Head on the heels of Microsoft Azure’s announcement of its achievement of Provisional Authority Level 5 accreditation for the Department of Defense, IBM detailed its finalization of a five year contract with the U.S. army that has the potential to amount to $62M. Under the terms of the contract, IBM will create a private cloud solution for the U.S. Army’s Redstone Arsenal, which is located close to Huntsville, Alabama. IBM will deliver Infrastructure as a Service solutions for the Redstone Arsenal facility as part of the Army Private Cloud Enterprise program. The army plans to migrate up to 35 applications to the U.S. army during the first year of the private cloud. IBM’s ability to win this contract with the army was predicated on securing the Defense Information Systems Agency (DISA) Impact Level 5 (IL-5) Provisional Authorization. IBM is the first company to obtain Defense Information Systems Agency (DISA) Impact Level 5 (IL-5) Provisional Authorization and plans are in place for it to achieve Level 6 authorization, which would enable it to manage classified information in contrast to the ability to manage controlled unclassified information as a result of its Level 5 certification. IBM’s contract with the U.S. army to develop and manage a private cloud for its Redstone Arsenal builds upon its success delivering a hybrid cloud solution for the U.S. Army’s Logistics Support Activity. The deal consolidates IBM’s leadership as a cloud contractor for the U.S. military and suggestively illustrates further potentialities for the expansion of IBM’s cloud market share via cloud-related U.S. military use cases.
On Friday, Microsoft Azure announced it became the first commercial cloud vendor to achieve Level 5 Provisional Authority for the “the DOD regions of Microsoft Azure Government and Office 365 U.S. Government Defense” as noted on Microsoft’s website. Azure’s achievement of Level 5 accreditation from the DOD empowers it to handle controlled unclassified information (CUI) and subsequently build and host applications that require a higher level of security than Level 4 accreditation. In conjunction with the news of its Level 5 DOD accreditation, Microsoft Azure announced the general availability of DOD regions of Microsoft Azure Government and Office 365 U.S. Government Defense with Level 5 authorization marked by dedicated infrastructure for the DOD spanning a multitude of U.S.-based data centers. Azure’s achievement of Level 5 Provisional Authority adds to its FedRAMP certification and bolsters its leadership in the government and defense-related cloud computing space. The announcement of its Level 5 Provisional Authority as granted by the Department of Defense represents a significant differentiator for Microsoft Azure given a contemporary political climate marked by increased sensitivity to U.S. government hacking and security breaches. With its enhanced security credentials for the DOD, Azure stands poised to continue spearheading Microsoft’s renaissance under CEO Satya Nadella by giving investors increased confidence in the company’s ability to serve defense-related contracts that are likely to increase in quantity and scope given President-elect Trump’s avowed interest in expanding the U.S. military.
Google has announced details of a key management service in Beta in select countries that allows enterprises to manage the encryption keys for their cloud-based deployments. The ability of Google Cloud customers to manage their own encryption keys enhances the cloud security of Google’s public cloud platform because customers now have the option of taking ownership of the encryption keys for cloud deployments. Branded Google Cloud Key Management Service (Cloud KMS), Google’s expanded encryption functionality gives it parity with the AWS Key Management service and the Azure Key Vault with respect to customer-owned encryption options. Customers interested in retaining control over their encryption keys have the choice to store the encryption keys in the cloud or on premise. Google’s ability to give encryption keys to its customers is enabled by technology that “uses the Advanced Encryption Standard (AES), in Galois/Counter Mode (GCM), the same encryption library used internally at Google to encrypt data in Google Cloud Storage,” as noted in a blog post.
Google Cloud Platform’s decision to give customers the option of controlling their encryption keys puts it on par with its competitors AWS and Azure while concurrently satisfying the cloud security needs of customers in highly regulated industries such as healthcare and finance, that typically require greater ownership of the mechanism of encryption and de-encryption. Cloud security promises to be an intense area of interest in 2017 and Google’s achievement in coming up to speed with two its key competitors with respect to encryption functionality points to the tip of the iceberg of a broader conversation about cloud security that stands to unfold over the next 12 to 18 months. Given the dramatic proliferation of high profile cloud security breaches in recent months, expect Google Cloud Platform, AWS and Azure to keep enhancing their cloud security options in 2017, particularly since cloud security could represent the game-changer for cloud market share in the public and hybrid cloud space.
Apple has announced that CareKit, its framework for creating healthcare-related apps, integrates with ZeroKit, a platform created by a company called Tresorit that delivers enhanced security for CareKit apps and their associated data. Even though CareKit data is encrypted on the iPhones of its individual users, CareKit does not manage encryption to the servers of developers and the sharing of healthcare-related data via its file sync and sharing functionality. Tresorit’s ZeroKit SDK enhances the security of the CareKit framework by bolstering the authentication protocols used for accessing the app and encrypting data prior to its storage on cloud-based servers. ZeroKit’s enhanced authentication protocols mitigate against hacking or compromises of user authentication data, more generally. In addition, ZeroKit delivers “zero knowledge” end to end encryption that allows no one, not even developers, to see patient data or passwords because of the application of encryption to all data.
ZeroKit’s encryption protocol is so strong that data is encrypted before storage in the cloud, thereby ensuring that data in motion, created during the development process, is as protected as data stored within CareKit’s cloud infrastructure. ZeroKit’s SDK for cloud security is currently used by CarePro and DrNearMe. Because ZeroKit helps CareKit-based apps achieve HIPAA compliance, its partnership with CareKit strengthens CareKit’s positioning within the space of mobile app development for healthcare apps that empower healthcare providers to follow-up with patients regarding their conditions by enabling patients to track medication usage and metrics such as glucose, blood pressure, temperature and swelling.
