As an
Information Security Professional, I am often asked by people “What is the
Cloud?” My answer depending on the
audience is that it’s a marketing term to cloud (please excuse the pun) the
technology that is used, where your data or application is held on someone else’s computer.
The term cloud
was popularised in general culture, thanks to Apple and their iCloud to allow
your Apple devices to be backed up into an offsite location. Terms such as cloud computing have been used
by Google, Microsoft and Salesforce, who give application access without having
to connect to servers within your organisation.
We hear of terms such as Cloud Backup, where your data much like the
Apple iCloud principle, is held in an offsite location.
As I say, I
believe Cloud is an all-encompassing marketing term, rather than the saviour to
all our IT woes. In the not too distant
past, there were terms like, Software as a Service (SaaS), Infrastructure as a
Service (IaaS) and Platform as a Service (PaaS), which described the solution
being provided.
With the
popularity of the term Cloud, a number of solution providers have jumped onto
the bandwagon, leveraging the good work and good name form the likes of Apple,
Google and Microsoft, and using it for their own gain. Let me explain…
Cloud
technology should deliver the following:
Uptime
Delivered
via multiple servers and multiple datacentres, with the various failovers in
place.
Security
Meeting a
number of compliancy regulations, delivered through processes, procedures,
physical security, virtual security, encryption, firewalls, etc.
Environmental
Reducing the
environmental impact of their datacentres, utilising renewable energy sources,
or local environment resources, such as geothermal cooling in Iceland.
Reduce Costs/Change Payment Models
Delivering
true lower TCO or real ROI, as well moving from a CAPEX payment model to an
OPEX payment model helping company cash flow.
“A La Carte” Approach
It should
not be an “all or nothing” approach to moving services to the Cloud. With any technology that breaks from the norm
(and Cloud technology is that to most people), there have to be easy
transitional steps, moving only the solutions that make sense.
This is the
reality for a number of the larger brands or organisations with integrity and
the mission to deliver a quality solution.
The issue will come when less reputable or companies with less integrity
want to join the Cloud bandwagon, and the above points are compromised or
neglected.
I have heard
of Cloud organisations running applications on single servers, in a single
datacentre. I use the term datacentre
loosely, as under-stair cupboard may be a better description. Data security is often compromised, as it’s
seen as a cost with no visible or immediate benefit. Some providers insist the movement for all
applications and infrastructure, whether it’s appropriate or not. There are many providers who struggle with
incremental billing, insisting that one, two or even three years are paid
upfront prior to implementation.
There have
also been examples of service providers going out of business where the Cloud
technology was shut down or even held to ransom. With the importance of the application and
more so your data, what contingencies would you have in place if this were to
happen.
There are
some real benefits to moving to the Cloud, if done appropriately and with due
diligence. Just be aware there are some
less than reputable organisations selling Cloud solutions, being delivered by
“smoke and mirrors” rather good infrastructure, good processes and procedures,
good security and a company is good financial standing.
Don’t be
afraid to ask questions and if it doesn't feel right, don’t use them, your
organisation depends on it!
No comments:
Post a Comment