Moving Away From Feedburner

There has been quite a bit of press recently about Google quietly doing away with their great Feedburner service. This is the service I used up, until today, to publish my posts over email and RSS.

I have managed to migrate my email subscribers already with no need for anybody to change any of their settings, however there may be some slight disruption to anybody consuming this site via RSS.
I have deleted my Feedburner RSS URL and now my new RSS feed URL is http://www.omaramin.me/feed/

The Feedburner feed should stay active for at least 30 days, but please update your feed readers to the new URL to keep receiving my posts without disruption.

Sharing Options

  • Twitter
  • LinkedIn
  • Google Plus
  • Facebook
  • Reddit
  • StumbleUpon
  • Delicious
  • Email

(PDF Link) VMWare, RSA and Intel run a Cloud Security Proof of Concept for NIST

Here’s a really interesting PDF from NIST on securing workloads in the cloud. The PDF describes a proof of concept (POC) carried out with VMware, RSA and Intel. The POC  has a focus on testing geolocation in the cloud for the purpose of constraining the physical location of a server that a workload can be moved to for security or compliance reasons.

The principles of the POC are quoted from the PDF as:

  1. Create a part of the cloud to meet the specific and varying security requirements of users.
  2. Control access to that cloud so that the right applications get deployed there.
  3. Enable audits of that portion of the cloud so that users can verify compliance.

Sharing Options

  • Twitter
  • LinkedIn
  • Google Plus
  • Facebook
  • Reddit
  • StumbleUpon
  • Delicious
  • Email

The Chartered Institute for IT and Cloud Governance

I’ve been communicating with a number of standards organisations on the status of Cloud Governance in different jurisdictions. With the portability of cloud workloads, the governance model should be handled on a global level and the standards institutions are moving quickly to set up a framework with a number of national and global bodies.

One of the most interesting pieces of work I have been sent is from the Chartered Institute for IT. The document sent to me (PDF linked here) is a response to questions raised by the European Commission for Cloud Computing in 2011.

I’ve pulled out some quotes from the document that have provided me some food for thought.

The cloud concept is straightforward and the potential cost benefits are staggering, yet progress has been hindered by the ability of society need for reassurance to embrace new business models and commercial software suppliers to operate in a truly multinational domain

In response to a question on the rights and responsibilities of both user and provider.

User confidence and awareness will improve through the demonstration of workable/scalable multi-tenancy clouds used by multiple organisations. The deployment of the eGovernment and eSciene infrastructures will provide examples of best practice, as well as help potential users and providers to identify potential obstacles when using cloud.

In response to a question on the role of eGovernment in the cloud.

… standard ratified models and agreements covering the different aspects of delivery and various levels of cover should be incorporated into the cloud strategy. These standards would mean that it would be up to the user and provider to agree which they want/need to apply to the particular service they are procuring/providing.
… standard flow down models and agreements that would enable a user to have the confidence that they are fully covered if they procure a service from a third party
… the presence of proformer (pre-agreed) data transfer and ownership agreements that stand up to EU legislation. This would help to remove one of the key barriers to cloud adoption and therefore should be included in the final version of the strategy.

In response to a question on cloud governance requirements

The Institute believes that for cloud to become a success then efforts will need to be made to encourage confidence among users. Cloud computing has long been criticised as limiting the freedom of users and making them dependent on the cloud computing provider. Users will need to be reassured that they are not going to get locked into services which are not flexible to meet changes within their business.

In response to a question on the limitations of cloud computing today

The PDF is well worth a read and I really hope to see some of the recommendations made in the document come into practice.

Sharing Options

  • Twitter
  • LinkedIn
  • Google Plus
  • Facebook
  • Reddit
  • StumbleUpon
  • Delicious
  • Email

Cloud Architecture (Part 1) – The Overview

This post is part one of a five part series of posts on what should be designed into any cloud architecture. In this post, I will be giving a high level overview of what makes up a cloud and in the next 4 posts I will focus in on a particular piece of the cloud.

The entire series will be grouped under the Cloud Architecture category.

Due to the huge amount of technical innovation in the market at the moment there are a number of products that an organisation can purchase to help them build their private or public cloud. Instead of singling out specific products that may be right for some organisations but not others, I will write about capabilities which can then be mapped onto specific products.

The four layered cloud architecture presented in this article will be suitable for public, private and all types of hybrid clouds.

Continue reading

Sharing Options

  • Twitter
  • LinkedIn
  • Google Plus
  • Facebook
  • Reddit
  • StumbleUpon
  • Delicious
  • Email

Data Privacy Regulations in the Middle East – Saudi Arabia

This is part of a series of posts, each one focusing on a specific country in the Middle East and Africa, discussing the current state of laws and regulations around the cloud. Today we’ll be taking a look at the Kingdom of Saudi Arabia.

