Navigating the Security Maze for Cloud Computing

Cloud computing offers a value proposition that is different from traditional enterprise IT environments. By providing a way to exploit virtualization and aggregate computing resources, cloud computing can offer economies of scale that would otherwise be unavailable. The elastic nature of cloud computing provides near immediate access to resources. This is in contrast to the traditional approach of investing capital, resources and time in designing and implementing infrastructure (hardware and middleware). This allows organizations to drive to realize business benefits faster by shortening time to market.

Understand the benefits and risks

While the benefits of cloud computing can be very persuasive, consumers must have a clear understanding of potential security benefits and risks of a potential cloud provider. This allows a consumer to set realistic expectations with their internal business partners as well as the cloud provider. Transitioning to public cloud computing involves a transfer of responsibility and control to the cloud provider over information as well as system components that were previously under the organization’s direct control. The transition is usually accompanied by loss of direct control over the management of operations and also a loss of influence over decisions made about the computing environment.

While security risks need to be addressed, use of cloud computing provides opportunities for innovation in provisioning security services that hold the prospect of improving the overall security of many organizations. Cloud service providers should be able to offer advanced facilities for supporting security and privacy due to their economies of scale and automation capabilities – potentially a boon to all consumer organizations, especially those who have limited numbers of personnel with advanced security skills.

As consumers transition their applications and data to use cloud computing, it is critically important that the level of security provided in the cloud environment be equal to or better than the security provided by their traditional IT environment. Failure to ensure appropriate security protection could ultimately result in higher costs and potential loss of business thus eliminating any of the potential benefits of cloud computing.

Scrutinize the SLA

Despite this inherent loss of control, the cloud service consumer still needs to take responsibility for their use of cloud computing services in order to maintain situational awareness, weigh alternatives, set priorities and affect changes in security and privacy that are in the best interest of the organization. The consumer achieves this by ensuring that the contract with the provider and its associated service level agreement (SLA) has appropriate provisions for security and privacy.

In particular, the SLA must help maintain legal protections for privacy relating to data stored on the provider’s systems. The consumer must also ensure appropriate integration of the cloud computing services with their own systems for managing security and privacy. The requirement for a strong and fair contract and SLA puts the onus on the cloud consumer. It is extremely important that the consumer understand the service levels of the provider prior to accepting any inherent risks that the structure may set forth.

Resources

An excellent resource that can help consumers with the security maze of cloud computing is the “Security for Cloud Computing: 10 Steps to Ensure Success” white paper recently published by the Cloud Standards Customer Council (CSCC). The CSCC is an end user advocacy group dedicated to accelerating cloud’s successful adoption, and drilling down into the standards, security and interoperability issues surrounding the transition to the cloud.

The CSCC white paper provides a prescriptive series of steps that should be taken by cloud consumers to evaluate and manage the security of their cloud environment with the goal of mitigating risk and delivering an appropriate level of support. The following steps are discussed in detail:

Ensure effective governance, risk and compliance processes exist
Audit operational and business processes
Manage people, roles and identities
Ensure proper protection of data and information
Enforce privacy policies
Assess the security provisions for cloud applications
Ensure cloud networks and connections are secure
Evaluate security controls on physical infrastructure and facilities
Manage security terms in the cloud SLA
Understand the security requirements of the exit process

Combined with a previous CSCC white paper on how cloud consumers should manage cloud contracts and Service Level Agreements (SLAs), the security paper is aimed at giving good information and advice to people who don’t have deep security expertise. It provides a step-by-step “here’s how” for cloud consumers to get through the process with some cautions.

Add your voice

With collateral like the cloud security and SLA white papers, the CSCC is making a difference. You can make a difference as well. To add your voice to the growing community, become a CSCC member and join the CSCC working group most aligned to your requirements.

See you in Las Vegas

For folks planning to attend the IBM Pulse 2013 conference in March, cloud security will be a highlighted topic of discussion. I’ll be participating on a panel session titled “Security for Cloud Computing: Understanding Security Challenges” at the conference. This will be an interactive session so if you’re in town, please join us and share your perspective and experience on this critical topic.

EA defends rocky Battlefield 4 launch

Electronic Arts chief creative officer Rich Hilleman has spoken out to defend the rocky launch of Battlefield 4. In an interview with RockPaperShotgun, Hilleman acknowledged that the game faced numerous and at times serious bugs, but said the game overall was a great success.

“I’m not sure I accept your premise,” Hilleman said after the interviewer asked about the embattled launches of Battlefield 4 and SimCity and whether or not EA would overhaul how it approaches launching games in the future. “Battlefield 4 has been an exceedingly successful product on both consoles and PC,” Hilleman said. “From a sales perspective, from a gameplay perspective.”

Battlefield 4’s woes impacted many players and Hilleman pledged that EA would learn from the experience. Still, he said EA remains in an enviable position because even after the many negative headlines and drop in stock price, Battlefield remains a massive, genre-leading game.

