cloud security
Five Things to Do Before Moving to the Cloud
Digg
Reddit
Delicious
StumbleUpon
Facebook
Twitter
LinkedInBefore moving an enterprise application to the cloud, you need to be sure that your expectations are realistic and your objectives match what the cloud can deliver. In this post, I’d like to share what we’ve learned from working with our beta customers, from their initial exploration of cloud possibilities to going live with a specific application they’ve migrated to the cloud. The following steps can help guide the thought process when considering a cloud deployment, and provide a starting point for moving forward.
1. Determine your cloud objectives. What are you trying to accomplish? Is the cloud a solution for reducing costs, faster provisioning, data center consolidation, all of the above? Sometimes all goals align, where the cloud allows you to save money, be more responsive and avoid huge infrastructure investments all at the same time. But it may not be possible to realize all the benefits for a given organization or use case. For example, if there’s extra capacity in your data center there may be no obvious consolidation advantage to putting an application in the cloud. However, there could be other issues at play that justify the move, such as high operating costs or an infrastructure that makes it difficult for users to get the support they need.
2. Pick an application that makes sense. For example, how much latency is acceptable to users? The laws of physics slow things down over the Internet and network performance will vary, so if you need millisecond response the cloud may not work for your application. How critical is the application? You may not want to put an application in the cloud upon which the business depends even if infrastructure limitations (scaling, support, response time, etc.) make it seem like an attractive option. Get your feet wet before diving in -- a safer approach might be to start with a low-risk, back office (not-strategic) application before setting your sights on more ambitious targets.
3. Involve the CSO/risk management team from the beginning. The cloud, perhaps even more than other technology shifts, has raised red flags about security since your applications and data will potentially be moving outside of the enterprise firewall. Engage your company’s security experts and decision makers from the beginning to understand their perspective and address their concerns directly. Get them involved in the discussion early so they’ll understand why the cloud is important to the business and how you want to use it. Give them a chance to review their security concerns with potential vendors before you sign up.
4. Decide which cloud(s) are acceptable. Finding a cloud that’s best suited to your needs is as critical as identifying the right target applications. Cloud offerings vary widely—in their APIs, configurations, storage infrastructure, networking options, pricing structures and SLAs. Some of the variables will be essential for your requirements, while others are simply nice to haves. The process is like evaluating any other technology offering, except the environment is probably new and unfamiliar. You may want assistance from a partner with cloud expertise who can help you qualify the various cloud options to make sure you make the right choice.
5. Create a sandbox where people can experiment. All of the different user groups should be able to see how a cloud-based application compares to a traditional one. Give business users, administrators and developers a chance to evaluate the benefits of the cloud from their perspective, as well as the limitations. Application experts can use the sandbox to run functionality and performance testing on the application in the cloud to see how it behaves compared to the traditional environment, and if any differences are acceptable.
Get Your Hands Dirty
Once you’ve done the necessary due-diligence, you’re ready to get started with beta testing and proof-of-concept pilots with vendors. In an area as hyped as the cloud there’s really no better way to learn than hands-on, and these basic best practices will help lay the foundation for a successful cloud strategy. CloudSwitch can help address the security concerns and make it “point-and-click” easy to move to the cloud, using your existing management tools and applications.
Making Cloud Computing Secure for the Enterprise
For cloud computing to gain traction in the enterprise, IT and security executives need to be certain that their company’s applications and data are safe. But when security is partly out of enterprise control, it becomes impossible to know if sensitive information has been accessed or compromised.
Today, using a public cloud means moving from an internal environment where a company has complete control of data and processes to an environment where that control belongs to someone else, and is often opaque. Within the cloud, applications run in a multi-tenant virtual environment, sharing physical machines with other customers. Companies considering moving an application to a cloud have legitimate concerns about data being compromised or stolen, including unauthorized access by cloud administrators, exposure in the internet or rogue employees using the cloud to corrupt or leak sensitive information.
One solution is to keep sensitive data within the corporate data center and put the other application tiers in the public cloud. While this approach works well for some use case scenarios, the latency impact of the “reach back” into the data center can be unacceptable for many applications and users. The other option is to move the entire application to the cloud – including the database tier – for better performance and scalability, but this exposes the application to new potential threats such as those mentioned above.
Encryption is a well-known approach to addressing these types of security threats. For protection in the cloud, the enterprise would need to encrypt all data and communications. While it’s not that difficult to add encryption software initially to the application environment, the new configuration requires ongoing management and maintenance. And in order to run the application in the cloud, the enterprise needs to deliver the encryption keys to the cloud to decrypt the data, creating additional security risks by exposing the keys in the operating environment. In the worst case, poor configuration can expose the corporate data center to threats from the cloud.
In developing our security model at CloudSwitch, we worked closely with CSOs and security teams at several large enterprises to understand their requirements. As a result, our architecture addresses three areas of protection required to make cloud computing secure for the enterprise:
- In the data center: Role-based access control protects data and processes from unauthorized access.
- In the Internet: Connections are authenticated and data is encrypted to prevent data in transit from being exposed or compromised.
- In the public cloud: Data is encrypted with keys under enterprise control, and can never be accessed by the cloud provider or unauthorized users.
The CloudSwitch security strategy is a key part of our vision to make the cloud a seamless extension of the corporate data center. Using CloudSwitch technology, companies can move applications and data to a cloud without modification, and back to the data center as needed. Companies can also select the right cloud for a specific application, based on security and compliance levels as well as service offerings and pricing structures. Only with control of applications and data at all times can enterprises take full advantage of cloud resources without sacrificing the security required by customers, internal users, regulators and other stakeholders.
Moving to the Cloud: The Road Ahead
Over the past few posts I covered a number of key points to consider as you plan to move to the cloud. These issues are based on our experiences with many public clouds, as well as what we have learned from working with enterprises adopting the cloud.
I hope it’s clear that today’s clouds are powerful resources that can be used to rapidly develop and deploy applications; they provide on-demand resources and true value. The challenges I outlined in configuration, storage, networking, and management really come into play when you try to integrate the power of the cloud with your existing infrastructure and processes. These challenges are centered on the fact that the cloud is separate from the data center – a problem that hits home when you want to utilize existing applications and rely on your existing services and infrastructure.
We believe that this hybrid model, where companies can use the cloud as a flexible extension of their data center, is central to the adoption of cloud computing, and efficiently addressing these problems is essential for cloud deployments to succeed. The technology we have been developing at CloudSwitch is designed to bring this vision to life. Software from CloudSwitch can now integrate your existing infrastructure with the power of the cloud while preserving your applications, tools and infrastructure investments.
As we look forward to the evolution of cloud computing, I expect the cloud will continue to play a larger, more significant role in enterprise IT. Cloud providers have shown they can rapidly iterate and improve their offerings in response to customer input and have been drawing from their experiences to develop new and powerful infrastructure and features. It has been exciting to be part of this evolution so far, and we’re looking forward to the continuing innovation and expansion of cloud computing.
To end this series, I’d like to leave you with the key principles that guide our technology and product development at CloudSwitch:
- Provide end-to-end security between data centers and clouds to protect all data and storage
- Enable existing multi-tier applications to move to the cloud without modification
- Integrate cloud deployments into the existing data center’s management tools and processes
- Eliminate cloud lock-in so you can move between clouds or back to the center as needed
With these principles in place, it becomes possible to resolve or eliminate most of the challenges I’ve outlined in this series, making cloud a much more secure and viable option for the enterprise.
RSS Feed