Posts Tagged ‘cloud computing risk’

Redundancy in the Cloud

Posted: December 20, 2011, 2:56 pm

Somehow, a perception exists that a cloud provides a certain level of redundancy by default. However, make no mistake. Redundancy is not inherent.

Admittedly, individual hardware and software components have some redundancy built in. However, those capabilities do not eliminate the need for a redundant cloud any more than safe cars eliminate the need for speed limits, traffic lights, divided highways and the rules-of-the-road.

For many cloud providers, especially consumer cloud providers, the only redundancy offered is to make physical copies of the data—and many customers do not use even that minimal level of recovery.  These clouds were not built with redundancy in mind.  They lack the automation, monitoring and procedures to provide clients with an environment that can anticipate, react and recover from component failures.  Such clouds are cost effective only if your business, employees and/or customers can tolerate the occasional complete loss of service.

Redundant Redundancy

The hallmark of an enterprise clouds is the redundancy it offers.  Redundancy exists throughout between the infrastructure layers to ensure high-availability.  For example, a failover process detects application hangs and interruptions so corrective action takes place quicker.  Monitoring tools ensure no single points of failure develops, and specially-built automation handles error conditions when a problem does occurs, obviating the need for human intervention.  This type of automation is particularly important because human interaction comes only after some level of damage is evident.

Built-in Redundancy
It is cloud vendor’s responsibility to design and build redundancy into the cloud, and the expertise, staff, time and investment it requires is substantial. Patches and piecemeal solutions added over time do not render the same strong results as redundancy baked-in from the beginning.

Is recovery of stored data enough redundancy for your applications?

Download SunGard’s white paper, “The Real Value of Cloud Computing.”

Tags: , , , , , , , , , , , ,

Posted in Uncategorized

Add a Comment

Business Continuity in the Cloud

Posted: December 13, 2011, 12:58 pm

Business continuity focuses on the resiliency, restoration, disaster recovery and security needed to keep your system operating, performing, secure and, if an incident should occur, recoverable. Many cloud vendors have little experience with business continuity, preferring instead to offer consumer cloud services to clients that provide their own back-up procedures, intrusion protection, vulnerability alerts, firewalls, software upgrades and disaster recovery planning/testing.

Resiliency is the key

Without strong resiliency, redundancy and failover capabilities at each layer of the cloud stack, the failure of one component can cause the  failure, in short order, of many subsequent processes.   Some vendors have experienced such “cascading failures.” To be truly resilient, each component in the cloud must have failover logic and automation.

Enterprise Clouds are build for overall resiliency.  That means they have not only failover capabilities and integrated, multi-site, storage locations but also multiple points “baked-in” where the system can failover in and between layers automatically.  If a component fails, it needs to failover without human interaction, so the workload moves automatically to alternative hardware to maintain availability.

Ask the Tough Questions

If low-latency, high-performance, robust security and vigilant management are key requirements for your applications, it pays to drill your potential cloud provider about their procedures and automation related to resilience, redundancy, security, governance  and data recovery.  Ask for their Service Level Agreement early in your conversations, since it spells out the level of responsibility the provider expects to provide.

Does your current data center have automatic failover?

 

Read “Five Considerations When Evaluating Cloud Computing Architectures” for more information.

 

Tags: , , , , , , , , , , ,

Posted in Uncategorized

Add a Comment

Should you Negotiate your SLA?

Posted: October 27, 2011, 1:48 pm

Solutions Marketing Manager Janel Ryan discusses service level agreements today. –  Carl M

Much has been written in the few months about negotiating a better Service Level Agreement (SLA) with your cloud vendor.  Before you follow that advise, you may want to consider a few key points.

Be Realistic

First, If you are going to negotiate with your cloud provider, you have to be realistic about the performance you need and you have to be prepared to pay for those services. No vendor is going to take on more responsibility without charging more, no matter how hard you press.

Review the Architecture

Second, you’ll need to determine whether the vendor is capable of providing the service or performance level you are requesting.  Recognize that the services offered by the provider are usually governed by the cloud’s architecture and how it is implemented.  A cloud architected for inexpensive IaaS and quick provisioning may not use the most agile, efficient and self-managing software for storage, network and hypervisor.

Ask questions like, what uptime are you engineered for?  What exclusions would prevent you from obtaining an SLA remedies. Do they adhere to industry standards, like ITI for service management; ISO-9001:2008 for business processes, and  ISO 20000-1 for continuous improvement?  Do their internal procedures adhere to COBIT standards for governance?

