BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
The benefits of moving data to the cloud, such as scalabilityand cost effectiveness, have caught the attention of enterprise leaders. In fact, research from Gartner Inc. indicates that the majority of new IT spending by 2016 will be on cloud technology. Migrating data to the cloud shouldn't be rushed, however, because of concerns over secure cloud storage.
"An architect must rely on a 'defense-in-depth' approach to safeguard the infrastructure from various types of attacks, internal as well as external," said Vin Sharma, director of product planning, Hadoop, at Intel. At the Amazon Web Services conference in Las Vegas, Sharma shared best practices for cloud security, regulatory compliance and Hadoop.
In this Q&A, Sharma gives his perspective on open access to data and the cloud, covering the importance of innovation and how open source software fits into the picture.
What are the top benefits to having open access to data?
Vin Sharma: Innovation, which is essentially the diffusion of new ideas across society, depends on widespread access to raw material, the common ability to transform it into something more valuable, and a shared platform that supports this transformation and is in turn strengthened by it. Now that data has become the quintessential raw material of the world today, the benefits of open data, open interfaces and cloud computing is innovation at massive scale and lower cost. Such innovation leads to data-driven discoveries in science that save lives, data-driven decisions in business that save costs and data-rich social services that can save entire communities.
What are the main problems associated with openness to the cloud?
Focus on security is often a late development, driven by enterprise adoption that often lags [behind] developer enthusiasm.
director of product planning, Hadoop, Intel
Sharma: Openness has the potential to drive disruptive and democratic innovation, but it can be just as easily co-opted by incumbent institutions to reinforce their hold or corrupted by malicious agents to mount attacks. Specifically, open data sets, analytics and cloud infrastructure make it easier for some organizations and individuals to use the open data sets in combination with proprietary data to gain unfair advantage or abuse the resulting information to compromise individual privacy.
How can an architect ensure secure cloud storage?
Sharma: An architect must rely on a 'defense-in-depth' approach to safeguard the infrastructure from various types of attacks, internal as well as external. To prove compliance with regulatory and corporate security policies, the architect must use a strong and consistent audit subsystem that monitors all security-relevant activities on the system. In order to ensure governance of data, the architect must rely on enterprise-wide mechanisms for data life cycle and lineage management.
How do services like Apache Hadoop, Java, Xen and Linux come into play with secure cloud storage?
Sharma: As open source software, components such as Linux, Xen, KVM, Java, and Hadoop carry the risk of bugs and vulnerabilities like any other software, but have the unique benefit of code review by thousands of developers. The likelihood of malicious code remaining undetected is low.
In the evolution of many open source projects, focus on security is often a late development, driven by enterprise adoption that often lags [behind] developer enthusiasm. The trade-off is not so much between projects (Hadoop is written in Java) but in the choice of a trusted vendor who can commit to enhancing the security of the project from the inside out while delivering a security-tested distribution of the open source software with responsive fixes to detected vulnerabilities. Whenever appropriate, an architect should rely on independent certifications, such as Common Criteria, FIPS and others with well-defined test cases for open as well as closed source software.
About the author:
Maxine Giza is the associate site editor for SearchSOA.com and can be reached at firstname.lastname@example.org.