Click here to close now.

Welcome!

.NET Authors: Liz McMillan, Elizabeth White, Pat Romanski, Jaynesh Shah, Carmen Gonzalez

Related Topics: Cloud Expo, Microservices Journal

Cloud Expo: Blog Feed Post

Cloud Database – Are You Prepared?

There are a lot of issues around data in the cloud

The ongoing saga of everything cloud is entertaining, if nothing else. I have a couple of areas of interest that aren’t really burning up the electrons, one of them is cloud databases. Let’s face it, while “the cloud” is interesting in an application sense, for IT it is relatively useless without the ability to access databases. Normally databases housed in your internal IT department. Of course internal “private” clouds will address much  of this issue, until they are readily available, we are faced with the reality that we have to find a solution we can trust to house data that is essential to our organization’s well being. There are a lot of issues around data in the cloud, I’m going to focus in on a couple that IT departments are trying to figure out – or should be.

  • Security – data access control and standards compliance
  • Security – physical/network control
  • Latency – how much impact will remote databases have on performance
  • Standards – how is data put into and gotten out of the database
  • Data Redemption – how do I get my data out if for any reason we stop doing business?

There’s a lot there, but it’s not nearly as long as the list could be if I was to dissect all of the services out there. For the record, any “cloud data solution” that includes the phrase “frees you from the restrictions of an RDBMS” or “develop applications without IT” are not considered here. My reasoning is simple, your organization holds a ton of critical and relevant data in RDBMS databases now, changing that is possible, but at least for the time being, these applications will be limited to business units or pretty small businesses. I am looking at the problem from the IT perspective. No doubt I missed some vendors – Cloud is the winner of 2010’s buzzword bingo after all, and I was just researching with my own resources.

And a final note, I have not gone and tried any of these databases. There just isn’t time to do that level of research for a blog post. So understand that I am working off of the web pages of these vendors. Still, the market is young enough that for many, you can tell what they’re about pretty reliably.

Of all of the products that I explored, I have to say that Caspio Bridge has done the most to resolve the security and standards issues. They are PCI and TRUSTe compliant, which speaks volumes. They offer SQL Server with an AJAX front end, and allow you to get the data out in a selection of formats that includes XML and CSV, which is “good enough” for the current state of cloud databases, I would think.

Then there is Dabble DB who has a disclaimer about HIPPA that is understandable and probably helps the lawyers sleep at night, but isn’t designed to win customers’ confidence:

Does Dabble DB® comply with HIPAA?

We cannot enter into any agreement above or beyond our existing privacy policy, and we cannot offer any guarantee about specific compliance with HIPAA or any applicable state law. It is the responsibility of the health care entity to determine whether Dabble DB® meets the requirements of HIPAA.

Both Microsoft’s SQL Azure and Oracle via AWS are solid DB offerings but offer little tangible in terms of security. They are very desirable in the sense that they offer their standard interfaces, making it pretty easy to adapt your applications to them, but both are relatively silent about security other than the role-based security built into their RDBMS, which is a bit disconcerting. Rackspace and Joyent both offer complete cloud solutions, and honestly these two providers do the best job of documenting what is available and how to use it. But again, they seem to miss the point that users care about the level of their security. Now granted, with so much documentation on their sites, I’m guessing there is more info there than I found about the security issues.

Truly, Oracle, Azure, and Rackspace are the ones you have the least to worry about where latency is concerned – these companies (actually Amazon in the case of Oracle) have huge, dispersed datacenters, and data redemption is pretty straight-forward from all four of the vendors mentioned in the last paragraph, simply because they use the databases we all use. Disclosure: We are partners with Oracle and Microsoft, but I assure you that their inclusion is based upon the fact that you have one or both running in your datacenter already, not because of our partnership.


WHAT’S THE POINT?

Well, you might be asking what the point of this blog is… And honestly I have had an interest in this topic for a while, but only now got the time to start research. I went into this thinking I would be sorely disappointed because no one was talking about the database where cloud is concerned. There are still serious issues – if you fall under HIPPA, can you put your data on someone else’s network? How about PCI? Do your execs believe that this other company will be as cautious with your data as your employees? What is the recourse if one of those other apps in the cloud gets into your space? Don’t ever let a cloud provider tell you it can’t happen. It can, they’re on the same network, often on the same physical hardware. But overall? I wasn’t at all disappointed. Not a bit.Cloud

You see, I expected to find the state of cloud databases to be much, much more sparse and juvenile than what I found. Lots more juvenile than what I found.

I’m not yet certain what I think of treating your cloud database as ‘just another app’, since it holds sensitive information and a cloud is not your private network. Remember: for a few bucks a month a hacker can legally be on the same physical network as your DB, something we’ve spent years and a small fortune preventing. But if you trust your IT staff’s (or your own if you are IT staff) ability to lock down MySQL or SQL Server or Oracle like it was on a public IP address, then this is probably a good choice for you.

