Cloud computing is cost-effective. Here, cost is greatly reduced as initial expense and recurring expenses are much lower than traditional computing. Maintenance cost is reduced as a third party maintains everything from running the cloud to storing data.The service is fully managed by the provider. Users can consume services at a rate that is set by their particular needs. This ondemand service can be provided at any time.
A good service provider is the key to good service. So, it is imperative to select the right service provider. Provider must be reliable, well-reputed for their customer service and should have a proven track record in IT- related ventures.
But, there are significant security concerns that need to be addressed when considering moving critical applications and sensitive data to public and shared cloud environments.
What is cloud computing?
Some will suggest that cloud computing is simply another name for the Software as a Service (SaaS) model. Others say that cloud computing is marketing hype that puts a new face on old technology, such as utility computing, virtualization, or grid computing. For the purpose of this article, consider that cloud computing is an all-inclusive solution in which all IT resources (hardware, software, networking, storage, and so on) are provided rapidly to users as demand dictates. The resources, or services, that are delivered are governable to ensure things like high availability, security, and quality.
In short, cloud computing solutions enable IT to be delivered as a service.
Why cloud computing?
First of all, cloud computing can cut costs associated with delivering IT services. You can reduce costs by obtaining resources only when you need them and paying only for what you use. Finally, cloud computing models provide for business agility. Since the entire IT infrastructure can scale up or down to meet demand, businesses can more easily meet the needs of rapidly changing markets to ensure they are always on the leading edge for their consumers.
In many ways, cloud computing is the realization of combining many existing technologies (SOA, virtualization, autonomic computing) with new ideas to create a complete IT solution.
Anatomy of a cloud
With what is hopefully is an acceptable definition of cloud computing behind us, let's take a look at the layers of the cloud. Figure 1 is a distillation of what most agree are the three principle components of a cloud model. This figure accurately reflects the proportions of IT mass as it relates to cost, physical space requirements, maintenance, administration, management oversight, and obsolescence. Further, these layers not only represent a cloud anatomy, but they represent IT anatomy in general.
 |
| Figure 1: anatomy of a cloud |
The layers that make up a cloud include:•Application services
This layer is perhaps most familiar to everyday Web users. The application services layer hosts applications that fit the SaaS model. These are applications that run in a cloud and are provided on demand as services to users. Sometimes the services are free and providers generate revenue from things like Web ads, and other times application providers generate revenue directly from the usage of the service. Example, if you checked your mail using GMail or Yahoo Mail, or kept up with appointments using Google Calendar, then you are familiar with the top layer of the cloud.
Perhaps not quite as apparent to the public at large is that there are many applications in the application services layer that are directed to the enterprise community. There are hosted software offerings available that handle payroll processing, human resource management, collaboration, customer relationship management, business partner relationship management, and more. Popular examples of these offerings include Unyte, Salesforce.com, Sugar CRM, and WebEx.
In both cases, applications delivered via the SaaS model benefit consumers by relieving them from installing and maintaining the software, and they can be used through licensing models that support pay for use concepts.
•Platform services
This is the layer in which we see application infrastructure emerge as a set of services. This includes but is not limited to middleware as a service, messaging as a service, integration as a service, information as a service, connectivity as a service, and so on. The services here are intended to support applications. These applications might be running in the cloud, and they might be running in a more traditional enterprise data center. In order to achieve the scalability required within a cloud, the different services offered here are often virtualized. Examples of offerings in this part of the cloud include Amazon Web Services, Cast Iron, and Google App Engine. Platform services enable consumers to be sure that their applications are equipped to meet the needs of users by providing application infrastructure based on demand.
•Infrastructure services
The bottom layer of the cloud is the infrastructure services layer. Here, we see a set of physical assets such as servers, network devices, and storage disks offered as provisioned services to consumers. The services here support application infrastructure. As with platform services, virtualization is an often used method to provide the on-demand rationing of the resources. Examples of infrastructure services include VMWare, Amazon EC2, Microsoft Azure Platform.
Security?
Here are seven of the specific security issues Gartner says customers should raise with vendors before selecting a cloud vendor.
1. Privileged user access.
Sensitive data processed outside the enterprise brings with it an inherent level of risk, because outsourced services bypass the "physical, logical and personnel controls" IT shops exert over in-house programs.
2. Regulatory compliance.
Customers are ultimately responsible for the security and integrity of their own data, even when it is held by a service provider. Traditional service providers are subjected to external audits and security certifications.
3. Data location.
When you use the cloud, you probably won't know exactly where your data is hosted. In fact, you might not even know what country it will be stored in.
4. Data segregation.
Data in the cloud is typically in a shared environment alongside data from other customers. Encryption is effective but isn't a cure-all. "Find out what is done to segregate data at rest," Gartner advises.
5. Recovery.
Even if you don't know where your data is, a cloud provider should tell you what will happen to your data and service in case of a disaster. Ask your provider if it has "the ability to do a complete restoration, and how long it will take."
6. Investigative support.
Investigating inappropriate or illegal activity may be impossible in cloud computing, Gartner warns. "Cloud services are especially difficult to investigate, because logging and data for multiple customers may be co-located and may also be spread across an ever-changing set of hosts and data centers. If you cannot get a contractual commitment to support specific forms of investigation, along with evidence that the vendor has already successfully supported such activities, then your only safe assumption is that investigation and discovery requests will be impossible."
7. Long-term viability.
Ideally, your cloud computing provider will never go broke or get acquired and swallowed up by a larger company. Hm, this is weird statement in today environment.
One of the core aspects to keeping the cloud safe for all users is the adherence to the basic security principles that apply in the non-virtualised world.
It is imperative that IT staff do the basics:
1. At minimum, authenticate users with a username and password, along with stronger authentication options depending on the risk level of the services being offered.
2. Enterprise administration capabilities are required, especially the administration of privileged users for all supported authentication methods.
3. Self-service password reset functions should be used first to validate identities.
4. Define and enforce strong password policies.
2. Enterprise administration capabilities are required, especially the administration of privileged users for all supported authentication methods.
3. Self-service password reset functions should be used first to validate identities.
4. Define and enforce strong password policies.
References:
No comments:
Post a Comment