Depending on who you talk to, the cloud is either (A) the future of business (and personal) computing, (B) a ruse by providers to get everybody stuck paying ever-increasing rates, (C) an epidemic of security breaches waiting to happen, or (D) an overhyped development that will lead to some interesting technological advancements but won’t ultimately be all that earthshattering. So what is a business leader to do when faced with the decision of whether to move to the cloud? Naturally, it falls to the CIO to somehow square the circle and make a wholescale move to the cloud while guaranteeing lower costs, perfect security, and unlimited accessibility. Before your business takes on this endeavor, though, there are a few things about the cloud your CIO would probably like to clear up.
If your applications are only a couple of years old, you probably won’t have much difficulty moving them into the cloud. And of course infrastructure services like Azure are a great place to build and test new applications. But some legacy apps might be better left in the environments where they’re currently hosted. This is why many companies set up hybrid environments—getting the best of both the on-site and cloud worlds (or, the private and public cloud worlds, depending on how you want to phrase it). You may for instance benefit most from using Office 365 for collaboration and document sharing while hosting Active Directory on-site. Even if you do end up moving your entire business into the cloud, you should think of it as a transition over time, not any type of migration that can or should be accomplished overnight.
It seems like every day there’s a story in the news about some kind of data hack: Target and other retailers; the Heartbleed Bug; Jennifer Lawrence. The catch-22 is that businesses feel they need to move to the cloud to remain competitive but by doing so they’re opening themselves up to myriad security risks. Here’s the thing to keep in mind: the Target and Heartbleed issues weren’t really about the cloud per se—they were about the internet in general. Any data that is accessible online is potentially susceptible to hacking. Not many businesses can operate completely offline. The celebrities having their iCloud photos stolen likewise had nothing to do with any vulnerability inherent to the cloud. Instead, it was a matter of hackers figuring out passwords and the answers to security questions. (Though Apple really was remiss in not setting limits to password attempts—a common industry practice that would have made the theft impossible.)
With on-site servers, you have to worry about fires, floods, earthquakes, power outages, etc. With cloud services, it’s blind subpoenas—which even in the extremely unlikely event that they’re issued won’t necessarily spell disaster for your business. The only other thing that might make cloud datacenters more risky is that they house information from many businesses, much like a bank has many people’s money, which makes them a more attractive target. But, also like a bank, cloud providers have a lot more resources to devote to security. There are, however, many aspects of security that you can take responsibility for yourself—like setting multifactor authentication standards for passwords, and creating BYOD policies.
The cloud offers some pretty amazing capabilities, and it opens the way for countless untold advances in the future. But, before moving into the cloud, you should have a well worked-out idea of what you hope to achieve by doing so. Are you looking for more flexible mobile access? Do you need your server capacity to be highly scalable? Or are you looking for more seamless integration between your various software services? To know if the cloud is right for you, and to be able to tell if the cloud is working for you, you need to first have some goals in place.
In a lot of circumstances, the cloud can save you money. In some, it may be more secure. Like any other business decision, though, the choice of whether to move to the cloud starts with understanding where you are now and having a good idea where you want to go. This is important to point out because there’s a perception out there that everyone should flip the magical switch that moves everything to the cloud all at once, making it all cheaper and more efficient, and opening the way to all kinds of new developments over the horizon.
The bottom line is your move to the cloud should begin with a lot of planning. You need to know not just what milestones you hope to reach but what steps you’ll take to get there from where you are today. The CIO’s job is to help you work out this strategy and then to see that it gets successfully implemented. But someone also needs to make a point of focusing on the business side of the equation, asking questions like how will this change impact our organization day-to-day, how much down time should we anticipate, and how does this move position us with regard to future transitions and upgrades? Knowing what the cloud can and can’t do, and separating the real from the imagined risks, is a good first step.
If you have any questions about cloud services or are interested in obtaining a quote for cloud and hybrid cloud solutions, please contact QWERTY Concepts at 877-793-7891 or visit the cloud computing web page.
View the original article here
When a database must stay tucked away in an enterprise data center, running a dependent service in the public clouds spells "latency." Or does it?
