Operating in the Cloud securely

Introduction

There are many definitions of cloud computing, with terms such as private cloud, public cloud and hybrid cloud confusing businesses as to what they should implement.  As a general concept cloud computing could be defined as a service that is elastic, that is dynamic so as to provide resource as required, fully managed, whether it be by an external service provider or internal departments, and it is priced on demand, again that pricing could be pricing from an external provider or cross charging back to internal departments.

The reality is that the term cloud computing does not have to have a specific definition, but should be what the business wants it to be.  Whilst we think of cloud computing as being a modern development, cloud as per the definition above has been around for almost as long as computing.  Early mainframes had the ability to provide processing on demand via license, and could be virtualised to provide new systems for test or development.  Other examples are RAID discs where new discs are added to the stack to transparently expand storage, as discs  fail they are replaced with no impact on applications or data.  Of course the modern cloud takes this further, where the failure or additional processing power can be dealt with by replacing or adding a complete server, complete rack or in some extreme cases a complete data centre.

There are many benefits of cloud services such as lower costs, flexibility, agility, a reduced need for data centres , and a reduced need for support and management staff.  However, there are some considerations that must to be taken into account as detailed below.

Security

When migrating or creating new services in a cloud infrastructure, security is one of the biggest concerns for the business.  The business may not have visibility of security services in place, and may be sharing platforms with other businesses.  Public cloud services, such as those provided by Amazon EC2, can allow a business to deploy a new service very quickly, enabling test environments to be deployed in a matter of hours or even minutes. Compared to this, traditional services require hardware and software  to be ordered, physically installed and connected to the network before the systems can be built.  However, they do not necessarily allow the flexibility that is sometimes needed, and it is not always possible to determine where a service instance actually exists. 

Businesses need to be concerned about the location of their data and who can access that data which can be difficult to control in a cloud service.  Data can be stored anywhere in the world which gives businesses not only a security concern but a compliance concern also.  For example the European Commission has blocked the transfer of personal data to countries outside the EU unless that country meets EU security standards.  This can be difficult if you are not sure where your data will live, or even to check if that country adheres to EU standards.  Add on to this that your data may be subject to that countries data laws, not UK or European law.  Businesses need to balance the risk of exposure of those services to the benefits of the cloud service.  SecureData are positioned to advise on UK and EU law, as well as applicable laws in other countries via their Compliance division and can assist in data classification processes to ensure that any data moved to the cloud meets those rules.

Flexibility

Whilst private cloud services offer flexibility in terms of increasing and decreasing processing platform offering, and the timescales to take on board a new service, they are inflexible in the offerings that they support.  Private cloud services are generally offered around a specific model, and do not allow deployment of customer specified hardware.  Again, this may be suitable for certain services, but businesses may need the flexibility of deploying specific hardware or software in a cloud service to adhere to internal or external security requirements, or to ensure a consistent platform across public and private cloud, and existing internal resources.

SecureData is able to host customer specified hardware to be deployed alongside cloud type services, and are able to offer monitoring and remote hands solution to these services, via our in-house developed Affinity monitoring solution where a full management solution is not available or not required.

Green Credentials

Businesses are being forced to consider their green credentials and therefore to reduce power, cooling and heating requirements.  The SecureData hosted datacentre is built to utilise ambient air cooling, reducing the requirement for air conditioning on all but the warmest days, and due to efficient power units are able to offer a Power Usage Efficiency (PUE) of 1.2 against the industry average of 2.  A PUE is the ratio of power required to power actually available to a service, and hence the lower the ratio the more green the service.  By doing this SecureData ensure that not only do businesses benefit from lowering emissions from power generation, the cost savings also help businesses.

How we can help you

Whilst some applications, such as a customer facing web sites, naturally lend themselves towards cloud infrastructure, others, such as the company accounts system, do not necessarily warrant the security risk of a public infrastructure.  SecureData can bridge this gap via their hosted data centres, where customers can take advantage of offerings including fully managed services to the provision of rack space to the customer in a secure environment.  This gives the customer the ability to take advantage of flexibility, lower cost and space requirements, but still have the benefit of full control, where needed, over a combination of shared and dedicated resource including firewalls, security platforms and storage and application services.

Businesses are concerned with the lack of control of cloud services and how quickly a third party can react to service issues.  SecureData’s Affinity monitoring portal is a thresholds based monitoring portal that is monitored by in house staff 24 hours a day.  In the event of an issue the customer is informed and engineers take action to preserve the availability of the service.  Added to this is the redundancy built in to the SecureData hosting platforms.  Four different ISPs provide connectivity, with multiple power feeds to the buildings, including UPS and generator backup.  This ensures that service levels are as high as, if not higher, than those services that are hosted internally.

Any migration to cloud can be fraught with difficulties.  Businesses need to take account of security requirements, flexibility, cost savings, space requirements and future requirements.  SecureData offers an individual approach to the migration to cloud to businesses, and with their skilled consultants are able to advise on the best way forward, selection of cloud types and technologies, project management for design and migration, and hosted cloud services with full flexibility.  Through this hybrid approach we can ensure that you get the best solution for your business along with the skills and resources necessary for the planning, migration and on-going support of your critical business applications to support your business needs today and tomorrow.