Have you been in a meeting where one of your IT leaders is doing a presentation of upcoming projects and strategies for the departments and company? Sure you have. However, in this meeting, the IT leader says that they are going to accomplish all of it by going to the cloud. He then jumps up on the table and rips open his shirt like Superman, but instead of a big red S he’s wearing a bring blue Under Armor shirt with a cloud taped to the chest. As he calls out a rallying cry, “Come on everyone! We can do it! EVERYTHING AND EVERYONE TO THE CLOUD!”, he runs to the window, slides it open and jumps out. People shriek in horror except you because you know the conference room is on the first floor and he just landed in the rose bushes.
Have you been in a meeting like that?
Soon everyone around the office is saying that we are going to the cloud. No matter the IT question, ‘in the cloud’ is the answer you get. Eventually you are in the break room coffee cup in hand looking for your morning fuel. Mary from accounting enters and begins to warm her oatmeal in the microwave. You ask her where the coffee is. She replies that per the IT leader’s strategy they moved it to the cloud.
Those scenarios may seem silly, but there are truths behind them. Driving the company toward the biggest brochure buzzword every created, The Cloud. No one that uses it on regular basis truly understands what it means and when it has a purpose and when it does not.
What is the Cloud?
The Cloud is a very broad, loosely defined concept that encompasses resources available through the Cloud paradigm. The resources are services accessed and delivered through the Internet it also refers to hardware, systems and software in remote data centers that provide those services. Really what the Cloud does is sever the components from the location. Where the Cloud has a significant benefit from a business standpoint is that those service centers are where the Subject Matter Experts, IT gurus, security professionals are. Which means your business does not have to invest, retain, search for highly skilled and highly sought after IT resources to build those services in-house.
The description seems simple enough, go to the cloud and everything will be fine. No. It’s far more complex than that and if it’s oversimplified to saying the broad term ‘Cloud’ the message of what you want to do is completely missed. There are three models of how Cloud services are delivered. It is important to understand these three and the relationship between them.
- Software as a Service (SaaS) – The top layer, serves applications to consumers directly or through a multitenant architecture. Mostly accessed through a web browser. Office365, Goole Docs, Salesforce, etc…
- Platform as a Service (PaaS) – The middle layer. Platforms are provided for consumers to deploy custom built applications tailored for the cloud platform of the provider. Coghead, Google App Engine, Dapper.net
- Infrastructure as a Service (IaaS) – The bottom layer and the foundation for all Cloud services. Servers, network and tools to build environments from the ground up. Amazon EC2 is the best example.
Now that we have the delivery methods laid out let’s go over how to deploy into the cloud. There are three deployment models as well.
- Public Cloud – Off-site, 3rd party provided that shares resources in a multitenant environment. This means that your services are sharing computing and hardware with other customers, securely isolated from one another but from an infrastructure view the other customers share the environment.
- Private Cloud – Single tenant, you and you alone, running on 3rd party owned components with you maintaining some control over its use. Having a datacenter through a managed service like IBM or CSC could be called a private cloud. Before the buzzword we called it managed datacenter or something similar.
- Hybrid Cloud – Mix of both depending on the business requirements. Applications may be served through a multitenant cloud but the proprietary data would be held in a private cloud.
By looking at the building blocks and what the concept of the Cloud is, the idea to pick up and move an in-house application or service is not as easy as it looks. Financially it may not make any sense either. Throw in Information Security and there are somethings you never want to leave your control. Lastly performance. Your business requires speed, efficiency and uptime. Unless you can maintain or improve the same levels of performance of your current services, moving to a cloud model may not be the best idea. There are come scenarios, especially in Public Cloud setups, you cannot be sure where your services will be located. If you have a cloud service calling into an in-house data processing store, it’s a big deal if that cloud service is across the country or in another country altogether.
I am pro Cloud, I more pro-business plan to define out why the cloud model makes sense over in-house. It’s not a one all solution and there are many issues and trade-offs that come with a cloud commitment. I know, I have several I deal with and it’s hard to give up control.
‘To the cloud!’ should be followed up with ‘and here are the components we are moving and why.’ You can’t do the why until the cloud is fully understood both from a technical and data viewpoint.
End of line.
Binary Blogger has spent 20 years in the Information Security space currently providing security solutions and evangelism to clients. From early web application programming, system administration, senior management to enterprise consulting I provide practical security analysis and solutions to help companies and individuals figure out HOW to be secure every day.