Open Data Center Alliance working on cloud usage models
Aims to help cloud users quickly identify risks and security management toolsets
By Bob Violino
January 11, 2012 —
The Open Data Center Alliance (ODCA) is an independent organization that aims to give its members a voice in shaping the future of cloud computing. The alliance is developing "usage models" to meet the challenge of providing secure cloud environments. The models lay out a set of standard tools that allow vendors to offer different levels of security to cloud-consuming organizations, so that IT and security executives can quickly understand where the threats are and mitigate the risks.
CSO contributor Bob Violino recently interviewed alliance president Curt Aubley, vice president and chief technology officer, Cyber & NexGen Innovation at Lockheed Martin Information Systems and Global Solutions, about cloud security issues and the alliance's efforts to help secure the cloud.
CSO: How does cloud computing fit into your own company's plans, and what do you see as some of the biggest challenges associated with the cloud computing environment?
Curt Aubley: At Lockheed Martin, we are both a consumer and provider of cloud services. We deliver some of the largest clouds in the world for our customers and rely on our internal clouds for accelerating our agile research and development every day. The challenges of cloud computing are many, [and] include understanding the importance of your data, its classification, which clouds can be leveraged based on their certifications, service level agreements, and transparency of end-to-end operations across people, process, and technology.
CSO: Why did you become involved in the Open Data Center Alliance and what do you hope to accomplish from your involvement in the organization?
Aubley: In order to develop innovative and secure solutions for our customers, I am a consumer and provider of cloud services, which vary depending on the customer's mission. Some of the key values of being part of the ODCA, and its president, is the ability to get our end-user voice heard. From an end-user perspective, what use cases do we need [to evaluate] to effectively and securely leverage the promise of cloud computing? By joining a worldwide consortium of over 250 world class companies, we can work as a team to influence the industry's priorities in cloud computing.
CSO: What are the alliance's usage models, and how can these models help companies such as yours improve information security in the cloud?
Aubley: We have eight use cases published across the areas of secure federation [including security monitoring, security provider assurance]; automation [IO control, virtual machine interoperability]; command management and policy [regulatory framework], and transparency [carbon footprint, service catalog and standard units of measure]. These provide the foundation use cases needed for consideration to deliver effective business capabilities that meet customer expectations using cloud computing.
CSO: Is your company planning to implement any of the models, and when does it expect to see results?
Aubley: We have worked with the greater ODCA team to develop these models. We have gotten value from the synthesis of these models and we are effectively using them today as a baseline with our cloud computing efforts. We are using the reference models as the minimum standards of engagement with cloud vendors. They are also helping us to define cloud capabilities we can take advantage of, and to compare vendors.
Other stories by Bob Violino