GMO Cloud

Cloud Hosting Could Mitigate DDoS Attacks

The last few years has seen an increase in denial of service attacks across the web. They are increasing in both strength and frequency and often the target organizations seem unable to respond to these threats or are too late to recognize them. A recent report from Merrill Research revealed a growing concern amongst IT managers and decision makers regarding this growth in strength and frequency of DDoS attacks. This report reveals that self-hosted sites actually had far more problems with DDoS attacks than those that were hosted with third parties. In fact instances of complete outage along with limited availability were more common problems with these sites that were hosted by the site’s owners, while those with cloud hosting saw fewer problems due to the ability of a cloud host to switch queries to a new server when an overwhelming amount of queries were posted.

Two thirds of those interviewed who reported experiencing an attack in the last year said that they experienced more than one attack that year, with 11% having been hit six or more times. More than half of those who were hit by these attacks said they had down time as a result of the attack with more than two thirds reporting that this down time impacted their customer’s experience. In addition, about half of those who experienced these attacks reported some loss of income.

Success Breeds Success

In a recent interview VeriSign VP of strategy Sean Leach talked about the results of this report, which was commissioned by VeriSign, and why he thinks the attacks are on the rise. He saw two main reasons for the recent rise in DDoS attacks: the first being that the attacks are becoming more successful and are obviously done at specific targets with the intent of taking down large targets. The second reason is that with this success copycat hits are bound to occur. Leach pointed out the ease of creating an attack with a $10/hour botnet. So we now have made the attacks more attractive, easy to copy and cheaper to create.

Major DDoS Attacks and How to Recognize Them

Leach went on to name the four major types of DDoS attacks and how they work. While a firewall is a basic that most systems should already have in place, Leach also suggested that more data centers will need to step up to the plate when it comes to DDoS mitigation appliances. As the trend for enterprise moving to the cloud continues, he sees a growth in outsourcing this mitigation to companies like VeriSign.

Data Modification – DNS data is configured in a variety of places, it moves from the registrar to the registry to the server. The data can be changed at any place along that path, and the attack can be anywhere from a brute force attack of your DNS data to a tactical move that is barely noticed, except for the changes they make.

Cache Poisoning – This is an attack where any flaw in the DNS protocol is used to modify the record at the end of the recurser system. This can be protected against with DNSSec which was deployed by VeriSign this past year.

Resource Starvation – This is what most in the business call a direct attack, and is probably the most common. Whatever your threshold for queries is for your system, say a thousand queries a second, all they need to do is send a thousand and one to make you begin to drop your legitimate queries and ultimately shut out your users.

Reflection Amplification – This has been showing up more lately and is a very sophisticated attack. In it the attacker actually spoofs the source address of an attack ad then takes on the collective power of multiple recursive servers. They then direct this attack at a specific target destination, and often use this for attacking more than just DNS.

DNS Availability is Crucial

Since DNS availability is key to the reliable operation of websites, VeriSign also commissioned a study on the maximum, minimum and average availability of the Alexa 1,000 websites in the initial quarter of 2011 called the State of DNS Availability Report.

What the report discovered was that those sites who hosted their own DNS had far more problems with availability and more instances of complete outages than those that had their DNS hosted by a third party. Cloud hosting in particular was found to be most effective in combating poor DNS availability because DNS queries can always be switched to a new server in the event of failure. This is yet another time when flexibility and scale is proving that the cloud is the best route to go for most web businesses.

Our newsletters and blogs are written to provide you with tools and information to meet your IT and cloud solution needs. We invite you to engage in our online community by following us on Twitter @GMOCloud and ‘Liking’ us on Facebook.

Getting the Most Out of Cloud Computing

To safeguard against what tech company Unisys has dubbed “cloud in the corner” syndrome, companies looking to move some or all of their IT operations into the cloud should consider a recently proposed seven-point plan. The plan aims to help global CIOs get the most out of their cloud technology investment. Isolation in and under-utilization of cloud technologies within IT environments can often lead to not realizing the potential savings that cloud technology can give a company, but even increased costs in the long run.

This “seven deadly sins” list can be used to help enterprises change their method of approach when it comes to applying cloud technology. It illustrates the need for business to move away from thinking in terms of pure technology and to develop a blueprint that will give them a plan for success with cloud technology.

While a well-planned and executed cloud computing solution can easily net a company as much as 20% in savings in IT operations costs, it can also give a company an advantage over its competition by improving responsiveness and upgrading the delivery quality of its IT services.

“However, it’s easy to become entranced by new cloud technologies” says Unisys Director for Global Cloud Computing Solutions John Treadway, “and lose sight of how those can best be integrated with existing resources. By courting ‘cloud in a corner’ syndrome this way, CIOs risk zeroing out savings and even potentially increasing operational costs.”