As with the previous post I will be analysing the available information against six “Cloud Governance Concerns”:

  1. Can I store and process personal data and are there any requirements for me to be able to do so?
  2. Can I move personal data between different jurisdictions?
  3. Do I need to comply with any requests from individuals that own the data?
  4. Do I have to comply with requests to disclose personal data from other entities?
  5. How am I liable if data loss occurs?
  6. How long do I have to keep data?

Continue reading

Sharing Options

  • Twitter
  • LinkedIn
  • Google Plus
  • Facebook
  • Reddit
  • StumbleUpon
  • Delicious
  • Email

Dispersed Clouds and Loss of Control

Chuck has written a quite thought provoking article on his blog about the emergence of dispersed clouds and the need for a new computing model to build and manage them.

The Terminator.

The Terminator. (Photo credit: Wikipedia)

My first thought on reading this was of battling Arnie in a post-apocalyptic future where the machines had taken over. A future in which consulting would probably not be the most sought after profession.

Instead of giving it all up, growing a (bigger!) beard and building Dubai’s first underground bunker, I’ve had a think about why the topic of decentralised control is often an emotional one, especially in the Middle East. Many IT organisations over here are very tightly controlled with a central command structure. This has been greatly beneficial in developing standardised and integrated technology solutions within these IT organisations, however the phenomenal growth of the number of services and the amount of users that a typical IT department has to cater for is pushing the hierarchical service management model to it’s breaking point.

Chuck wrote that a “cohort” model would be used to allow cooperation between nodes in a dispersed clouds, with a global policy used to keep their actions within acceptable boundaries. This global policy is something that really got me thinking. To use my “Rise of the Machines” Analogy, the global policy would be akin to Asimov’s three laws of robotics:

  1. A robot may not injure a human being or, through inaction, allow a human being to come to harm
  2. A robot must obey the orders given to it by human beings, except where such orders would conflict with the First Law
  3. A robot must protect its own existence as long as such protection does not conflict with the First or Second Law

With the three laws as a global policy, the robots would be free to act and cooperate independent of a central command structure without doing something that would end humanity.
Great! That should keep the metal thugs in check.

Taking it back to dispersed clouds, what is needed to get everyone more comfortable with the perceived loss of control is a common language or framework for defining these global policies and I’m afraid it will probably be a bit more complex than Asimov’s three laws.
In order to define a global policy for a cloud the following would need to be taken into account:

  • Localisation – Where processing or action would be allowed to take place
  • Trust within the cloud – Services with which interaction or integration would be allowed
  • Trust outside the cloud – Other clouds that would be allowed to integrate
  • Scale of action – Metrics defining how much action a service can take in carrying out its tasks
  • Task blacklist – What tasks a service should never carry out

Structuring a conversation around a framework like this will help me to have a much more fruitful discussion with clients and I will try to play down the post-apocalyptic connotations.

Sharing Options

  • Twitter
  • LinkedIn
  • Google Plus
  • Facebook
  • Reddit
  • StumbleUpon
  • Delicious
  • Email

Data Privacy Regulations in the Middle East – United Arab Emirates

Update: Addition of some details gained from the Data Protection Laws of the World Handbook

This is part of a series of posts, each one focusing on a specific country in the Middle East and Africa, discussing the current state of laws and regulations around the cloud. Today we’ll be taking a look at the United Arab Emirates.

When trying to understand what can and cannot be done with data that is required to provide a public or private cloud service the following six “cloud governance concerns” can be considered:

  1. Can I store and process personal data and are there any requirements for me to be able to do so?
  2. Can I move personal data between different jurisdictions?
  3. Do I need to comply with any requests from individuals that own the data?
  4. Do I have to comply with requests to disclose personal data from other entities?
  5. How am I liable if data loss occurs?
  6. How long do I have to keep data?

Continue reading

Sharing Options

  • Twitter
  • LinkedIn
  • Google Plus
  • Facebook
  • Reddit
  • StumbleUpon
  • Delicious
  • Email

How Do I Realise Private Cloud Benefits?

There are many pages, posts and platitudes devoted to hyping the benefits of deploying a private cloud within your organisation. Depending on how your IT infrastructure and business processes are currently structured and what approach you will take to deploying a public cloud, transforming into a service based organisation hosted on a private cloud can require significant investment and/or wide reaching transformation.

In this post I will write about how you can reduce the pain and the cost and ultimately run a successful cloud transformation initiative.

Continue reading

Sharing Options

  • Twitter
  • LinkedIn
  • Google Plus
  • Facebook
  • Reddit
  • StumbleUpon
  • Delicious
  • Email