A reader asked me “what is the difference in cloud brokers from 1.0 to 2.0?”

The first and primary different is the unification of offerings. Today there are companies that move applications to the cloud and companies that offer broker services. Broker 2.0 is a solution in the end that combines the two together and offers a single unified catalog that gets your organization to the cloud.

You click move my application to the cloud and then answer about 20 questions or so, the system finds your application, finds the right target and then notifies you that in fact your application is now migrated.  While I realize this is extremely simplistic because in the end simply pushing an application to the cloud isn’t the answer. It is the first step in the journey.

The next feature is the concept of becoming your second DMZ. Over time you can actually have two DMZ’s that will make it harder (not impossible) to traverse your security parameter. The quickest and easiest thing is now being able to route traffic securely from the broker to the service they need. That reduces the number of direct organizational connections which reduces both network and compute impact on your organization.

Another feature is simply adding another CSP. In order to successfully add a CSP today an organization has to establish a relationship with that CSP. They have to have a number of meetings that in the end are time consuming and may not be overly effective. Its hard to see sometimes past the smoke and mirrors of sales to result in the reality of what will work. With a broker 2.0 model you would have a partner that vetted all the new CSP’s. This partner would have a vested interest in securely finding the right match but also would be able to generate a quick, iterative and repeatable CSP vetting process.

Yesterday I brought up the concept of the broker offering a virtual directory connection. Now your corporate or agency directly is less exposed. You can have a Virtual Directory that doesn’t have user names. It simply replaces users with mathematical results. The users wouldn’t have to see the numeric ID’s or ever use them. It allows for the reduction in alphabet attacks as you move more users out to cloud applications. The Virtual Directory system would also offer you the ability to sever a cloud service effective immediately. You remove everything within seconds when a system gets compromised.

In the Broker 2.0 model you could leverage IoT for personal security identification. Creating a password system that relies on information only available to someone physically inside the building where your company is. What is the moisture content of the soil in the office Fichus?  Information only available to a sensor and a connection to a physical device in the office. It provides a unique password that can be changed every 30 seconds. A new security model that requires some old fashioned physical security wrapped around the IoT.

All of this and more wrapped into the organizational catalog. Services that you can purchase from the broker such as having hardware, software and even office supplies available as components of your catalog. Secure connections to cloud services and the ability to do mobile device management at the broker level rather than from within your corporate core. Removing all connections to the outside world and having a double DMZ protecting you. All of that plus the full implementation of a set of applications that are instantly portable. Since the broker moved them into the cloud, they can move them to a new cloud as needed.

Cloud Brokers are coming. It is an economic certainty. When a market matures enough the brokers appear. Organizations are building and deploy Broker model 1.0 right now. No one has a 2.0 solution yet, but it is just over the horizon. I detailed a number of other potential adds ons for the broker of the future in my book The Syncverse.


Scott Andersen

IASA Fellow.