Here are the Seven Signs of “Cloud in a Corner” that all IT organizations should be aware of:

1. A “cloud stack” solution is being evaluated before the team has even begun to put together integration strategy and a framework within their current IT environment.
2. Cloud success metrics and criteria have not been clearly stated from both the perspective of IT and the end-user.
3. Stakeholders have not agreed on roadmaps, use cases and the expectation of change to IT and the business process before implementation.
4. Your IT people have not been trained in the new cloud technology and do not know how to use it because the underlying technology is so “ground-breaking” that no one is familiar with it.
5. The new cloud environment cannot accommodate your current service, security, and risk management processes, forcing you to duplicate what you already have in place.
6. Your team’s roles and responsibilities will change with the cloud service delivery model, but you have not yet defined what those changes will be or communicated them to the team.
7. You’ve discovered that the cloud solution you first used will not be able to meet your organization’s needs so you are already considering developing a second cloud solution.

It is important to realize that although many aspects of business are moving to the cloud, it is not likely that many large enterprises will be able to or even want to move 100% to the cloud any time soon. The traditional delivery of IT service is not going to disappear, and we will probably see a more hybrid version as time goes on. A blending of cloud, traditional, external and internal IT delivery methods will be the best way to deliver fewer risks, less cost and higher quality IT service. In the end everyone will gain from this transition.

Our newsletters and blogs are written to provide you with tools and information to meet your IT and cloud solution needs. We invite you to engage in our online community by following us on Twitter @GMOCloud and ‘Liking’ us on Facebook.

Evolving Tax Rules for Cloud Business

The evolving federal tax laws concerning the taxation of goods and services on the web are causing some problems at the state tax level. As the cloud begins to have a stronger influence on business, there is some concern about how the various states will approach taxation. A recent report on Bloomberg looks at the current concerns many states have regarding the ability to tax transactions that are being challenged by the very notion of how business is conducted on the web. Where does a traditional point-of-sale tax fit in here?

Defining a Transaction
Part of the problem is that the transactions that were once considered the sale of  “goods”, such as buying a piece of software off the shelf at your local office supply store, are now more like service transactions when it is part of a service package for your web business being run in the cloud. It can get even more complicated. A good example is when a company in New York purchases server space and cloud-based software from a company in California. This California company could easily have servers in several states. Add a factor such as the New York company having employees in several states that access that software, while traveling via their smart phones or laptops, and you have a taxing nightmare.

Some states have tried to make online retailers such as Amazon change the definition of their business, the end result of which is a split between the company and the state governments. More importantly it has caused Amazon to break agreements with some of its key partners due to the new laws creating an extra layer of taxes for Amazon.

Washington and the States
Verneda Smith is part of a Washington group that represents state revenue departments. He sees the cloud as a new business model that will affect every tax type. With companies like IBM, Amazon, and Google fighting it out over a global market expected to increase from $40.7 billion today to $241 billion by 2020, there is a lot at stake. And Forrester Research, whose trend analysis predicts this growth, sees more of the same in the coming years.

But these companies are not waiting around to see what kind of taxes they will be dealing with; they have gotten involved with the House Judiciary Committee by backing federal legislation that would regulate and limit a state’s authority to tax when it comes to any kind of digital goods and services. Reid Okimoto, a senior member of KPMG LLP, summed it up by saying “It’s akin to the difference between renting a bus and paying to ride on one.”

According to Smith, what is decided in the next little while could be a game changer. He sees a lot at stake and the potential to change the way just about any company on the web does business. How that business is to be taxed and why still remains to be worked out. But anyone considering doing business in the clouds would be well advised to keep an eye on what is decided in Washington.

Our newsletters and blogs are written to provide you with tools and information to meet your IT and cloud solution needs. We invite you to engage in our online community by following us on Twitter @GMOCloud and ‘Liking’ us on Facebook.

The U.S. Government Looks to Expand Cloud Usage

Spending over $80 billion a year on information technology, the U.S. Government is easily one of the largest consumers of technology and technology products in the world. Therefore it is no wonder that when President Obama created the office of Federal Chief Information Officer, one of the prime reasons was to look into ways to cut those costs.

Vivek Kundra was appointed the first official for the office and, during his two and a half year tenure, has created and implemented a view of the government that is leaner and much more internet-centric. One of the biggest changes he has made is to initiate cloud usage to various government departments by his implementation of “Cloud First”, a policy that introduces the idea of having all government departments move some aspects of their business to the cloud.

Kundra saw more than costs savings, he saw an opportunity for greater flexibility, something that government agencies are not well known for today. Agencies could adjust the scope of a project without having it affect the infrastructure already in place, making it easier to make adjustments along the way. “Cloud First” encourages government departments to incorporate the cloud as a part of new projects and requires each department to move at least three already existing projects to the cloud by the summer of 2012.