Caspio really did do the best job of convincing me that they’re on to the security stance though. Seriously, they didn’t bury their claims in legalese or tons of other disclaimers and documentation, they listed their certifications and what precautions they take with both physical access and staff access to your data. Still leaves the question of how well they can detect suspicious activity coming from a “customer” instance, but since they’re selling DB services and not OS instances, this is a little less of a concern (though certainly don’t dismiss the risks, AJAX can be an attack vector also).


NEXT?

I want to look at this from the other side that IT cares about – which app or server vendors have a method for you to securely link back to your own database. You could always write a proxy to handle access or lock your server down to only accept requests from a specific IP range, but I want to understand how that lockdown would impact scale-up and if it was loose enough not to impact scale-up, what that would mean to other “customers” who paid their few bucks a month. I’ll explore that topic in a future blog though, for Monday’s blog is already upon me.

But for now, it’s late, and I’ve (hopefully) given you something to think about at least, and given myself a ton to think about.

Read the original blog entry...

More Stories By Don MacVittie

Don MacVittie is Founder of Ingrained Technology, LLC, specializing in Development, Devops, and Cloud Strategy. Previously, he was a Technical Marketing Manager at F5 Networks. As an industry veteran, MacVittie has extensive programming experience along with project management, IT management, and systems/network administration expertise.

Prior to joining F5, MacVittie was a Senior Technology Editor at Network Computing, where he conducted product research and evaluated storage and server systems, as well as development and outsourcing solutions. He has authored numerous articles on a variety of topics aimed at IT professionals. MacVittie holds a B.S. in Computer Science from Northern Michigan University, and an M.S. in Computer Science from Nova Southeastern University.

