Cloud Computing: Looking for Security, Reliability and Resiliency
As cloud computing continues to roll over the landscape, many enterprise IT organizations still struggle to resolve questions about its security, reliability and resiliency. These questions come up regardless of whether companies are considering a public or private cloud.
Enterprise IT leaders are examining the risks, benefits and issues of this approach, but many feel their judgment is still too cloudy to make the leap. In discussions at the industry group SHARE, IT professionals voice concerns about performance, availability, security, resiliency and usage accounting.
Cloud computing is a way of delivering IT services and resources over the Web, using rapid, self-service provisioning, while insulating the user of the services or resources from the management of the underlying IT infrastructure. In other words, as a consumer of IT resources, you can focus on using the resources, rather than managing them. So you don’t have to go through the hassles of procuring and implementing hardware and software to use IT resources.
The benefits of cloud computing for enterprise IT are pretty straightforward and well-documented. One of many benefits is that the cloud greatly reduces the time to market for developing new software applications. That results from the significant reduction in IT resource acquisition time—in many cases, from weeks to minutes.
In addition, if enterprise IT organizations are using a public cloud approach, they have to pay only for what they use, without committing to a long-term relationship. When the project is completed, the IT resources are returned to the pool for reuse or reallocation. That means companies don’t have to make capital expenditures to purchase their own IT resources, which would have to be repurposed once the initial project was completed in order to continue justifying that capital expenditure.
Underlying the cloud computing model is the notion of automation, which enables self-service provisioning, high scalability, elasticity and ease of “return” when no longer needed. This model has been associated with virtualization, since virtualization is typically required to dynamically provision IT services or resources.
However, cloud computing adds the capabilities of user self-service request of services and automatic fulfillment based on those requests. Potential uses range from short-term development, or test projects, to dynamic incremental capacity for mission-critical, customer-facing Web sites.
Public or Private?
The two primary types of cloud deployment have been called “public” and “private.” A public cloud refers to shared IT services or resources (a multitenant environment) obtained from a third-party service provider, while a private cloud is usually owned and managed in-house. In some cases, a third party provides a private cloud specifically for one company.
Examples of a public cloud include Amazon EC2 (Elastic Compute Cloud), Google AppEngine, IBM’s Blue Cloud and Microsoft Azure. A public cloud allows customers to create their own images, and they pay only for their hourly use, including data storage and transfers. While a public cloud offers the ultimate in convenience, a private cloud seems to provide better control and assurance of security and privacy.
Regardless of which approach an IT organization takes, enterprises that deploy mission-critical applications want assurances of reasonable system responsiveness through service-level agreements. They also want protection through data isolation in a multitenant environment, failover protection to minimize service outages and predictable recharge rates.
Portability is also an issue. For example, public cloud users want to know if they can easily change providers. What about software licenses? Can they be moved from one cloud provider to another?
Another area of concern: When an enterprise IT organization is done with its public cloud environment, what assurance does it have that all the private data that was used has been removed? Data privacy is a critical concern that requires tight standards.
Ideally, a public cloud offers zero capital costs of acquisition, since IT organizations pay only for what they use. There aren’t any facility or energy costs. But that still leaves concerns about public cloud security, resilience and service.
The public cloud does offer security, but it’s still not clear to many enterprise IT organizations whether the level of security offered will meet the needs of corporations that are notoriously protective of their data, including credit card numbers and medical records. Convincing corporate security management that data stored with a third party is safe remains a significant challenge, and there is also the question of liability if any data is compromised.
Reliability is another major issue. Public cloud providers offer reliable environments in which replacement instances can be created, but is that good enough? What about data and transactions in flight? Do partially completed transactions get backed out? Enterprise IT typically has disaster-recovery sites to take over operations if there is an event at their primary site, and significant effort is expended to ensure the integrity of transactions.
And, of course, the price of cloud computing is a key issue. The public cloud offers pay per use, which can provide low-cost options for short-term projects. Still, for long-term use, enterprise IT organizations may be better off making a capital investment to purchase additional hardware and software. Enterprises need to conduct a break-even analysis to determine whether a public or private cloud would be more cost-effective for them.
The public cloud offers benefits for application development resulting from rapid acquisition time and reduced capital expenditures. But for high-availability, data security and privacy reasons, enterprise IT organizations remain skeptical about turning to the public cloud for mission-critical applications and sensitive or confidential data.
Many corporations are looking to benefit from cloud computing. However, since a number of them are concerned about availability and security issues, they are looking to private clouds, which provide an ideal situation for enterprise servers and mainframes. These environments are known for flexibility, scalability, security and high utilization, as well as for optimizing delivery of IT resources to mixed workloads.
These companies have enterprise IT expertise and experience that can create dynamic virtualized environments that are ideally situated for success in the private cloud model. The combination of skilled staff and attractive software pricing models for virtual systems on enterprise servers provides an appealing setting that serves as an inexpensive, value-added host for private cloud offerings.
The most common initial use for the private cloud is to provide test and development environments for enterprise applications. Developers are able to request resources and almost immediately get access to an environment on which to build and test their applications. When the development is complete, the resources can be returned for use by others.
While cloud computing insulates the IT user from the management of the infrastructure, someone still has to manage the IT resources. Private clouds clearly have a major impact on IT departments, since these organizations will need to provide clouds with additional capabilities to handle dynamic provisioning and automated request processes.
Those requests for service will be handled automatically without the IT organization’s intervention. Thus, monitoring and balancing workloads will need to be an ongoing focus. Also, fair chargeback algorithms will have to be developed and implemented to provide incentives for appropriate usage behavior.
Head in the Cloud
Cloud computing is still an emerging capability, and many enterprise IT organizations are just starting to poke their heads in the cloud. For many, there are more questions than answers. That’s why we continue to examine some of the early cloud implementations and look to develop much-needed requirements for IT providers, as well as best practices for managing cloud environments.
The enterprise IT community is evaluating emerging cloud computing concerns regarding service levels, the best workloads, disaster recovery, help desks, change-control issues, approval and audit issues, and the management of rapidly changing environments.
There are some very down-to-earth benefits to using the cloud model to facilitate rapid availability of IT resources, whether public or private. What is necessary now is a way to document the needs of enterprise IT managers to make both public and private cloud computing more secure, reliable, resilient and suitable for mission-critical uses. Create that, and they will be nothing but blue skies ahead.
Raymond J. Sun serves on the SHARE board of directors and has been involved with the organization for more than 25 years. He is a frequent speaker on topics such as service management, virtualization and cloud computing.