Sunday 23 March 2014

The Myths and Reality of the "Cloud"

As an Information Security Professional, I am often asked by people “What is the Cloud?”  My answer depending on the audience is that it’s a marketing term to cloud (please excuse the pun) the technology that is used, where your data or application is held on someone else’s computer.

The term cloud was popularised in general culture, thanks to Apple and their iCloud to allow your Apple devices to be backed up into an offsite location.  Terms such as cloud computing have been used by Google, Microsoft and Salesforce, who give application access without having to connect to servers within your organisation.  We hear of terms such as Cloud Backup, where your data much like the Apple iCloud principle, is held in an offsite location.

As I say, I believe Cloud is an all-encompassing marketing term, rather than the saviour to all our IT woes.  In the not too distant past, there were terms like, Software as a Service (SaaS), Infrastructure as a Service (IaaS) and Platform as a Service (PaaS), which described the solution being provided.

With the popularity of the term Cloud, a number of solution providers have jumped onto the bandwagon, leveraging the good work and good name form the likes of Apple, Google and Microsoft, and using it for their own gain.  Let me explain…

Cloud technology should deliver the following:

Delivered via multiple servers and multiple datacentres, with the various failovers in place.
Meeting a number of compliancy regulations, delivered through processes, procedures, physical security, virtual security, encryption, firewalls, etc.
Reducing the environmental impact of their datacentres, utilising renewable energy sources, or local environment resources, such as geothermal cooling in Iceland.
Reduce Costs/Change Payment Models
Delivering true lower TCO or real ROI, as well moving from a CAPEX payment model to an OPEX payment model helping company cash flow.
“A La Carte” Approach
It should not be an “all or nothing” approach to moving services to the Cloud.  With any technology that breaks from the norm (and Cloud technology is that to most people), there have to be easy transitional steps, moving only the solutions that make sense.

This is the reality for a number of the larger brands or organisations with integrity and the mission to deliver a quality solution.  The issue will come when less reputable or companies with less integrity want to join the Cloud bandwagon, and the above points are compromised or neglected.

I have heard of Cloud organisations running applications on single servers, in a single datacentre.  I use the term datacentre loosely, as under-stair cupboard may be a better description.  Data security is often compromised, as it’s seen as a cost with no visible or immediate benefit.  Some providers insist the movement for all applications and infrastructure, whether it’s appropriate or not.  There are many providers who struggle with incremental billing, insisting that one, two or even three years are paid upfront prior to implementation.

There have also been examples of service providers going out of business where the Cloud technology was shut down or even held to ransom.  With the importance of the application and more so your data, what contingencies would you have in place if this were to happen.

There are some real benefits to moving to the Cloud, if done appropriately and with due diligence.  Just be aware there are some less than reputable organisations selling Cloud solutions, being delivered by “smoke and mirrors” rather good infrastructure, good processes and procedures, good security and a company is good financial standing.

Don’t be afraid to ask questions and if it doesn't feel right, don’t use them, your organisation depends on it!

No comments:

Post a Comment