Wednesday, April 29, 2015

Cloud microservices make their play

 by Kevin L. Jackson

Cloud computing seems destined to be the way enterprises will use information technology. The drastic cost reductions and impressive operational improvements make the transition an unstoppable trend. The “What is cloud computing?” question now, however, seems to be morphing into “Where is cloud computing going?”

While software-as-a-service (SaaS) providers see their market rocketing upward as the easiest and quickest path for cloud adoption, infrastructure-as-a-service providers are suffering as their high-capital-cost commodity business transitions to a profit margin race to the bottom. This unsettling paradox, driven by increased competition between major infrastructure players, portends a near-term shakeout as smaller players either fail, exit or get gobbled up.

Cloud services brokerage, still struggling to be even recognized as a real market, is being seriously threatened by open-source approaches from giants like Booz Allen Hamilton’s Jellyfish and the European Commission-funded CompatibleOne open-source broker. So what about platform-as-a-service? Seen by some as the most profitable segment, this also seems to be where most of the confusion resides. Unfortunately PaaS is still struggling to deliver on the promise of universal software interoperability. So what’s next? With all due deference to Mr. McGuire in “The Graduate,” two words: microservice architecture.

Microservice architecture, or simply microservices, is a new software development method that is, for many developers, rapidly becoming a preferred way of creating enterprise applications. Because of its scalability, this architectural method is considered ideal when there is a need to enable support for a range of platforms and devices — spanning web, mobile, the “Internet-of-Things,” and wearables.

Although no standard, formal definition of microservices exists, it is generally characterized as a method of developing software applications that uses a suite of independently deployable, small, modular services in which each service runs a unique process and communicates through a well-defined, lightweight mechanism. How the services communicate with each other depends on your application’s requirements, but many use HTTP/REST with JSON or Protobuf.
Microservices architecture contrasts with the traditional monolithic development styles in that the latter approach is always built as a single, autonomous unit. In a client-server model, the server-side application is a monolith that handles the HTTP requests, executes logic, and retrieves/updates the data in the underlying database. The challenge with this approach is that all change cycles usually end up being tied to one another. Microservices are also better aligned with more modern agile software development approaches.

Dell, traditionally an infrastructure company, is even noticing the importance of this trend. On this, the observation of James Thomason, CTO of Dell Cloud Marketplace, is of note:
Already, Docker (and others) are working on various new forms of service discovery, in order to solve the infrastructure dependency injection problem, and consequently the “awareness” of dependencies between application components on different servers and infrastructure.
The recent love affair with infrastructure containers like Docker and VMware’s surprising investment in Linux containers through the release of Photon has now opened the door for a rapid adoption of microservices and the isolation of containers to one process or service.

This containerization of single services or processes makes it very simple to manage and update these services. Therefore, it’s not surprising that the emergence of frameworks for managing more complex scenarios will be next. Open-source projects like Kubernetes, Maestro-ng and Mesos are now springing up to answer this need. Stay tuned.

(This post was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. For more on these topics, visit Dell's thought leadership site PowerMore. Dell sponsored this article, but the opinions are my own and don't necessarily represent Dell's positions or strategies.)

Cloud Musings
( Thank you. If you enjoyed this article, get free updates by email or RSS - © Copyright Kevin L. Jackson 2015)

Saturday, April 25, 2015

Tweeps Are People Too!!

I woke up this morning to the devastating news about the earthquake in Nepal. Sitting here in California  that destruction is literally on the other side of the world but my mind immediately went to thinking about my good friend Jeremy Geelan. See Jeremy and his family have been living in Kathmandu for a while now. His wife, in fact, is the Danish Ambassador to Nepal!
Being a social media kind of guy, I immediately went online to see if Jeremy was active, but then the other shoe dropped. I realized that I was selfishly neglecting my global online readership! A quick look at TweepsMap confirmed that I had at least 10 tweeps in Kathmandu and another in Itahari, Sunsari, in the eastern part of the country!!

After sending out a few queries on Twitter and Facebook I soon received word that Jeremy and family were OK. I also had exchanges with a few other readers, the first of which was Suyash Chhetri, who is also safe with his family.

For me this personal experience proved that Tweeps Are People Too!  They are not just faceless names and numbers. It also once again highlighted how much we are all connected.

My prayers to all that are enduring the pain and suffering of this horrible tragedy.

( This content is being syndicated through multiple channels. The opinions expressed are solely those of the author and do not represent the views of GovCloud Network, GovCloud Network Partners or any other corporation or organization.)

Cloud Musings
( Thank you. If you enjoyed this article, get free updates by email or RSS - © Copyright Kevin L. Jackson 2015)

Tuesday, April 14, 2015

The CISO role in cybersecurity: Solo or team sport?

The average length of time in the commercial sector between a network security breach and when the detection of that breach is more than 240 days, according to Gregory Touhill, deputy assistant secretary of Cybersecurity Operations and Programs for the Department of Homeland Security. What could happen to your company during that eight-month period? Could your company survive?
This alarming statistic is just one of the reasons why the National Cybersecurity Institute at Excelsior College (NCI) undertook the task of surveying the nation’s chief information security officers. With the support of social media campaigns from Dell cybersecurity and the International Information Systems Security Certification Consortium, also known as ISC(2), NCI was able to collect a statistically significant number of responses across eight industry verticals. Although a formal analysis of the data is still being conducted, some important early revelations have already been identified.

While the overall survey broadly covered the domain, one of the most interesting insights for me came from a high-level response from just three questions:
  • What are the top three items/resources you need to accomplish your job?
  • Which of the following are the top five sources of application security risk within your organization?
  • Which of the following five skill sets best prepares someone to become a chief information security officer?
The survey designers worked hard not to focus just on the technical aspects of the CISO role. To that end, respondents had to choose from nine job resources, 10 security risk options and 11 specific skill sets. They also enjoyed the option of writing in a response. Although every option on each of these three questions had some takers, the most predominant answers were:
  • The top resource needed to accomplish the CISO job is the support of other management leaders.
  • The top source of application security risk is a lack of awareness of application security issues within the organization; and
  • The best skill set for preparing someone to become a CISO is a statistical tie between business knowledge and knowledge of IT security best practices.
Some may find it surprising that neither technical knowledge, technical skills nor the technology itself is an overwhelming favorite for the surveyed professionals. So with that observation, what truths can we learn from this answer set?

To be sure, additional analysis and rigor are needed, but from a personal point of view this early data hints that technical knowledge is not the primary CISO skill requirement. It also tips a hat toward the need for robust internal education as well a focus for reducing application security risks. For me, it also shows that a good CISO must also be a collaborative and communicative teacher across his or her organization. Is it me or do these traits describe a team leader or coach?

If you are a CISO, do these traits describe you? Are education and collaboration a core part of your company’s cybersecurity plan? Have you enabled management to give you the support needed for your own success? Can you describe yourself as the cyber team coach?

(This post was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. To learn more about tech news and analysis visit Tech Page One. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies.)

Cloud Musings
( Thank you. If you enjoyed this article, get free updates by email or RSS - © Copyright Kevin L. Jackson 2015)