David Hill

Network Computing Blogger

Upcoming Events

Where the Cloud Touches Down: Simplifying Data Center Infrastructure Management

Thursday, July 25, 2013
10:00 AM PT/1:00 PM ET

In most data centers, DCIM rests on a shaky foundation of manual record keeping and scattered documentation. OpManager replaces data center documentation with a single repository for data, QRCodes for asset tracking, accurate 3D mapping of asset locations, and a configuration management database (CMDB). In this webcast, sponsored by ManageEngine, you will see how a real-world datacenter mapping stored in racktables gets imported into OpManager, which then provides a 3D visualization of where assets actually are. You'll also see how the QR Code generator helps you make the link between real assets and the monitoring world, and how the layered CMDB provides a single point of view for all your configuration data.

Register Now!

A Network Computing Webinar:
SDN First Steps

Thursday, August 8, 2013
11:00 AM PT / 2:00 PM ET

This webinar will help attendees understand the overall concept of SDN and its benefits, describe the different conceptual approaches to SDN, and examine the various technologies, both proprietary and open source, that are emerging. It will also help users decide whether SDN makes sense in their environment, and outline the first steps IT can take for testing SDN technologies.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

Vendor NewsFeed

More Vendor NewsFeed »

See more from this blogger

PerspecSys: Removing a Key Security Barrier to Public Cloud Adoption

Several months ago, an IT trade publication (which will remain nameless) published an article whose title stated that public cloud security remains "mission impossible." While the article was well-reasoned and backed off from the title's hyperbolic assertion, the damage had already been done. Actually, the title should have been something more like, "Public cloud security is mission possible, but proceed cautiously."

Why do I say this? Because cloud "security" (I place security in quotes to emphasize that it may include data control and data protection issues broadly defined) requires careful technology, administrative control and regulatory planning that have to carefully address each issue as it is important to an enterprise. As an example of solving a very important security issue from PerspecSys, let's take a vendor whose solution enables enterprises to use an application running in a public cloud without also placing sensitive, personally identifiable information (PII, or information that may be used to construct the identity of an individual, including, but not limited to, full name, national identification number and credit card numbers) in the cloud.

Worldwide--most notably in the European Union, but also more and more in the United States and elsewhere--governments are preventing organizations from disseminating or storing PII improperly. Exactly what constitutes improper behavior is still evolving, but clearly one big restriction is the geographical constraint on where PII can be disseminated or stored. For example, even within the European Union, restrictions exist on transferring and storing PII across country borders--say, locating PII pertaining to German citizens in Italy or Greece.

This is a regulatory barrier that has teeth, levying notably heavy fines for violations. Therefore, an enterprise may be prohibited from using a public cloud that stores data in a different country than that in which the enterprise is located. That can be a significant problem if, let's say, an enterprise wants to use a software-as-a-service (SaaS) provider, such as Saleforce.com, for important business reasons. No go.

PerspecSys dissolves this problem, enabling the enterprise to use Saleforce.com or other SaaS applications wherever the application is run, because the PII data is stored in the enterprise's own approved geographical location (in its own or a third-party's data center). The rest of the data that the SaaS application uses can be stored in a public cloud, without regard to geographical location.

How is this possible? PerspecSys provides software, which it calls the PRS (Privacy, Residency and Security) Server, that is installed on a standard Linux-based server in a data center where an enterprise can legally store PII. A Salesforce.com user, for example, goes through the PRS Server when creating a Salesforce.com record. The non-PII information goes through to Salesforce.com untouched in clear text form, whereas the PRS Server replaces the PII clear text with anonymized data that cannot be reconstructed at the public cloud end to recreate the PII information.

There are two methods for achieving this. The first method is encryption. The encryption keys are kept by the company in the country of origin so the public cloud cannot decipher the PII. Now, while this is a technically sound method of providing privacy, and many governments approve this method, some jurisdictions are still not happy with this approach because, in some sense, the PII has still been moved and only the residency of the keys, not the PII, is with the company. In such cases, another method, called tokenization, which is all about the residency of data, serves as a strong alternative.

Every piece of PII has a randomly generated value. The value can be alphanumeric and corresponds to what the application requires for purposes of processing, such as a national identification number. This value is called a token. The real PII and its corresponding token value are kept in an index table at the enterprise's chosen processing location. Only the token is sent to the SaaS application. Now, Salesforce.com or other SaaS providers can play with this token to their hearts' content and use it in processing, but no one (not even a governmental agency that seizes the data) can reconstruct the PII data for the simple reason that it doesn't exist there.

Page:  1 | 2  | Next Page »

Related Reading

More Insights

Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.
Vendor Comparisons
Network Computing’s Vendor Comparisons provide extensive details on products and services, including downloadable feature matrices. Our categories include:

Public Cloud Reports

Research and Reports

Network Computing: April 2013

TechWeb Careers