching, and JAX-RS for RESTful services access. Software as a Service (SaaS) will have limited support in Java EE 7 as some degree of multi-tenancy and separate application instantiation is being targeted.
• Research done by the Center for Advanced Security Research Darmstadt (CASED) and the Fraunhofer Institute for Security in Information Technology (SIT) in Darmstadt, Germany on usage of Amazon.com, Inc.'s cloud services found users left many security holes when rolling out systems. Despite the fact that deployment guidelines are extremely detailed, users were found to have left private authentication keys to a variety of Amazon cloud services in their Amazon Machine Images (AMIs). These keys could be exploited to roll up other cloud services under the credit card on account for the service owner. Other security information including secure shell keys and Secure Sockets Layer (SSL) certificates and private keys were also found on the 1,100 AMIs reviewed. Popular online storage provider Dropbox, Inc. mistakenly turned off password authentication to all of its 25 million storage accounts during a four-hour period last week. The company attributes the error to a code update in its authentication mechanism and is conducting a review to determine whether any accounts were accessed improperly during the affected time period.

Experton Group believes cloud services offers enterprises significant gains the ability to deliver services more efficiently, quickly, and uniformly to geographically dispersed users; however, early adopters must take significant care in adopting platform solutions that are in the early stages of maturity. Per the many announcements at the GigaOm Structure conference, new startups are aggressively addressing the limitations of traditional database storage schemas in distributed cloud architectures. IT executives that are either in the midst of evaluating and/or adopting cloud storage, should work with preferred vendors and new startup to determine how and where security concerns and business objectives can be met using these and other new capabilities. Security is among the top concerns noted by IT executives in adopting cloud-based services, and it is imperative that security policies, frameworks, and enforcement guidelines and mechanisms be updated. Ongoing automated and manual checks must be in place to ensure changing needs are met on a continuing basis, and security teams should regularly revisit policies and chosen solutions on at least a semi-annual basis. Oracle’s upcoming updates in Java EE 7 will ease some of the burden of cloud-based Java, but most enterprises will need to cobble together solutions of their own with existing technologies rather than waiting the 1.5 years it will take until the update is generally available. Lastly, the Dropbox security issue should serve as a reminder that copious quantities of storage are available to users in forms ranging from free or inexpensive cloud storage to smartphones and music players. IT security policies should be revisited to include proper mechanisms to protect against theft or leakage via these non-enterprise means, including blocking access to non-authorized services on all corporate-issued devices and regular employee security reminders.