Jake Sorofman, rPath, James Duncan, Joyent and Chet Kapoor, Sonoa Systems chat with Alistair Croll on the futures of cloud. These companies offer software, products that are adjacent to, or run on, the cloud. They are not cloud operators.
This evening, we are at Cloud Camp. For background, check out this interview with Cloud Camp co-founder Dave Nielsen. Dave is also our host today.
The lightening rounds are done. For insights, search on twitter with either of these tags: #cloudcamp #cloudcampinterop
Now, Dave is building an un-panel session. He started with 5 empty chairs and no questions. Filled the chairs with folks who raised hands to “Folks that know a lot about cloud computing”. No one admitted expertise. Now, he’s asking the audience to build a list of 10 questions.
Session Abstract: “Cloud computing has dramatically lowered the barriers to entry for new web entrepreneurs wanting to start innovative businesses. However, the lack of interoperability, consistency and security concerns across services keeps many businesses from adopting. There have been several calls for standards to help make services from different cloud providers interoperable and ultimately more useful and secure to enterprises.
Uncertainty abounds, with questions such as "Are standards really needed?" "Who should be involved?" “Can the cloud ever be secure?” and "What are potential consequences of working in the cloud?"
Session abstract:
“You are on cloud 9. You are ready to go lights-on in your new virtual data center. But wait: virtualization changes everything when it comes to security. Some gaps are obvious, such as the elimination of separation of duties, or the lack of visibility into the virtual network. Some issues are more subtle, such as temporal attacks against crypto. This talk will describe what gaps are introduced in the move from physical to virtual specifically where security is concerned, and prescribe specific steps to ensure security and compliance for production deployments.
Specific topics to be covered include:
• Recommend strategies for updating in-house security and compliance best-practices guides to incorporate and protect virtual infrastructure.
• An analysis of the new virtualization threat surface and what new policies should be introduced to prevent, detect and control risks and violations.
• Configuration of the virtual network for security and visibility, even over Vmotion and over VMware port groups.
• Enforcement of separation of duties, least privilege and change management in the virtual data center (currently not part of most virtualization platforms).
• Examination of the risks of VM Sprawl and establishment of programs and policies for managing this risk.
• How you can guarantee your cloud implementation is even more secure than your pre-cloud analogue.”
Michael Berman is CTO of Catbird Networks, a provider of security virtualization solutions to cloud computing operators.
David Bernstein, VP/GM Software Group, Cisco on fundamentals of cloud interoperability and standards. Echoes Russ Daniels’ statement that "The cloud is the internet’s next stage of evolution". Says pay attention to what google and microsoft are saying and doing in cloud space.
What is Cisco doing?
Cisco doesn’t run a cloud. Does run a SaaS application, WebEx. Cisco has helped a lot of people build a lot of infrastructure. Cisco is ‘arms dealer’ in cloud computing.
