Weblogic Authors: Yeshim Deniz, Elizabeth White, Michael Meiner, Michael Bushong, Avi Rosenthal

Related Topics: @CloudExpo, Containers Expo Blog

@CloudExpo: Article

Virtualization and the Cloud Computing Ecosystem

A look at the impact of virtualization on Cloud Computing

Last week at the 7th International Cloud Expo in Santa Clara, I sat on a panel discussing virtualization and the cloud. As a follow on to my contribution, it is my intention to expand on the position of virtualization and the cloud ecosystem.

It is generally accepted that the concept of cloud computing or, at least the amalgamation of services that infer the cloud ecosystem, lends to the premise of improvements in managing deployed services. This due to an assumed increase in efficiencies resulting from the sharing of hardware resources at one end of the spectrum.

According to NIST[1] There are five essential characteristics of Cloud Computing viz:

1) On-demand self-service 2) Broad network access 3) Resource pooling 4) Rapid elasticity 5) Measured Service

Of these cloud-computing attributes, virtualization can be said to possess all except the ability to implement services through the utilization of Internet Technologies[2]

It is a known fact that the dynamic consolidation of application workloads through virtualization will increase server utilization. This in turn will reduce demands on power and system resources, especially within large-scale server clusters deployment that can support cloud based application services.

As we know, with any system the surface area an attacker can target for attack increases with the introduction of a virtualization layer. This in turn will increase the vulnerability factor of the system for, in addition to the guest operating system being at risk, the hypervisor and VMM will also be prone to attack.

For clarification any virtualized system will include a new layer of software - the virtual machine monitor(VMM).Within the virtualized environment, current virtualization research assuming that the virtualized environment (VMM) has knowledge of the software being virtualized (the guest OS) however there is no verification of whether the memory layout of the running VM matches the symbol tables[3]

This can cause a problem especially with the increase of "intelligent malware systems" and the potential for false positives or worse yet no alarms or responses that will ensure cause for concern. In turn such a weakness can extend into the cloud ecosystem with the potential for malicious outcomes.

Worth mention at this juncture is research completed by Steinberg and Kauer [4] and their secure virtualization hardware: NOVA.

NOVA takes an extreme microkernel-like approach to virtualization by moving most functionality to user level. Because our entire system adheres to the principle of least privilege, we achieve a trusted computing base that is at least an order of magnitude smaller than that of other full virtualization environments.[4]

We all need to bear in mind that in today's rapidly evolving technology ecosystem, cost savings in any environment only goes so far to keep an enterprise competitive. Thus virtualization whilst important in any IT environment, is not the only path to cloud computing.

An argument to support a cloud computing ecosystem that minimises virtualized arguments can be drawn from a study conducted by Wang and Ng [5] which stated that "unstable network characteristics are caused by virtualization and processor sharing on server hosts."

In this climate, what virtualization can accomplish for any enterprise, after the realization of server virtualization cost savings is capped (savings from capital and power expenses, server sprawl reduction,utilization rates); will be to provide that most strategic path to a cloud computing build-out - be it a private or public cloud ecosystem for an enterprise.

So with the importance of virtualization within, as well as its impact on cloud computing, can we mitigate these security concerns as more enterprises move toward cloud adoption?

Cloud computing incorporates different dimensions of implementation as it can traverse a path beyond that driven solely by server virtualization. For instance some cloud services can be obtained at various levels within the IT stack, e.g. SaaS. So then, how do we ramp up and mitigate or manage risk that will arise in these settings?

This can lead one to consider the point that for cloud-computing, "security applies to two layers in the software stack." [3]

According to Yuecel Karabulut, [6] cloud security architectures,need to be designed on the premise that this ecosystem is dynamic, he stated that "as new threats emerge, code considered secure today may not be secure tomorrow."

Regardless of platform infrastructure, Karabulut went on to say that "the cloud still runs pieces of software;therefore a good start toward security within the cloud ecosystem, is to work on ensuring that software security is aligned to a defined SDLC process and that this process is adhered to from requirements analysis to testing."[6]

He further postulated that encryption within the cloud can improve trust and security parameters. A cloud vendor managing a customers encrypted data will only have access to metadata (data about data) and not the customers encrypted content.

This can lead to a win-win situation for both vendors and customers as this will encourage scalability from no need for specialised software, there will be a reduction in processor load, and users will be freed from knowing the identities, and by extension the public keys, of individuals authorised for access.

