Virtual Global - Rapid System Engineering

Archive for June, 2010

Katonda News Network, June 29, 2010

So here’s a question: Which IT sector accounts for fully 25% of the industry’s year-over-year growth and, if the same growth trajectories continue, will generate about one-third of the IT industry’s net new growth by 2013? The answer is Cloud Services, according to research firm IDC.  Cloud computing is garnering its fair share of industry buzz as well. Its promise of revolutionary cost savings and agile, just-in-time capacity has driven IT organizations at enterprises of all sizes to build cloud deployment strategies into their plans. — Mike Armistead, VP Corporate Development, Fortify Software

The Benefits of the Cloud
Cloud computing is immensely popular with companies and government agencies in search of revolutionary cost savings and operational flexibility. According to industry research firm IDC, cloud computing’s growth trajectory is, at 27% CAGR, more than five times the growth rate of the traditional, on-premise IT delivery/consumption model.

Cloud computing practitioners cite numerous benefits, but most often point to two fundamental benefits:
* Adaptability: An enterprise can get computing resources implemented in record time, for a fraction of the cost of an on-premise solution, and then shut them off just as easily. IT departments are free to scale capacity up and down as usage demands at will, with no up-front network, hardware or storage investment required. Users can access information wherever they are, rather than having to remain at their desks.
* Cost Reduction: Cloud computing follows a model in which service costs are based on consumption and make use of highly shared infrastructure. Companies pay for only what they use and providers can spread their costs across multiple customers. In addition to deferring additional infrastructure investment, IT can scale its budget spend up and down just as flexibly. This leads to an order of magnitude cost savings that wasn’t possible with 100% proprietary infrastructure.

Other benefits of the cloud include collaboration, scaling and availability, but revolutionary cost savings and the almost “instant gratification” offered by the agility of the cloud will be the key contributors to adoption of the cloud.

What is the Cloud?
So much has been written, advertised and discussed about cloud computing, it is appropriate to define the term for common understanding. Cloud computing generally describes a method to supplement, consume and deliver IT services over the Internet. Web-based network resources, software and data services are shared under multi-tenancy and provided on-demand to customers. It is this central tenet of sharing - and the standardization it implies - that is the enabler of cloud computing’s core benefits. Cloud computing providers can amortize their costs across many clients and pass these savings on to them. This paradigm shift in computing infrastructure was a logical byproduct and consequence of the ease-of-access to remote and virtual computing sites provided by the Internet.

The U.S. National Institute of Standards & Technology (NIST) defines four cloud deployment models:
1. Private Cloud, wherein the cloud infrastructure is owned or leased by a single organization and is operated solely for that organization
2. Community Cloud, wherein the cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns, including security requirements
3. Public Cloud, wherein the cloud infrastructure is owned by an organization selling cloud services to the general public or to a large industry group
4. Hybrid Cloud, wherein the cloud infrastructure is a composition of two or more cloud models that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability.

NIST’s definition of cloud computing not only defines HOW infrastructure is shared, but also outlines WHAT will be shared. These service models shift the burden of security accordingly between provider and user:

Software-as-a-Service, or “SaaS”, is the most mature of the cloud services. SaaS offers a “soup to nuts” environment for consumption of a common application on demand via a browser. Typically, the customer controls little or nothing to do with the application, or anything else for that matter, and is only allowed to configure user settings. Security is completely controlled by the vendor. Examples of providers include Salesforce.com, Workday, Mint.com and hundreds of other vendors.

Platform-as-a-Service, or “PaaS”, is an emerging cloud service model. The customer is able to develop applications and deploy onto the cloud infrastructure using programming languages and tools supported by the cloud service provider. They are not able to control the actual infrastructure – such as network, OS, servers or storage – the platform itself. Because the customer controls application hosting configurations as well as development, responsibility for software security shifts largely to their hands. Examples include Google App Engine and Amazon Web Services.

