The federal government needs to step up continuous monitoring of its IT infrastructure and move beyond outdated security reporting methods, says a recent panel at a trade organization conference, in a story I read online. That’s entirely consistent with the wish list that I’ve been hearing from government customers. And the need for 24/7 monitoring, for example, from a cloud-based platform, is totally in line with some new government guidance that’s coming on monitoring, increased oversight and expected legislation.

At the Management of Change conference held by American Council of Technology and Industry Advisory Council, Marianne Swanson, senior advisor for information system security at the National Institute of Standards and Technology (NIST), said that federal agencies should focus on three strategies when it comes to continuous network monitoring. She said monitoring should occur at the:

• organization level
• mission level
• system level

Some new developments coming down the pike will make continuous monitoring more likely to be a reality soon. For one, NIST is developing new guidelines on security strategy, performance metrics, risk tolerance and the frequency and types of monitoring controls agencies should consider using organization-wide.  In the past, the group’s guidelines were more focused on certification requirements and authorization. NIST will also offer guidelines for managing, configuring, gathering and reporting monitoring results at the mission level and ways to implement monitoring tools and assessing automated security controls at the system level.

Another important advancement that will make it easier for federal agencies to adopt continuous monitoring is a coming NIST guide on how to manage supply-chain risks, and it will offer best practices that agencies should follow when buying software and hardware products. Private industry can also use these when developing supply-chain practices in order to meet government contract requirements.

The Department of Homeland Security is also working on new processes for assessing threats,  influencing security policy; enabling agencies to execute those policies, through best practices; and measuring how successful agencies are at preventing security breaches.

There’s also greater oversight and more legislation on the horizon. Last week, a House Oversight and Government Reform Committee approved a bill that will reform the current rules by the Federal Information Security Management Act, called the FISMA Act of 2010, that requires continuous cybersecurity automated monitoring.  Expect action on that bill by year’s end.

Despite the promise of progress, the fact remains that, today, many federal agencies are still operating aging software systems trying to cover security demands being imposed on them that they weren’t designed to handle.

Given the state of government agency software and the new demand for continuous monitoring, the best, most efficient way to look after networks and protect against breaches of security is via cloud-based monitoring systems. They’re always on, for one. And, there is no need for government IT folks to continuously update installed software. In addition, a series of versatile notifications – via phone, SMS, email and other methods – can immediately warn managers of database security breaches or outages. Another advantage is that cloud-based monitoring tools offer great reporting (addressing the performance area that DHS is reassessing), for example, historical data on each virtual server start and stop and performance data, and that allows IT managers to analyze failures and their root causes.

Cloud-based monitoring tools are the most efficient and versatile stewards of the $10 billion that the American people spend yearly on security.

I got lots of inspiration, personally, from reading an account of an interview with Justin Crotty, the vice president of services sales at Ingram Micro, a Santa Ana, CA-based wholesale provider of tech products and supply chain services.

In the interview, Crotty said he was tired of hearing that the cloud held no value proposition for solution providers and distributors. I immediately took notice because I’m a solution provider – of cloud-based monitoring services. “Just because you buy something or provision something doesn’t mean it’s going to work,” said Crotty.

Naturally, I agree. Our Monitis end-to-end monitoring solution service lots of companies daily who find that their apps or website or cloud provider is not working smoothly. What’s more, the value proposition for me is in making them aware of the situation—through a menu of notification services we offer.

But what really I really liked about Crotty’s interview with ChannelWeb was his advice for would-be cloud service providers: Cloud computing is still an evolving technology, but solution providers should not be afraid to take risks — and learn from mistakes.

As humans, we hate negative emotions. It’s so much nicer to focus on the pleasant. But sometimes you can’t ignore “bad” feelings. And it seems there’s plenty going around amongst IT pros when it concerns the cloud and security.

A new survey says IT people are just plain scared that putting their data on the cloud will expose their companies’ sensitive information – and put it in the wrong hands. Many say there are plenty of employees who are unaware of the scope of cloud services employed at their firms. And there are a lot of IT executives who, despite their own misgivings about the cloud, suspect that many employees are already using cloud services…that is, without IT’s knowledge. The poll, the Security of Cloud Computing Users study, was conducted by the Ponemon Institute and sponsored by CA Inc., and surveyed IT pros in both Europe and the U.S.

