Notes from the Consultant’s Jungle

We’ve just wrapped up day-one of this year’s Cloud Expo at the Javits Convention Center in New York City.  You know, it’s been nearly a year since I attended Cloud World in San Francisco, and over that period of time it surprises me how little new anyone is saying about cloud computing.  It borders on raining sophistry here at the cloud show, and definitions (and redefinitions) of IaaS, Paas, and SaaS are still being drilled into attendee’s heads.  Maybe the abundance of attendance is to be attributed to the possibility that the IT community is still sorting out architectural rationalization of cloud computing, but in my humble opinion it’s high time to move on to meatier food for thought.

It is notable to observe the number of businesses emerging to capitalize on the nuts and bolts issues that arise when an enterprise takes those first steps into a formal cloud computing scenario.  In that regard, one of the few “wow, now that’s cool” moments for me in the conference so far was an introduction to a company called Perspecsys. Readers of this blog will know that I’m not in the habit of promoting any particular vendors’ brand, unless it serves as an example of an important business solution.   Perspecsys, in spite of the awful name (purely my own opinion), has a technology that is worth a look in your overall cloud governance model.

Within the context of Cloud Security, the issue of data privacy and data residency is important, and tricky, because of the numerous regulations that force us to ensure certain minimum measures have been taken, or that simply legislate that specific measures must be done.  I’m referring to compliance regulations such as PCI and HIPAA, as well as aspects of legislation such as Patriot Act and PIPEDA.

There are standards out there to be leaned upon for help.  If you’re at the infrastructure level (IaaS), you can look toward SAS 70 for certain liability protections.  At the platform level (PaaS), there’s OWASP (Open Web Application Security Project).  OWASP is young, but is already a PCI mandate.  At the application and data level (SaaS) though, what do you have to lean on?  In general, it’s someone in your company with some sort of CXO title.  If your business is exposed to regulatory governance, this individual could be motivated to kill your cloud project because of this liability exposure.

This is where Perspecsys’ technology comes in (my apologies to any other vendor who has similar technology.  At this writing, I’m simply unaware of others).  In my own words- this technology establishes a proxy service that abstracts the data and the application from the infrastructure.  Assuming that the cloud is leveraged for data processing, this proxy enables full operation of the application from the users’ perspective, but all data is contained within the enterprise’ walls (and subsequently, its governance framework).  The data that is truly exposed to the cloud is a hash of the true data, and full functionality of the application is maintained.  Now that’s good brain food.

When rationalizing use of the cloud against your enterprise data governance framework, a solution that abstracts that data from the cloud data processing infrastructure will be beneficial, if not absolutely necessary.