As to be expected, some of these departments, especially ones like the Pentagon, are concerned with security aspects of this new policy. But for departments that have less confidential material, such as the Department of Agriculture, they see it as a positive that will speed along technology projects. This department has already moved 46,000 employee accounts to the cloud and is expecting to move an additional 120,000.

The State Department has chosen some of the more low-risk projects such as the website for the Office of the Historian to implement their cloud technology. Concerns about disruption, security and the recent hacking of the Pentagon by what is perceived to be foreign government intelligence operations continues to slow the move.

Teri Takai, the Chief Information Officer for the Defense Department concedes that the global reach of hundreds of thousands of users spread across the globe could make the cloud a useful tool for them. The ability to use the cloud anytime and anywhere has led to the concept of a “Mission–Oriented Resilient Clouds” approach for military applications. “When done with the proper considerations and planning, cloud computing will be a very effective and efficient tool,” Ms. Takai said.

Another department that has moved swiftly to embrace the “Cloud First” policy is the General Services Administration. This department works with other departments to help them with transportation, office space and communications issues, and put the entire department’s e-mail services onto a Google Cloud Service last December.

With overall spending on cloud infrastructure growing at five times the rate of traditional corporate technology, up until now the corporate sector has been the driving force for growth. That may change with this new direction from the current U.S. administration. As part of the search for cutting waste in government spending, there has been a call for each department to re-examine its use of technology and for agencies to define new ways to share resources and cut costs. The cloud does seem like a natural fit for this new direction.

Our newsletters and blogs are written to provide you with tools and information to meet your IT and cloud solution needs. We invite you to engage in our online community by following us on Twitter @GMOCloud and ‘Liking’ us on Facebook.

Six Basic Assumptions about the Cloud – and Why They are Wrong

At a recent cloud conference, Joe Weinman gave a talk about the business, financial and user experience benefits of the cloud. He presented some complex simulation tools to show how these counter-intuitive characterizations challenge many of today’s fundamental assumptions about business and the cloud, including those regarding on-demand, pay-per-use and other business aspects. Although not radical in concept, like many of Weinman’s talks, they do challenge conventional thinking and are well worth taking a second look at.

Assumption #1: The Cloud offers a brand new technology and business model to business.

Counter Point: Although the technology may feel new to many, and the business model a radical departure from conventional technology strategies, in fact the business model and attributes behind the technology have been used for years by such industries as car rental services, hotels and many more.

Assumption #2: The services encompassed by the Cloud are always accessed via browser over the web.

Counter Point: As important as the Web/IP/Browser is to the technology, the cloud is in reality a general architectural model and although the web plays a big part it is far from being the whole story. To unlock the true value of the Cloud other types of networking technologies such as Optical Transport MPLS and VPLS need to be leveraged. Other uses such as audio conferences, webinars and M2M are services in the cloud that are used today without the benefit of browsers.

Assumption #3: With large clouds comes great economy of scale.

Counter Point: Because large cloud providers today are using the same architecture that is available to any enterprise this is not completely true these days. This same availability means that no major benefit is derived from their scale when we are looking at it in terms of economy. There are some other benefits that do come from size, the most notable being such characteristics as statistic of scale, scalability and geographic dispersion.

Assumption #4: All IT will eventually move into the Cloud because IT is like electricity.

Counter Point: One of the major differences between electricity and IT is that electricity has the benefits of scale that IT does not have, from an economic perspective. Any decision on how much of IT to keep in the enterprise versus running that function in the cloud is going to be governed by a large number of factors including the nature of each particular application, its cost and the amount of flexibility needed overall from IT. Whenever some type of decisions about IT are made, they are by their very nature quite complex, as opposed to how decisions about electricity are generally made, which are purely economic in nature.

Assumption #5: The replacement of capital expenditures (CAPEX) with operational expenditures (OPEX) is a big benefit that all businesses need to take advantage of.

Counter Point: While this may be true for many businesses, it is not so for all of them. Whether it is important to replace OPEX with CAPEX depends fully on the financial decisions that each individual company makes in regards to its financial and funding activities. For some it will be an advantage based on their business structure, while for others the gains may not be significant.

Assumption #6: Because of the lower cost of running applications in the cloud, business will see their spending on IT reduced.

Counter Point: Actually, it has been proposed that any technological process that increases efficiency for a resource will increase that resources rate of consumption as a result of the increase in efficiency. This has been called the Jevons Paradox Effect and is already being seen to some degree in the evolution of the cloud today.

For a closer look at Weinman’s work theories on cloud and its impact on business, read his latest work on the economic rationale for the hybrid in The Mathematical Proof of the Inevitability of Cloud Computing at his website cloudonomics.

Our newsletters and blogs are written to provide you with tools and information to meet your IT and cloud solution needs. We invite you to engage in our online community by following us on Twitter @GMOCloud and ‘Liking’ us on Facebook.