Here are some findings that I thought I’d share:

– 68% noted that financial information and intellectual property were too risky to store outside their company’s own data center. More than half also were convinced that health records shouldn’t be moved to the cloud, while 43% said credit card information should not migrate outside their own data centers.

– more than 50% of U.S. respondents felt that their organizations were unaware of all the cloud services deployed in their enterprise.

“The [survey respondents] said, ‘Yes, in fact, we’re not confident what applications out there are being used within policy and we’re not only not confident in what’s really going on, but we’re also not sure what the problems are we should be dealing with,’” said Mike Spinny, a senior privacy analyst at the Ponemon Institute, who was quoted in an article I read about the survey. “It’s a very concerning situation in that we’re talking to people who are tasked with the responsibility of protecting information.”

What I also found interesting is that there seems to be a lot of confusion out there, too, about security and who’s responsible for it. After reading, I feel even stronger that companies need independent assistance in monitoring cloud services performance and service level agreements (SLAs).

In the study, 27% of U.S. respondents and 38% of Europeans polled believe their organizations’ security executives are most responsible for ensuring safety. Only 38% of U.S. IT people indicated that they’re proactively involved in assessing the sensitivity of data and whether it should be stored in the cloud. ›

Cloud computing continues to appeal to educational institutions like universities, high schools and kindergartens. Not only do teachers depend on cloud services, such as Blackboard and Moodle to construct and manage courses and assignments online, but students love these services, too, because they can access study guides, homework and other educational tools online. And they don’t have to be home to access them, either. Any web connection will do.

Recently, I stumbled across a great cloud/educational blog that presented a few ideas on how cloud usage will reshape education and school management. Cloud tools will:

• Pare software expenses, as many cloud-based apps are free, very low cost or only charge on a pay-for-use basis. Perhaps some schools will pass on these savings to students – in the form of tuition discounts? Nah!
• Allow school-based IT staff to be more strategic, as fewer apps to be hosted and managed internally means that IT pros can concentrate on local infrastructure needs or even devote more time to planning for meeting the future computing needs of their institutions.
• Provide round-the-clock access. It used to be that when you finished school for the day and you left your history homework in your locker, you were assured detention the next day because you couldn’t do your homework. Now staff and students are requiring 24/7 access to their files, applications and social connections – any time, any place, any device. Cloud computing provides a powerful way to do this.
• Reduce/eliminate the need to update software, as cloud-based apps take care of this automatically.
• Allow for greater experimentation, choice and agility for applications. Cloud-based services and applications can provide for more nimble use and access – and allow for lots of smaller products and services to be ‘tried out’ without the requirement of a large-scale commitment.
• Reduce barriers to participation, contribution, sharing. The management of identities and access – a complicated task at best – can be done more readily in a cloud-based environment. That will promote greater degrees of shared access across and among systems and applications. How? Apps will allow for greater participation and contribution from students and teachers because individual accounts can be established and managed more easily. Plus, the content that is created and shared in this way can be stored, managed and retrieved across an entire network.
• Promote relevant, accurate educational tools. Schools want high-quality tools that support teaching and learning. But it’s often difficult to keep up to date and relevant. Cloud computing options provide unlimited opportunities for shared repositories to develop, with access rights and management issues addressed on a wider scale than within an individual school.

Schools advancing toward greater usage of clouds can also depend on monitoring systems to alert them to problems with access or slow app performance. Monitis, for example, helps a growing number of educational institutions monitor their cloud apps via such features as:

• instant failure alerts
• cloud monitoring (to provide information such as number of instances)
• cloud storage monitoring

transaction monitoring of your site (including tracking the load time for each of your pages).

Enterprises today are spending billions of dollars to realize productivity and automation gains from the end-user experience. The processes are critical to the bottom-line of companies, and so that’s why many companies today are embracing end-user monitoring (EUM), as part of their comprehensive IT management strategy.