On December 27, Google Cloud Platform announced that Stackdriver Trace (Trace), its tool for analyzing application latency and performance, now supports limited interoperability with Zipkin, a distributed tracing system open-sourced by Twitter in 2012. Trace can now receive traces regarding application performance from Zipkin as a result of Google’s recent release of a Zipkin server. Trace’s ability to receive traces from customers using Zipkin enables customers to leverage the power of Trace for applications written in languages that Trace currently does not support, as well as in conjunction with Zipkin. Trace currently supports Google App Engine-native applications and features libraries to support applications that run on VMs or containers that are written in Node.js, Java and Go. Trace plans to support Ruby and .NET in the near future and, as such, its ability to receive traces from Zipkin via the newly released Zipkin server expands the universe of applications whose latency and performance it can analyze and also allows users to compare the relative merits of Trace and Zipkin. Trace’s ability to accept traces from Zipkin marks a notable step forward in the space of technologies dedicated to understanding application latency and the root causes of performance degradation given that Salesforce and Yelp support Zipkin, alongside Twitter. Expect Google to continue augmenting Trace as it gains even more traction from Zipkin-users and conversely, for Zipkin to evolve as a result of the insights delivered through its compatibility with Stackdriver Trace.
On Wednesday, Docker announced plans to spin off and open source containerd, a component of Docker Engine that delivers the capability to manage containers on a host machine. Also known as Docker’s core container runtime, containerd features all of the core primitives required to manage containers on Linux and Windows hosts. In addition, containerd features functionality for container execution and supervision, the distribution of images as well as the implementation of network interfaces and local storage. Used in production by millions of Docker containers subsequent to the release of Docker 1.11 in April 2016, containerd encapsulates foundational components of the Docker Engine that third parties can use to create products and solutions that leverage a common platform for core container runtime technology within their container-based products. IBM Vice President of Cloud Technology and Architecture Dr. Angel Diaz remarked on the importance of a common container runtime platform within the container landscape as follows:
As container adoption continues to grow, it’s important that, as an industry, we establish an openly governed container runtime to ensure consistent behavior across platforms. IBM and Docker have worked in partnership in the past to bring the single container runtime to an open community – we are expanding on this by establishing containerd as the open source and open governed project that builds on OCI outputs (specs and runtime) to manage multiple containers. Developers can utilize containers today on the IBM Bluemix Container Service, and we look forward to seeing container technology to continue to grow in functionality and long-term stability through this new initiative.
Here, Diaz comments on the value of an “openly governed container runtime” that brings a respected standard to container infrastructure across the industry. The open sourcing of Docker’s core runtime component promises to contribute to the development of standards between containers from vendors such as Amazon Web Services, Google Cloud Platform and Microsoft and subsequently enhance the compatibility, stability and standardization of container technologies. The open sourced containerd technology will follow the OCI standard and achieve compatibility with its protocols by the time of the 1.0 containerd release. Docker’s decision to spin out containerd and hand over its stewardship to an independent foundation that presides over its governance marks a monumental step forward toward standardizing container technologies while concurrently allowing vendors to differentially add additional container functionality as they deem appropriate. In addition, the move to spin out containerd promises to enhance the footprint of Docker within the container space by consolidating its positioning as the leader of container-based standards and infrastructure, even though containerd will be branded independently of Docker and receive contributions from other vendors. Containerd will be compatible with all leading orchestration frameworks and intends to serve as a “boring infrastructure” component for the container landscape. The spinning out of containerd as an independent open source project promises to enhance the significance of containers within the contemporary application development and lifecycle management space by improving container standardization and compatibility across platforms and vendors and subsequently contributing to increased container adoption within the industry at large. Docker plans to donate containerd to an independent foundation by the end of Q1 2017.
Crate.io today announces the general availability of CrateDB, an open source SQL-database platform that specializes in storing and analyzing machine data and related applications. CrateDB features a distributed SQL query engine that empowers users to run complex queries in real-time without the diminution of performance specific to “first generation SQL databases”, as noted in a press release. The platform also boasts columnar field caches and enhanced versatility with respect to SQL-based queries on machine data. For example, CrateDB delivers the capability to create outer joins as well as run queries on structured and unstructured data, perform time series analysis and leverage advanced database search functionality. In addition, CrateDB features extreme scalability marked by automated sharding and data redistribution that optimizes data performance and availability in correspondence with the volume of data stored within the platform. Importantly, CrateDB allows organizations to take advantage of SQL-oriented skills and tools to expedite its integration and adoption. As such, the platform represents a SQL-based alternative to NoSQL machine data solutions such as Splunk and Cassandra that empowers organizations to collect and analyze massive volumes of machine data in real-time in conjunction with the platform’s enhanced querying versatility and scalability. Available under an Apache 2.0 license, CrateDB marks the emergence of another key player in the machine data analytics space that promises to disrupt the landscape of machine data analytics platforms, particularly given the nexus of its advanced SQL-based querying functionality and extreme scalability. Organizations with resources versed primarily in SQL will lean toward CrateDB given the richness of its distributed SQL querying engine and ability to query data in real-time without resorting to an ancillary data warehousing option to append to their machine data analytics infrastructure.