From 12 Weeks to 39 Minutes: An Insurer Speeds IT Updates — and Strengthens its Business

Financial services companies routinely maintain hundreds of core applications and systems for everything from billing and claims to fraud detection. Upgrades can easily become overwhelming.

When a leading investment and insurance company found its application updates required a lengthy 12 weeks, slowing its ability to roll out new products, it looked to a software as a service solution. The insurer leveraged our Cloud360™ BusinessCloud solution to quickly shift its development and test environments to a public cloud. The shift automated the company’s project synchronization and brought new life to its development efforts. The time now required to update cloud-based applications? Thirty-nine minutes. 

The new environment, launched in the first quarter of 2013, is the insurer’s first foray into cloud-based technology. In addition to the speedy system updates, the insurer also gained consistency across all of its environments and greater insight into its operations, with the ability to track each business unit’s resource consumption.

After a week of planning and identifying the requirements, the team completed implementation in four weeks. Validation took four more weeks. Our team created a hybrid architecture that integrated the existing system’s components and migrated development, user acceptance testing, regression and performance testing to Amazon Web Services. 

Our Cloud360 solution monitors consumption across the environments and recommends optimized usage. By reducing the provisioning timelines from months to minutes and implementing usage metrics, the investment and insurance company gained a more adaptive and elastic business environment. It also enabled scalability, reduced costs and increased operational efficiencies, such as speeding batch application performance by 40%.

Today, the company builds more applications faster, and without the delays of unwieldy logistics and overly complex project management.

Cloud360 goes mobile. Manage your cloud environments…on the go

The Future of Work is all about going beyond the boundaries of space and time enforced on us by the older technologies.  It is about attuning ourselves to the workplace that is virtual, mobile, and constraint-free. Rapid advances in technology, ever-changing customer demands, and increasing competitive pressures are forcing enterprises to not only reformulate their strategies but also the technology base behind those strategies. To cater to this need of the time, Cognizant’s Cloud360 Mobile App is now available on iTunes. This is part of Cognizant's overall cloud strategy that revolves around helping clients to drive business agility by leveraging anything-as-a-service models available through the use of cloud technologies. 

As enterprises are increasingly adopting cloud computing, they are facing a lot of challenges in terms of management complexity and costs. Cognizant’s Cloud360 helps enterprises transform their traditional IT environment life cycles and gain greater control over their environment. Cloud360 is a Cloud management platform that abstracts, governs, and delivers the best service, and on-demand experience to enterprises. Cloud360 provides enterprises with provisioning, monitoring, automation and analytics capabilities to transform their current IT environments to cloud environment. It helps enterprises integrate with the existing infrastructure and manage applications across diverse clouds platforms.

Cloud360 ability to manage multiple Cloud platforms provides the flexibility to the enterprise to leverage multiple Cloud Platforms eliminating vendor lock-in. The rich self-service portal of Cloud360 enables the business users to provision applications on the cloud environment via the one-click provisioning feature using the standardized catalogs and workflows. Cloud360 Mobile provides an interface to manage all your applications on the go using your iPhone or iPod Touch. 

With the Cloud360 Mobile App you can:

• View applications that are deployed in your cloud
• Deploy new applications with a single click using application profiles
• Start, stop, or de-provision your applications
• Switch seamlessly across clouds if you have access to multiple clouds

Hyperplatform Solution Briefing Center… now in Bangalore

As enterprises are increasingly adopting cloud computing, they are facing a lot of challenges in terms of management complexity and costs. Cognizant’s Cloud360 helps enterprises transform their traditional IT environment life cycles and gain greater control over their environment. The key transformational Goals for Cloud Services that Cloud360 addresses are

• Empowering People for Greater Efficiencies
• Rapid Launch of New Business Applications
• Variable Economics for Variable Business Models

Cloud360 hyperplatform is a manager of cloud services that abstracts, governs and delivers the best service, and on-demand experience to enterprises. Its approach of “Application first” across Public, Private and Hybrid cloud has created a niche market segment. Along with its policy-driven automation, integration with current enterprise IT environments and right sizing of the application, Cloud360 has brought IT closer to Business.

