The cloud is a natural extension of virtualization: Abstracted services freely float within a private cloud infrastructure, a public cloud infrastructure, or even a hybrid private and public infrastructure model.
However, almost every IT vendor seems to have some cloud-focused solution to offer, with cloud-washed marketing to make it sound indispensible. Hosted email is no longer email, but email in the cloud. To back up your files, throw them in the cloud.
IT professionals have to get down to brass tacks, and think about what the cloud really is. An IaaS cloud is nothing more than a multitenant compute environment with infrastructure resources shared dynamically across multiple workloads. An SaaS cloud is a multitenant application environment where a single application platform serves multiple customers. But both exist in a datacenter somewhere. These solutions may provide some level of replication and redundancy, that like the cloud, appears to be everywhere you need it to be.
As we walk down the cloud path looking for cloud solutions, one component is too often neglected — the security of the cloud provider environment. This shouldn’t be an overly paranoid discussion; however, it should create some fodder for conversations while making the jump.
Security discussions need to consider more than just hackers breaking into your systems, but also access, availability, stability, and a host of other components, such as:
In addition, the locations in which cloud providers place their services and your data can have an impact on its direct security. Other countries have regulations and policies regarding access to data. By placing your data with a cloud provider, you may inadvertently make your data subject to the regulations of various countries and entities inside the country.
Take the U.S., for example. The Patriot Act enables law enforcement to perform searches of your cloud-based data without your knowledge (check out info on FISA Orders and National Security Letters). Obviously, you would need to make your users aware of this. European-based cloud service providers are using this as marketing ammunition to drive service away from U.S.-based providers (such as Office 365, Salesforce.com, Amazon, etc.) and to their own services.
China’s situation is interesting as well. The well-known Great Firewall of China blocks and filters traffic to ensure the interests of China are protected. As cloud solutions develop, China is requiring non-Chinese cloud providers to team with China-based cloud providers. Ultimately, this does not bode well for cloud providers or the users.
In April 2011, Amazon cloud services suffered a 12-hour outage. The outage was caused by a network misconfiguration in one of the U.S. sites. Countless sites and services were unavailable. Think about the impact of not being able to conduct business for 12 hours. What would the impact be to your environment?
The ownership, location, and accessibility of your data are critical to ensure your environments are secure. But, they aren’t the only concerns. Tune in for a second post about other issues to consider.
Unique control with VM-level actions for infrastructure functions including snapshots, replication and QoS make protection and performance certain in production, and accelerate test and development cycles.