Infrastructure-as-a-Service, or “IaaS”, is where even more of the infrastructure is exposed to multi-tenant users. The cloud service provider provisions processing, storage, networks and other fundamental computing resources. The customer is able to deploy and run arbitrary software, which can include operating systems and deployed applications. Software security in this deployment model is completely in the customer’s hands, including such components as firewalls. Examples include Amazon Elastic Compute Cloud and Rackspace Cloud.

While SaaS gained popularity as an alternative to on-premise software licensing, the models that are driving much of the current interest in cloud computing are the PaaS and IaaS models. Enterprises are especially drawn to the alternative development infrastructure and data center strategies that PaaS and IaaS offer. At this point in time, smaller enterprises seem to have more traction with PaaS, enabling them to rapidly bring websites to market; whereas larger enterprises are more comfortable beginning their cloud deployments with an existing application moved to an IaaS cloud service.

How do we fully realize the benefits of the Cloud?
Realizing the cloud’s benefits is greatly determined by the trustworthiness of the cloud infrastructure – in particular the software applications that control private data and automate critical processes. Cyber-threats increasingly target these applications, leaving IT organizations forced to sub-optimize the cloud deployments containing this software, limiting flexibility and cost savings.  Assuring the inherent security of software, therefore, is a key factor to unlock the power of cloud computing and realize its ultimate flexibility and cost benefits.

Recommended approaches to Cloud software Security
According to the Cloud Security Alliance, a not-for-profit organization promoting security assurance best practices in cloud computing, the ultimate approach to software security in this unique environment must be both tactical and strategic. Some of their detailed recommendations include the following:
* Pay attention to application security architecture, tracking dynamic dependencies to the level of discrete third party service providers and making modifications as necessary
* Use a software development life cycle (SDLC) model that integrates the particular challenges of a cloud computing deployment environment throughout its processes
* Understand the ownership of tools and services such as software testing, including the ramifications of who provides, owns, operates, and assumes responsibility
* Track new and emerging vulnerabilities, both with web applications as well as machine-to-machine Service Oriented Architecture (SOA) which is increasingly cloud-based

The key to achieving the benefits of the cloud and to putting the above recommendations into practice is Software Security Assurance, or “SSA”.  Recognized by leading authorities such as CERT and NIST, SSA is is a risk-managed approach to improving the inherent security of software, from the inside.  There are three steps to a successful SSA program:

1. Find and fix vulnerabilities in existing applications before they are moved into a cloud environment
2. Audit new code/applications for resiliency in the target cloud environment
3. Establish a remediation / feedback loop with software developers and outside vendors to deal with on-going issues and remediation.

To realize the full benefits of cloud computing, organizations must assess and mitigate the risk posed by application vulnerabilities deployed in the cloud with equal vigor as those within their own data center. It is only then that they will be able to take full advantage of Cloud Computing to save cost and increase the efficiency of their business.
 

By Mike Armistead, VP Corporate Development, Fortify Software

Resources:
IDC on IT Cloud Services
NIST definition of Cloud Computing
Cloud Security Alliance “Security Guidance for Critical Areas of Focus in Cloud Computing v2.1”

____________________________

Virtual Global, a West Virginia corporation, is a provider of cloud-enabled enterprise IT solutions, including the TeamHost™ cloud platform for building SaaS applications without programming; TeamLeader™, a project management 2.0 software for tracking and reporting on virtual teams in real-time; and cloudipedia.com, a website that brings cloud computing information to the masses. Since 1995, Virtual Global’s platform technologies have served commercial and federal customers worldwide with enterprise-class IT needs.

Posted by Loraine Lawson Jun 28, 2010 11:59:33 AM

Health care is so far behind in basics like user interfaces and data integration, that most of the money spent on electronic health records will have to be re-spent later when the technology actually catches up, according to a new report.

InformationWeek delivered this gem of news Friday, summarizing a new report by Crosstree Capital Partners, an investment banking firm specializing in mergers and acquisitions in the life sciences, pharmaceutical outsourcing, diagnostics. Health care IT is expected to become ripe for M&As, according to the report.

If you’d like to read the full report online, a pdf is available on the firm’s site for free download.