Cloud360 ability to manage multiple Cloud platforms provides the flexibility to the enterprise to leverage multiple Cloud Platforms eliminating vendor lock-in. The rich self-service portal of Cloud360 enables the business users to provision applications on the cloud environment via the one-click provisioning feature using the standardized catalogs and workflows.

Cloud360 does provisioning, monitoring, metering and analyzes virtual machine platforms and integrates with dozens of products in the market cutting across Directory Service, Service Management System, Approval Work Flow, Application Deployment and Orchestration and Monitoring tools. With its innovative features and technology, Cloud360 is making deep inroads in Cognizant’s customers’ portfolio. Customers are appreciating the value that Cloud360 is bringing to the table by being a Vendor-neutral Cloud management platform and adhering to the Enterprise-class IT standards. With its growing popularity in the Cloud market, more and more customers looking to transform their environment are getting interested in Cloud360.

To gain a further foothold in our client portfolio and ensure that potential customers get a feel of the product and are made aware of the key benefits of Cloud360, a briefing center has been launched in Bangalore, on the second floor of Cognizant’s Manyata Embassy Business Park office. The state-of-the-art solution briefing center is perfectly suitable to provide customers with a walk-through of Cloud360 and showcase the unique features of Cloud360 that would help customers gain the combined benefits of a powerful cloud infrastructure with a robust set of hyper platform services.

Cloud security conversations: Interview with Wolfgang Kandek, CTO at Qualys

While enterprise IT is constantly being pushed by customers who expect demand based cloud services, the cloud security is moving from “mystery and hype” to “secure and move-on". The traditional security solutions are becoming inadequate as customers want to inspect more varied and voluminous data streams in the cloud world today. A well-rounded security intelligence and governance are the key factors to detect advanced threats as we shift from traditional static compute environments to dynamic IT services.

I had a chance to discuss with Wolfgang Kandek, CTO at Qualys, about some of the challenges expressed by our clients and industry experts, and the potential solutions in this space.

Here is a brief bio of Wolfgang:

Wolfgang Kandek is responsible for product direction and all operational aspects of the QualysGuard platform and its infrastructure. Wolfgang has over 20 years of experience in developing and managing information systems. His focus has been on Unix-based server architectures and application delivery through the Internet. He is a frequent speaker at security events and forums including Black Hat, RSA Conference, InfoSecurity UK and The Open Group.

 

Are the security challenges different in context of cloud computing and multi-tenant systems, compared to dedicated or private environments?
The basic security challenges are the same in cloud computing and private environments. In implementing security, cloud computing environments frequently have an advantage. They are often built from the ground up, presenting the opportunity to engineer the necessary security into the environment.

What is your take on hybrid cloud infrastructures and the underlying security protection in case of cloud bursting or applications moving across?

Hybrid cloud infrastructures will be used by many organizations to be able to extend their general computing capacities. The capability of extending the same security controls that are used internally to the hybrid cloud will be an important differentiator for hybrid cloud providers, especially as the cloud computing further matures and becomes a dependable building block for IT architectures.

If we consider security, compliance and governance as 3 different business needs – how dependent are these on one another? Which is the least common denominator and the most important?

Security is a component of compliance and governance. Security should be driven by an understanding of the risks facing IT resources, prioritized by the value, sensitivity, or importance of the IT asset. Compliance is driven by external requirements that the organization must meet, and if these requirements are not met, the organization will face some type of consequence (loss of business, financial penalty etc).  Organizations with mature risk management programs view compliance program requirements as a risk that must be managed. Governance is the overarching program that ensures that the organization is doing what it needs to do to manage risk properly, ensuring appropriate levels of security and meeting compliance requirements.

What are the top vulnerabilities that you commonly see from enterprise applications? Where do things normally go wrong?

Enterprise Applications commonly suffer from three different types of vulnerabilities: type one is caused by programming, and can be fixed by code updates or temporarily remediated by security systems such as IPS and Web Application Firewalls; type two is configuration related, where systems are deployed with non-hardened settings, allowing default passwords and remote system administration without scrutiny; and type three refers to the underlying infrastructure - the operating system and networking.