What is EUM?

EUM is systematic methods and processes that assess systems performance from the user’s perspective, and incorporates two types of approaches:

• Active monitoring or End-user Experience Monitoring (EUEM), which uses scripted transactions to measure performance and availability,
• Passive monitoring or Real User Monitoring (RUM), which tracks user interactions with the system

EUM Benefits Many Parties

EUM is critical for web businesses because competition is just a click away if the end-user experience is bad or negative. For example, Dell has learned that speedy resolution of customer issues builds customer loyalty. Dell makes it a practice to quickly isolate the root cause of an issue, for example, discerning whether something is a server problem, a network issue, or a condition limited to the desktop. This is the first step of problem resolution.

End-user experience monitoring is also important for keeping internal users satisfied. While end-users within a company or organization may not complain about every issue, they often complain to co-workers about problems with an application. And eventually user complaints will make their way to upper management, including the CIO.

Lastly, when end-users are content, IT staff can focus on more strategic tasks that bring value to the business – rather than merely responding to interruptions in an attempt to minimize loss of revenues, productivity and profits. By employing EUM, IT then becomes more of a strategic partner to the business rather than just fighting fires.

How big of a problem is end-user dissatisfaction for companies? A 2004 survey of IT professionals by Forrester Research found that:

• Nearly 85% reported experiencing incidents of significant application performance degradation
• In the previous year, 51% acknowledged instances of poor application performance growing more frequent
• Incidents had at least moderate impact on employee productivity (82%), team productivity (77%) and customer service quality (79%)
• More than half delayed launches of new applications because of network performance concerns

Some areas of EUM that are extremely important include:

- usability issues

- network delays

- sluggish servers

- transaction errors.

And positive results from EUM can include:

- A better understanding of application usage patterns before an application goes live,

- Immediate verification of the impact of configuration and tuning parameter changes,

- Easier researching of a problem isolated to a specific user,

- Quicker recognition of a slowdown, outage or other problem via baselines that can be used as benchmarks,

- Through results, better visibility of areas that need more investment to improve user productivity.

Recommendation: Take the Hybrid Approach

I recommend that enterprises new to monitoring start with a hybrid approach, for example, the Monitis all-in-one on-demand monitoring service. A hybrid solution is comprised of a combination of synthetic and real-user monitoring that covers your most critical applications – plus server and network monitoring. Avoid the rather simplistic tactic of considering end-user monitoring as a new source of event-based data to combine with existing management tools you may be using. It’s more practical to frame the data already collected by existing monitoring products in the context of the end-to-end services.

Lastly, a bit of advice on what your end-user monitoring service should be able to do:

• Measure end-user experience across firewalls, load balancers, web servers, application servers, and database servers.
• Provide data in the context of an end-to-end service delivery chain.
• Provide performance data in a standardized way for active, as well as passive monitoring.
• Support round-the-clock tracking for all HTTP transactions, and from all end user locations—not just sampled data.
• Support non-web based applications, too, for instance, VoIP, SMTP, telnet, TCP.
• Enable rapid time implementation to gain maximum value and minimize administrative costs.
• Help you get to the root of problems rapidly.

Press Release

San Jose, CA – May 21, 2010 – Monitis, the leading provider of the world’s greenest, all-in-one, Cloud-based network and application monitoring suite, today announced the “Monitored by Monitis” endorsement program. Now, Monitis users can enhance their site’s credibility by adding a simple “Monitored by Monitis” badge to their homepage.

Available for use by all Monitis users, the program is aimed at reinforcing the concept that sites that are Monitored by Monitis have superior uptime and are therefore superior business partners. Access to the Monitored by Monitis program is available via: (http://portal.monitis.com/index.php/resources/monitis-badges).

Said Hovhannes Avoyan, Monitis’ Founder and CEO, “The Monitored by Monitis program is a small but effective way for our users to increase the value of their partnership with us. By giving their site critical third-party validation, they will be recognized as superior business partners.”

