Sharing of thoughts and information is what blogging is all about. This way we can learn from each other. Post A Comment!These postings are provided "AS IS" with no warranties, and confers no rights. You assume all risk for your use.
Anthony Bartolo Twitter | LinkedIn
Pierre Roman Twitter | LinkedIn
The other day Rick posted an entry on cloud computing and asked “As IT Pros who save the world every day at work – what do you think about all this “cloud” stuff?” It led to a lot of comments and questions.
Our colleagues over at TechNet Edge have started to answer the questions around cloud computing specifically aimed at the IT Pro. It is a four part series which will cover the IT Pro aspect of cloud computing. Part 1 is available and in it IT Pro Technical Evangelist Joey Snow invites Senior Architect Evangelist Brian Prince to Redmond to begin unravelling the mystery around Cloud Computing in this first video in the four part, Real World Azure series. Joey and Brian keep it light as they fill in the vocabulary for you. They describe what SaaS, Software plus Services and cloud computing are, and point out types of applications which are best-suited for the cloud.
Brian is happy to reveal how IT professionals move up the value food chain and do more of what they aspire to as they begin to leverage cloud computing. The discussion rounds out with a white board chat about the spectrum of applications that might run on-premises, hosted, or in the cloud for an enterprise.
Take a look, let us know what your thoughts are and stay tuned for the rest of the series.
It's a good video but it does not answer my questions or address my concerns....
I hope the future videos delve into those areas as they are common questions.
I can say that while cloud computing is a viable technology there will always be cases where you stick to the status quo. One comment you mentioned PIPEDA and compliance and that is one area where cloud computing might not be viable. PCI compliance is another example.
Well pipeda applies to most if not all companies in canada even non profits....
You are correct PIPEDA does apply to all business in Canada. PIPEDA is more about disclosing how data is collected, used, secured and stored. There is no requirements as to where it is stored as long as "appropriate security measures are taken". This differs from PHIPA (Ontario) and PIPA (BC) which does regualte this.
Whomever is responsible for ensuring the privacy and security of the data (one thing they all have in common is resposibility) must be sure that where ever the data is stored (local, off-premise, cloud) it is secured and kept private.
It gets more confusing when each province has it's own rules, the federal government has a set of rules and then other orgs have another set of rules (i.e. PCI).
That said, it still can be a viable solution. The Open Data Government Initiative in Edmonton as an example is running in the cloud on Windows Azure.
yes but if let's say I put my data in amazons cloud (they have had botnets) am I responsible if "amazon" fails to secure my data or am I responsible even though I have no control over your security and implementation.
Mike, that is the $1,000,000 question! The answer too depends on the SLA with the provider and the service you are utilizing.
rodney could you please kick trick for taking so long to post
Rick* not trick
Rick Claus said:
I'm liking @Mike's points about Privacy, Security, Compliance and Control. They seem to be top of mind for everyone or at least the default questions people ask.
I think I’ll take a stab at each of those topics from an IT Pro perspective in the coming posts. Stay tuned!
# February 23, 2010 9:55 PM
Crap - looks like my email reminders for comment posts to this article are not firing. Sorry dude - Had to get EnergizeIT out the door and the posts are in draft right now. hang in there man!
you may also want to post on energize it's facebook wall poor Tyler is doing your work
"3.Cloud computing: where is personal information going?
Cloud computing uses the Internet and central remote servers to maintain data and applications. In general, cloud computing users do not own the physical infrastructure, instead avoiding capital expenditure by renting usage from a third-party provider. Cloud computing allows users to use applications without installation and access their personal files at any computer with Internet access. They consume resources as a service and pay only for resources they use. Cloud computing is generally broken down into three services: «software», «platform», and «infrastructure».
In a «Software-as-a-Service» model, a user pays a software-providing company a subscription fee in return for running applications over the Internet from the service provider site centralized servers rather than from the business on-site. The «Platform-as-a-Service» model refers to the provision of hardware and software (such as databases) that allow users to develop and deploy their own applications. The third model in cloud computing, «Infrastructure-as-a-Service», is of particular concern to us. In this model, rather than storing data on their own computer network, cloud computing users store data on servers “in the cloud” and retrieve it as needed.
Although this may look like a classical case of an outsourcing relationship where respective responsibilities are clearly established, it is not. In a cloud environment, there are no single dedicated data centres where information is stored. “Data may be dispersed across and stored in multiple data centres over the world. In fact use of a cloud infrastructure can result in multiple copies of data being stored in different locations.”2 And cloud relationships are not one-to-one relationships but multilayered, web-like relationships where Cloud User A contracts with Provider B that in turn may contract out to Providers C and D that may contract out, unbeknownst to User A, to Providers E, F and G.
These sharing and transfer of data within the cloud and the inability for anybody to easily say where the data is or has been have jurisdictional implications. Personal information belonging to Canadians is moving from server to server and from jurisdictions providing strong data protection to jurisdictions providing little data protection. Because of the diffuse nature of cloud computing itself, control and oversight of data flow are, for all intent and purposes, currently very difficult to enforce.
Security safeguards are also a concern. In cloud computing, users rely on the security measures provided by the each of the cloud participants that handle personal information. Some established companies may provide adequate security controls, whereas others may decide that security is not a priority.
Another related issue is the retention of information data. At the current time, our Office does not have a clear view of what happens when multiple copies of data are being dispersed and stored in different locations. Is information retrieved from one location also retrieved from another? Is information automatically updated in all locations or do we end up with a multiplicity of information versions lingering in various corners of cyberspace? How long are the multiple copies retained? Did the individual whose data is stored in a cloud provide consent to having his information disaggregated and stored in multiple copies in different locations?
Position of the Office of the Privacy Commissioner of Canada
Privacy and information security are not always front and centre priorities when new tools are being developed and used. This is not a caution against using new technologies or integrating new tools into everyday activities. Rather, it is recognition that Canadians, especially the younger generation, need help to begin developing appropriate information-management practices – ways to ensure their personal information is collected by organizations only with their permission, distributed only according to their wishes, and used only in ways to which they agree.
Our Office is of the view that technology and privacy can work hand in hand, and that ensuring privacy rests in outreach to Canadians, continued close dialogue with industry, and informed policy-making and legislation at the national and international levels.
In the next year, the Office of the Privacy Commissioner intends to conduct an in-depth examination of privacy issues related to behavioural marketing, location data and cloud computing. PIPEDA will be reviewed in 2011 and, although it is a technologically neutral law, our Office wants to ensure it will continue to respond optimally to technology developments that are shaping our future.
Given the increasingly globalized nature of privacy challenges, our Office believes that durable solutions will also come through international collaborative efforts.
"patiently" waiting for your posts. Rick....
Rick you really need to get to these posts…..I have been waiting since February 23rd.