Public Cloud or Private Cloud or a Hybrid Cloud Solution?
Choosing which cloud solution works best for your organizations’ goals is one of the most important decisions you will make. Your unique corporate requirements will drive your decision, but it is important to consider immediate needs as well as long term resources, as that will impact what option you can realistically manage over the long-term.
Public Clouds offer ease in management and generally tried and tested solutions, but often the lack of control over security. They tend to vigilantly managed if you are opting for one of the large renowned vendors where cloud solutions are at the heart of their business offerings. However, they are not always secured at a level necessary for security-centered organizations. Often the security limitations of Public Clouds make Private Clouds the only viable solution. However, while Private Clouds are constructed to meet control and security concerns, they do not fully offer the on-going ease of management and return on investment.
Securing Cloud Solutions
Applying the necessary NIST and FISMA security to a cloud infrastructure is a challenging task, but with a well-seasoned team, this task becomes achievable. Attacking all security fronts; Privacy, Security, and Trust is imperative to securing the full-scale cloud solution. Every decision management makes when selecting their preferred cloud model, will result in different security needs. Determining which model best fits the organizations goals:
SaaS –Software as a Service –this model delivers applications as a service, think Google Docs.
Paas –Platform as a Services –this model provides an environment to access and managed hosted applications (i.e. .NET)
Iaas –Infrastructure as a Service -this model provides network resources and storage (i.e. Amazon EC2)
The security responsibilities of the provider and the customer will vary with each model. Importantly customers must know how to verify and validate the security controls that the provider is responsible for. Securing cloud solutions is achievable, but it requires considerable experience and insights early in the project cycle, to ensure the solution is designed with all security considerations in-mind.
Security and Efficiency should not be at-odds
Comprising security goes against our core objectives, but our practical approach allows organizations to reap the full benefits of the Cloud platform, but never at the expense of security. We have achieved savings and efficiencies in security through a number of relatively easy process changes and operating models.
In our experience, we have found a hybrid solution is often the best route for Federal agencies that require rigid NIST and FISM security, but are looking to lower the cost of their IT systems. What are those real costs though? This requires a realistic assessment of what applications need to be migrated. How often are these applications modified? Are modifications in-house or through third party application support? Are there other fully secured COTS applications that could be used instead? Is the move to the Cloud part of a larger effort to create a more sustainable IT infrastructure? Answers to these questions will have impact what advantages the cloud will offer and the true short and long term savings your organization can expect to reap. By asking the right questions early-on, and involving key stakeholders, we can set the project’s Key Performance Indicators and layout a Roadmap to get there.