Box encryption, private cloud failures, Azure startup credits and other cloud news from the week ending 2015-02-15.
View this email in your browser

This Week In Cloud

Weekly roundup of interesting developments in the cloud industry, curated by David Mytton.

Box encryption with hardware based key management (Feb 10)
The collaboration platform, Box, announced the beta of a new encryption product which will allow customers to use their own keys for encrypting documents stored within Box. This is powered by Amazon's CloudHSM product which includes independent audit logging and key management.

Encryption at rest is a standard feature provided by most cloud storage providers, from iCloud Drive to Google Drive. However, the keys are always managed by the provider. This means the contents are protected from direct access to the hardware e.g. stealing the disk, but if the provider wants to access files (or is forced by law) then they can do so, and you wouldn't know about it.

Using Amazon's CloudHSM product solves a number of these problems.
  1. It passes the security over to Amazon, who likely have more resources to manage ongoing security, rather than Box implementing their own system.
  2. It provides an independent location to store your keys, in a tamper resistant dedicated hardware appliance. 
  3. It offers an isolated audit logging feature, so whenever Box requests the keys to access your files, it is logged. 
The most secure option is always going to be client side encryption where you never pass your keys into "the cloud" but this prevents features such as search and collaboration. Box's new product is the next best thing - you still get auditing and management of your own keys with cryptographic operations executing within the CloudHSM appliance (i.e. not sharing the key with Box) but sacrifice some level of security for all the features that Box offer. As with many aspects of security, this is a tradeoff.

Security is a big issue and is only made more important by well publicised attacks. But encryption is still far from easy to deploy, especially for non-technical users. Apple have put themselves forward being the first to implement encryption on their devices with security and privacy as key product differentiators, and it is good to see Box paving the way in enterprise products. Expect many more to come.
Why is private cloud failing? (5 Feb)
A blog post about why private cloud is failing got some traction, prompting some follow up articles. Regardless of the statistical value in the actual survey, an interesting observation was:

Of the 140 companies Bittman surveyed, the most common reason for dissatisfaction (noted by 31 percent of respondents) is that too much emphasis was placed on cost-cutting, not on providing agility in creating, spinning up and down capabilities as needed.

If you are looking to set up your own infrastructure through buying/leasing hardware and co-locating in data centres, it's relatively straightforward to calculate a massive cost saving when you compare compute, storage and networking to public cloud pricing. The common pattern is starting on public cloud and then migrating to colo as your company scales. I wrote over a year ago about how Moz saved over $500k/month by doing this.

However, the key here is that the savings are on raw compute, storage and networking. As you start to broaden your definition of "cloud" to include other IaaS and SaaS products, the cost savings diminish. Can you build your own equivalent of Google's BigQuery? Can you build your own equivalent of Amazon's build and deployment pipeline management products? Yes you could, but can you match their features and pricing? Probably not. 

The whole point of outsourcing is to hand over part of your business that you do not consider "core", technology that you don't need to own, to a specialist. A dedicated vendor can do a much better job in every aspect - features, updates, security, support and of course, pricing. This is the whole model of SaaS! With a broad definition of "cloud", these are not commodity products and so it's no wonder that projects trying to replicate AWS or Google Cloud are failing.

$500,000 Azure credits for Y Combinator startups (Feb 9)
Just last September, Google opened its Startup program with $100,000 in credits for startups and now Azure is offering $500,000. With AWS as the default option when you think about "cloud" due to their position in the market and a much larger portfolio of cloud products, the alternatives have to offer something compelling to make people think twice.

Such generous offers are a good incentive for the cloud vendors to attract new customers as a key stage - before the company has invested much in infrastructure. The hope is they will build their products on top of the various cloud products and APIs, making it harder to switch in the future. Although the core compute, storage and networking products can be swapped out, it's much harder if you are using more proprietary tools, databases and APIs.

Such a large credit also highlights how much money is being invested in building out the cloud platforms for the big players. Last quarter saw Google spend $3.5bn on their infrastructure. Very few companies have the resources of Amazon, Google and Microsoft to compete and the barriers are only going to get bigger.
Other things of note
  • Cloudscaling announced an EC2 API for their OpenStack distribution (link).
  • New Relic announced their first post-IPO quarter results of $29m revenue, YoY growth of 69% (link).
Copyright © 2015 David Mytton, All rights reserved.


unsubscribe from this list    update subscription preferences 

Email Marketing Powered by Mailchimp