Public Cloud Security, Readiness and Reliability
March 7th, 2013 By: Bill Kleyman
The modern idea of the “cloud” may be something new but a lot of the technology it uses has been around for a while, since 1997 in fact. As with any technology, the most important aspects of deploying a new solution will be an understanding of the platform and, of course, thorough planning.
Ready for Public Cloud?
When considering public cloud options, it’s important to understand where there is a direct fit. This means that both key business stakeholders as well as IT executives will need to see the benefits of moving towards a public cloud “Infrastructure as a Service” environment. Although there are many benefits, administrators should take in some considerations when looking at public cloud options.
- Public cloud and security. This is a major consideration for any organization. Although a public cloud is certainly secure, some organizations have specific regulations as to how their data can be delivered over the WAN. Also, securing the server and application environment will differ when these workloads are pushed through a cloud environment. Special planning meetings and considerations have to go into knowing the type of security requirements and environment might have.
It’s important NOT to get overwhelmed when we talk about cloud security options. Yes, there are new technologies revolving around ensuring cloud security, but it doesn’t have to be overwhelming. As mentioned earlier, we can break down cloud security at a high-level by examining the following:
- Security on the LAN: The first steps will be the understanding of the security elements of your LAN. Is data being encrypted internally? Are there ACLs on the switches? How are the firewalls and load-balancers configured for data leaving the local network?
- Security at the end-point: How is the end-point accessing the data? Is it through a VPN or through an encrypted connection? Is there a secure client involved? Understanding the end-point security setting and policies is important to ensuring that the data reaches its destination safely.
- Security in the middle: When data is being transmitted over the WAN there have to be security settings in place from beginning to end. That means setting up a secure tunnel for the data to travel, constant monitoring of the links, and proactively maintaining server and LAN security policies.
Remember one main point as you plan out your environment: Cloud security isn’t really just one component in itself. Rather, it’s a lot of security best practices being applied for the purpose of transmitting data over the WAN. This is where using next-generation security tools can really help. Advanced device interrogation engines as well as intrusion prevention/detection (IPS/IDS) can further secure a cloud platform.
- Environment readiness and reliability. Although public clouds can be easy to adapt to, some environments may not be ready for a cloud initiative. Having the right infrastructure in place to support a cloud movement may be required. In these cases, organizations should take the time and evaluate their current position to see if going to the cloud is the right move.
Just like any other infrastructure, it’s important to create an environment capable of supporting business continuity needs. This means understanding the fact that the cloud can and will potentially go down. For example, in a recent major cloud outage – a simple SSL certificate was allowed to expire. This then created a global, cascading failure taking down numerous vital public cloud components. Who was the provider? Microsoft Azure.
- Deploying the right workload. The larger the workload, Virtual Desktop Infrastructure (VDI) for example, the longer it will take to be delivered. Some core applications require backend database connectivity where a public cloud model may not be the right fit. Before moving to the cloud, make sure to have a complete understanding of what will be utilized in the public cloud arena. From there, a good decision can be made as to whether a given application or even virtual node is the right fit for a cloud model.
- Maintaining control. Just like a local, non-cloud environment, administrators must retain control of their environment. This is especially important in pay-as-you-go models. With little control or oversight, administrators might be provisioning Virtual Machines (VMs) and resources when they’re simply not needed. This is where a public cloud can quickly lose its value. IT organizations must keep a watchful eye on their cloud-based workloads and resources to know what is being use and that they are utilizing that environment efficiently.
- End-user and administrator training. The success of almost any new deployment will be user acceptance. If an organization deploys a new public cloud capable of delivering entire workloads to the end-user, there must be core training associated with it. What good is a robust, highly scalable infrastructure if the end-user is confused or not sure how to use it? Since users are often adverse to change, all modifications should be gradual and well documented. Information passed to the user should be easy to understand and simple to follow. With good training and solid support on the backend, administrators can deliver powerful data on-demand solutions to the end-user.
Cloud computing is here to stay – and there are the many benefits to such a powerful Wide Area Network-based platform. Whether administrators need to provision a new workload or test out an application, a public cloud solution can help an organization stay innovative. Remember, as with any new environment, it’s important to plan out the infrastructure and find the need behind the deployment. When it comes to a public cloud, administrators should evaluate their needs and see how this type of cloud platform can directly benefit them.
The goal with many recent cloud articles is to debunk the myth that cloud computing is an insecure, Wild West environment. Unlike the dot com bust or other failed technologies, our generation is evolving into a data-on-demand environment where cloud computing acts as the delivery mechanism for vast amounts of information. So while you may not be ready to embrace the technology, it’s important start to understand it and learn the facts, not the hype.
We continue to move towards a “must be connected all the time” model. Storing information in the cloud is what makes this possible. Even though the cloud isn’t new, there is still some confusion and even concern surrounding storing information in the cloud which is why users need to continue to be educated.