What is your view on cloud computing being touted as the next big thing for India? How do you think is the acceptance for cloud growing in public as well as private enterprises?
A report by a consulting firm, Zinnov Management Consulting says, “India's cloud computing market will be around $1 bn over the next 5 years. India gets this opportunity since there are over 1,300 independent software vendors (ISVs), 1.4 mn developers and more than 11,000 system integrators (SIs and custom software development organizations) in its powerful ecosystem. Hence, India is ideal to tap this growing opportunity. The growing boom in software development for cloud computing is estimated to be around 300,000 jobs related to cloud services which will be created in India over the next 5 years.
The government requires massive infrastructure for handling its computing operations. So, cloud computing is just apt for it for handling the ever increasing volume of transactions, mass storage, speedy data processing, for scalability, and generating up-to-date and timely reports in detail at various levels of decision making. In India, it can help address the priority areas which have been outlined by the President of India for the government-bring about governance reforms, creation and modernization of infrastructure in key sectors, and constructive and creative engagement with the world. By setting up a private cloud, state governÂments can gain access to virtually unlimited, centraÂlized computing.
What are the security implications of the growing move towards cloud computing?
According to the 2009 'Cloud Computing Survey' conducted by Kelton Research, which interviewed 502 C-level executives and IT decision makers across 17 countries in North America, Europe, and Asia-Pacific, “By a 5-to-1 ratio, executives report that they trust existing internal systems over cloud based systems due to the fear of security threats and loss of control over data and systems.”
Having a defense-in-depth approach is a fundamental element in how Microsoft provides a trustworthy cloud infrastructure. Applying controls for multiple security measures of varying strengths-depending on sensitivity of the protected asset-results in an improved capacity to prevent breaches or to lessen the impact of a security incident.
Online Services, including infrastructure and platform services, take advantage of virtualization. As a result, customers using services hosted on the Microsoft cloud may have assets that can no longer be easily associated with a physical presence.
Physical and network security measures must, of course, still be taken. However, the focal point of risk management shifts closer to the object level, closer to elements in use in the cloud environment, for example, static or dynamic data storage containers, virtual machine objects, run-time environments in which computations occur.
Host security, auditing and reporting like daily scanning of the infrastructure assets, penetration testing performed by internal and external parties also help.
Application security is also important. Rigorous security practices employed by development teams at Microsoft were formalized into a process called the 'Security Development Lifecycle' (SDL). Many cloud and online service development projects have shorter release schedules or frequent additions of new features and capabilities. Agile methods are well suited to the requirements of these projects. Agile is an increasingly widely adopted methodology for software development. Increasingly, development teams have begun using the Agile methodology.
Identity and access management is a part of the whole process. Microsoft uses a need-to-know and least-privilege model to manage access to assets. Highly sensitive assets require multi-factor authentication, including measures such as passwords, hardware tokens.
For network security, Microsoft applies many layers of security as appropriate for data center devices and network connections.
Microsoft's proven record of accomplishment combined with its independently certified programs show the relevance of these programs to the continuing evolution of challenges and opportunities in the changing online services' marketplace.