Friday, September 17, 2021

What is a cloud service: NIST 5 criteria

Imagen de datacenter
Cloud computing is often thought of as a set of products, but it is actually a way of providing IT infrastructure and services to customers.

With the proliferation of cloud technologies, the use of new terms and specific jargon can be confusing, but fortunately the Computer Security Division of NIST provided a formal definition and characteristics of Cloud computing.

According to NIST (SP 800-145), these are the 5 essential characteristics that a cloud service must meet to be properly named a 'cloud service', whether public or private:

  • On demand self-service: Self-provisioning is one of the many features that customers can take advantage of, but they must also be able to start or stop their own services without requiring interaction with the cloud provider.
  • Broad Network Access: Service must be available to any device using any network. 
  • Resource Pooling: Provider create a pool of resources and dynamically allocate it to customers. 
  • Rapid Elasticity: The services provided by provider must be easily expandable and quick.
  • Measured Services: Provider must measure the usage of service and charge it accordingly.

ISO 17788 names one additional feature in addition to the previous five features from NIST:

  • Multi-tenancy: In a private cloud, the customers, also called tenants, can have different business divisions inside the same company. In a public cloud, the customers are often entirely different organizations. Most public cloud providers use the multi-tenancy model. Multi-tenancy allows customers to run one server instance, which is less expensive and makes it easier to deploy updates to a large number of customers.

There are additional features that are highly desirable or even essential such as security, which although often seen in cloud environments, are secondary in nature or derived from essential features, such as resiliency, cost-effectiveness or automation.

Saturday, December 29, 2018

2019 Cloud services predictions

Cloud services
Now that the year 2018 is coming to an end, I think the time has come to make some predictions of what 2019 will bring to the Cloud Services business.
Apart from my own knowledge of Cloud environments, this has been mainly an exercise of research, understanding current trends and projecting them to the future, analysis and digest of a lot of information of what other experts have to say in the cloud business.

The following is nothing more than an educated guess of what the future will bring. This post will remain here for us to check in the future. Only time will tell if I was right or wrong.

Multi-cloud, multi-site and geo-distributed clouds

To put it simply, public cloud isn't right for all workloads. It's not the magic bullet some evangelists predicted it would be, but it isn't going away either, and it will continue to grow, but will be steadily augmented, extended and expanded with complimentary technologies, platforms, and stacks.

Issues of performance, compliance, data gravity, locality, security and sovereignty will continue to drive organizations to a mix of clouds - some to edge clouds close to the data and users, others to regional on-premise private cloud infrastructures, and still others to global public clouds- each cloud or mix of clouds chosen based on their particular features, costs, and benefits.

In short, the world is moving irrevocably toward a multi-cloud, multi-site, geo-distributed model. Many customers will continue to use multiple vendors and most will have a mix of on-premise and off-premise infrastructure. Some companies, including some public cloud vendors, know this and are doing a good job of integrating on-premise infrastructure. Companies are going to be challenged to cope with the complexity of a multi-site, multi-cloud world and there will be opportunities for security vendors who can help them streamline security operations.

Azure's hybrid strategy keeps gaining momentum

Amazon Web Services (AWS) and Google entered the cloud market with no legacy and a sales pitch of a pure cloud play. Microsoft, on the other hand, had a huge legacy software installed base and pitched hybrid cloud, striking a balance between cloud and on-premises systems. It enabled Microsoft to rocket to the number two position in the cloud market very quickly.

Don’t expect AWS to go away, as it is still growing faster than all other cloud providers combined. However among the MSPs (Managed Service Providers), over the last three years Azure growth has skyrocketed, from 47% to 67%. This will grow even more next year and can be attributed to two major factors: relationships and product familiarity. Some MSPs have been working with Microsoft for 15 years, and have their sales rep on speed dial. Starting over with AWS or Google Cloud Platform is a daunting endeavor. Also, Microsoft is making it easy to move on-premises applications to Azure. Microsoft is not just building the infrastructure for MSPs to use, but they are also building the apps and services on top of that, making the transition to the cloud that much easier. Microsoft owns the MSP market and growth will continue in 2019.

Cloud vendor consolidation

According to Gartner, by 2022, the top 4 cloud "mega platforms" will host 80% of IaaS/PaaS deployments, but by 2024, 90% of Global 1000 organizations will mitigate lock-in through multi-cloud/hybrid technologies and tools from an integrated IaaS and platform as a service (PaaS) provider, and will use both the IaaS and PaaS capabilities from that provider.

IaaS-only cloud providers will continue to exist in the future, but only as niche players, as organizations will demand offerings with more breadth and depth for their hybrid environments. Already, strategic initiatives such as digital transformation projects resulting in the adoption of multicloud and hybrid cloud fuel the growth of the IaaS market.

Main references:

Monday, October 08, 2018

Interview as a Speaker for the European Blockchain Convention

European Blockchain Convention
Interview done as part of the Speaker Series for the European Blockchain Convention at Barcelona.

"Public blockchains really express the most powerful features of blockchains. Public blockchains often provide more transparency, better security, larger consensus and maximum levels of decentralization.
However public blockchains are difficult to monetize, they are difficult to adapt to comply with strict regulations and their performance are often suboptimal for special use cases.
This is where private blockchains come to life, while public blockchains will provide the underpinning infrastructure for most solutions".
Víctor Escudero Rubio

Víctor Escudero Rubio
Global Head of Integration of Cybersecurity at S21sec Co-autor of "Blockchain: the Industrial Revolution of the Internet"

Escudero is passionate about Free Software. He has lived and breathed Bitcoin since its inception and since then he actively shares his knowledge about protocols based on Blockchain.

