Smart Data Management through the Cloud
October 24, 2011
To achieve our goal of making Canada a leader in the global Cloud computing market, we need to create an innovation program that outputs the IP required to underpin new ventures capable of real impact in the sector.
This needs to be combined with an international business development program, so that these startups can be involved in bids like the $100m UK G-Cloud project…
Central to this is the best practice focus area of Cloud Identity and Security. (Join the Linkedin best practices group here).
Without doubt the first and most major concerns about Cloud that users have is information privacy and security fears, and so the steps required to address these is essential. These includes worries over where the data might be hosted geographically, as it may be exposed to risks like the USA’s Patriot Act.
Advances in the innovations required to secure Cloud data will not only alleviate these fears but also foster an entirely new generation of technology service as a whole. The opportunity for this mix of technologies is introduced through this article explaining the Canadian CIO’s plans for similar initiatives.
To cultivate these innovations a key workstream we’ll be driving for this is the Kantara Initiative working group that I’m currently in process of setting up: Kantara Cloud Security Best Practices.
This blog provides a posting for discussing the remit of the charter, and this activity overall is intended to develop an innovation framework context for helping accelerate new business ventures. It identifies the key trends and technologies required to meet them.
There are three main areas of focus:
- Cloud Identity and Security Best Practices
- The Cloud as a Dataweb
- Cloud Data Management
Cloud Identity and Security Best Practices
Concerns in this area are rightly justified. Last year Gartner identified that “through 2012, 60% of virtualized servers will be less secure than the physical servers they replace”.
Therefore Cloud customers face a number of challenges; this IT level security as well as the policies that affect where the data is hosted.
The Cloud Security Alliance has emerged as a leading authority in tackling these issues. Their recommendations can be leveraged to implement audit ready protections, such as using DLP to apply policy-based controls over data, seperating the hypervisor into different management components, monitoring and logging of all access, and so forth.
Defining the role of Identity Management models and technologies within this context is the purpose of our Kantara working group. The principles can also be applied to Cloud environments, leveraging standards based identity authentication mechanisms to enable and regulate users and admin access to Cloud resources, as well as user provisioning.
The objective will be enable consistent replication of these policies across both Cloud and on premise systems, where Cloud providers federate their local authentication mechanisms together with the LAN of the corporate users – Building a secure bridge between them.
For example in this RFP from early 2011 the Government of Canada has identified they plan to implement a managed service for a branded ICAM (Identity, Credentialing and Access Management) system.
This will evolve them from their ePass Service of today, to a Cyber-Auth Service of the future. This will enable ‘My GC Services’ single authentication across multiple Gov apps, where Kantara is a core technical component as described in this Government policy document Cyber Authentication Technology Solutions
Cloud service providers can interface to these same systems so that they can be used to regulate Cloud security too. My GC Services will be able to seamlessly span across external Cloud resources as well as in-house ones.
The Cloud as a Dataweb
These capabilities will provide the foundation for what is called a “digital identity ecosystem“, a more comprehensive, more profound development of the Cloud in terms of it representing the evolution of the Internet as a singular environment of interconnected data.
This type of vision, and the technologies that might enable it, have been expressed in different forms, such as “the Dataweb”.
The 2004 white paper The Dataweb (21-page PDF) introduces the OASIS protocol XDI, which provides the mechanisms for a single Identity addressing system, such as having your own permanent ‘i-name‘, and also for the dynamic exchange of data between different applications, ‘link contracts‘.
The Cloud acting as this Dataweb will solve many of the core issues associated with the fundamental nature of legacy technology. For example consider a common scenario such as having to change your address when you move home. You must repeat the process of notifying numerous different vendors because there is no global system interconnecting them.
Ideally you would be able to notify the change to just one vendor and then that change is replicated throughout them all, and this ability is the goals of a Dataweb system, the principles of which are now carried on through Kantara. Groups like the Trust Framework define these core mechanisms including aspects such as Cross-border identity federation. eGov provides a “government view” into the initiative and TelcoID defines how to implement them across telco networks and multiple devices like cell phones and digital TVs.
Combinations of these will provide great solutions – For example enabling government agencies to more easily adopt secure, mobile payment systems. With common ID’s across telco networks and devices like Blackberries et al, then it’s easier to offer better interconnected application services.
Cloud Data Management
This refers to the expansion of traditional data management practices to extend them into Cloud environments. For example the ‘DMBOK‘ is one key body of best practices that the Canadian Government are working with to manage their information.
It encompasses the breadth and depth of using IT for managing information, such as Data Governance, Architecture, Meta Data and Master Data Management, and also spans into areas that overlap with other best practice bodies, such as the Privacy requirements of the data and also Document and Records Management.
Cloud Data Management adds to these capabilities by integrating use of the Cloud environment described above, in particular in key areas like data sharing and interoperation – The Dataweb ushers in an entirely new paradigm to be leveraged for these purposes.
Conclusion – Shared Services Transformation
It’s the combination of these trends, not just Cloud Computing alone, that offers the most potential for business benefit, driven by initiatives such as Shared Services Canada.
For example consider just how much costs government incur with aspects related to data management. From driving licence applications to social welfare claims, how many paper forms and related processes are operated to continually collect data for purposes of administration?
Imagine if much of this could be done away with, made unnecessary by “Smart Data” that updates itself through the Cloud?
If this is combined with great levels of IT cost reduction through sharing applications in utility Cloud providers too, the levels of savings possible will be quite staggering.