How important are standardized application deployments, say Application Profiles in Cloud360, to reduce the configuration vulnerabilities? Is this a common source of security vulnerabilities in enterprise applications?

Standardized application deployments can play an enormous role in improving security.  They make it easier to deploy an updated version of the application in question and ensure that the configuration files are in accordance with approved internal standards. This avoids many of the common weaknesses plaguing enterprise applications. Industry reports, such as the Verizon Data Breach Report show the main problems to be configuration related and easily avoded such as default passwords, open admin services and outdated applications.

Very interesting thoughts and continuing on the previous question, what are the common layers in an application stack that we need to consider for guarding? Since hackers usually combine 2 or 3 vulnerabilities to make a penetration – is there any specific recommendation from you?

That is correct, the entire stack can be attacked and often more than one element is involved. So for example, in a SQL injection vulnerability the application is failing to perform the required sanity check on the input, the database access layer allows for dynamic SQL interpretation, and the database is not configured to only return data pertinent to the account in question. To be on top of these weaknesses, it is crucial to have an accurate map of the installed infrastructure, operating systems, network paths and applications, both standard and developed in-house. For example, knowing that a database is directly connected to a web server exposed to the Internet, rather than a database server that is used for an internal application and has no web access at all, helps to prioritize patching and configuration checking.

How critical is to do life-cycle management of virtual infrastructure, to protect from dormant/aged VMs, snapshots and residual data? Is that a common sprawl related problem in the cloud world?

VM sprawl is a common occurrence and can cause security issues. Often machines that are brought up only on demand will miss patch cycles and can be critically out of date even after a few short weeks. Knowing what machines are present in the environment and being able to “predict” vulnerabilities even only with the inventory data is quickly becoming the way to deal with this frequent problem.

What do you try to do differently at Qualys to protect your customers compared to other providers?

Qualys’ main difference is that we bring the vulnerability, configuration and web application audit functionality to our customers as a service. Customers do not have to worry about running the infrastructure necessary to operate this functionality, i.e. hardware, operating systems, databases, signature updates, backups, high-availability, etc., but can instead focus on making best use of the data provided. This is a tremendous advantage for small and medium sized customers, but even our large enterprise customers acknowledge that QualysGuard is extremely fast to implement on a global scale. As long as Internet connectivity is available, the product will work and there is no need to reconfigure enterprise firewalls to assure that all required network connections are possible and in place.

How important is ‘on-demand’ aspect from a security protection viewpoint?
On-demand functionality is important from a business standpoint. It enables us to adapt quickly to new initiatives or unexpected growth. I believe ‘on-demand’ will soon become a requirement for almost all technology related functions, be it in the infrastructure provisioning, security auditing or enterprise application capacity area. 

Given that security protection is an on-going activity, in context of ‘Security is the New Arms Race’, what are your important advises to our enterprise customers?

Overall, exercise control over your infrastructure and be aware of what systems and hardware you are running and their criticality for the business. Often existing tools can provide the data that is necessary to form a complete picture: your user directory, software licensing system, anti-virus consoles and log management system are some of the best initial data sources. Invest in people and develop the capability to pull that data together and produce meaningful reporting and metrics. As you look at new initiatives and include cloud computing into your infrastructure, evaluate the management functionality that the external companies are providing and assure it is adequate for the intended purpose of the system.

I thank Wolfgang on behalf of Cognizant Cloud360 team!

- Ramesh Panuganty.

 

Portability, compatibility & standards across cloud platforms

There is always a question on the portability & interoperability across various cloud platforms during the customer conversations. While the definition of 'cloud' and 'platform' varies across every provider - there is never going to be a common standard for OS images or even the access APIs, understandably for locking in customers. 

While there are standards bodies like ODCA, we are far away from any two of the leading providers agreeing on a common standard. While most providers support 'import' of images from other formats, the application performance after an import is questionable. One may be better of to recreate the image, with installers, rather than importing of images.