As cloud computing incorporates aspects of web-services; another direction "can be to understand the attack surfaces of Cloud applications and systems and reduce" [6] or remove if possible vectors to known attack paths that will affect any one web-service and by extension a cloud-computing service.

In closing I wanted to touch on another study I recently reviewed. The researchers introduced "a new architecture for secure introspection the aim of which was to integrate discovery and integrity measurement of code and data starting from hardware state." [3] One purpose of this architecture was "to address both the semantic gap present in virtual -machine introspection and the information gap specific to cloud computing" [3]

Integrity Discovery System using Secure Introspection


Source :Cloud Security is Not (Just) Virtualization Security pg 99 [3]

This system in a nutshell proposed to integrate aspects of virtualization, secure introspection, known security metrics, known risks and flaws within the environment, as well as those that can potentially exist within the cloud-computing ecosystem.

In essense researchers Christodorescu, Sailer, Schales, Sgandurra and Zamboni has proposed an architecture which has the potential to mitigate and/or manage risk in a dynamic and responsive manner within the cloud-computing environment.... as one of its functions.


[1] csrc.nist.gov/groups/SNS/cloud-computing/cloud-def-v15.doc

[2] http://en.wikibooks.org/wiki/Internet_Technologies

[3] Cloud Security is Not (Just) Virtualization Security ACM 978-1-60558-784-4/09/11

[4]Steinberg, Kauer April '10: NOVA: A Micro-Hypervisor based Secure Virtualization Architecture

[5] Wang, Ng:The Impact of Virtualization on Network Performance of Amazon EC2 Data Center,5-10

[6] Yuecel Karabulut - Chief Security Advisor & Head of Security Strategy, SAP: 7th International Cloud Expo Santa Clara Ca. Nov 10

More Stories By Jon Shende

Jon RG Shende is an executive with over 18 years of industry experience. He commenced his career, in the medical arena, then moved into the Oil and Gas environment where he was introduced to SCADA and network technologies,also becoming certified in Industrial Pump and Valve repairs. Jon gained global experience over his career working within several verticals to include pharma, medical sales and marketing services as well as within the technology services environment, eventually becoming the youngest VP of an international enterprise. He is a graduate of the University of Oxford, holds a Masters certificate in Business Administration, as well as an MSc in IT Security, specializing in Computer Crime and Forensics with a thesis on security in the Cloud. Jon, well versed with the technology startup and mid sized venture ecosystems, has contributed at the C and Senior Director level for former clients. As an IT Security Executive, Jon has experience with Virtualization,Strategy, Governance,Risk Management, Continuity and Compliance. He was an early adopter of web-services, web-based tools and successfully beta tested a remote assistance and support software for a major telecom. Within the realm of sales, marketing and business development, Jon earned commendations for turnaround strategies within the services and pharma industry. For one pharma contract he was responsibe for bringing low performing districts up to number 1 rankings for consecutive quarters; as well as outperforming quotas from 125% up to 314%. Part of this was achieved by working closely with sales and marketing teams to ensure message and product placement were on point. Professionally he is a Fellow of the BCS Chartered Institute for IT, an HITRUST Certified CSF Practitioner and holds the CITP and CRISC certifications.Jon Shende currently works as a Senior Director for a CSP. A recognised thought Leader, Jon has been invited to speak for the SANs Institute, has spoken at Cloud Expo in New York as well as sat on a panel at Cloud Expo Santa Clara, and has been an Ernst and Young CPE conference speaker. His personal blog is located at http://jonshende.blogspot.com/view/magazine "We are what we repeatedly do. Excellence, therefore, is not an act, but a habit."