About Monitis All-in-One Monitoring Platform

Monitis is the only service that provides Systems Monitoring from the Cloud.  It is leading a new era of systems management tools – the Cloud generation.  Monitis is a 100% Cloud-based, complete, and flexible IT monitoring solution, offered on a Software-as-a-Service (SaaS) model.

Monitis consolidates back-end monitoring, application monitoring, website monitoring, and cloud monitoring in an all-in-one, hosted monitoring service. The platform is easily customizable and may be used for managing of all kinds of IT assets such as websites, servers, routers, switches, VoIP devices, DNS, databases, processes and any other IP devices.  Monitis provides users with a comprehensive view of their system’s health and performance. 

About Monitis

Monitis believes that the Cloud is the biggest thing to happen in IT management since IT management. Having seen this vision early, Monitis is now the global leader in developing this market.  It is the first affordable network and systems monitoring solution based 100% in the Cloud. 

Besides Monitis’ enthusiastic and loyal user base of 50,000 customers from small businesses to Fortune 500 companies to government agencies and educational institutions, Monitis has won rave reviews from the technology analyst community. These accolades include:

• Being named as the “Most Innovative Start-Up for 2009″ by industry analyst The 451 Group at their annual client conference in December 2009.
• Being ranked among the 2010 OnDemand 100 in April 2010. The OnDemand 100 is a ranking by Morgan Stanley, KPMG, and AlwaysOn of the world’s top 100 private companies.

Headquartered in San Jose, CA, Monitis is lead by a team of IT professionals with deep experience running enterprise-grade IT businesses, as well as starting and selling several IT start-ups.  Using a global workforce, particularly its R&D team based in Yerevan, Armenia, Monitis is poised to move from strength to strength.  At present, it has a loyal and enthusiastic user community of 50,000, and an average month-on-month growth of over 10%.

Contact:
Monitis Inc.
Sales & Marketing Department
info@monitis.com
http://www.monitis.com
US & Canada Toll Free: +1-800-657-7949
UK + International: +44-845-527-3346
France + International: +33-48-607-9035
2880 Zanker Road Suite 203
San Jose, CA-95134
USA

When you trust your data to a cloud service provider, do you automatically assume that it will remain safe? And do you assume that, should a service failure occur and the data appears lost, that the provider will have automatically backed it up somewhere – saving the day?

Don’t assume.

Earlier this month, there were three power outages at Amazon Web Services, and people lost their data. One customer was so angered by it that he/she left a post on Amazon’s blog, entitled: “Amazon EBS sucks; I just lost all my data.” The gist of the disappointment was a notification to the user that they’d “experienced a failure due to multiple failures of the underlying hardware components and was unable to be recovered.  We recommend recovering from your most recent snapshot.”

But new users to cloud computing shouldn’t assume that AWS’s redundancy will automatically restore any data loss. Amazon actually states that customers’ data depends on its durability – meaning, it depends on the size of a user’s volume and how much the data has changed since the last snapshot. So, really, the responsibility is on the user to plan for failure and continually perform EBS snapshots. Problem is that new users often don’t know this.

I think that using the cloud shouldn’t be this complicated. The cloud promises ease of use and fewer worries for IT administrators. So why not deliver, especially to smaller businesses that don’t have a hearty internal IT infrastructure that prevents data loss?

Best thing is to be prepared, and that’s why it’s smart to employ monitoring tools to track the performance of cloud platforms. Monitis’s Universal Cloud Monitoring Framework gives users the confidence that comes from employing a third-party independent tool to monitor the cloud infrastructure.  Even when cloud computing providers offer monitoring services (like Amazon CloudWatch), there’s often an inherent conflict of interest because they’re more likely to show higher uptime. You want a customized, independent audit of SLAs (service level agreements)!

Monitis’s Cloud Monitoring Framework helps companies:

- Control Amazon Web Services’ costs. Companies often find their cloud computing costs escalating when they use auto-scaling mechanisms to add extra Amazon EC2 virtual servers on demand and, due to bugs or faulty configurations, processes get out of control;

- Stay on top of monitoring and notifications for newly launched URLs — via an automatic discovery process;

- Automates agent deployment on each newly launched virtual server, which saves companies setup time and allows for deep, process-level monitoring and detailed performance analysis.