Some of the API standards like RefStack don't have any updates in the past 2 months and becomes questionable on the commitments. I had seen Eucalyptus trying to support multiple APIs, including AWS', but then eventually it fizzles out as AWS continues to innovate and adds features.

I came across this article in Forbes which talks about the discussions & conversations on a OpenStack forum recently - and it is interesting to note the offerings and interests of various entities involved in OpenStack. 

http://www.forbes.com/sites/reuvencohen/2013/04/26/cloud-interoperability-and-the-battle-for-the-open-cloud/2/

RedHat seems to have setup a great trend on supporting open-source components, and now we have multiple different open-source stacks here - including KVM, Xen, OpenStack, CloudStack. While it is going to be a competitive as well as difficult times for everyone involved in the eco-system, due to the non-standards. It is an opportunity for some of the players, just to solve this particular problem.

Enterprise IT still slow to embrace automation and cloud management solutions

Enterpries still haven't fully started embracing cloud  management solutions, in spite of the growth & maturity in the market - partly because of the failure to take advantage of cloud in the first place. The value proposition needs to be understood and the integrated approach is the key for the transformation. Businesses need to understand that the cloud is different from traditional environments. 

Private cloud computing expert Doug Jarvis told Network World that business IT directors want the same type of management tools for cloud services that they used in their data centers.  

Carl Lehmann, an analyst with the 451 Group, says that cloud governance is lagging behind data orchestration in general as there are no specific suites of tools that specifically target this area of cloud management. "But you can see the underpinnings of cloud governance being laid down in part by tools that can track authentication processes, access controls and key management in the cloud," Lehmann says. 



http://www.networkworld.com/supp/2013/enterprise2/040813-ecs-cloud-tools-268089.html?page=4
 

Google IaaS now available without invitation

You can now access Google's Compute Engine without the need to talk to sales or an invitation, by subscribing to Google’s starting at $400 per month Gold Support package. 

Google also added a set of interesting new features like diskless instances. And of course, a set of price drops - heating up the industry even further.

Considerations to choose cloud providers

Several times our customers ask us for the assessments to select an infrastructure provider for the given application set. Most of the times the discussions revolve around the security considerations and license agreements, but here are some of the parameters that I normally include in my considerations:

• Existing data center, support and depreciation
• Vendor relationships, and partnerships
• License agreements on software components
• Compliance
• Geo-location aspects, data residency considerations
• Security
• Performance, and application affinity
• Overall cost & TCO for the given years

Top 10 Laws for Cloud Computing

Here is an interesting article on the economics of cloud computing and the top 10 laws...

SaaS has led the market to date with the largest market size, highest gross margins, and highest per-seat pricing. Recently, however, we’ve seen the rapid emergence of hyper-growth businesses in the PaaS and IaaS markets demonstrating that these will soon be independent, multibillion-dollar segments in their own rights with the potential for massive sales volume and attractive cash flow characteristics.

The cloud computing and the platforms are expected to dynamically perform intelligent provisioning, services, and applications management.

 

BESSEMER CLOUD COMPUTING LAW #1: Less is more!

BESSEMER CLOUD COMPUTING LAW #2: Get instrument rated, and trust the 6C’s of Cloud Finance

BESSEMER CLOUD COMPUTING LAW #3: Study the sales learning curve and only invest behind success

BESSEMER CLOUD COMPUTING LAW #4: Forget everything you learned about software channels.

BESSEMER CLOUD COMPUTING LAW #5: Build Employee Software. Employees are now powerful customers, not just their managers! We’re witnessing the “Consumerization of Software” so focus on ease of use.

BESSEMER CLOUD COMPUTING LAW #6: By definition, your sales prospects are online – Savvy online marketing is a core competence (sometimes the only one) of every successful cloud business.

BESSEMER CLOUD COMPUTING LAW #7: The most important part of Software-as-a-Service isn’t “Software” it’s “Service”! Support, support, support!

BESSEMER CLOUD COMPUTING LAW #8: Leverage and monetize the data asset.

BESSEMER CLOUD COMPUTING LAW #9: Mind the GAAP!

