What you missed in Cloud: Secure interoperability

Published by Rodolphe Wilhelm, 8 Jun 2015

The hybrid cloud returned to the center of attention this week after the OpenStack movement’s efforts to establish a common operating paradigm across on- and off-premise infrastructure marked its latest victory with the addition of a key international provider to the fray. Canada’s Ormuco Inc. is now officially the newest operator with a managed implementation of the project.

Its platform is based on Hewlett-Packard’s somewhat fledgling version of OpenStack rather than more established alternatives to give customers the option of porting workloads onto the data centers of other providers that have likewise chosen the distribution  over the competition. That adds a whole new dimension to the hybrid model besides simply moving back and forth from behind the firewall.

But besides providing flexibility and freedom of choice, mixing more third parties into the mix also results in greater complexity that can increase operational risk. That’s what the latest open-source tool from Docker Inc., the startup behind the lightweight virtualization technology that’s helping to drive the shift toward hybrid clouds, hopes to address.

The Docker Bench Security utility automatically checks systems where an organization intends to deploy containers for compliance with the safety best practices detailed in a internally produced white paper released last month. It’s the first in a series of planned tools to help simplify the notoriously tricky task of defending large-scale Docker lusters against attack.

That challenge is hardly limited to the containerization engine, however. Increased risk is inherent to the hybrid model, so much so that an entire market segment has emerged around mitigating it, with startups such as CipherCloud Inc. leading the charge. Its value proposition received a big boost yesterday last week after the introduction of a tokenizer for scrambling data.

The feature will allow its proxy to replace sensitive details in a document with an undecipherable placeholder on its way beyond the firewall to the cloud. That approach promises to make it easier for companies to meet the strict regulations governing personally identifiable information, particularly in the EU, where some sensitive data can’t leave national boundaries.