- Analyze historical data on each virtual server’s start and stop and performance data, enabling IT pros to examine failure and root causes;

- Monitor installed software on each virtual server, along with other parameters, and smoothes the configuration management of large numbers of cloud servers.

Last week I read an interesting article by Jabulani Leffall about the top IT security issues causing sleep-deprivation at University IT departments.    Among the top 10 were 1. Securing remote access, 3. Patching systems, 6. Network use monitoring, 8. Password management and administrative access, and 10. Monitoring system logs.

In all these case, using cloud-based monitoring has advantages over open source.  With Nagios or other open source products, you need to make frequent exceptions to your firewall to configure server monitors and also to make the Nagios dashboard accessible from outside your firewall.  With a SaaS like Monitis, you don’t need to touch your firewall because all data is pushed to the cloud via HTTPS and the dashboard is hosted on our servers, not yours.

Regarding patches, we echo the sentiment that they are a major downside of Nagios and software in general.  They reduce productivity and are a pain.  With Monitis, there are no patches or upgrades to worry about.  All product improvements are released seamlessly without your involvement, even for internal agents.

Password Management and administrative access are doable with open source, but not nearly as simple as in a SaaS, which lets you control user privileges from anywhere.

Monitoring of network use and system logs is possible with both solutions, but here’s where reliability makes a huge difference between cloud-based and open source.  Nagios usually runs on just one server within your firewall, making your entire system vulnerable to the problems of that one server.  If that server goes down you won’t receive critical notifications about your network use or system events. With Monitis, you have not just one server, but an entire monitoring network, so you can rest assured that we will notify you even when your entire network goes down.

There are often concerns about storing proprietary data on cloud servers.  These are legitimate concerns, especially for applications with confidential data like customers, students’ test scores, email, and health records.   Monitoring data shows the performance of servers, websites and applications like Moodle or Blackboard, which is far less confidential.  I think that explains why universities are showing increasing interest in cloud-based products, particularly in monitoring.

I read about CA World in Las Vegas this week, and the description of the cloud by one company executive, Dr Ajei Gopal, executive vice-president of products and technology, really caught my eye and struck a bell.

In a story on the event, Gopal was quoted as describing how the typical IT department will be transformed and made – more so than ever – into a management function benefitting the entire organization: “The cloud will change everything. Instead of being a monolithic supplier of technology services to the business, the IT department becomes the manager of a dynamic supply chain of internal and external resources that delivers services to the business and its internal and external clients.

“[IT will be about] managing a highly virtualized, highly adaptable, internal and external supply chain where the focus is on the product. In this new era, the entire internet is going to be the data centre.”

Gopal’s comments had a ring of truth to it that struck home because I’ve said numerous times in this blog that the cloud allows IT managers to let go of tedious tasks (such as buying and updating endless rounds of application or OS software, and gives them more time to act like true managers – that is, take a larger view of their computing infrastructure and manage its present and future needs holistically.

William McCracken, president and CEO of CA, was there, too, addressing the 7,000 delegates in a keynote. And he spoke about how the economic crisis has forced many companies to be more efficient and do more with less.

“Most systems in large enterprises at any point in time are 40 to 60 percent underutilized,” he said.

That’s another reason I see the cloud really taking off this year. As the economy returns to health, I can’t believe that companies will return to their old, wasteful ways of managing their resources. So, they’ll turn to cloud platforms and cloud services providers, such as monitoring tools, because they allow you to pay only for what you use.

And that’s something that’s good for both large and smaller companies.

Press Release

San Jose, CA – May 18, 2010 – Monitis, the leading provider of the world’s greenest, all-in-one, hosted network and application monitoring suite, today announced The Academic Plan – a comprehensive, all-you-can-eat (or unlimited) package and pricing model for schools, colleges, and universities.

The new Academic Plan offers everything found in the traditional Monitis suite of tools, but also includes unlimited monitoring. So academic institutions, be they schools, colleges, or universities select one of 3 possible packages – Small, Medium or Large based on the number of servers they need monitored, and nothing else. It’s that simple.

