The initial concept of a cloud broker has been floating around for a while. In the US Government report by NIST (National Institute of Standards and Technology) on cloud, NIST called cloud brokers aggregators of cloud services. Beyond that initial definition a number of interesting products have emerged. In fact, I believe nearly four years ago I published a blog talking about the concepts of Cloud Broker 2.0 that includes end to end security and end to end directory integration. The end point to end point security would allow the organization to have remote devices (cellular phones) connecting from the local coffee shop and they wouldn’t have to worry as much about the security of the remote end point. They would secure their solution in the cloud, the broker would provide the security for devices. Using the many available devices to consume information from the cloud.
Now, the reality of wearable technology changes the game a little. So in the concept of Cloud Broker 3.0 there is the broad concept of broker (Cloud + IoT) and integration (data + analysis) that the broker would need to be able to provide. This would be integration between the many data sources and the many IoT, Cellular and cloud services. Leveraging the concepts of cloud 2.0, cloud br4oker 3.0 offers the following:
· Cloud aggregation services
· Aggraded data services (IoT and other ingest services)
· Aggregated data analysis services
· End to end security services
· Unified service catalog
We are bound by the reality of the networks we have today on the first three. We are also bound by the nature of data in all of the categories. First off there is the value of information. Information as it exists today. The value of information has many components but realistically for companies there are two critical components – right information, right time for the right action. Is one of the business needs/requirements and risks. The other is the risk of the information falling into the wrong hands. So there the data use issue and the data loss issue. Organizations wind around various security rules around information to prevent the second. They allow various components of their data portfolio to be consumed by remote devices to better support the first issue.
There are two distinct problems with this right now. The first is intelligence of device selection. I have received massive Excel spreadsheets of information while I was on my cellular device with an email (the excel file was an attachment) asking me to review the file. I did not have access to any other device at that time, so the ability to review the information was limited to me resizing the screen over and over. It took 3 times longer doing that than it would had I had access to a larger screen.
In my long argued concept SCRaaS, the Screen as a Service, screens can be leveraged as services within environments. Now, outside of the corporate controlled reality, you have a security risk. It’s not hard to put a memory device on a screen that literally captures all information sent to that screen and stores it. So there has be controls and security around screens that would allow for SCRaaS.
That brings up another point that being a structured and managed notification system. Sensitive data should never be presented on a cellular phone. It is far too easy to basically hijack that phone. Even if it’s just looking over the shoulder of the person reading the information. So in the broker 3.0 model we will integrate some of the components of what I called The Myverse in my book The Syncverse. The broker 3.o catalog would include options for storage beyond what cloud providers offered. So where a cloud service offers tiers 1-5, the broker could also offer a new tier of service (managed) that was not on premise of the customer but managed and hosted by the broker. Cloudier to the user, but with additional security options. The first being if you are on a cell phone, you can’t see this. Or to borrow from the song, you can’t touch this. It would allow the organizations IT security team to establish the concept of known and unknown networks. The user could then be informed; you have the following information available but you are on an unknown network therefore it cannot be released to you. This also would allow the IT department to tailor the notification system for the user. Notify them via email that they have a secure file available in the secure store of the Broker (there are many products that do this today). But add to this the additional management of you are on a device that is on an unknown network or you are on a cellular device and need to connect via a more secure method. Also the system can notify you, this data is larger than can be effectively presented on a cellular device switch to a tablet or laptop secure connection. Or switch to a known good SCRaaS device.
All of these concepts then come together in the overall offering that I have detailed as an NGO City Broker. Combining known good data, known good networks and cloud services, with billions of IoT devices to produce a secure compute environment. It still will require that organizations have security teams watching for bad actors. Secure doesn’t mean uncheckable. It just means that the data and devices are secure from stupid.
Broker 3.0 fan, NGO City Broker designer
The images, concepts and ideas in this blog are copyright Scott Andersen