Perception is not always the same as reality, and this is especially true in the sometimes nebulous world of cloud computing.
While states and localities are rightfully bullish on the technology and it has quickly spread through government, many misconceptions still abound. Learning more about cloud computing can help IT leaders make informed decisions about how best to deploy these services in their organizations. Read on to separate myth from reality.
- Moving to the cloud shifts responsibility for security to service providers.
This is mostly false. The cloud definitely changes perspectives on security, and responsibilities and capabilities change as well.
The greatest security gain comes through Software as a Service models. SaaS providers handle all low-level security such as network, operating system and middleware. This gives some organizations a level of security that they might not have been able to afford before, such as protection from distributed denial of service (DDoS) attacks. However, internal IT departments are still responsible for the application and human layers.
If an employee succumbs to a phishing attack and gives up his password, no network intrusion prevention system (IPS) is going to keep his account secure. Configuring applications properly and teaching users about good information security hygiene remains the organization’s responsibility.
And with Infrastructure as a Service and Platform as a Service cloud models, the responsibility is even greater. IT managers are still responsible for security, and with IaaS and PaaS, this is harder to accomplish than in their own data centers. Network managers who are used to easily deploying security appliances, such as firewalls, load balancers, proxies, intrusion prevention and data leak protection, will find they don’t have the same configuration options in someone else’s highly virtualized data center. Service providers may have basic firewall, IPS and DDoS protections in place, but traditional enterprise security controls are usually do-it-yourself measures.
- The cloud should be used for all applications.
This is mostly true. The important word here is “should.” As governments migrate to cloud-based environments and combine SaaS, IaaS and PaaS solutions, they’ll discover legacy applications that just don’t migrate well.
There’s a temptation to leave behind the tough cases because, well, they’re tough. Don’t give in. IT managers who do will find themselves maintaining two data centers: a virtual one in the cloud, and a physical one they’re trying to get rid of. That’s an expensive option.
Moving applications to the cloud enables organizations to outsource many of the most tedious and difficult aspects of running a data center, such as maintaining power and HVAC and ensuring that virtualized hosts and storage are scalable and properly tuned. Having just a few applications left in the data center negates the economies of scale of the cloud and leaves IT with the administrative burden of running a data center. That’s not a good cloud strategy.
However, not every application can be moved to the cloud. Legacy systems locked to obsolete operating systems, physical devices such as PBX interfaces, applications that require unusual network configurations such as clustering or built-in load balancing, and applications that assume a LAN interface between the user and the application aren’t cloud-friendly. Identify these problem systems and applications early on and find alternative solutions that don’t have cloud restrictions.
- Single-tenant configurations are better than multitenant.
This is false. Sometimes called private clouds, single-tenant configurations are a way for cloud providers to address these outdated concerns. Worries about mixing data between customers, running apps on virtualized systems and control over resource allocation were solved long ago. Modern IaaS and PaaS providers and well- designed SaaS instances all properly partition customers and their data, providing security, reliability and scalability.
Multitenant public clouds also take better advantage of software and hardware innovations by the service provider. Single-tenant private clouds lag behind and sacrifice scalability and flexibility.
In terms of security of public and private clouds, savvy IT managers should consider these differences in the context of the risk and costs involved. Single-tenant private clouds cost significantly more than multitenant public clouds because they dedicate hardware to a single customer.
At the same time, the largely theoretical risks of multitenant operation are at the bottom of the list of security concerns raised by a cloud deployment. Yes, there are differences, but the tiny increased risk does not justify the enormous cost increase and lack of innovation and scalability.
- Clouding Around
Not all clouds are alike. The main differences between them lie in how responsibility shifts from the organization to the service provider. Here are four major categories:
- Colocation: The service provider handles power and cooling, network connectivity and little else.
- Infrastructure as a Service: The service provider provides hardware procurement and maintenance and manages the virtualized environment.
- Platform as a Service: Moving up the stack, PaaS places responsibility for operating system management and maintenance and well-defined APs and containers with the service provider.
- Software as a Service: SaaS offers the most comprehensive shift in responsibility. Service providers handle everything up to the application layer, and customers need to worry about only what goes on top of the application: configuration, policies and data controls.
The most popular options are IaaS and SaaS. Many organizations will make use of both, outsourcing common applications such as office productivity or data sharing via SaaS, while migrating custom and niche applications to a farm of virtual systems run by an IaaS provider.
By Joel Snyder