The long and short of it is that electronic health records mostly rely on two means of data capture: Typing or image scanning. The report notes that there are much better ways to handle electronic data capture. Also, it notes that the current crop of EHR technology does a poor job of handling workflow.

But given the immediate pressures of government subsidies and the threat of reimbursement withholding:

… EHR will default into the core of integrated Healthcare Information Solution (HIS) infrastructures. Unfortunately, with most of the EHR systems on the market today falling way short in implementing state-of-the-art User Interface or data integration technologies, most of the money spent today will have to be re-spent as the technology catches up with the functional demands. Consequently, over the next 2-3 years radical improvements in User Interfaces (touch, natural language, proximity, etc.), and new wireless-enabled diagnostic and treatment devices will revolutionize EHR products in a painful and costly conversion process pretty much industry wide.

It’s a catch-22 with the funding, really. As I pointed out last week, it’s not like health care was investing in IT without the government subsidies, which are already attracting big tech vendors such as IBM, HP, Intuit, Microsoft and Oracle, to move into health care. Ironically, as these players come on board, the technology solutions will improve, making today’s expenditures obsolete.

Nice, huh?

The report also predicts big things for wireless devices in health care, which should come as no surprise surprise to those of us who’ve watched their doctors fiddle with tiny Palm Pilots over the years. Health Plan News recently featured a short piece on unwiring health care that’s worth checking out. It includes a look at how several hospitals around the world are using wireless technology.

I was also not surprised to read the report’s prediction that health care would trade Blackberries for iPads and other more advanced wireless devices. After watching how my own doctors used technology – or don’t - I’ve thought all along the iPad would be a natural fit for physicians.

______________________

Virtual Global, a West Virginia corporation, is a provider of cloud-enabled enterprise IT solutions, including the TeamHost™ cloud platform for building SaaS applications without programming; TeamLeader™, a project management 2.0 software for tracking and reporting on virtual teams in real-time; and cloudipedia.com, a website that brings cloud computing information to the masses. Since 1995, Virtual Global’s platform technologies have served commercial and federal customers worldwide with enterprise-class IT needs.

Written by Jeff Kaplan

When most people talk about cloud computing, they typically discuss the ways this new model is transforming businesses that are leveraging a growing assortment of online, “on-demand” Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), and Infrastructure-as-a-Service (IaaS) alternatives to achieve their corporate objectives. However, few are paying enough attention to how this same trend is also changing the way the public sector operates.

This impression was certainly reinforced in a recent survey by government research firm MeriTalk, which found three out of four federal IT executives don’t believe their agencies will achieve a data center consolidation plan outlined earlier this year by the US Office of Management and Budget — with 86 percent citing the culture of government IT as the chief obstacle to enacting the plan.

Contrary to this view, I’m meeting a growing number of innovative IT leaders in the public sector who are driving important advances in the cloud computing market as a whole that could also fuel the industry’s maturation process.

I had the privilege of presenting my perspective regarding the rapidly evolving cloud computing marketplace at Everything Channel’s XChange Public Sector conference last week. I was impressed with the level of interest and involvement many attendees reported during the session.

Rather than reject the logic of cloud computing, as the MeriTalk survey would suggest, many echoed the predisposition of the Obama administration’s CIO/CTO, Vivek Kundra, who was quoted in The Wall Street Journal on March 9, 2009, as saying:

“I’m all about the cloud computing notion. I look at my lifestyle, and I want access to information wherever I am. I am killing projects that don’t investigate SaaS first.”

 A panel of public sector IT executives at last week’s event included the following participants, who are all taking varying approaches to leverage cloud alternatives:

Conrad Cross of the City of Orlando, Fla., put it this way when he talked about how he’s responding to a series of significant budget cuts due to today’s tough economic climate: “I want to get out of the server business and into the services business.”

As a consequence, Orlando is increasingly relying on cloud computing alternatives. It started by swapping out its legacy email system with Google Apps. The switch took only two months and is resulting in more than 60 percent savings, according to Cross.

