Going to the Cloud? Time to Make Security and Policy Decisions
February 22nd, 2013 By: Bill Kleyman
With cloud computing taking off at a very fast pace — some administrators are scrambling to jump into the technology. Unfortunately, many organizations are purchasing the right gear, deploying the right technologies, but still forgetting the policy creation process.
The truth is that cloud computing is relatively new for many organizations. This means that companies looking to enter the cloud must be careful and avoid jumping in with both feet. Although every environment is unique, administrators must take the time to create a plan which will help them retain control over their cloud initiative.
One big push for cloud computing has been the concept of “anytime, anywhere and any device.” This heavily revolves around allowing users to access their own devices, while pulling data from a corporate location(s). Although this can be a powerful solution, there are some key points to remember when working with cloud computing policy creation:
- Train the user. A positive cloud experience, many times, begins with the end-user. This is why when creating a Bring Your Own Device (BYOD) or mobile cloud computing initiative, it’s important to train the user. Simple workshops, booklets and training documentation can really help solidify a cloud deployment.
- Create a new cloud-ready usage policy. Although the end-point may belong to the user, the data being delivered is still corporate-owned. This is where the separation of responsibilities and actions must take place. Users must still be aware of their actions when they are accessing internal company information. It’s important to create a policy which will separate personal and corporate data.
- Start a stipend program. One of the greatest strengths of cloud computing is that it can eliminate the need to manage the end-point. Some estimates mark the management of a corporate desktop between $3,000 and $5,000 over the life of the computer. Many organizations are creating a stipend program allowing users to purchase their own devices where they are responsible for the hardware. After that, the company is able to deliver the entire workload via the cloud. This type of data separation has helped many organizations reduce cost and maintain agility.
- Provide a listing of approved devices. When creating a cloud policy, it’s important to work around approved and tested devices. If BYOD is the plan, test out a specific set of devices which are known to work with the corporate workload.
- Update the general computer usage policy. Almost every organization has a computer usage policy. With cloud integration, it’s time for an update. Devices are no longer sitting on the LAN, rather, they are now distributed anywhere in the world. This policy should have a subsection outlining usage requirements, considerations and responsibilities aimed at both the user and the organization. Having a structured usage policy can help avoid confusion as to who may be managing what.
When working with cloud computing there are a few best practices to keep in mind:
- Avoid a free-for-all! As mentioned earlier, it’s very important to have an approved device list. Many cloud environments hit serious snags when administrators take the concept of “any device” a little too seriously. Some phones or types of computers may just not work well with a given initiative. Have a solid plan as to which devices will be used and develop a plan around those end-points.
- Create a management platform. Just like a localized data center, cloud platforms must be managed. Administrators should set up alerts, alarms, and monitor their infrastructure just as they would anything else. Within the cloud, resources are very finite and must be managed accordingly.
- Monitor end-user experience. The success of the cloud will greatly depend on how good the end-user experience will be. Administrators will need to keep an eye on content redirection, latency and throughput bottlenecks. Staying proactive will keep the environment running smoother.
- Leverage replication. A major benefit of cloud computing is data agility. The advice is simple – don’t place all of your data in one basket. Cloud replication has been made easier with better bandwidth and more WAN tools. Higher uptime and DR can be maintained with little disruption to the user by having a replicated cloud environment. So, if your organization plans on heavily relying on the cloud, have a backup plan.
- Always innovate. Cloud computing allows administrators to go beyond their physical walls. The ability to create new application platforms, more efficient delivery methodologies and a more powerful end-user experience are all benefits of cloud computing. Organizations should use the cloud to innovate and develop!
Cloud computing brings with it some new challenges for IT security professionals as they try to control the data that is being delivered down to the end-user. Although security policies will vary, administrators should consider the following when working with a new cloud initiative:
- Develop a joint security plan and keep all teams involved. Cloud computing is not an independent technology. Quite the opposite – it relies on multiple infrastructure components to operate. When developing a cloud solution, all IT teams must participate in the process. Locking down storage, keeping an eye on the WAN, and ensuring the right policies are in place are jobs for the entire IT organization.
- Control the cloud. Even after deployment, it’s important to continuously monitor and manage the cloud environment. This means having monitors and agents in place to keep an eye on all functions within the infrastructure. Staying proactive with your cloud initiative means that administrators will catch issues before they become major problems.
- Evolve current security settings. Existing security policies don’t need to be thrown out. They do, however, need to be changed. Cloud computing takes data to the WAN and allows it to live and thrive over the Internet. This is where security settings (Active Directory, GPO, firewall rules, etc.) all need to be evaluated and tweaked to match the goals of the cloud initiative. Furthermore start to evaluate next-generation security technologies to help your cloud infrastructure be even more robust.
Having control over your cloud environment will heavily revolve around the amount of time spent planning the deployment. There are many different verticals in the industry and lots of different ways to approach cloud policy creation. Remember, cloud computing isn’t just one singular platform. Rather, it’s a combination of technologies all working together for the delivery of data and resources. When these technologies are properly planned out and aligned with the goals of the business – an organization can create the recipe for a powerful cloud computing environment.
[...] Going to the Cloud? Time to Make Security and Policy Decisions One of the greatest strengths of cloud computing is that it can eliminate the need to manage the end-point. Some estimates mark the management of a corporate desktop between $ 3,000 and $ 5,000 over the life of the computer. Many organizations are … Read more on Data Center Knowledge [...]
There’s a lot more to “going to the cloud” than many people consider initially. It isn’t until they are in the thick of it that they realize all of the steps that must be taken. It’s best to be over-prepared and take the migration slowly than to jump in and suffer the consequences.
Bill KleymanPosted April 2nd, 2013
Excellent thoughts Susan!
Great article Bill. Simple and easy to understand. I like posts like this, well done!
Bill KleymanPosted April 17th, 2013
Thanks very much IT Specialist! Glad you like the article