This year’s RSA conference was a deluge of technology centered on the usual security suspects with an addition of recent year themes surrounding the challenges of cloud computing. Two years ago the conference was all about cloud, last year it was “Bob and Alice” (the challenges of compliance vs. defection surrounding lack of trust in cyberspace).This year’s “Mightier than the Sword” theme was the next logical step towards cyber warfare. After all, regardless of the strength of security controls, the presence of global information availability coupled with the absence of trust inevitably tends toward war. Perhaps it is time to work on this “trust” problem. After all, it’s all about risk… right?

As more companies and their employees look to cloud solutions, there is a corresponding uptick in anti-IT rants along the lines of the following: “Why do we need this archaic, lumbering, anti-progressive weight around the fast, nimble, amazingness that is our business? We can just go to FooCloud.com on our new, hot tablet and do everything we need to do without interference. That'll show those IT dinosaurs!” IT folks spend their entire working life ensuring that you don't know what it is we do for a living. Not because it is too complex and not because it is unimportant, but rather because if you do need us, then something is broken. We are often compared to electricians, plumbers and infrastructure maintenance. While those comparisons can be apt – we fix broken things you don't or can't fix – it misses a good amount of our responsibilities and doesn't account for any of the challenges we face. There also exist two major tribes of IT folks (Yes, I'm lumping all of the different specialties together): Operations and Enterprise. The differences between these two are subtle but important; it’s why I can't fix my mother's laptop, but I can design your brand new data center facility.

After months of researching, writing, and editing, the DLT Cloud Advisory Group recently completed its new reference eBook, Cloud Computing for Govies™!

Do you have a chief cloud technologist? What about a cloud architecture engineer? If you missed it on Federal News Radio the first time, take a minute to listen to Federal Tech Talk with host John Gilroy as he interviews DLT Solutions chief cloud technologist, David Blankenhorn. David fields questions on cloud architecture and discusses topics including:

Continuous monitoring involves assessing an agency’s information security posture based on changes to risk resulting from new threats or newly discovered vulnerabilities. The National Institute of Standards and Technology’s (NIST) Guide for Applying the Risk Management Framework to Federal Information Systems (Special Publication 800‐37, Revision 1) specifies continuous monitoring as one of the six steps in information security. As agencies begin looking at cloud initiatives, the challenge is implementing a continuous monitoring program that reduces risk and ensures compliance with NIST and other relevant guidance in an environment of decreased control. The solution begins with knowing where compliance ends and risk begins.

Each cloud service and delivery model is designed to meet specific business requirements. Some offer greater cost savings, but may not provide the appropriate level of visibility and security. Others may offer higher levels of security, but at the expense of elasticity and costs. The key is to find the best fit for the business requirements and the IT service.

Cloud computing and virtualization. If you work within the federal, state and local, and higher education IT industries, you most likely have been exposed to these terms. However, for some, understanding the distinction between the two can be a little confusing. This year at FOSE 2011, DLT Solutions and Quest Software helped visitors cut through the fog of uncertainty surrounding this issue. During the event, DLT asked public-sector IT professionals to participate in a series of “Minute to Win It” style games to illustrate the complexities of cloud computing and virtualization. These games were designed to show participants that not everything is as simple as it looks which according to a Norwich University study*, proves that they are not alone.

Cloud computing expands on the many existing choices that are already available to IT for the delivery of IT services. Currently, we have RISC, x86, ATOM and ARM processors. We have Windows, Linux, UNIX, and mainframe operating systems. We also have a number of choices for application servers, databases, and development languages. The good thing about having these choices is that it allows architects to pick the best fit (either client-server or mainframe platforms) for the delivery of IT services (applications). Cloud computing is really no different. There are a number of different cloud services and delivery models, and each should be evaluated for a best fit for the targeted application. Different cloud services will cater to different security profiles, different developer environments, different levels of control, and different kinds of applications. Each cloud service model has different business and IT benefits and challenges.

The race to virtualize everything has created a host of unintended consequences, not the least of which is how to meet the SLAs (service level agreements) for application backup. As we move into cloud alternatives this problem will only grow since your cloud provider will have to provide this to you on an application by application basis. Every virtual machine is essentially a set of large files such as VMDKs in a VMware context. These large files are typically stored in storage arrays which can be connected via iSCSI or Fiber Channel or on NFS volumes. Traditional data protection techniques such as VMware's VADP, or VMware VCB rely on an agent to protect VMDK files associated with virtual servers.

In a traditional Information Technology (IT) model, new IT assets are acquired in support of specific applications. This model has had the unfortunate side effect of casting IT into the role of a cost center. As such, there has been little flexibility within IT to make broad platform changes such as the adoption and deployment of private cloud technologies.