Consider Walking Away

Finally and most importantly, if a cloud provider does not offer the SLA commitments you want and need, you are probably talking to the wrong provider.  Providers know what they do best and they know what is not in place.  If you need additional services, redundancy, a geographical distributed architecture and the vendor does not offer it, it is time to walk away.  Pushing a vendor out of his comfort zones adds more risk to an SLA, rather than adding more trust and confidence.

The clearer you are about your company’s needs for latency, redundancy, recovery, security and compliance, customer support, and technical support requirement, the easier it will be for you to select a cloud provider that can become a trusted partner.   Ask for a copy of the SLA early in your conversation with a vendor.  It could save you considerable time.

What improvements in service and support would benefit your company when it moves to a cloud?

Tags: , , , , , , , , , , , , , , , , , , , , , , ,

Posted in Uncategorized

Add a Comment

Understanding the Impact of Multi-Tenancy Design Concepts

Posted: June 29, 2011, 10:09 pm

Understanding the Impact of Multi-Tenancy Design Concepts

Today we hear from Chip Childers, product architect for SunGard’s Enterprise Cloud Services and partners with our product management and product engineering teams to drive the overall solution design of the service…CM

As you evaluate different cloud providers, it is important to understand the different concepts providers can use to deploy multi-tenancy.  Different concepts facilitate—or limit—the way in which a provider can respond to changes in the service needs of clients.

General Purpose Clouds

For example, some vendors design their clouds as commodities.  They focus on providing low cost access to computing power in  homogenous environments.  This type of general purpose cloud can scale quickly and easily to support large numbers of similar users.  As they become saturated, however, you may begin to see variations in performance, as some users expand their usage and experience spikes that place constraints on all other uses.

Performance variations can affect computing power, storage and I/O or network traffic.  Most providers already have solved performance problems associated with sharing VM RAM and CPU power, and most have deployed one or more of the many solutions for storage and I/O performance issues.  Consequently, network performance is usually the first noticeable bottleneck.  While it is important to know how your provider will handle performance variations wherever they appear, it is especially important to know how network issues will be handled. 

The Concern: Network Latency

Networks experience varying levels of latency based on where the users and their data reside and how much bandwidth has been allocated each user.  The easiest solution to network issues within a cloud is to physically separate heavy users from lighter users.  This means moving the heavy user to a private cloud where resources can be adjusted to meet the requirements of peak periods, more users and new applications.   

The Answer: Scalability and SLA

To reduce your risk of incurring more costs from your cloud provider, look for an enterprise provider that has scalability at every level of the cloud—SaaS, PaaS and IaaS.  And look, too, for a provider offering a Service Level Agreement that addresses the performance requirements for the services most important to your business.  These are the attributes of an enterprise level provider with the elasticity to meet your future needs. 

 

 

 

Tags: , , , , , , ,

Posted in cloud models, Uncategorized

Add a Comment

Cloud is a Service, Not a Commodity

Posted: November 23, 2010, 11:25 am

Forrester’s James Staten recently wrote a very well written (and widely read) piece on Cloud Computing trends for 2011.  While I agree with most of his bold points and predictions, one point gave me pause.  James writes:

“Cloud economics gets switched on.  Being cheap is good. We all know the basic of cloud economics — pay only for what you use — but the mechanism isn’t the lesson; it’s just the tool. Cloud economics 101 is matching elastic applications to cloud platforms and moving transient apps in and out so their costs are constantly returning to zero. Cloud economics 201 is designing and optimizing applications to take greatest advantage. Cloud economics 301 is knowing when and which cloud to use for maximum profitability. Look to early efforts such as Amazon Web Services’ Spot Instances and Enomaly’s SpotCloud to show the way here and the Cloud Price Calculator to help you normalize costs. As cloud segments, such as IaaS commoditize, tools that let you play the market will grow in importance.”

While this is true of small very portable and transitional workloads, I think this one is highly overstated in the enterprise.   These are the exception not the rule for most businesses.   Most services needed to be highly available once in production and must adhere to fully realized IT Infrastructure Library (ITIL®) processes designed to ensure the availability of these services.   While they will inevitably be moved into the cloud to get benefits of scale, elasticity and lowering costs – the move will be managed very carefully. 