“I think there was a lot of noise about the game, but some of that is a function of your surface area. The more customers you have, the more noise becomes available,” Hilleman said. “We did things wrong. We know that. We’re gonna fix those things. We’re gonna try to be smart about what customers want in the future.”

By and large, the players who did buy Battlefield 4–including those who experienced server hiccups and other technical problems–don’t regret their purchase, Hilleman said.

“But I’m not willing to accept–and I don’t think most of my customers are willing to say–‘it’s a bad product, I wish I didn’t buy it.’ That’s not the conversation we’re having now,” he said. “I think what we’re hearing is, ‘You made a game we really liked. We would’ve liked it a little better if it didn’t have these problems.’ Many of those problems we can fix, and we have and will.”

Hilleman brushed aside a question about Battlefield 4 not being tested before release, saying more than 10,000 people beta tested it. However, he admitted that many of the issues came from the Xbox One and PS4 versions of the game, and “beta testing on an unreleased system is difficult.”

Looking ahead to Battlefield 5, Hilleman said development processes change with every new installment, and this is no different for the new game.

“If you were to take a look at the process behind a gen three launch and a gen four launch, it’s 80 percent different,” he said. “So the next major number release for Battlefield will likely have an 80 percent process change, because time has passed. So that’s why I talk about changing for the future, not changing for mistakes we made last time. If I reproduce what I did this time, it’s guaranteed to be 80 percent wrong anyway.”

The Battlefield 4 launch issues led to the commencement of a class-action lawsuit against EA. However, that case may never become a reality, as it is still without a lead plaintiff with just four days to go.

Crytek on the challenge of creating Xbox One’s launchday showpiece, Ryse: Son Of Rome

By giving Xbox One its mandatory early visual powerhouse – despite all the doomsaying about the hardware’s horsepower – Ryse was arguably the console’s most important launch title. It disrupted the narrative, leaving many players clueless as to what the platform can really achieve. It’s certainly hard to imagine more on day one in terms of presentation and ensemble performance capture. As technical art director Christopher Evans and cinematic director Peter Gornstein explain, achieving such results involved risks, experimentation and lots of research.

How long ago did you suspect that the new generation would start at sub-1080p?
Christopher Evans: When we set out our pillars of the game very early, we didn’t even think about what resolutions we were going to do. We really wanted to focus on the characters, the emotion. Those were things we’d never really conquered before. Resolution is more a gamble of numbers – a sliding thing for us. For the Crysis franchise, we’d built a really intelligent upscaler, and most people didn’t even know it wasn’t running at a specific resolution. We just felt that when you play the game and see the images that are generated, there’s going to be another discussion happening.

Are those pillars different when dealing with a console launch title?
CE: The tech core pillars are always built off of the game’s core pillars. That meant we had to make a decision about the characters. For us, the next gen was going to be about having amazing characters in the game as well as in the cutscenes. That ‘play the cutscene’ idea really made us have to rethink. How are we going to do facial setup? How are we going to set up levels of detail? It was difficult enough that it ran the entire course of the project, and there were many times I was told that what we wanted to do for faces and characters was, tech-wise, one of the riskiest things on the project.

One of the things that I found myself defending a lot was the idea that, yeah, we’re going to take tons of scan reference of the actors themselves and replicate their exact performance, but the characters are going to be sculpted by human beings [in] an artistic process. The world, the armour, the face: everything is consistent. It’s not slapping a bunch of photo textures everywhere. When we did our facial scanning, we actually drew lines on the faces so I could check the skin sliding and stuff, so we didn’t even have the actual scan data with diffuse textures for the project.

Though it is a simple game with rudimentary set-pieces, there has never been a game world of such striking beauty, variety or detail, we said in our our Ryse: Son Of Rome review.

We did a lot of reference. We had a photo reference pipeline, we went to Italy, and we were able to pull meshes with normal maps and everything off of our reference photography. But in the end, it just looks really eerie. Sometimes, if you do 3D scanning of a face, you get a face that looks like a moving video, but then the world doesn’t look like that. And you’re not able to populate the world with all of that stuff.

Do you think the shock of inconsistent texture resolution should be a thing of the past now?
CE: There’s a couple of things that play into that. Number one is the fact that it’s an artistic problem. We call that texel consistency. We have a way that we build the game where it shows everything as checkerboards, and a checkerboard has so many checks per metre, and if there’s a stretched texture that makes it look lo-res, [then] it looks lo-res to us.

A lot of people are looking at the hardware on PS4 and Xbox One, and wherever I talk about that, I try to stress that hardware is hardware, and hardware right now outstrips teams’ abilities to fill that RAM with assets. We have a team that’s been building high-fidelity assets for a long time. I think that in the future the team makeup and the pipeline and process that the teams use are going to matter much more, because you’re going to hit this problem where there’s so much RAM. You want a pipeline that allows an artist to ZBrush that trashcan in the corner so that it’s consistent with the awesome character and the awesome room and everything.

