Today at VMworld, Harris Corporation announced their Trusted Enterprise Cloud as a VMware vCloud® Powered service offering for federal and enterprise customers based on best of breed technologies, including VMware vCloud® Director. Perhaps the most interesting part of this is the strong differentiation that Harris has built into its cloud infrastructure that makes it a particularly good fit for this customer base.
There are echoes here of NYSE Euronext’s capital markets approach – both are far from “generic” or “commodity” cloud services. They are clouds specifically designed and operated to solve mission-critical customer needs. Harris is way out in front of some recent announcements that are nothing more than “same old cloud, new building”, marketed as “Now for government use.” You’ve heard of “CloudWashing” – maybe the term for this is “GovCloudWashing?”
So what’s the secret sauce? Harris set out to comprehensively answer the question “What makes a cloud trusted?” There are three components to this – the physical and logical integrity of the cloud itself, the methods and procedures to operate it, and the people who run the cloud. There’s a lot of meat to this, and Chuck Hollis’ blog goes into more detail – I want to focus on Harris’ innovation in the cloud infrastructure layer.
All of the Trusted Cloud hardware components are positively verified to be as the manufacturer intended, with tracking from the source. There’s no room for (say) buying the cheapest “white box” server board of unknown origin in a trusted cloud, because that can compromise the integrity of the overall system. If you think this is far-fetched, consider that everything from NAS arrays to iPods have arrived in the hands of customers pre-loaded with malicious code in the past few years. Then there’s the growing market in counterfeit networking, storage and server spares (by May 2010, US authorities had made more than 700 seizures of counterfeit Cisco gear — more than 94,000 network devices in total).
Secondly, Harris has developed an innovative white-listing approach to verify the integrity of code and configurations that run on the cloud. Traditional anti-virus systems use black-listing – known malicious code is identified through signatures and blocked. The challenge has been the deliberately massive proliferation of malicious code variants, and techniques like code mutation designed to defeat signatures. White listing is the reverse – only known good code and configurations (those with a signature on the “white list”) are allowed. By definition, malicious code, regardless of how it mutates or disguises itself, cannot run because it doesn’t have a valid signature.
The challenge with white-listing is ensuring you have 100% of the required signatures to allow the system to run, given the sheer number of variations of bona fide code and configurations. Through its acquisition of SignaCert in 2010, Harris has assembled a database of code and configuration signatures for over 3 billion software objects from more than 2,000 vendors. Harris has four patents on this technology and has embedded it in their Trusted Enterprise Cloud service.
This is another strike against the “cloud monoculture” viewpoint: to be relevant to a particular market segment, a cloud must deliver more than on-demand VMs; it must also solve key infrastructure challenges that distract organizations from their marketplace or mission. For many, including Federal government agencies, assuring a secure cloud platform is a great example of something that Trusted Enterprise Cloud solves effectively, and is what distinguishes it from “same basic cloud, shiny new label” offerings.