Novell has very recently announced a new product entitled "Cloud Security Services" - a comprehensive set of software that allows cloud providers to connect customers to their infrastructure in a safe and efficient way. This product is the first one that is not marketed to enterprises - instead it is sold to cloud service providers, who will license it for their customers.
Cloud computing is generating much interest. A recent statistic by Google has shown that hits for the phrase "cloud computing" are growing steadily. Why? In search for productivity and efficiency, enterprises are looking to offload non-core processes. The same reasons that fueled outsourcing in the last decades is now driving cloud computing. The promises are enticing, yet there are many open issues and worries - especially in terms of security and privacy. That (amongst other things) keeps many potential cloud computing customers sitting on the fence.
Novell has focused a large share of its brainpower extensively on cloud computing over the past year and has come up with a strategy and a set of products and partnerships. In fact, Novell's CEO Ron Hovsepian made the bold move to summon the company's development managers together at the time when the economic crisis was at its worst. Instead of talking to them about cost savings (just like everybody else), he rallied them to make an aggressive push forward to become a leader in the hot cloud computing infrastructure segment. This seems to have paid off - by focusing a large part of Novell's research on development in this area, the company has not only submitted 63 patents within the area, but also solve major issues around cloud computing security that until now held back investment by customers.
The recently announced "Cloud Security Services" seems like the pinnacle of Novell's focus. It provides a secure framework that cloud providers can use to connect to their customers. What's so special about it, compares to traditional federation technology? For the first time, Novell solves important parts of governance and auditing associated with software-as-a-service (SaaS) and other cloud services.
Who will buy this product? Cloud providers, and therefore end customers in an indirect way. Cloud providers will need to prove to their customers all details about access, usage and entitlements. Before Novell taking a stab at this, there hasn't been much. When it comes to accountability, the cloud has been murky at worst, or cloudy at best.
Implementing proper controls to ensure regulatory compliance and proper business practices is essential. But how can this extend off premises? As things become distributed - as in the case with cloud computing - audit logs are distributed as well, with no clear vision how to collect, combine and analyse this data in a comprehensive way. Novell seems to have solved this in an innovative way. The CSS product combines federation technology with SIEM, also known as "Security Information and Event Monitoring".
An invariable question is what to do with this data, now that it is available and can be collected. Novell has partnered with a company called PivotLink that provides software for a complete online analysis of the collected information. This fits in with Novell's CSS like a glove - CSS will collect and correlate events and audit trails, and the PivotLink software acts as a dashboard to provide extensive reporting and analysis.