Stepping into the Private Cloud – Best practices for Your Organization
Today, it is simply not possible to ignore conversations related to cloud computing. Cloud computing has emerged as the most important method to conduct our businesses online. Whether you have heard about services like Amazon Web Services and Rack Space Cloud or not, cloud computing is here to stay. It has already changed the way we make business and has helped us to reduce a lot of clutter in our work environment. For instance, we no longer have to invest in IT infrastructure that is extremely expensive. Instead, a subscription to cloud computing is enough. Likewise, people have continued to invest more in cloud computing than any other technology and that is probably why many companies have also begun to follow the suit. The only problem, however, is that people still do not understand what the best practices are and how best they can avoid problems that might arise with cloud computing. In this article, let us take a look at some of the best practices of private cloud computing so that nothing goes amiss. These best practices are written to help corporate clients understand the significance of private cloud computing without getting confused. Storage provisioning When we deploy equipment to support cloud services, a number of issues related to infrastructure arise. One of the most important issues that we need to deal with is that of storage. This includes facilities such as storage area networks (SANs), local disks and network-attached storage (NAS). These are very dynamic in cloud environment. When there is a surge in traffic, it could lead to unexpected ramifications. For instance, a number of new frontends being started or it can result in a slave database being fired up unknowingly. It is quite clear that there needs to be a lot of space for these things to run. When traffic surge reduces, storage space is available yet again. However, such spikes can put sensitive data at risk. This might include passwords, encryption keys and customer data. In order to deal with a situation like this, you had better wipe storage before using it. You need to zero-out the data or allocate a terabyte of data. However, wiping disk space is, usually, the more preferred method. Another method is to encrypt storage and prevent information from being leaked. Perimeter security Most people think building a good perimeter is easy. However, all good things are easier said than done. Even if you install a number of firewalls everywhere, you would still leave room open for perimeter security to be compromised. A solid perimeter often becomes useless when security is not so secure after all. An easy method to counter this problem is to move the firewalls inside so that security is given attention. You can also place one firewall on every guest OS or virtualized system so that firewalls are attached closer to the system. Another solution is to attach the firewall on a network switch. When you do this, you will ensure that virtual servers make use of the firewall before connecting to the network. The final solution to this problem is to use virtualization products. Virtualization products now handle firewalls and protect guest OSes. This way, you can take care of not only security but also performance and ease of management. All that you need to do is choose one of the 3 solutions that we mentioned. Data security Data storage often poses a lot of risks, especially, when we are talking about cloud computing. Whether you are using public cloud computing or private cloud computing, we need to remember that data security has to be end to end. Resource pooling, multi-tenancy and allocation tend to be dynamic in nature and thus, a company’s data can get mixed up with another company’s data. For instance, the HR department’s data can get mixed up with the PR department’s data. When PR can access HR data, a number of serious problems could arise. We need to note that data persistence and intermingling haven’t been great issues as storage is not shared across boundaries. What you need to remember is that you track your data properly and audit it so that any inadvertent mistakes are quickly realized. This way, you will protect what needs to be protected and you will not end up compromising on your data and its security. By taking a few necessary steps, you can avoid a number of unpleasant situations that arise out of private cloud computing. Data encryption When you use shared storage, it is always a risk that your data gets intermingled or leaked. In order to avoid that from happening, you will probably need to encrypt all your data. This means, you need to even encrypt data that is at rest. When data is on a hard drive or on a SAN/NAS, data will not be accessible. However, when multiple users and systems access encrypted data, chances of data getting misused are higher. With this in mind, table-level encryption needs to be employed for shared-database services. If we are talking about Software as a Service (SaaS), you might have to rely upon back-ups. You might sometimes back up all your unencrypted data and encrypt them with a common key. That exposes your data to vulnerability. Thus, you need to back-up your encrypted data and use encryption keys only to back them up securely and store there. This ensures that the back-ups are not useless. Otherwise, the whole purpose of saving back-ups and encrypting them is defeated. At the end of the day, we need to know how safe our data is and that it is not being accessed by someone who does not have privileged access. Data portability There are a number of concerns when it comes to data portability in the cloud. First, there are no common standards that will help companies to just back-up all their data and then move it to another service. Second, there are major concerns about vendor lock-in with hybrid and public cloud providers. Importing and creating new data is always challenging,