Behind Every Cloud is a Data Center, NOT the Wizard of Oz
Posted by Margaret Dawson on May 27, 2011
All too often you hear about the magical “rainmaking” abilities of the “cloud.” And while cloud computing does remove the need for your business to have physical infrastructure on your premises, we should not just ignore “the man behind the curtain” in a Wizard of Oz kind of way. The reality is that behind every cloud platform is a physical data center that should be held to the highest standards of performance and security – and evaluated as if it were your own.
Great cartoon on this topic by http://xkcd.com/908/
Perhaps this sounds ridiculously elementary, however, I hear enough questions and comments about the “cloud” to know there are people not thinking about this. In spite of concerns voiced loudly around security and control, many companies are jumping into the cloud to get a quick fix without doing the proper due diligence of the physical infrastructure behind the cloud.
Any cloud vendor worth their salt should adhere to industry-leading practices for network and overall infrastructure security. One of the advantages of using a proven cloud platform is you can receive best-in-class performance, scalability and security, which would be a huge expense to do it yourself.
It’s easy to assume that vendors will have robust access controls around their data center, but this isn’t always the case. So when you talk to your vendor make sure that physical access is not only limited to the overall data center facility, but also to key areas like backup storage, servers and other critical network systems.
Personnel considerations are another aspect of network security closely related to physical access control, especially if the cloud solution is delivered as a managed service. Who does your vendor let access your data and how are they trained? The security of any platform depends on the people that run it. This means that even HR practices can have a huge impact on your vendor’s security operations. Smart vendors will institute background checks and special security training for their employees to defend against social engineering and phishing attacks.
These are just a couple examples. But my point is to remember to do you due diligence and fully understand the security capabilities of your cloud provider, before you deploy. And frankly, this also goes for private clouds. While you may feel more in control building your own “cloud”, remember the backbone of that solution is still the Internet, so are you 100% confident that you are following the security policies and principles you need to ensure complete data protection?
Tags: Cloud Computing, Cloud Security, Cloud-Based Platform, Infrastructure as a Service, Network Security
No Comments »
No comments yet.