Home  »  Jamie Dos Santos: Many Operational Needs Can be Resolved in the Cloud

Jamie Dos Santos: Many Operational Needs Can be Resolved in the Cloud

Jamie Dos Santos, Terremark Federal Group

Terremark Federal Group CEO Jamie Dos Santos began her career as a 19-year-old working at her grandfather’s office at AT&T, where she quickly became familiar with all things technology. After divestiture, Dos Santos took a position at Southern Bell. Eventually, she transferred to Bellcore and Bellcore International, and often flying to South America where the company did a lot of regulatory advisement and privatization with the incumbent phone companies. After Bellcore was purchased by SAIC and became Telcordia, she teamed up with Manny Medina, current chairman and CEO of Terremark Worldwide, to take on more technology-oriented projects, including the Network Access Point (NAP) of the America’s internet exchange and protection of critical infrastructure for customers. She recently talked to The New New Internet about cloud computing, new threats, and how her company works to protect data in the cloud.

Jamie Dos Santos: Our enterprise cloud–we’ve been doing this for several years now, which is light years ahead of most cloud providers today. The cloud has become, as you know, one of the main focuses for our government, especially for IT consolidation and efficiencies. The cost savings of going to a cloud infrastructure you cannot ignore. You’re no longer procuring the servers yourself, no longer doing the maintenance and the software renewals. And if you have a cloud infrastructure, FISMA compliant, located in a TS-accredited facility with 100 percent SLAs on power and cooling, with an Exchange Point (Network Access Point) managing over 160 plus networks, you can always get access to the infrastructure in addition to the savings. It’s something for us that has done very, very well. We started in the commercial space years ago. Marquee names like H&R Block and BMW, many of the Fortune 100s and 500s–we’ve been doing business with for quite some time. The federal space, as you know, usually adopts a little bit slower. Our enterprise cloud, I would say, in the government space has almost become the de facto cloud for certainly the dot-gov environment. We have folks like Department of Transportation, VA, GSA.gov, USA.gov, data.gov, whitehouse.gov, as examples. Through the CIO’s  internal networking and Vivek’s encouraging they share their experiences and savings. That piece of our business has just grown exponentially.

The New New Internet: What does a transition to the cloud mean from a security standpoint?

Jamie Dos Santos: We tell every customer of ours, whether it’s a bank or a hospital or the government, they need IDS boxes and to follow their internal compliances for intrusion detection. Those are signature-based systems–malware that’s already been identified.  The signature gets loaded into their vendors IDS. The issue becomes, that it doesn’t take much of a change to the makeup of that malware or that anomaly – a very small degree, and it’s no longer going to be detected by those systems, so in fact it is only a percent of malware that is detected.

In a cloud environment, the idea of shared resources (infrastructure), depending on the provider, brings a security concern of one user infecting many. In our case, we use it as an opportunity to have an architecture in front of the cloud infrastructure (called Clearsky) which offers a service to clean the IP prior to it entering the cloud and exiting as well as a host-based memory forensic security tool called Voltage protecting the resources. In addition, we have a separate cloud for the dot-gov clients, our commercial customers and federal customers do not share the same cloud. We also protect both the networks and our internal infrastructure with our security services.

The New New Internet: In the case of a cyber threat, how do you processed with taking care of it?

Jamie Dos Santos: We can detect anomalies and malware, validate them against the IDS commercially available boxes (approx. 42) and check to see if it is a known bad actor. If we in fact get a positive read against the IDS’s, we notify our clients but are not focused on that intrusion since it has already been identified commercially. We focus on what the industry calls a zero day attack. These are the anomalies that have not yet been signatured and go undetected in the IT environments. Once identified, we can look across all our environments worldwide  (we have CONUS and OCONUS operations; Miami, Santa Clara, Dallas, NCR-Culpeper, Brazil, Bogota, Amsterdam, London, Istanbul, as examples) to make sure they have not penetrated any other customers. We have other capabilities, as long as we have that agreement in place, and we can go in their environment and help them remediate it.

The New New Internet: Do you have the same protection for data in the cloud?

Jamie Do Santos: That same security architecture, Clearsky, is something that we have in front of our cloud infrastructure. There are components of a cloud provider you should understand, such as the robustness of the facilities operating the cloud. This indicates the stability of the physical infrastructure. It’s very important, because if you lose the physical infrastructure, you may be protecting your data that gets to the cloud, but not be able to access it. SLAs on power, cooling, multitude of networks accessing the site are all important. The security that protects the cloud inside the physical infrastructure is the other half. Certainly, separation of our commercial clients, and our federal clients is another level of security. Although financial, healthcare, high-transaction type commercial clients that rely on their IT infrastructure are just as security conscious.

The New New Internet: Terremark offers two cloud services, the vCloud Express and Cloud Enterprise. Can you talk about those offerings?

Jamie Dos Santos: We actually had the Enterprise Cloud first. We always thought it needed to be in a very secure environment. Basically, you can procure the amount capacity, processing power, firewall, security services, storage with an ability to burst. We will review with you the security services that you want in your environment. Access is provided through a portal; you can look at the utilization of each server, its maintenance, software versions running and its utilization. The ‘express’ model was created for more of an R&D clientele, credit card transactions to use a few minutes or hours, days versus a long-term outsourcing model with critical applications.

The New New Internet: So, you can offer very tailored services?

Jamie Dos Santos: Yes. From a complete outsourced model to a very a la carte-type services. Infrastructure as a Service, you purchase a baseline level of capacity that you can manage, or we manage for you all the way to the application layer. Security services, you can balance load your data, generate new servers. COOP and DR CONOP’s can be written and deployed with us across our environments. We have cloud services internationally as well as we do domestically. There’s a lot of flexibility. This coupled with the saving is why the industry is charging forward so quickly. Savings quoted by GSA, and other business cases identify the savings up to 70 percent, an amount you cannot ignore.  So, it’s economically driven. This is why you’re seeing Vivek [Kundra] and other leaders inside the government, the SECDEF and the CIOs of these agencies, Air Force, Army, all trying to move over to an enterprise cloud environment with security.

The New New Internet: Are there aspects of cloud computing you are concerned about?

Jamie Dos Santos: From an infrastructure standpoint, and as a large cloud provider of the largest Fortune 100 companies and government, we place our attention to the stability of the infrastructure and security, making sure we have the capacity for our clients, bursting needs, the physical environment to handle the power and cooling, availability of networks are all operational under disciplined processes. We feel there are many of today’s operational needs that can be resolved in a cloud environment, such as the case of the warfighter; how does he know that the information that’s being presented to him is correct? How does he validate the integrity of the information that has been given to him, in which he is acting upon? A cloud environment may be a great way to have a solid set of data available to him.

The New New Internet: That’s a very interesting perspective because I’ve never heard any of the cyber professionals I’ve interviewed discuss it from a warfighting standpoint.

Jamie Dos Santos: A cloud is a good place to put a solid set of data that you need to keep protected away from your own systems. If I knew my internally hosted systems were compromised, I could go to this cloud and access those applications for validation. To the extent of security being used, validation in memory of those processes could be done there also. I think you’re going to start seeing private cloud infrastructure being used like that. It makes sense.

Related posts:

  1. How Secure is Cloud Computing?
  2. New Report Details Governmental Cloud Security in EU
  3. Spies Like Life in the Cloud
  4. The Security of the Cloud is Better than it Appears
  5. NASA May Be Prototype For White House Cloud Computing Initiative
Tagged with:     

1 Comment

Pings and Trackbacks

Leave a Reply