Mike Conroy of NASA pointed out that his agency is also changing its attitude about cloud computing, despite its unique and complex requirements — primarily in the form of private, internal cloud deployments.

The City of Los Angeles has received lots of attentionfor moving to Google Apps. This $7.25 million deal, serving 34,000 employees is one of the biggest deployments of Google Apps anywhere. It replaces an aging Novell GroupWise email system and includes a privacy provision providing the city with unlimited damages if its nondisclosure agreement (NDA) is breached by Google(Nasdaq: GOOG).

It is also interesting to note that the city’s deployment was administered, and is now supported, by Computer Sciences Corp. (CSC)(NYSE: CSC), demonstrating that there is plenty of room for traditional outsourcers, systems integrators, value-added resellers, and other channel partners to get involved in this transition process. This was the theme of my talk at last week’s XChange Public Sector conference in Jacksonville.

Even the most security-minded segments of the public sector are moving to the cloud. For instance, the Department of Defense’s (DOD) US Air Force Personnel Center (AFPC) and Medical Education and Training Campus (METC) have turned to RightNow, a SaaS customer relationship management (CRM) vendor, to help them improve their customer support operations. RightNow’s Secure Government Cloud also supports the US Department of Health and Human Services Agency’s Healthcare Research and Quality program.

Last year, Vivek Kundra and the Obama administration launched a SaaS marketplace and resource center, called Apps.gov. The site not only includes a widening assortment of on-demand apps for government agencies, it also includes valuable reference material, such as the National Institute of Standards and Technology (NIST) working paper on cloud computing and a summary report from Kundra’s office highlighting various federal agency cloud initiatives.

These initiatives are helping to do the following:

• Demonstrate the viability of cloud computing in various operational environments
• Dispel many of the classic concerns regarding the security, reliability, and costs of cloud computing
• Prove that there is plenty of room for traditional channel organizations to participate in the delivery of cloud computing services
• Show how to contract for cloud computing services to mitigate potential risks
• Generate new devotees to cloud-based alternatives  

 About Virtual Global:

Virtual Global, a West Virginia corporation, is a provider of cloud-enabled enterprise IT solutions, including the TeamHost™ cloud platform for building SaaS applications without programming; TeamLeader™, a project management 2.0 software for tracking and reporting on virtual teams in real-time; and cloudipedia.com, a website that brings cloud computing information to the masses. Since 1995, Virtual Global’s platform technologies have served commercial and federal customers worldwide with enterprise-class IT needs.

The space agency’s newly appointed CTO for IT outlines a plan to make technology innovation more widely available to NASA engineers and scientists.

By John Foley - InformationWeek - June 17, 2010 02:25 PM

NASA’s new CTO for IT, Chris Kemp, wants to more fully exploit the myriad technology innovations created by the space agency’s researchers, scientists, and technologists. Kemp this week shared his strategy for channeling that innovation in new ways.

NASA CIO Linda Cureton last month announced Kemp’s appointment to CTO for IT, a newly created position. Kemp is responsible for NASA’s Enterprise Architecture division and for introducing new and emerging technologies. He’s also charged with forming a council of CTOs from NASA field centers and mission teams that will foster innovation across NASA. Kemp was previously CIO of NASA’s Ames Research Center in northern California.

Speaking at InformationWeek’s Government IT Leadership Forum on June 15 in Washington, D.C., Kemp outlined a plan for getting started with that work. One goal is to reduce the number of “disconnected pockets of innovation” at NASA and share new developments more broadly. “How do we innovate on how we innovate?” he asked. NASA spends close to $2 billion annually on IT and technology development.
NASA’s 10 field centers should look for opportunities to establish ties with technology companies in their area, Kemp said. Ames Research Center, for example, is located in Silicon Valley, near the offices of Google, Microsoft, and Yahoo. “It’s a unique opportunity we should take advantage of,” he says.