Most hybrid architectures propose moving only certain application building blocks to the cloud. A prime example is a Web front-end on Amazon Web Services and a back-end transaction server in an on-premises data center. But a new wave of hybrid thought says it's OK to separate data from applications, even to allow multiple applications to run from multiple cloud provider sites against a common data source that can be located in a company's data center.
Not so long ago (like yesterday) that suggestion might, at a minimum, earn you an eye roll and a dismissive hand wave. In more extreme cases, we're talking a recommendation for an IT straightjacket. Separating data from applications and putting half in the cloud would be nothing short of insane. The latency and security problems will kill you, right?
Not necessarily. Separating data services from application services is nothing new; we do it all the time in data centers today. However, we typically provide high-speed links between the two to avoid latency, and, since it is usually all locked in a secure data center, security is less of an issue. Some organizations actually split services between two data centers, but in the process have built the dedicated network bandwidth necessary to support the traffic and ensure adequate performance. In that situation, security is managed by keeping it all behind the firewall, limiting access, and encrypting data in motion.
I equate the first situation to having a private conversation with my wife while we're in the same room. The second is having the same conversation, but now we're yelling between rooms within our home (more likely this is the model for a conversation with my teenage daughter). In this situation, the communications may not be ideal, and the risk someone else may hear is higher, but it's still a somewhat controlled environment.
Complex or not, hybrid cloud is popular in enterprises.
When it comes to moving application services to the cloud and leaving the data in the data center, some people would claim an appropriate analogy is using a bullhorn to have a conversation with your teenager while you are home and she is at the mall.
New technologies and cost models, however, offer an alternative to connecting services over the public Internet. One contributing factor is the ability to get cost-effective, high-speed network connections from cloud provider sites to data centers, of sufficient quality to minimize latency and guarantee appropriate performance. In addition to services offered directly by hosting vendors, colocation companies are jumping into the fray to offer high-speed connections between their colo data centers, as well as from these locations directly to some cloud provider sites.
[Hybrid Security: New Tactics Required. Interested in shuttling workloads between public and private cloud? Better make sure it's worth doing, because hybrid means rethinking how you manage compliance, identity, connectivity, and more.]
For enterprise IT, there are three things to consider when deciding whether this model is for you and considering options for high-speed network connections.
1. Security: While data may have traveled only behind the firewall in the past, now it is stepping out over a network, potentially among multiple cloud locations. Keeping this information safe in transit and dealing with access-control issues will be critical, as discussed in depth in this recent InformationWeek Tech Digest. Heck, in a post-Snowden world, the business may even care. Settling compliance issues, such as encrypting data before it goes over the wire and making sure data doesn't travel outside the appropriate geographic borders, is also critical before you provision any new connections.
2. Network bandwidth and performance: Depending on the application's sensitivity to latency, the cost to guarantee a given performance level over the network may eliminate any savings gained in moving the application to the cloud. My advice: Know exactly what you're getting before committing. SLAs need to be clear, as do penalties, and make sure you have monitoring tools to validate performance. It's particularly important to look not just at the network specs but the real-world, end-to-end performance. Benchmark over a period of time before moving the application to gain a base model. Run simulated transactions and workloads based on the benchmark; that will give you a sense of equivalent performance in the new environment. Recognize as well that if you are going into a public cloud, your mileage may vary on any given day. This is discussed in depth in the 2014 Next-Gen WAN report.
3. Business continuity/disaster recovery: The number of things that could go wrong just increased exponentially. Meanwhile, managing recovery plans becomes more complex. Map disaster scenarios prior to getting locked in, and budget for redundancy. Cable cuts and floods happen. Be prepared at the onset, rather than scrambling along with everyone else affected if a network connection is impacted. Recognize as well that you now have two different environments that may require two different plans for DR and have different recovery times. Of the three, this will likely be the most complex to work out.
While I've focused on the challenges, there are clearly benefits to be had if you need the scalability of a cloud environment for your applications. But just because we can doesn't mean we should. Much like raising a teenagers, each scenario is different, and you need to be up for the challenge before you head down that road.
