If you've been following the whole VCE-enabled service provider story, you'll recall that Harris Corporation was one of first (and perhaps most enthusiastic) Vblock adopters.
They've built on Vblocks -- and other technologies from V,C and E -- to offer up an extremely well-positioned service: the Harris Trusted Enterprise Cloud. Their proposition was simple: the Harris cloud has the foundation to be more secure and more trusted than anything most enterprise IT organizations could do themselves.
Since its announcement, I've always wanted to know more about the details: what made it different, and who were the key people behind the offering.
This week, I was fortunate enough to have an extended conversation with Wyatt Starnes, VP of Advanced Concepts at Harris' Cyber Integrated Solutions division.
By the way, I think Wyatt has me beat in the Cool Job Title competition.
Wyatt is not only one of the lead actors in this story, he's a wealth of compelling insight.
Fasten your seatbelts and hang on ...
Trust And The Cloud
Conventional wisdom is that clouds -- especially external ones -- are inherently hard to trust: there's usually not the assurance, the visibility, etc. that enterprise IT environments demand.
My argument in response has been that -- potentially -- clouds could be far more secure and trusted than anything most IT groups could do for themselves. Not a lot of people were buying that argument, though ...
Wyatt and Harris Corporation took this thought to its extreme: they created a purpose-built enterprise cloud that was arguably orders of magnitude more secure and more trusted than anything an IT environment could do for themselves. People aren't interested in it only because it's "as good as" doing it yourself -- as you'll see, it's far far better in many regards.
I feel somewhat vindicated by their success :)
One of his first companies, Tripwire, focused on unique IP in measuring the integrity of IT delivery environments. Later, his company SignaCert took his ideas even further, and was acquired by Harris Corporation in May 2010.
Wyatt gets his inspiration -- not from the IT industry -- but from other mature service delivery industries where the stakes are justifiably high, such as air transportation. His core argument is powerful and persuasive: we need to look outside of IT itself for successful models.
You can hear the enthusiasm in his voice as he's enjoying seeing all his ideas and concepts not only coming to fruition, but being enthusiastically endorsed by the marketplace.
I asked him to share some of his guiding principles he used in constructing his environment. I found them insightful, maybe you will as well.
Establishing A Common Language
Meaningful security and trust discussions can get very confusing, especially when people are using different words to describe the same concepts, or -- worse -- the same words to describe very different concepts. The problem gets more intractable when we start thinking about security components and processes communicating -- you need a consistent language.
The Harris Trusted Enterprise Cloud sets a good baseline here by embracing the NIST SCAP (Security Content Automation Protocol) which is quickly becoming a popular lingua franca for defining and expressing security concepts.
At a very high level, Harris defines "trust" as encompassing four discrete pillars.
The first aspect -- security and compliance -- is an obvious starting point. No surprise here, but Harris makes the correct assertion that simply because an environment is provably secure and compliant doesn't necessarily equate to being trusted.
The second -- service delivery -- means that the external IT services will be there -- and performing correctly -- when it needs to be. You can't trust an external service that isn't performing to expectations, or -- worse -- not performing at all. This implies complete visibility and transparency not only into the end services itself, but how those services are being delivered at an underlying level.
The third -- positive assurance -- means that the environment is constructed from the assembly of trusted components: from underlying hardware through software, network and end user device. Integrity can be measured through a process called attestation.
And the fourth is a very refreshing look at the important issues surrounding supply chain: understanding and controlling the hundreds or potentially thousands of components that comprise a modern IT delivery system.
Thinking Systems, Not Parts
The first is a system you'd trust with your life, the second is nothing more than a collection of objects moving through the air.
It is precisely this sort of "systems thinking" that I found pervasive in the Harris offer, and goes far beyond the traditional IT-led approach. If you think for a moment on exactly how an aircraft is conceived, desgined, manufactured, delivered, operated, maintained -- and measured -- you'll get a good sense for the intellectual framework and rigor being applied to the Harris Enterprise Trusted Cloud.
You'll find systems thinking in data center facilities design, infrastructure, operations, control. For example, when I probed him on how he was handling the SOC/NOC aspect of this, I got a veritable torrent of thinking:
Network Operating Centers (NOC) and Security Operations Centers (SOC) are dated concepts for traditional data center models.
We are building a “Cyber Delivery System” with our payload, or service delivery mandate, being the trusted handling and delivery of ourcustomers compute processes including storage and content.
In support of this we have two new concepts that reflect the “Cyber System and Cyber Integrator” paradigm. Our updates to the old model are as follows:
Cyber Infrastructure Management (CIM) – This is the equivalent of an airlines operations center where allof the logistics that control the delivery of the airline business process are centered. We monitor many factors outside of our own walls including any/all factors that impact the readiness and continuity of our facility to deliver its business process (to meet our promises to our customers). This includes power,connectivity, and outside infrastructure that we depend on to deliver our promise.
CIM is also where we handles specific customer requests and transactions such as provisioning, billing, andC-SLA compliance (C-SLA) is our new definition of Cyber Service Level Agreement. While traditional datacenters seem to use SLA and CYA and synonymous terms, we do not. the C-SLA is our promise of deliveryto our customers – essentially our guarantee and warranty.
Cyber Controls Center (CC) – This is our Cyber Cockpit. Our objective with this is to monitor all of the “flight” controls themselves on a proactive basis. Our security monitoring occurs in this room, but more importantly our Positive Assurance sensor feedback systems and displays are in this area, and all of the continuous monitoring and feedback systems are as well.