@ThingsExpo Stories
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo in Silicon Valley. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 17th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal an...
P2P RTC will impact the landscape of communications, shifting from traditional telephony style communications models to OTT (Over-The-Top) cloud assisted & PaaS (Platform as a Service) communication services. The P2P shift will impact many areas of our lives, from mobile communication, human interactive web services, RTC and telephony infrastructure, user federation, security and privacy implications, business costs, and scalability. In his session at @ThingsExpo, Robin Raymond, Chief Architect at Hookflash, will walk through the shifting landscape of traditional telephone and voice services ...
The 17th International Cloud Expo has announced that its Call for Papers is open. 17th International Cloud Expo, to be held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, APM, APIs, Microservices, Security, Big Data, Internet of Things, DevOps and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal today!
Explosive growth in connected devices. Enormous amounts of data for collection and analysis. Critical use of data for split-second decision making and actionable information. All three are factors in making the Internet of Things a reality. Yet, any one factor would have an IT organization pondering its infrastructure strategy. How should your organization enhance its IT framework to enable an Internet of Things implementation? In his session at Internet of @ThingsExpo, James Kirkland, Chief Architect for the Internet of Things and Intelligent Systems at Red Hat, described how to revolutioniz...
All major researchers estimate there will be tens of billions devices - computers, smartphones, tablets, and sensors - connected to the Internet by 2020. This number will continue to grow at a rapid pace for the next several decades. With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo, June 9-11, 2015, at the Javits Center in New York City. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be
The security devil is always in the details of the attack: the ones you've endured, the ones you prepare yourself to fend off, and the ones that, you fear, will catch you completely unaware and defenseless. The Internet of Things (IoT) is nothing if not an endless proliferation of details. It's the vision of a world in which continuous Internet connectivity and addressability is embedded into a growing range of human artifacts, into the natural world, and even into our smartphones, appliances, and physical persons. In the IoT vision, every new "thing" - sensor, actuator, data source, data con...
Container frameworks, such as Docker, provide a variety of benefits, including density of deployment across infrastructure, convenience for application developers to push updates with low operational hand-holding, and a fairly well-defined deployment workflow that can be orchestrated. Container frameworks also enable a DevOps approach to application development by cleanly separating concerns between operations and development teams. But running multi-container, multi-server apps with containers is very hard. You have to learn five new and different technologies and best practices (libswarm, sy...
SYS-CON Events announced today that DragonGlass, an enterprise search platform, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. After eleven years of designing and building custom applications, OpenCrowd has launched DragonGlass, a cloud-based platform that enables the development of search-based applications. These are a new breed of applications that utilize a search index as their backbone for data retrieval. They can easily adapt to new data sets and provide access to both structured and unstruc...
There's Big Data, then there's really Big Data from the Internet of Things. IoT is evolving to include many data possibilities like new types of event, log and network data. The volumes are enormous, generating tens of billions of logs per day, which raise data challenges. Early IoT deployments are relying heavily on both the cloud and managed service providers to navigate these challenges. In her session at Big Data Expo®, Hannah Smalltree, Director at Treasure Data, discussed how IoT, Big Data and deployments are processing massive data volumes from wearables, utilities and other machines...
Buzzword alert: Microservices and IoT at a DevOps conference? What could possibly go wrong? In this Power Panel at DevOps Summit, moderated by Jason Bloomberg, the leading expert on architecting agility for the enterprise and president of Intellyx, panelists will peel away the buzz and discuss the important architectural principles behind implementing IoT solutions for the enterprise. As remote IoT devices and sensors become increasingly intelligent, they become part of our distributed cloud environment, and we must architect and code accordingly. At the very least, you'll have no problem fil...
SYS-CON Events announced today that MetraTech, now part of Ericsson, has been named “Silver Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place on June 9–11, 2015, at the Javits Center in New York, NY. Ericsson is the driving force behind the Networked Society- a world leader in communications infrastructure, software and services. Some 40% of the world’s mobile traffic runs through networks Ericsson has supplied, serving more than 2.5 billion subscribers.
The 4th International Internet of @ThingsExpo, co-located with the 17th International Cloud Expo - to be held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA - announces that its Call for Papers is open. The Internet of Things (IoT) is the biggest idea since the creation of the Worldwide Web more than 20 years ago.
The worldwide cellular network will be the backbone of the future IoT, and the telecom industry is clamoring to get on board as more than just a data pipe. In his session at @ThingsExpo, Evan McGee, CTO of Ring Plus, Inc., discussed what service operators can offer that would benefit IoT entrepreneurs, inventors, and consumers. Evan McGee is the CTO of RingPlus, a leading innovative U.S. MVNO and wireless enabler. His focus is on combining web technologies with traditional telecom to create a new breed of unified communication that is easily accessible to the general consumer. With over a de...
Disruptive macro trends in technology are impacting and dramatically changing the "art of the possible" relative to supply chain management practices through the innovative use of IoT, cloud, machine learning and Big Data to enable connected ecosystems of engagement. Enterprise informatics can now move beyond point solutions that merely monitor the past and implement integrated enterprise fabrics that enable end-to-end supply chain visibility to improve customer service delivery and optimize supplier management. Learn about enterprise architecture strategies for designing connected systems tha...
Cloud is not a commodity. And no matter what you call it, computing doesn’t come out of the sky. It comes from physical hardware inside brick and mortar facilities connected by hundreds of miles of networking cable. And no two clouds are built the same way. SoftLayer gives you the highest performing cloud infrastructure available. One platform that takes data centers around the world that are full of the widest range of cloud computing options, and then integrates and automates everything. Join SoftLayer on June 9 at 16th Cloud Expo to learn about IBM Cloud's SoftLayer platform, explore se...
SYS-CON Media announced today that 9 out of 10 " most read" DevOps articles are published by @DevOpsSummit Blog. Launched in October 2014, @DevOpsSummit Blog offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long development cycles that produce softw...
15th Cloud Expo, which took place Nov. 4-6, 2014, at the Santa Clara Convention Center in Santa Clara, CA, expanded the conference content of @ThingsExpo, Big Data Expo, and DevOps Summit to include two developer events. IBM held a Bluemix Developer Playground on November 5 and ElasticBox held a Hackathon on November 6. Both events took place on the expo floor. The Bluemix Developer Playground, for developers of all levels, highlighted the ease of use of Bluemix, its services and functionality and provide short-term introductory projects that developers can complete between sessions.
From telemedicine to smart cars, digital homes and industrial monitoring, the explosive growth of IoT has created exciting new business opportunities for real time calls and messaging. In his session at @ThingsExpo, Ivelin Ivanov, CEO and Co-Founder of Telestax, shared some of the new revenue sources that IoT created for Restcomm – the open source telephony platform from Telestax. Ivelin Ivanov is a technology entrepreneur who founded Mobicents, an Open Source VoIP Platform, to help create, deploy, and manage applications integrating voice, video and data. He is the co-founder of TeleStax, a...
The Internet of Things (IoT) promises to evolve the way the world does business; however, understanding how to apply it to your company can be a mystery. Most people struggle with understanding the potential business uses or tend to get caught up in the technology, resulting in solutions that fail to meet even minimum business goals. In his session at @ThingsExpo, Jesse Shiah, CEO / President / Co-Founder of AgilePoint Inc., showed what is needed to leverage the IoT to transform your business. He discussed opportunities and challenges ahead for the IoT from a market and technical point of vie...
Grow your business with enterprise wearable apps using SAP Platforms and Google Glass. SAP and Google just launched the SAP and Google Glass Challenge, an opportunity for you to innovate and develop the best Enterprise Wearable App using SAP Platforms and Google Glass and gain valuable market exposure. In his session at @ThingsExpo, Brian McPhail, Senior Director of Business Development, ISVs & Digital Commerce at SAP, outlined the timeline of the SAP Google Glass Challenge and the opportunity for developers, start-ups, and companies of all sizes to engage with SAP today.