There is a cost to this migration.   Enterprises understand this and will choose their cloud vendors carefully and will not switch vendors to save a nickel when then costs associated with the move will likely be measured in dimes.  It is precisely because most businesses do not have IT as a core competence–which is part of the benefit of clouds–that they will not have workload migration and cloud optimization as a core competence.  They should carefully choose a partner and work with and trust that partner until the partner is unable to meet the organization’s requirements.  In short – for the enterprise production applications, the cloud is a service – not a commodity.

 ITIL® is a Registered Trade Mark of the Office of Government Commerce in the United Kingdom and other countries.

Tags: , , , , , , ,

Posted in Cloud Adoption, Uncategorized

5 Comments

Can Cloud Computing Improve Your Security?

Posted: November 18, 2010, 3:59 pm

Cloud Security continues to dominiate the cloud conversation.  I asked Nik Weidenbacher, director of product engineering for cloud computing to give us his thoughts on cloud improving security.  Nik and his team are responsible for designing, building and testing the infrastructure for SunGard’s Cloud Computing Service…CM

Can Cloud Computing Improve Your Security?

Obviously, the answer is “it depends.”  How good is your security now?  A number of factors play into that question.

Security in a Data Center

If your technology runs in a traditional data center and you move to a cloud where the same technology is used, security is quite similar.  Essentially, you’ve been using virtual local area networks (VLANs) to separate your departments, and now your cloud provider use that same technology to separate your departments and to separate other tenants from you. 

Security in a cloud

If your company doesn’t use a technology like VMware to run multiple operating systems within VLANs, than the security landscape changes significantly.  A physical switch connecting the network to one machine in your data center is now replaced by software switches connected to multiple machines and managed by a “hypervisor.” 

Just as you secured that physical switch in your data center, the cloud technician must secure the software switches and the hypervisor to control who can/cannot access it, and they also need to adding invasion protection software to thwart unauthorized outside access. 

Then they have to consider security maintenance.  Are patches being received, evaluated and placed operation on a timely basis?   Clouds have lots of moving parts and, since it is the weakest link that is most vulnerable, you have to think about security everywhere all the time. 

Security gains

Ultimately, the most important security question is “who’s running your cloud.”  Many companies can’t afford all the software and technical skill it takes to manage a highly-secured data center, so they aren’t doing it.  A cloud provider can share that cost among many companies to not only provide a more secure environment but also to pay constant attention to it.  Similarly, where PCI-DSS certification for credit card transaction may be an on-going project in a company, the cloud provider may already have that security in place. 

What additional security measures could your organization gain with the right cloud provider?

Tags: , , , , , , ,

Posted in Cloud security

4 Comments

Is the Cloud Security Risk Overstated?

Posted: November 16, 2010, 5:15 pm

Gregory L. Smith, Senior Product Architect for Cloud Computing, is a liaison to clients for defining and shaping the security components of SunGard’s Cloud Computing Services.

Is the Cloud Security Risk Overstated?

Is the cloud security risk overstated?  If you work with a trusted partner and already have good security practices in place before you move to a cloud, I think the security risk in the cloud is slightly overstated.  It is not cloud computing itself that is the risk.

The Security Risk Realization

Unfortunately, it is not uncommon for a company to be planning a move to a cloud and suddenly see risks everywhere, including places that they had naively overlooked in their existing environment.  However, in you are moving to a trusted cloud computing provider, that provider probably offers more security capabilities than most managed service or infrastructure providers. 

The Key to Reducing Security Risk

The key to reducing the security risk within a cloud is to know how your provider approached the security requirements. Did the cloud computing provider retrofit security or design it in from scratch?

Retro-fitting security capabilities to handle, say, PCI-DSS, HIPAA, ISO 27001/2 regulatory requirements means extracting whatever information is available from low-level system logs after the fact.  This approach offers limited information, and testing security is difficult.

Designing security into a cloud means you can embed audit trails with needed data across all layers of the environment.  From a due diligence perspective, you can produce reports that provide transparency and prove that security is in place, not only for the auditors, but for the client and their customers as well. 

Large enterprises, especially, need built-in security.  The existing security information provided by a vendor may meet the needs of low-level use cases but not that of more closely regulated organizations.  Adding those capabilities could be difficult.

Enable the Client

The goal is not just to put a check mark by each security item on the list.  Rather, the goal is to enable the customer.  With embedded security, applications can ride on top of the infrastructure and transparently hand-off data that your organization needs for its applications.

Download SunGard’s white paper, “All clouds are not created equal.”

Tags: , , , , , , , , , , ,

Posted in Uncategorized

3 Comments