Does cloud computing need malpractice safeguards?

An interesting question raised by James Urquhart's blog on CNET. Urquhart argues there must either be some kind of government regulation of minimum standards for cloud provision, or that customers should be able to bring forward "cloud malpractice" suits.

I respond with a simple question of my own:

"Can we start by enforcing the myriad of regulations we already have before we start thinking of new ones?"
The fact is that many of the existing regulations already apply to clouds. For example, information security on government clouds is still subject to the Federal Information Security Management Act (FISMA), although a few enhancements are being discussed to make the act more amenable (i.e. less bureaucratic) for clouds. Similarly, all of the data privacy (national and transborder) laws still apply to a cloud environment. Thus, IMHO, most of the legal issues surrounding clouds may already be addressed within the context of the existing legal framework reinforced by contractually enforceable SLAs. An evolving body of "case law" may also help address some of the "grey" issues that arise as cloud use becomes more pervasive.

At the same time, I don't think we can completely rule out the possibility of a few new and very cloud-specific regulations, especially if they help alleviate public concern and increase speed of adoption.

Hot off the Press - Eight Myths of Cloud Computing

As Taylor Rickard, chief technology officer of G&B Solutions, so eloquently puts it, “Ask 25 people what cloud computing means and you are likely to get 30 different definitions.” With so much disinformation out there, is it any wonder that there are so many myths associated with clouds? My latest article dispels eight of the most common myths.

Read the complete article here

Hot off the Press - Open Government - Five Key IT Issues

We have barely scratched the surface regarding social media use in the pursuit of an Open Government. The root problem is an "impendence mismatch" between the federal operating environment and the technology -- namely, a federal environment that is still very 20th century and a technology that is very 21st century.

Interested?

Read my latest article Open Government - Five Key IT Issues.

Hot off the Press - The Cloud SOA Ecosystem

The union of SOA and the cloud goes beyond a simple convergence – it actually represents an ecosystem. Read my feature article on ebizQ titled The Cloud SOA ecosystem to find out why.

Can Cloud Defend Against DDoS Attacks?

I just came across an interesting blog entry titled Can Cloud Defend Against DDoS Attacks? on Govinfo Security, an educational portal catering to security professionals in the Federal Government space.

The blog entry makes an intersting observation claiming that:

"...cloud computing services, such as Google's App Engine and Amazon's Elastic Compute Cloud, or EC2, provide flexible hosting resources that can grow to accommodate a surge in demand. Imagine if the agencies that were affected by the [DDoS] attacks had been sitting in the cloud when the malicious traffic started rolling in. The ability to disrupt agency websites becomes a function of how much capacity Google and Amazon have to support the requests. These providers likely have plenty of bandwidth to sustain the attack and provide service with little to no service disruption.

Here's my problem:

Claiming that "cloud computing services, such as Google's App Engine and Amazon's Elastic Compute Cloud, or EC2, have plenty of bandwidth to sustain a DDoS attack" is akin to arguing that "you can tolerate the cold winter better by becoming fatter."

Is the fact that we have more scalabilty even relevant in a discussion about security?

What are Enterprise IT Geeks Obsessed With Today?

I've been swamped at work responding a RFP in which I am writing about security, C&A, CMMI, ISO, and a host of other things. I needed a break when I saw that a new question just popped up on the ebizQ forum:

"What are Enterprise IT Geeks Obsessed With Today?"

LOL... Now how could I possibly answer this question? :)

However, if in some parallel universe, I were an Enterprise IT Geek then I would be obsessed with:

A. Justifying all of the acronyms we have today,
B. Coming up with new and improved reasons as to why all the above are still not enough to create an "enterprise" solution on time and on budget, and
C. A program that generates new, sensible sounding acronyms that I would say are essential to getting what I stated was missing in B (above)

This would be an iterative process in its entirety and in between stages and its implementation would beg, borrow, and steal from the best-of-breed Agile processes (XP, Scrum, etc.).

But then, as I stated before, I'm not a Geek, so what would I know? :)

Enough said... now it's time to get back to work!

My SOA Elevator Speech

A recent question on the ebizQ SOA forum involved this scenario:

"You're the CIO of a Fortune 500 company and you step into an elevator with your CEO. He asks why we should approve your seven figure SOA budget request. So what's your "elevator pitch" for SOA? Make it short and to the point – the elevator is already rising fast."

So, what would my answer be?

"SOA is the centerpiece of our IT strategy in direct alignment with the board of director mandated enterprise-level risk management initiative that ensures IT continuity, resilience, compliance with regulatory requirements such as SOX, asset protection, and minimization of negative financial exposure."

BTW, I timed my response to 25 seconds :).

* Originally posted on the ebizQ SOA Forum on September 24, 2009