Security is a Holistic Proposition

Gorka Sadowski

Subscribe to Gorka Sadowski: eMailAlertsEmail Alerts
Get Gorka Sadowski: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Related Topics: Cloud Computing, Cloud Hosting & Service Providers Journal, Cloud Security Journal

Blog Post

Logs for Better Clouds - Part 4: The Trust Factor

How to trust your Cloud Provider

Trust is the fundamental business enabler.

It is absolutely necessary for clients to trust their Cloud Providers. Without trust, business relationships cannot exist.  Without trust, existing relationships cannot blossom.

Trust becomes an issue as soon as there are potential conflicts of interest.

As a client, do you think it's unfair that your Cloud Provider is also the entity generating reports on actual usage for Pay-per-Use billing calculations? Do you think it represents a conflict of interest?

How about when your Cloud provider also generates reports on his level of compliance to the agreed-upon SLA? Are you now thinking conflict of interest?  Is this affecting your trust level? Maybe?

However, if your Cloud Provider can demonstrate that he's got the right tools to measure usage, and he provides you with ways to validate SLA reports, can you now trust your provider? Well, probably, right?

So what are these tools, and what are the reports based on?  Are they based on something undisputable that everybody can trust?  How can we verify these reports in case of disagreement?

Let's think about an analogy concerning utilities.

Today Utility Companies are empowered to not only deliver service but also generate and send us reports on usage.  They are also the ones who send us the bills based on usage calculations.

Do you know exactly how many KW of electricity you have used this month?  Or how many liters/gallons of water you consumed?  Yet you would rarely question these usage and billing reports.  You just pay, confident that the reports are acurate, and confident that if something looks fishy you have ways to verify and validate these numbers. Indeed, you have access to the raw information tracked by the power meters accurately measuring actual usage and supporting the reports generated.

We need the same level of trust for Cloud Providers; we need the same Universal Power Meters.

So assuming that this universal power meter is based on logs, how can we deploy such a Log Management solution, provide for undisputable proof of good faith, basis for trust, while obfuscating trade secrets and protecting intellectual property?

Let's zoom in a multi-layer Cloud structure where Clouds can be clients of other Clouds while being competitors at the same time.

More Stories By Gorka Sadowski

Gorka is a natural born entrepreneur with a deep understanding of Technology, IT Security and how these create value in the Marketplace. He is today offering innovative European startups the opportunity to benefit from the Silicon Valley ecosystem accelerators. Gorka spent the last 20 years initiating, building and growing businesses that provide technology solutions to the Industry. From General Manager Spain, Italy and Portugal for LogLogic, defining Next Generation Log Management and Security Forensics, to Director Unisys France, bringing Cloud Security service offerings to the market, from Director of Emerging Technologies at NetScreen, defining Next Generation Firewall, to Director of Performance Engineering at INS, removing WAN and Internet bottlenecks, Gorka has always been involved in innovative Technology and IT Security solutions, creating successful Business Units within established Groups and helping launch breakthrough startups such as KOLA Kids OnLine America, a social network for safe computing for children, SourceFire, a leading network security solution provider, or Ibixis, a boutique European business accelerator.