1. Where were you the first time you heard the word Bitcoin?

I was leaving the office after work when I received a phone call from an old friend. He told me that he was amazed after seeing that someone had invented a system to make new money based on an open source license. It was back in 2009 and I didn’t spend a minute to check the new invention. Several weeks after that, another friend that was an amateur trader in Australia told me something about a cheaper way to exchange fiat money from one currency to another via a new digital currency. After that second chance, I decided to take a look on the Internet, but after a quick search I did not find any reference to Bitcoin. Fortunately, a few days later a colleague of mine that was also researching about new applications of Elliptic-curve cryptography pointed me to an article that had a reference to Bitcoin’s white paper. After reading Satoshi’s white paper and for the next six months, I couldn’t stop reading avidly everything I found about bitcoin.


2. Does Blockchain offer hype or hope?

Hope. There has been too much hype around blockchain in the past and it continues even nowadays. One of the reasons of that hype is that one of the first use cases of a lot of blockchains has been related to the transfer of money and, especially, to the financing of new companies through ICOs. However as more and more uses cases continue to emerge every day, blockchain will keep on providing excellent responses to new needs.


3. Have you ever used a Blockchain or a DLT? If yes, for what?

Yes. I began using the old Ripple system (the one that was born in 2004, way before Bitcoin) to exchange time credits between open source communities in the past. Regarding Blockchain I have used dozens of cryptocurrencies and done operational research of new applications in the cybersecurity area.


4. Do you think Blockchain in the future will be as important as the internet is today?

I think the Internet and Blockchain are different kinds of animals. Internet represents interconnectivity in such a large scale that its impact goes beyond any other technology humankind has developed after the invention of the wheel and the discovery of fire. Blockchain is a disruptive technology that will impact our future as much as other disruptive technologies like Artificial Intelligence, 3D printing or Robotic Process Automation will do in a few years. However Internet will keep on being the enabler for most of the advances we will see in the near future. In essence, Blockchain provides distributed trust and as such, it relies on the underlying connectivity of its nodes, often through the internet.


5. Public Blockchains or Private Blockchains?

Both of them, but for very different purposes. Public blockchains really express the most powerful features of blockchains. Public blockchains often provide more transparency, better security, larger consensus and maximum levels of decentralization. However public blockchains are difficult to monetize, they are difficult to adapt to comply with strict regulations and their performance are often suboptimal for special use cases. This is where private blockchains come to life, while public blockchains will provide the underpinning infrastructure for most solutions.

Interviewed as a Speaker for the European Blockchain Convention. Original source.

Tuesday, May 08, 2018

VEscudero en el Telediario de TVE: Goldman Sachs operará con bitcoins

Intervención en el Telediario de La 1 deTelevisión Española con motivo del anuncio de Goldman Sachs de crear una mesa de negociación de futuros sobre bitcoin para prestar el servicio de brokerage a inversores institucionales.

Por el momento la firma de inversión estadounidense ha decidido no comprar y vender bitcoins directamente, sino que en su lugar realizará compras y ventas de futuros en el mercado de Chicago en nombre de sus clientes.

De esta forma Goldman atiende la enorme demanda que estaba teniendo por parte de grandes inversores institucionales de empezar a cubrir el mercado de bitcoin, pues éste es visto como un activo de inversión cuyo riesgo está altamente descorrelacionado de otros activos y con un gran potencial como reserva de valor y/o valor refugio.

El video fue grabado el día 4 de mayo 2018 en las instalaciones de S21sec, la empresa de ciberseguridad en la que trabajo como Global Head of Integration, es decir responsable del área que realiza la implantación de productos y soluciones de ciberseguridad para los clientes de la compañía.

Tuesday, February 20, 2018

Colaboración en artículo sobre Petro en la sección de Internacional del diario ABC

Colaboración con el diario ABC a razón de la próxima oferta pública de venta que el gobierno venezolano realizará a través de una nueva criptomoneda.

A finales del 2017, el gobierno de Nicolás Maduro decidió crear una nueva moneda denominada Petro, cuyo valor estará respaldado por las reservas petroleras de la República Bolivariana de Venezuela.

El Petro será la primera criptomoneda respaldada oficialmente por un estado y su implantación supondrá un reto de enormes dimensiones, de ahí la gran atención que está suscitando su inminente  lanzamiento.

Técnicamente, la ICO (Initial Coin Offering) presenta algunos inconvenientes para los inversores: ha sido parcialmente preminada, más de la mitad de la recaudación irá directamente a un fondo soberano controlado por el gobierno de Maduro, su desarrollo está bajo el control de un reducido grupo de desarrolladores (no identificados), el algoritmo de prueba de esfuerzo (PoW, Proof of Work) podría ser sustituido en un futuro por una prueba de tenencia (PoS, Proof of Stake), no hay prevista ningún tipo de limitación que impida al gobierno de Maduro poder emitir a voluntad más monedas de las inicialmente previstas, así como manipular el precio de sus propias reservas petroleras y especular abiertamente sobre el precio de su propia criptomoneda, gracias al control que puede ejercer sobre la información sobre sus reservas petroleras y el control de los Exchanges donde estará permitido intercambiar los Petros.

Popular articles