BESSEMER CLOUD COMPUTING LAW #10: Cloudonomics requires that you plan your fuel stops very carefully. 

http://www.bvp.com/sites/default/files/bvps_10_laws_of_cloud_saas_winter_2010_release.pdf
 

Enterprise Cloud Migration Strategies

Thought this one was very appropriate to what I see in the industry everyday!

Why Cloud? Change Business Capability...

One of the great feedback on 'Cloud' that I heard in the recent past... is to look at cloud as a way to do genuinely new things -- or in Tonsetic's words, "change their business capability."

Most of the times we get struck with conversations on public/private etc, but the scenarios that I see everyday in my business capacity is is actually radical. These comments can't be any more true:

"Cloud often presents itself as not that much of a different way of working than on premises," he said. "If it is a change at all, that's often presented as just a change in the technology, which is often seen as at a lower altitude than business process."

http://www.informationweek.com/cloud-computing/infrastructure/cios-consider-skipping-private-cloud/240151042

15 elite Amazon cloud integrators

I am happy to see this today: http://www.zdnet.com/15-elite-amazon-cloud-integrators-7000012344/
 
...an integrator has to meet the status requirements for an Advance Consulting Partner and then meet other qualitative and quantitative requirements. Among those considerations are "exceptional customer service", a significant number of customers that run their applications on top of the Amazon cloud infrastructure, and a healthy consulting practice based on cloud migration and implementations.

Amazon updates this list every year (the next selection process will begin in mid 2013), but here are the 15 companies that currently make up the Premier Consulting Partner list. I'm listing them alphabetically...

Cognizant: The Teaneck, New Jersey, service provider and developer specializes in cloud transformation assessments; its Cloud360 platform provides end-to-end management services once a migration has taken place.

VMware CEO says "if a workload goes to Amazon, you lose, and we have lost forever..."

Some quotes that were previously unheard of from VMware. Indicates the changing world.

"We want to own corporate workload," the report quotes Gelsinger as saying. "We all lose if they end up in these commodity public clouds. We want to extend our franchise from the private cloud into the public cloud and uniquely enable our customers with the benefits of both. Own the corporate workload now and forever."

...

VMware President and Chief Operating Officer Carl Eschenbach reportedly told the audience, "I look at this audience, and I look at VMware and the brand reputation we have in the enterprise, and I find it really hard to believe that we cannot collectively beat a company that sells books."

http://www.bizjournals.com/sanjose/news/2013/02/28/vmware-to-partners-if-amazon-cloud.html

Know what cloud services that you use...

This is a good article in understanding which cloud services that one should and one shouldn't. If not understood carefully, cloud adoption can lead into a serious vendor lock-in for life. The low costs of storage encourage data proliferation, and again causes vendor lock-in. 

Be careful in which cloud services you consume.

http://gigaom.com/2013/02/26/fear-of-lock-in-dampens-cloud-adoption/

...

“When you move to cloud, you should be increasing your choices, not decreasing them. You don’t buy three on-premises apps but you can use three services from three vendors in the cloud,” said Robert Jenkins, co-founder and CTO of Cloud Sigma, the Zurich-based cloud provider.

...

It’s fairly straightforward to move things off a bare-bones infrastructure as a platform. But not so easy when higher-end services get layered atop the platform. Even Amazon fans worry that the edition of Amazon’s Simple Workflow Service and other add ons create barriers to exit.

Azure outage due to Expired SSL certificate

In less than 2 days of coming out with good performance numbers on object storage, Azure had an outage due to an expired SSL certificate. I remember of a very similar problem for their microsoft.com domain with expired DNS registration in the year 2000 (or 2001) during the Christmas holiday time. Looks like silly housekeeping items are causing business issues.

Microsoft's failure to renew the security certificate apparently caused the Azure service to go down shortly before 4 p.m. EST Friday. The breakdown prevented Azure customers from accessing files kept in Microsoft's data centers.