Starting from just $248 per month, the Academic Plan, is a perfect offer for schools with even the tightest of budgets, as all added-value services are free – the number of parameters to monitor, the number of network devices, and even alerts including Live Voice and SMS alerts. As a result, educational institutions have the luxury of employing a single monitoring solution instead of the standard current mix of multiple open-source software solutions (e.g. Nagios, Zabbix, Zenos, Cacti), commercial software solutions (like Solarwinds, Whatsup Gold), and external end-user experience monitoring services (like Gomez, Keynote).

Given that Monitis operates on a SaaS model and is based in the Cloud, IT managers throughout Academia can avoid the cost, stress, hassles, and limitations of using traditional software-based monitoring tools. With Monitis there are no upfront license fees, no updates to manage, and no servers to maintain. Getting set-up and running with the complete suite takes only 5 minutes, and as Monitis offers the Industry’s most reliable notification system, users can rest easy knowing that they’ll be notified even if their system or network is completely down.

But in addition to all of the professional advantages Monitis offers, it is also the greenest monitoring solution available today. Because schools, colleges, and universities that use Monitis don’t have to buy and operate their own monitoring servers, they save massively on electricity bills and minimize their carbon footprint. Indeed, with the average server’s electricity bills running approximately US $1,050/year, academic institutions save more money on electricity bills than they will spend on Monitis’ services. The savings increase even more dramatically when the cost of acquiring and maintaining the server are included, as well.

Said Monitis’ Founder and CEO, Hovhannes Avoyan, “For schools, colleges, and universities around the world, Monitis’ Academic Pricing plan is a no-brainer. Take the world’s leading-edge monitoring technology, wrap it in a pricing plan with a TCO that’s even lower than open-source systems like Nagios or Cacti, and then factor in the carbon footprint reductions, and Monitis has an offer for Academia that is truly unbeatable.”

Learn more at http://portal.monitis.com/index.php/monitis-for-education

About Monitis All-in-One Monitoring Platform

Monitis is the only service that provides Systems Monitoring from the Cloud.  It is leading a new era of systems management tools – the Cloud generation.  Monitis is a 100% Cloud-based, complete, and flexible IT monitoring solution, offered on a Software-as-a-Service (SaaS) model.

Monitis consolidates back-end monitoring, application monitoring, website monitoring, and cloud monitoring in an all-in-one, hosted monitoring service. The platform is easily customizable and may be used for managing of all kinds of IT assets such as websites, servers, routers, switches, VoIP devices, DNS, databases, processes and any other IP devices.  Monitis provides users with a comprehensive view of their system’s health and performance. 

About Monitis

Monitis believes that the Cloud is the biggest thing to happen in IT management since IT management. Having seen this vision early, Monitis is now the global leader in developing this market.  It is the first affordable network and systems monitoring solution based 100% in the Cloud. 

Besides Monitis’ enthusiastic and loyal user base of 50,000 customers from small businesses to Fortune 500 companies to government agencies and educational institutions, Monitis has won rave reviews from the technology analyst community. These accolades include:

• Being named as the “Most Innovative Start-Up for 2009″ by industry analyst The 451 Group at their annual client conference in December 2009.
• Being ranked among the 2010 OnDemand 100 in April 2010. The OnDemand 100 is a ranking by Morgan Stanley, KPMG, and AlwaysOn of the world’s top 100 private companies.

Headquartered in San Jose, CA, Monitis is lead by a team of IT professionals with deep experience running enterprise-grade IT businesses, as well as starting and selling several IT start-ups.  Using a global workforce, particularly its R&D team based in Yerevan, Armenia, Monitis is poised to move from strength to strength.  At present, it has a loyal and enthusiastic user community of 50,000, and an average month-on-month growth of over 10%.

Contact:

Monitis Inc.

Sales & Marketing Department

info@monitis.com

http://www.monitis.com

US & Canada Toll Free: +1-800-657-7949

UK + International: +44-845-527-3346

France + International: +33-48-607-9035

2880 Zanker Road Suite 203

San Jose, CA-95134

USA