So you've decided to move to the cloud. What’s it to be? Public? Private? Hybrid? Multi-cloud? So many questions and so many options.
You start studying the pros and cons of various options. You even check out what your competitors are using. It’s not a simple decision, and believe us, we truly understand.
What makes a cloud a cloud?
So, is the cloud just a set of servers running in a data centre somewhere? Not quite. There are a few fundamental qualities that clouds are required to have in order to qualify for that tag. Here’s a few that are conventionally considered important:
A pay-as-you-go model.
In this model, buyers pay only for what they use and these costs are typically incurred as variable OpEx rather than CapEx as typically happens with hardware infrastructure that a buyer may purchase outright.
A Cloud typically will allow multiple customers (or tenants) to use its resources, but will keep their activities and usage completely separate. It gives each customer the impression that they have dedicated infrastructure, even though it may be shared behind the scenes. This is basically how clouds derive economies of scale.
Hardware management is abstracted from the buyer.
This is an important and an oft overlooked benefit. There are a number of costs associated with buying your own hardware – well beyond the check you write to initially acquire it. There are costs of power, cooling, software and patch management, systems administration etc. – which accumulate over time. Not to mention that your hardware will be deemed obsolete in as little as 12-24 months after you purchase it. The cloud takes all that hassle away from you. You get the latest and shiniest hardware, guaranteed to be up and running with most of the routing upkeep handled for you by the cloud provider.
Clouds can scale up or down according to your needs – and this works well with the pay for as you go model. Elasticity ensures that you pay only for what you use. Need to ratchet up the number of servers temporarily to handle increased customer volume – no problem. The cloud provider can handle it for you and save you what could potentially have been an expensive investment in hardware.
As you've probably heard, clouds can be categorised several ways into several types. For instance you've probably heard of Private, Public and Hybrid Clouds. We won’t go into a lot of detail about each of these in this post – but enterprises have to make decisions around the types of clouds they use and the trade-offs that come with them.
Private clouds tend to be cloud infrastructure built by a company or an enterprise either in its own data centres or in a co-located facility run by an infrastructure provider. Private clouds give enterprises more control over their hardware and software stack, as well as the security stance they desire to take.
Public clouds are usually run by third party infrastructure providers (e.g. Amazon, Microsoft, IBM, Rackspace) from where enterprises rent their computing resources. In many cases, you may use a public cloud without being really aware of it – like when you use a SaaS application – like Salesforce.com or WorkDay. Or even an application like Gmail. Companies that are highly conservative may choose not to use cloud services at all. Others may choose to only use private clouds. A lot of firms are looking at hybrid cloud options where they get to balance their data and workloads between private and public clouds – a form of having your cake and eating it too. While private clouds and hybrid clouds can give the enterprise more control, they’re more expensive propositions and are clearly out of reach for a number of small and medium businesses. So, what’s not to like?
So, if the public cloud is such a great thing, what’s stopping everybody from moving all their data and compute workloads into the cloud? Unfortunately, the public cloud comes with some risks as well. One of the biggest risks that CIOs and CISOs worry about is security and privacy.
When enterprises start using the public cloud, they have to trust valuable digital assets to infrastructure they don’t own and to organisations they don’t control. Many businesses draw a line in the sand and decide what they feel comfortable keeping in the public cloud and what they don’t. The benefits of the public cloud keep that line moving further out towards more adoption. Each time there is a security hack and some cloud data is compromised, the line moves back again.
The risks of putting data in the public cloud:
- The storage of information on servers in countries with fewer legal protections.
- A vendor’s failure to back up data adequately, including ensuring redundancy.
- The ability to access corporate data using easily accessible software in the event that the corporation terminates its relationship with the cloud computing provider or the provider goes out of business.
- The provider’s procedures for responding to (or when appropriate, resisting) government requests for access to information.
- Insufficient data encryption.
- Unclear policies regarding the corporation’s ability to “control” its own data, which may result in a quandary if served with a request for production of materials under Rule 34 of the Federal Rules of Civil Procedure.
- Policies for data destruction when the corporation no longer wants the relevant data available or transfers it to a different host.
- The potential warrant less seizure of corporate electronic mail under the anachronistic Electronic Communications Privacy Act.
What can you do about it?
- Take a proactive approach when negotiating Service Level Agreements – especially with public cloud vendors.
- Ensure that your on-line data provider has an enforceable obligation to preserve confidentiality and security, and that it will notify you in the event of any security breach.
- Investigate the cloud service provider’s security measures, policies, recoverability methods, and other procedures to assess their adequacy.
- Ensure that the vendor is using the most appropriate technology to guard against “reasonably foreseeable attempts to infiltrate the data that is stored”.
- Ensure that the cloud provider can “purge and wipe” any copies of the data and move it to a different host if necessary
- In any contractual negotiations with cloud vendors, insist upon security provisions based upon the data security requirements specific to your industry.
Given the stupendous rise of big data, the rising popularity of public clouds is simply a no-brainier. Security and privacy remain definite concerns, though. However, we believe public clouds are here to stay. According to Gartner, "it's impossible to private-cloud everything." Check out enterprises that have made the push towards public clouds like Microsoft, Google and Amazon.
Use some of the useful guidelines we've given you above. An architecturally robust public cloud system with enhanced security and encryption services is clearly the way forward!