On the August 21, 2012, Peer Incite, early evaluators of CloudPhysics discussed the benefits of comparing and modeling their virtualized environments against the best-practice experiences of their peers. CloudPhysics takes a big-data approach to analyzing configuration, setting, and performance data to determine best practices. For the CloudPhysics approach to be successful, two things have to happen:
- CloudPhysics has to develop a meaningful and substantial baseline body of data against which organizations could compare,
- Organizations have to be willing to share information about their own configurations, their settings, and their environments’ performance.
There are two hurdles in sending data off-site. The first is that doing so must be simple and non-disruptive for the operations professionals. CloudPhysics has addressed this by building all the data-collection capabilities into an application that runs within the virtualized environment. The second is that sending any proprietary information off-site typically involves gaining the approval of the Chief Information Security Officer (CISO) and/or the Chief Compliance Officer (CCO). In order to speed the process of gaining CISO and CCO approval and address their concerns, CloudPhysics encrypts and anonymizes user data, provides access control to the user, and provides comprehensive documentation.
Action Item: Leveraging a cloud-based service where an organization’s data is delivered to a big-data repository of configuration and performance data is new territory. The chief information security officer, chief privacy officer, and/or chief compliance officer need to be engaged early in the process so that their concerns around security, privacy, and anonymization of data are addressed. Otherwise they will become an impediment to moving forward. They will need to know who has access to the data, how controls are maintained, and what controls remain with the organization. Some organizations, including most government agencies, will want a private cluster of their own data, which accesses public data but to which the organization does not contribute its own data.