According to Piraino, “CIOs are saying, 'Let us give you the best options here. Let us automate the process of getting your business applications or infrastructure quickly, rather than getting the sticker shock we were getting when we weren't in control, when we weren't in compliance from a security perspective, a privacy perspective, or a government perspective.'”
Gruneisen's company, Logicalis, conducts “cloud foundation workshops” with clients to define the pros, cons, and cautions of cloud before offering to design, manage, and/or host cloud solutions. And sometimes, the easiest and least expensive solution is the right one. “If the data being stored or referenced is not particularly sensitive, and the application is only needed for a few weeks, then AWS may make more economic sense than server purchases,” notes Gruneisen. The VAR's key role, he says, is helping clients build a strategy around the consumption of cloud services, with carefully chosen policies and management practices.
REGAINING CONTROL VIA BLOCKING
A December 2012 survey conducted by LogMeIn (see “How Big Is BYOC?”) reveals that store and sync apps like Dropbox worry IT pros the most. Jerry Irvine, CIO of IT outsourcer Prescient Solutions in the Chicago area, notes fairly frequent reports of the popular file sharing app being hacked. Such apps can be blocked, of course, by traditional legacy protocol and application filters.
“If I'm at work and I can't get to one of these sites, then I'm not going to put my data there to use somewhere else,” says Irvine. He cites San Diego-based Websense Inc. as the best-seller in this field for SMBs, accepting categories of off-limits sites (like entertainment sites) or specific blacklists or white lists. Other brands in this category include Blue Coat Systems Inc., Sunnyvale, Calif.; Barracuda Networks Inc., Campbell, Calif.; and SonicWALL, owned by Dell, in San Jose, Calif.
Then there are DLP (data loss prevention) apps, now being integrated into mobile application and device management solutions. These work outside the network perimeter, says Irvine, by “giving the organization the ability to tag and categorize information as confidential and proprietary, or automatically tagging data for users based on content or location on the network.” This data can be given different levels of access requirements, based on the data categorization, user, application, and types of devices that are allowed to access it, as well as the app using that data. Some will require multi-form-factor authentication to access, for example. Levels of access will be broken down too, specifying whether it can be copied, printed, changed, or merely viewed, and by whom.
Network monitoring and management tools, which give IT views into application usage, present a less heavy-handed way of enforcing cloud policy. Some of these present real-time user activity on both cloud and in-house applications under one aggregated portal. Increasingly, these windows are offered as managed or unmanaged services themselves, and have multilayered reseller scenarios.
The PathView Cloud service from Boston-based startup AppNeta is one example; the actual packet information is picked up on the network by a PathView microappliance at each workplace site. This book-size device can be drop-shipped to end users at remote and home offices for DIY installation. PathView Cloud also can monitor apps on mobile devices, through iOS clients installed via the App Store (and coming, Android). Jim Melvin, AppNeta's CEO, says that two-thirds of his clients are being served through channel partners.
The system can verify SLA adherence and reveal unsanctioned applications, as well as sources of performance slowdowns. Charged via a subscription model, the service can pay for itself for as little as a few dollars a day per site, says Melvin.