Expanding
on the " introduction to cloud computing" article, here are some
additional suggestions for choosing a cloud service model provider.
In a typical Cloud Computing data centre, an application set will generally be hosted over Virtual Machines running on a large number of Physical Machines.
Total Cost of Ownership (TCO) is a definite factor when considering a move for some enterprise services into the cloud. There are certainly arguments both for and against the merits, especially when considering the impact of risk on an enterprise that choses to transfer risk with the adoption of a cloud service.
However as a customer you should ensure resources are in place to safeguard the maintenance and management of your identity management and authentication systems. Keep in mind that in the dynamic cloud computing environment traditional security practices may not fully apply and when designing your service/s for deployment in the cloud.
As customers you need to be clear that for every anticipated gain from such a deployment you will be giving up something else e.g.change in security metrics and loss of control of resources.
In a typical Cloud Computing data centre, an application set will generally be hosted over Virtual Machines running on a large number of Physical Machines.
Total Cost of Ownership (TCO) is a definite factor when considering a move for some enterprise services into the cloud. There are certainly arguments both for and against the merits, especially when considering the impact of risk on an enterprise that choses to transfer risk with the adoption of a cloud service.
However as a customer you should ensure resources are in place to safeguard the maintenance and management of your identity management and authentication systems. Keep in mind that in the dynamic cloud computing environment traditional security practices may not fully apply and when designing your service/s for deployment in the cloud.
As customers you need to be clear that for every anticipated gain from such a deployment you will be giving up something else e.g.change in security metrics and loss of control of resources.
When drafting your Service Level Agreement (SLA) ensure that the provider explains items such as, their facilities to include business continuity plans, backup facilities, rack space, power, cooling, networking, physical security, logical security, (everything transferred to the cloud should be secured to the same level as you would implement at your enterprise to secure your applications in their Demilitarized Zone (DMZ)).
Conversely, be clear on the fact that once in the cloud any sort of communication that is not locked into your known and configured security processes is subject to being intercepted and/or compromised - a worse case sceanario, of course; but IT risk management should be about preparing for the worst case sceanario.
With a cloud engagement you need to ensure that there are no conflicts between your security policies and protocols and that of the cloud vendor. A good rule of thumb is to look at how the cloud vendor will monitor systems, implement and configure firewall rules, anti-virus, intrusion detection/intrusion prevention systems and their protocol for log collection as well as packet filtering.
Bear in mind that with the cloud there must be more of a focus on defining means to securing your services residing within this environment rather than an overt concern over network security.
So summarising some questions that should be resolved are:
•1) Does the vendor's implemented design meet your services requirements seamlessly?
•2) Will the cost of the cloud service be flexible and decrease over time and implementation?
•3) Does the cloud vendor's Business Continuity planning meet your Business Continuity requirements?
•4) Will your Cloud Computing vendor be able to provide an audit trail of all user activities within your cloud space? With respect to this question enterprise management may opt not to have audit teams deployed to each cloud vendor they may contract with simply because that is not economically healthy for enterprise operating revenues.
•5) How strong are their service and support platforms as well as company financial longevity?
No comments:
Post a Comment