Tuesday, March 1, 2011

So! how secure is your cloud?

There are a couple of point that one needs to consider when making the move to the Cloud.

First off! This is not your machine, code, or technical support staff; So how you have dealt with those in the past is not how they will be handled on the Cloud.

So what is your game plan for taking data or software and your users that normally run locally or in a co-location that will now reside somewhere out in cyberspace. If your migrating this is one set of consideration if your not these issue are how going to have to be addreseed head on. Plus for anyone should they want to backout data/stuff off the cloud. Say..... should your company or organization change their mind or cease to exist.

The first thing is that most end users have no experience and the little they do is with co-location. The cloud providers are going to hand you a SLA and it is going to say - BLAH? And, your or your IT/legal department are going to say we have to look at this a bit. What does this mean will be heard far and wide. So licensing of services, acceptalbe use, suspension & termination, liability limitations, privacy policies, and how and how the Cloud's side interacts with your Cloud foot print in their world where ever that is which is an issue too.
Call us when you get to these details.

So what does Cloud mean to your migration plan beyond on-demand scalability of pooled resources available 24/7/365 even in space. Lets began with some of the obivious issues to consider.

#1 Privacy of your data, who or what do you owe safeguarding of it too? What happens if it's breached?

Let's be blut and understand 1 thing the moment it's digital it is unsecure at the core since it's s copy (((already)) the only way for it to not be copied is for it to not be taken from the of rehlem of thought.

So to start the provider of cloud services don't know what your organization privacy needs are so they don't know what any particular security issues to deal with most of them have a general level of security they provide and if they are dealing with GOV level services they should be designed/built with Federal Information Processing Standards or FIPS or at least to Security Assertion Markup Language (SAML) or OpenID standards. If they don't have this then you will need to consider another Cloud provider.

The crux of your decision will be what type of service is needed for your/group personally

1. Software-as-a-Service (SaaS)
2. Platform-as-a-Service (PaaS)
3. Infrastructure-as-a-Service (IaaS)

There are three different complexities that a group will need to consider and because of the depth of them and this is cutting edge we are going to leave specifics of plan/deploy/admin of them for a later date.

What we do know is that every provider needs to have some of the basics for Authentication and there are vaild considerations that need to be reviewed when picking between providers like Google and Microsoft. We'll blog about this later We know that XML has certain vonabilitites and that Access Control that we think is solidstate now needs to be carried out with eXtensible Access Control Markup Language (XACML).

Why is SAML alone not sufficient? Because it is putting the architecture of a particular cloud resources at the mercy of the designers when we already know that we need to have the capability to adapt users privileges while maintaining control of the overall cloud environment. The providers IDENTITY MANAGEMENT needs to be flexible while controlling proprietary service interfaces and having a strong Hypervisor Complexity.

On the cloud's end they need to be able to tell you how they are going to provide for Data Protection (i.e. Data Isolation & Data Sanitization) and the Availability of their who, what, when and what ifs. From temporary to longer or permanent Outages. What is their plan and what is yours are a MUST. Once you have gone cloud you'll need to being doing both cloud and local backups.

So your staff will need to have points of contact with the cloud. While on your staff the skills that your technical folks will need to hone are a new and their current capabilities need to be reviewed and brought up to speed with todays IT demands. As you can see this is not a simple process and many companies and organization are going to need to bring in some kind of Cloud Migration Manager and so far there are not that many consultants that have even done this so at least for now we are all safe for Cloud Experts.

No comments:

Post a Comment