Kemp has experience creating such industry partnerships. While director of strategic business development at Ames, prior to serving as CIO, he struck collaboration agreements with Google and Microsoft, resulting in NASA’s high-resolution imagery of the Moon and Mars being make available on the Web through Google Earth and Microsoft’s WorldWide Telescope.

Kemp says NASA must find ways to accommodate a new “unconstrained” generation of employees who are mobile, always connected, and users of social media and crowd-sourcing applications. “The challenge here is that the culture at NASA and a lot of other agencies isn’t ready for this,” he said. But NASA must learn to accommodate the expectations and requirements of its new employees, he added.

At Ames, Kemp was project leader for a cloud computing pilot project, called Nebula, that’s now being expanded to Goddard Space Flight Center in Maryland. Nebula’s hardware and software are housed in a mobile shipping container with a capacity of 16 Petabytes of data storage and 12,000 CPU cores. The Nebula project, however, caused political, budget, and personnel disruptions within NASA, and “it wasn’t pleasant,” Kemp said.

Kemp’s point is that disruptive technologies are just that — disruptive. It goes with the territory for CTOs, he said. Kemp favors “elegant” technologies over complex systems with many moving parts.

It’s important to understand the “as is” state of IT infrastructure in assessing where emerging technologies will fit, Kemp said. “This is all driving toward a repeatable process for evaluating the current state of NASA’s IT infrastructure and articulating our future roadmap,” he added. That process involves the development of technology prototypes, followed by case studies, and, where appropriate, investment.

Kemp plans to use metrics to gauge the effectiveness of IT pilot projects. He advocates completing pilots within three to four months and considers “failure” to be part of the process. “The idea is to fail fast,” he said. “Movement is key.”

_______________________________________________
Virtual Global, a West Virginia corporation, is a provider of cloud-enabled enterprise IT solutions, including the TeamHost™ cloud platform for building SaaS applications without programming; TeamLeader™, a project management 2.0 software for tracking and reporting on virtual teams in real-time; and cloudipedia.com, a website that brings cloud computing information to the masses. Since 1995, Virtual Global’s platform technologies have served commercial and federal customers worldwide with enterprise-class IT needs.

By TOM SPOTH | Last Updated: June 21, 2010

You’re 600 miles from the home office, immersed in a critical negotiation when disaster strikes: Your laptop spills to the floor, the hard drive crashes, and you can’t restart.

Everything is lost — e-mail, address book, calendar, spreadsheets and critical documents.

Now, imagine if all those critical files weren’t actually residing on your laptop at all. Instead, they exist “in the cloud,” accessible anywhere at anytime from any computer, and easily shared among you and your colleagues.

That is how the General Services Administration sees the future of federal computing: a more efficient, less costly and more flexible approach that strips both files and programs from individual computers and instead makes them accessible via the Internet.

GSA issued a request for proposals last week for a system that would replace PC-based programs with a single, integrated Web-based solution for e-mail, instant messaging and online conferencing. Employees would also be able to create and store online word-processing documents, spreadsheets and presentations, and collaborate on those projects on the Web in real time.

Existing federal e-mail systems are “insufficiently adaptive and costly,” wrote GSA chief information officer Casey Coleman in the RFP. Katie Lewin, who, as director of GSA’s cloud computing program, led the effort to write the RFP, said the effort could serve as a blueprint for moving all of government to cloud computing.

Another RFP, first issued by GSA a year ago and re-released in May with tighter security requirements, seeks to move data storage to the cloud, essentially outsourcing data storage and allowing government agencies to eliminate data centers and spread the computing and storage load to distributed servers tied together through the Web.

“It’s a very ambitious plan,” said Darrell West, director of governance studies at the Brookings Institution. “They’re wanting to become the model for the rest of the federal government. When you look at the range of things they’re talking about — migrating e-mail services, collaboration and management tools to the cloud — those are some of the activities that every federal agency undertakes.”

Rallying federal agencies to the cause will not be easy and will require major shifts in mindset and culture.

The Obama administration advocates cloud computing as a way to save money, improve performance and free up resources.