A lot of it is building outsourcing pipelines to let you build a prototype in-house and then build a pipeline – we built Marius’s face in four months, and then we had to build 25 more in four months. And that’s going to be the nut to crack.

Ryse may not have been loved by critics, but it is still an impressive techincal feat. And let’s not forget it scooped the ‘pearliest whites’ accolade in the alternative Edge awards 2013.

Peter Gornstein: It’s almost like an aircraft assembly plant, right? You’ve got to find the vendors all around the world that are expert at making that part, and the real trick is making sure it fits in when everything gets assembled.

You’ve notably used prerendered cutscenes in Ryse. Why do that when the engine is so capable?
CE: This is a funny thing for me, because my entire rigging pipeline is predicated on the idea that I have to build rigs that can blend in and out of cutscenes seamlessly. So I would go to Peter and the guys and say, “Hey, I see this loading video is now scheduled to be prerendered. Why?” We talked about it and it was, “Well, we don’t want players to be waiting. If we’re rendering a scene live as well as trying to load the next scene, the engine will take probably three or four times longer.” In the end, we sided with the gamers. We didn’t feel they should have to wait through a big loading time.

Assassin’s Creed 4 ships 10M copies, 2M below Assassin’s Creed III

Assassin’s Creed IV: Black Flag has shipped 10 million copies since launch, Ubisoft announced today as part of its earnings report for the quarter ended December 31. That’s in-line with Ubisoft’s internal expectations, but below the 12 million mark of Assassin’s Creed III during the same period, despite Black Flag being available on two additional platforms: Xbox One and PlayStation 4.

Ubisoft said Black Flag has seen “excellent momentum” since launch. Its performance “bears witness to both the high quality of the game and the franchise’s strong dynamic with gamers,” Ubisoft said. The game sold 7 million copies on Xbox 360, PlayStation 3, and PC and 3 million units on Xbox One and PS4.

Just Dance 2014 shipped 6 million copies during the quarter (down from 8 million copies of Just Dance 4 shipped a year ago), while Rocksmith 2014 saw “lower-than-expected” sales, with around 1 million units. During a conference call following this announcement, however, Ubisoft CEO Yves Guillemot said the game is already profitable. Guillemot also teased that the Just Dance series is going to move in “exciting new directions” in the future.

Overall, Ubisoft had a rough quarter, with sales falling 35.2 percent to €520 million ($708.7 million), compared to €802 million ($1.09 billion) last year.

Digital sales were €53 million ($72.3 million) for quarter, down 4 percent compared to last year, which benefited from the release of Far Cry 3, Ubisoft said. On a nine-month basis, however, digital sales rose by 12 percent to €123 million ($167.7 million), led by digital distribution, free-to-play, and DLC sales.

Back-catalog sales fell a heavy 21 percent to €53 million ($72.3 million), “due to the console transition period,” Ubisoft said. But on a nine-month basis, back-catalog sales actually grew 6 percent to €172 million ($234.5 million), thanks to games like Assassin’s Creed III, Far Cry 3, and Ubisoft’s free-to-play games.

Ubisoft’s breakdown of sales by platform also reveals that players purchased more Ubisoft games on PS4 than Xbox One by a margin of 12 percent to 9 percent, respectively. The PS3 (28 percent) was Ubisoft’s top platform during the quarter, followed by Xbox 360 (27 percent).

“The launches of the PS4 and Xbox One were both hugely successful, with sales of these machines more than doubling those for the previous generation and confirming the growth potential of the console market in the coming years,” Guillemot said in a statement. “Over the short term, the high quality of our titles–which is unanimously recognized by gamers–has enabled us to achieve our third-quarter sales target despite the transition period currently affecting the market. Assassin’s Creed IV Black Flag performed particularly well, reinforcing the franchise’s long-term potential and therefore its upcoming iteration. This robust showing was achieved thanks to the excellence of our teams, our extensive development capacities and the efficiency of our Lead and Associate studio structure.”

That statement seems to suggest an Assassin’s Creed title for 2014 is now confirmed.

Ubisoft’s management team is currently holding a financial call to discuss the results and answer questions. We’ll have more from the call as it happens.

Titanfall beta signups are now live

EA and Respawn have opened up registration for Titanfall’s beta. The robotic multiplayer shooter, out on March 11, is the first game from Respawn Entertainment, and its beta will be your first chance to try one of our most anticipated games of the year.

To apply, head to http://www.titanfall.com/beta, select your platform (PC, naturally), and sign in with your Origin account. EA says that participants will be selected “no later than 11:59 PM PST on Feb 17th” and be given an email with further instructions on how to participate. An Origin account is required to try out the beta.

Once you’re signed up, be sure to check out the rest of our coverage for Titanfall.