If our “bad stuff” detect systems miss something, then our systems will pick up changes to the “as deployed” state. Also the supply chain integrity and assurance is tracked here including our S-CAP automation systems.
So in support of the next Trusted Enterprise Cloud fabric, which is proactive by design….making sure that we don’t takethe plane off unless all of the warning lights are off, and the buzzers and voice warning are quiet. This is in sharp contrast tothe NOC/SOC model, which are based largely on perimeter-centric reactive methods, such as intrusion detection andother traditional cyber security methods.
I get it.
Thinking Processes, Not Discrete Events
It's fair to say that any system is only as good as its processes, and that's clearly reflected in the work Harris has done in constructing their Trusted Enterprise Cloud: not only important operational processes, but continuous improvement as well.
Like air transportation, every process is measured, including human performance. Every process result is six sigma'd. Every process measurement is fully and transparently visible to the users of the Harris Trusted Enterprise Cloud service.
Wyatt shares an interesting example from (again) the air transporation industry. When commercial air transportation started (around 1927), the industry performed at 1 passenger fatality per 1 million passenger miles. Today, that figure is in excess of 1 per 4 billion passenger miles. As a result, air transportation is safer than virtually any other alternative available -- including doing it yourself, e.g. driving.
At one level, there's a predictable reassurance here: a focus on advanced process maturity with transparent measurements at the foundation of security and broader trustworthiness. No black magic or voodoo here. But there's still potential for unique technology that supports better processes.
Perhaps the most interesting aspect I found in all of this was Harris' approach to what they term "supply chain assurance". It's worth taking a moment to fully appreciate what they're doing here.
Thinking In Terms Of Supply Chain Assurance
Back to our aircraft analogy, you don't put just any compatible part into a 747, do you? Well, you'd think the same should be true around critical IT systems, but -- unfortunately -- this isn't always the case.
At a fundamental level, all the interesting bits in an IT deliver system are essentially software: microcode, operating systems, application binaries, configuration files, and so on. Imagine the IT equivalent of our "747 aircraft" as a structured collection of binary objects.
For starters, you'd want to know that each and every software object was exactly the one that the manufacturer intended you to use. If there were configuration files or best practices, you'd want to make sure that those were always under control as well.
And Harris has a fascinating and unique approach to this.
It's called the Global Trust Repository -- a massive database with 4-way cryptographic hashes from over 3 billion software objects from 2,000 different vendors. Each hash entry validates that -- yes -- this is a software object that is being installed precisely as the manufacturer intended. And, if it's not, a policy exception is created. Not only the objects themselves, but combinations of objects required to be compliant.
Now, contemplate for a moment just how useful this repository could be, especially in a cloud context. And how difficult it might be for most IT organizations to even approach that level of sophistication.
Besides the obvious source control aspects, there's an interesting lifecycle angle as well, e.g. when a vulnerability is found in some piece of code out there, it's very easy to immediately assess the risk, even in very complex environments. Software components (and their configurations) can be measured as to various degrees of performance (functionality, reliability, robustness, etc.) which could lead to some very interesting discussions with your software suppliers.
Thinking In Terms Of Complete Tenant Transparency
Most simplistic discussions around multi-tenancy involve protecting tenants from each other. The real problem? Protecting the tenants from the landlord. Indeed, there are solutions out there marketed as "secure multi-tenant" where unfortunately the SP's system administrators are also omnipotent superusers.
Seriously, since most IT operations in a service provider setting involve the customer trusting people who aren't on the customer's payroll, the "how do I protect myself from my service provider?" can be the more serious concern. In addition to the usual separation of roles, etc. Harris adds something else: 100% transparency (e.g. proactive notification) of each and every IT operation that might potentially impact your environment.
Some changes might be important, some might not be -- but there's a strict SLA involved that implements a "trust and verify" model.
The Role of VCE and Vblocks
Wyatt puts it simply: the Vblock approach gives Harris a repeatable and standardized foundation for adding their special sauce. Harris can invest their money in differentiation and continuous improvements vs. assembling, testing and supporting infrastructure components. It's given them a speed, agility and economic advantage they couldn't likely achieve with other approaches.
The other side of it is also becoming clear: since Harris builds their solution on Vblock, enterprise customers are familiar with the infrastructure and the vendors behind it -- another indirect source of trust and confidence.
Thank you, Wyatt and Harris, for putting your trust in VCE and the parent companies. We'll work to continue to earn it each and every day.
Putting It All Together
You might be tempted to debate the pros and cons of the Harris approach vs. alternatives. That's good -- healthy and open debate makes everyone better in this industry, especially when it comes to matters of security and trust.
But there's no arguing two facts here:
- The Harris Trusted Enterprise Cloud appears to offer advanced security and trust capabilities far in excess of what you'd normally find in the vast majority of enterprise IT environments. It's arguably much better than you could do yourself, or -- at least -- do in a reasonable fashion.
- They appear to have no shortage of willing customers who want to learn more about what they've done, and how it can help their businesses and organizations. Yes, there are government customers, but there are plenty of private sector IT operations that are *extremely* interested in the Harris approach.
Back to something I've long claimed: people won't move to external clouds simply because they're cheaper.
They'll ultimately move to clouds because they're better.