But so far, the Interior Department is the lone Cabinet-level department to announce a broad intent to adopt the concept. Interior is trying to consolidate more than a dozen e-mail systems serving 80,000 users into a cloud solution, a move officials say will cut costs by 66 percent.

Security concerns
Getting other agencies with intense security concerns to follow suit will be challenging. Federal agencies such as NASA, the Defense Department and the Securities and Exchange Commission have adopted “private” clouds that consolidate systems, but still keep files on their own dedicated file servers. Security concerns have made most agencies reluctant to move to public clouds operated by the likes of Google or Microsoft.

Education Department CIO Danny Harris told a government information technology forum last week: “I continue to ask about the security questions. … We’re ready to go to a cloud paradigm, like, next week if I can get that answer provided.”

Roger Baker, CIO at Veterans Affairs, said handling private data — Social Security numbers, health care profiles and more — creates enormous risk. VA has already been burned when laptops with such information have been lost, stolen or otherwise compromised. Putting that information in someone else’s computer system is risky, he said.

“I will never be able to give up complete ownership of the security of veterans’ private information,” Baker said.

GSA’s RFP asks for robust security features, requiring that all data be stored in the U.S. and that all contractor employees who can access the data be subject to federal background checks.

The security requirements indicate that the agency is not ruling out moving to a public cloud or a public-private hybrid, Brookings’ West said. The document states that “while certain basic requirements are necessary for our operation and to meet our security and privacy obligations, a good portion of the solution is open to a wide variety of alternatives.”

But agencies guarding national secrets will not be satisfied; others, however, may find GSA’s security specifications appropriate, he said.

Industry is optimistic
David Mihalchik, head of business development for Google’s federal team, said he thinks federal agencies are ready to move into the cloud, and GSA’s RFP will accelerate the process.

“I certainly think that GSA sets an example for other agencies that look to take this approach,” he said.

Mihalchik believes that once Google’s cloud computing technology is certified as compliant with the Federal Information Security Management Act, the floodgates could open. The company’s FISMA accreditation and certification package is under review now.

“Our security model is equal or in many cases greater than the security model of agencies’ existing on-premise technology,” Mihalchik said.

Moving into the cloud would give federal employees 25 gigabytes of storage space for e-mail — 100 times more than some mailboxes now hold, Mihalchik said. “Government employees are constantly pruning their mailbox and having to take messages out … and archiving them to free up space,” he said.

Mihalchik declined to comment on whether Google would bid on GSA’s RFP.

GSA is asking companies for a solution that modernizes its e-mail, offers an “effective collaborative working environment,” reduces the agency’s maintenance costs and applies “appropriate security and privacy safeguards.”

The agency explains in its RFP: “The existing e-mail and collaboration infrastructures at GSA are not adequate for the future. They consist of aging, site specific servers, with limited redundancy, and inconsistent archiving capability. In addition, the current e-mail infrastructure makes it difficult to manage and retrieve e-mails associated with legal matters. In-house upgrading, replacement, and deployment of new servers and infrastructure will be both expensive and disruptive to GSA operations.”

GSA manages 18,500 Lotus Notes e-mail accounts right now and expects that number to grow as high as 30,000. The agency’s e-mail servers are more than five years old and spread among 17 locations. If the servers at any specific site go down, those users lose access to e-mail until the problem is fixed.

West said replacing such outdated systems would be a godsend for federal agencies and employees.

“It’ll make their lives easier,” he said. “Most people in their private lives have e-mail systems that allow them to do a variety of things — e-mail, calendar, contact lists — and merge those things. The federal system does not allow for a lot of that beyond basic e-mail functions.”
_____________
About Virtual Global:

Virtual Global, a West Virginia corporation, is a provider of cloud-enabled enterprise IT solutions, including the TeamHost™ cloud platform for building SaaS applications without programming; TeamLeader™, a project management 2.0 software for tracking and reporting on virtual teams in real-time; and cloudipedia.com, a website that brings cloud computing information to the masses. Since 1995, Virtual Global’s platform technologies have served commercial and federal customers worldwide with enterprise-class IT needs.