Is Cloud Security Mere Vapor?

|Is Cloud Security Mere Vapor?

by Mike L. Chase

August 15, 2011 – Frankly, I’m with Larry Ellison on this one. Hosting services on the Internet isn’t new, it isn’t cloud, and I’m not even sure if it’s even sexy anymore or just a necessary evil for modern business. However, cloud is the Next Generation Data Center (NGDC). Cloud is extended virtualization that is transparently hosted anywhere, yet leaves the client as the identity and policy provider. In short, location is irrelevant, cost savings is a motivator, but security is king and the CIO wants to control who (i.e. identity) gets into their infrastructure and on what terms (i.e. policy).

The Sirens are Calling

The lure of cloud is strong yet many wind up on the rocks. Why? Too often you hear about the benefits associated with cloud such as cost, agility, scalability and performance but not about the important things like architecture, security and availability. Many industry surveys have shown that the number one reason for moving into the cloud is cost, while the number one reason for staying out of the cloud remains security. As such, I would posit this maxim to you: Anything insecure isn’t worth using. Plus, you have to keep in mind that as wonderful as cloud is, the speed of light over glass hasn’t changed and neither have any other data center physics which bear on connectivity, replication and more.

It’s no surprise that many e-commerce retailers, web hosting firms, co-location providers and others who have rushed to provide you with cloud services are now enduring public disgrace because of data loss and security breaches in the cloud! Designing data centers and the professional services it takes to do so really isn’t their forte. Creating attractive websites, processing credit card transactions, and offering cool web-based service control panels is. Despite this, millions continue to rush to the cloud to host servers, desktops, applications, storage/data, voice, video and more. Heck, I’m writing this article on a virtual desktop; I get it. But it’s more than just encryption, multi-factor authentication and firewalls capable of defense-in-depth. You can’t just put the same systems into cloud and expect the same results. You have to architect them specifically for cloud and even innovate entirely new ways of securing the enterprise.

Cloud Challenges: 10 Things on Which CIOs Hit A Wall

Security. If it’s not secure, then it’s not usable. Multi-tenant models, off-site data, regulatory compliance, mobility and other challenges throw so much dirt into the pie that it’s hard for most CIOs to swallow. As a result, they often only put their least critical — not their mission-critical — systems into the cloud. Part of letting go of security involves control. Look for the cloud provider that can give you the control but provides the security mechanisms you need (many of which you couldn’t afford without cloud).Suddenly, in that light, cloud holds definite appeal.

Licensing. Trying to figure out how to get your Microsoft licensing squared away in the cloud can take an army of lawyers, licensing experts and supreme negotiators. Not usually a skill of cloud providers, many CIOs are left dangerously navigating this on their own. Look for a cloud provider that has the rare Microsoft Large Account Reseller (LAR) designation, who can handle all types of Microsoft licensing for you. Otherwise this oversight can eat up the dollars you need to build the security it takes to be successful in the cloud.

Connectivity. It’s not what you put into the cloud; it’s how you connect what’s there to everything else that isn’t in the cloud. Too many cloud providers offer no path back or they offer only a VPN. A few offer private circuits and other form factors. Physical security, encryption and intrusion monitoring become important here, as does using your IP addressing at both ends. Be sure to ask.

Migration. Many times it’s quite hard to import your existing systems into the cloud. You’re using VMware ESXi and Microsoft Hyper-V and the cloud provider isn’t. When things go wrong, it’s often impossible or extremely difficult and costly to get out. Know your export options up front and ensure it has a timeline enforced by a legal contract to guarantee a speedy exit if the day comes you have to get out. In addition, keep an eye on where your data is at all times and how it’s erased from any mechanisms used to transport it. Require background checks on personnel. In other words, think ahead.

Cost. The most accurate TCO calculators today show that VDI can cost $22M for every 5,000 users you deploy (that’s $122/per user per month! Traditional Desktops are at about $142 to $175 per user per month). So more often than not, CIOs are turning to cloud providers offering $0 capital expenditure (CAPEX) and 23-55% operating expense (OPEX) savings to get this functionality online and modularly connected to their existing infrastructure in weeks instead of talking about it for another two years and missing out on the benefits that virtualizing desktops brings.

It’s no secret that desktop computing causes us the most pain, requires the most helpdesk calls and incurs the most cost. Fix this problem and you’re saving big money. Cloud providers can help, particularly in the age of ‘modular IT’, where everything is a commodity and you just want to add on features and cut costs while maintaining the overall IT strategy for your business. A highly available desktop is key to your security; if you can’t access your servers and data, then you’re out of business. Cloud allows you to upgrade laptops without losing your Win7 desktop exactly as you left it. It allows you to work from anywhere from any device, anytime. It means a stolen device isn’t a risk. It means mobile devices can be used. It means you can better protect your data by keeping it in central locations but ensuring it’s highly accessible and secure.

Mike L. Chase is the Chief Technology Officer at dinCloud (Los Angeles, CA). www.dincloud.com

2018-10-10T10:33:09+00:00