@ThingsExpo Stories
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to ...
Cloud-enabled transformation has evolved from cost saving measure to business innovation strategy -- one that combines the cloud with cognitive capabilities to drive market disruption. Learn how you can achieve the insight and agility you need to gain a competitive advantage. Industry-acclaimed CTO and cloud expert, Shankar Kalyana presents. Only the most exceptional IBMers are appointed with the rare distinction of IBM Fellow, the highest technical honor in the company. Shankar has also receive...
Enterprises have taken advantage of IoT to achieve important revenue and cost advantages. What is less apparent is how incumbent enterprises operating at scale have, following success with IoT, built analytic, operations management and software development capabilities - ranging from autonomous vehicles to manageable robotics installations. They have embraced these capabilities as if they were Silicon Valley startups.
The standardization of container runtimes and images has sparked the creation of an almost overwhelming number of new open source projects that build on and otherwise work with these specifications. Of course, there's Kubernetes, which orchestrates and manages collections of containers. It was one of the first and best-known examples of projects that make containers truly useful for production use. However, more recently, the container ecosystem has truly exploded. A service mesh like Istio addr...
Predicting the future has never been more challenging - not because of the lack of data but because of the flood of ungoverned and risk laden information. Microsoft states that 2.5 exabytes of data are created every day. Expectations and reliance on data are being pushed to the limits, as demands around hybrid options continue to grow.
Business professionals no longer wonder if they'll migrate to the cloud; it's now a matter of when. The cloud environment has proved to be a major force in transitioning to an agile business model that enables quick decisions and fast implementation that solidify customer relationships. And when the cloud is combined with the power of cognitive computing, it drives innovation and transformation that achieves astounding competitive advantage.
Poor data quality and analytics drive down business value. In fact, Gartner estimated that the average financial impact of poor data quality on organizations is $9.7 million per year. But bad data is much more than a cost center. By eroding trust in information, analytics and the business decisions based on these, it is a serious impediment to digital transformation.
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As automation and artificial intelligence (AI) power solution development and delivery, many businesses need to build backend cloud capabilities. Well-poised organizations, marketing smart devices with AI and BlockChain capabilities prepare to refine compliance and regulatory capabilities in 2018. Volumes of health, financial, technical and privacy data, along with tightening compliance requirements by...
Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereal. Andrew's role at ConsenSys Enterprise is a mul...
DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
DXWorldEXPO LLC announced today that "Miami Blockchain Event by FinTechEXPO" has announced that its Call for Papers is now open. The two-day event will present 20 top Blockchain experts. All speaking inquiries which covers the following information can be submitted by email to [email protected] Financial enterprises in New York City, London, Singapore, and other world financial capitals are embracing a new generation of smart, automated FinTech that eliminates many cumbersome, slow, and expe...
DXWorldEXPO | CloudEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
The best way to leverage your Cloud Expo presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering Cloud Expo and @ThingsExpo will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at Cloud Expo. Product announcements during our show provide your company with the most reach through our targeted audiences.
DevOpsSummit New York 2018, colocated with CloudEXPO | DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City. Digital Transformation (DX) is a major focus with the introduction of DXWorldEXPO within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of bus...
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, @CloudEXPO and DXWorldEXPO are two of the most important technology events of the year. Since its launch over eight years ago, @CloudEXPO and DXWorldEXPO have presented a rock star faculty as well as showcased hundreds of sponsors and exhibitors! In this blog post, we provide 7 tips on how, as part of our world-class faculty, you can deliver one of the most popular sessions at our events. But before reading...
Cloud Expo | DXWorld Expo have announced the conference tracks for Cloud Expo 2018. Cloud Expo will be held June 5-7, 2018, at the Javits Center in New York City, and November 6-8, 2018, at the Santa Clara Convention Center, Santa Clara, CA. Digital Transformation (DX) is a major focus with the introduction of DX Expo within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive ov...
As IoT continues to increase momentum, so does the associated risk. Secure Device Lifecycle Management (DLM) is ranked as one of the most important technology areas of IoT. Driving this trend is the realization that secure support for IoT devices provides companies the ability to deliver high-quality, reliable, secure offerings faster, create new revenue streams, and reduce support costs, all while building a competitive advantage in their markets. In this session, we will use customer use cases...
DXWorldEXPO LLC announced today that ICOHOLDER named "Media Sponsor" of Miami Blockchain Event by FinTechEXPO. ICOHOLDER give you detailed information and help the community to invest in the trusty projects. Miami Blockchain Event by FinTechEXPO has opened its Call for Papers. The two-day event will present 20 top Blockchain experts. All speaking inquiries which covers the following information can be submitted by email to [email protected] Miami Blockchain Event by FinTechEXPO also offers s...
With tough new regulations coming to Europe on data privacy in May 2018, Calligo will explain why in reality the effect is global and transforms how you consider critical data. EU GDPR fundamentally rewrites the rules for cloud, Big Data and IoT. In his session at 21st Cloud Expo, Adam Ryan, Vice President and General Manager EMEA at Calligo, examined the regulations and provided insight on how it affects technology, challenges the established rules and will usher in new levels of diligence arou...
Dion Hinchcliffe is an internationally recognized digital expert, bestselling book author, frequent keynote speaker, analyst, futurist, and transformation expert based in Washington, DC. He is currently Chief Strategy Officer at the industry-leading digital strategy and online community solutions firm, 7Summits.