Tom Trainer

Network Computing Blogger


Upcoming Events

Where the Cloud Touches Down: Simplifying Data Center Infrastructure Management

Thursday, July 25, 2013
10:00 AM PT/1:00 PM ET

In most data centers, DCIM rests on a shaky foundation of manual record keeping and scattered documentation. OpManager replaces data center documentation with a single repository for data, QRCodes for asset tracking, accurate 3D mapping of asset locations, and a configuration management database (CMDB). In this webcast, sponsored by ManageEngine, you will see how a real-world datacenter mapping stored in racktables gets imported into OpManager, which then provides a 3D visualization of where assets actually are. You'll also see how the QR Code generator helps you make the link between real assets and the monitoring world, and how the layered CMDB provides a single point of view for all your configuration data.

Register Now!

A Network Computing Webinar:
SDN First Steps

Thursday, August 8, 2013
11:00 AM PT / 2:00 PM ET

This webinar will help attendees understand the overall concept of SDN and its benefits, describe the different conceptual approaches to SDN, and examine the various technologies, both proprietary and open source, that are emerging. It will also help users decide whether SDN makes sense in their environment, and outline the first steps IT can take for testing SDN technologies.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

See more from this blogger

Data Protection In The Cloud Era

Growing deployments of private and hybrid clouds, coupled with increasing enterprise trust in public clouds, begs the question: How can IT management assure data protection and security in the era of cloud computing and cloud storage?

Many agree that encrypting data at rest on the disk is extremely helpful in assuring data protection within a cloud-based data center. However, newly created data and data frequently used by applications has many points of vulnerability while it is in flight to and from application servers.

More Insights

Webcasts

More >>

White Papers

More >>

Reports

More >>

The challenge is that data protection and security concerns will always be with us as we evolve to newer IT technologies and as long as there are those who try to hack through security measures and access data. Some in IT management blame technology itself. However, other elements, including out-of-date corporate security policies, contribute to data exposure.

Organizations often implement virtualization and cloud deployments without reviewing beforehand or revisiting their existing data protection and security policies. Significant infrastructure changes can put a business at risk. Failing to review data protection and security measures before changes are implemented may leave you at risk of an attack on your data and missing out on key new technologies that can help you.

[Find out the major security issues to address before signing a contract with an Infrastructure as a Service provider in "Top IaaS Security Requirements To Consider."]

Recently, I spoke with Zane Gramenidis, president of East Coast Computer and a Cisco partner. Zane has been addressing data protection and overall business IT security concerns for decades.

I asked Zane what his firm typically recommends as they work with clients on implementing infrastructure changes. In addition to recommending that clients use updated tools for better data security planning, his company advises they not install business-critical applications on devices that are in the hands of employees.

"They [users] can still run these applications from their devices, but through a centrally managed server in the data center or in the cloud," he says. "Users can still run these applications online or off-line from their various devices. If for any reason an employee leaves the company or a device is lost or stolen, data security can be at great risk. However, with the proper tools these risks can be minimized since devices can be deactivated and the data wiped should these risky situations arise.”

There is an industry effort to automate security in conjunction with virtual machines, but Vik Mehta, president of VastEdge, a supplier of IT services to major corporations, says this can be a tricky undertaking. “Automation in a virtual machine environment (i.e., VMware, RHEV and Hyper-V) is good, but it can be scary for some because the security policy must be absolutely correct when the virtual machine is created,” he said. Clearly, preplanning security policies and testing them thoroughly before implementing them in an automated fashion is a must.

As virtual and cloud deployments continue to grow, common information access concerns still need to be addressed. For example, consider extranets. Extranet access is typically provided to partners, vendors and suppliers. Information in-flight over multiple networks can be exposed to theft, and the extranet can create a hole for hackers to enter an organization's IT infrastructure.

“Extranets can increase data security risks. Network virtualization, firewalls, wireless LANs, and some storage virtualization use cases can be attacked, and customer order data (units, purchase price information and shipping information) can be compromised," Mehta says. “Security is a big gap, and many shops want to address it later; however, it needs to be addressed now."

In an upcoming post, I will address moving data protection to the application stack and the data security concerns therein. I believe you’ll be surprised at which vendor is taking a leadership role in this area.

What are you concerns with data protection in the cloud? Do you include data protection and security planning and policies upfront in change planning? Is security dealt with after changes are made? Share your thoughts and opinions in the space below.

[Learn about developing an information risk management strategy and key areas of consideration when evaluating security programs and capabilities in "Securing the Business" at Interop New York Sept. 30-Oct. 4. Register today!]

Tom Trainer is founder and president of analyst firm Analytico. Prior to founding Analytico, Trainer was Principal Storage Product Marketing Manager at Red Hat, and Director of Marketing at Gluster prior to its acquisition by Red Hat. Tom has worked as managing senior partner at Evaluator Group, and also held senior positions at EMC, HDS, Auspex, and Memorex-Telex during his 30-year career in IT. You can follow him on Twitter at @itstorage


Related Reading


Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.
 
Vendor Comparisons
Network Computing’s Vendor Comparisons provide extensive details on products and services, including downloadable feature matrices. Our categories include:

Research and Reports

Network Computing: April 2013



TechWeb Careers