Microsoft Azure overtakes Amazon's cloud in performance test

Azure's cloud is faster at uploading and downloading files to the cloud, Amazon still more scalable, storage provider Nasuni finds... Nasuni uses public cloud resources in its enterprise storage offering, so each year the company conducts a series of rigorous tests on the top CSPs' clouds in an effort to see which companies offer the best performing, most reliable infrastructure. Last year, Amazon Web Services' cloud came out on top, but this year Microsoft Azure outperformed AWS in performance and reliability measures. AWS is still better at handling extra-large storage volumes, while Nasuni found that the two OpenStack powered clouds it tested -- from HP and Rackspace -- were lacking, particularly at larger scales. 

http://www.networkworld.com/news/2013/021913-azure-aws-266831.html?hpg1=bn 

Reid Hoffman's 10 Rules for Entrepreneurial Success

I liked these top 10 mandates for entrepreneurs from the co-founder and angel investor Reid Hoffman:

At last week's the South by Southwest Interactive conference in Austin, Texas, Hoffman offered what he calls his "Ten Rules on Entrepreneurship." And if anyone is qualified to come up with such a list, it's this web-savvy wizard who was a founding board member and executive vice president of PayPal and now serves as a partner at venture capital powerhouse Greylock Partners.

1. Be disruptive. Ask yourself: "Is this massive and different? It's got to be ten-times different. It's got to be something that changes an industry." Hoffman uses Skype as an example, calling it a disruptive company because, "it removes these very expensive cross barrier phone charges."
2. Aim big. You'll probably wind up plowing the same amount of time into a small business as you will a big one. So, don't be intimidated by your own big ideas, as there are multiple ways of realizing them.
3. Grow your network. Your network includes investors, advisers, employees and customers. With a broad network, you have the ability to make important, global-sized changes.
4. Plan for better or worse. Part of planning is that you might come across something you weren't expecting and you pivot. And if something doesn't work, you must ask yourself: "What is my Plan B?"
5. Maintain flexible persistence. On one hand, the goal is to have a vision and be persistent. On the other hand, flexibility and being able to change based on what your customers want is paramount. "The art is knowing when to be persistent and when to be flexible and how to blend them."
6. Launch early. "Unless you're Steve Jobs, you're most likely partially wrong about what your theory was." So launch early and often. Launching early attracts customer engagement, and it's the customer who's going to tell you what's wrong so you can correct it.
7. Seek honesty. You need friends who will tell you that you have an ugly baby. Keep your aspirations high, but don't drink your own Kool-Aid -- all the while leveraging the advice of your friends.
8. Be everywhere. It's important to have a great idea for a product, but it's downright vital to have a wide distribution of it. "You can have a kickass product, but if it doesn't get to millions of people, it's irrelevant."
9. Culture is key. You must get hiring right the first time. While experience is impressive, you'll need people who can adapt and thrive amid volatility -- especially in the beginning.
10. Break these rules. The rules of entrepreneurship are not laws of nature. You can break them. What's more, don't listen to all of the rules all of the time.
 

Software license management in the cloud is a mess

Here is a very beautiful and apt article written on software licensing in cloud.

http://info.cloudboltsoftware.com/blog/bid/212556/Cloud-Management-Vendor-Impact-of-Software-Licensing-For-the-Cloud

What’s really odd is that those large vendors also claim to know about cloud. My resulting questions to you are simple:

• Are you relying on cloud strategy from a company that actively uses their software licensing to discourage or prevent you from moving to a more open cloud-centric IT model?
•  Are they leveraging their licenses to force you down the path they want you to?

My subtext:  If you’re listening to intently to those large vendors, the answer to both is “yes”.  Proceed with caution if your primary cloud strategy comes from your hardware, middleware, database, or even OS vendor.

...

Many large vendors (it won’t be hard to find which ones I’m talking about here) take specific steps to limit BYSOL (just to name a few I came across):

• Require specific understanding of underlying hardware architectures or processor specifications
• Require licensing based on the physical, not virtual host
• Mandate customers run vendor-provided license tracking, further complicating multi-location or multi-environment installations
• Prohibit software from being virtualized
• Force purchase of higher-cost public cloud resources which rope in the underlying OS license regardless of customer license availability
• Force purchase of “License Mobility” options in order to run software in public clouds