IT and risk managers want to know, if they take advantage of cloud opportunities, what are the real impacts to their business for security, compliance and manageability? Will my applications perform the same way? Will I need to hire or retrain people? These unknowns are causing some businesses managers pause. They’re attracted by the promise of lower cost and greater agility but nervous about the implications of cloud. People often ask me: Will public cloud open up a can of worms?
The answer is, it depends how you go about it. Let’s discuss a few primary concerns that must be addressed before businesses can take their first confident steps into the public cloud.
Manageability. If you’re consuming services in a hosted environment, that gives you a much lower operating cost, but does the physical distance from the environment add complexity?
You certainly don’t want to have to create separate processes just to take advantage of cloud applications like Salesforce.com or Pivotlink. It’s critical that these applications be integrated into existing processes. If a user needs access to a cloud application, it should be easy to start a workflow to gain management approval and provision those rights, just as one would for an internal application. From the moment, the user requests access, all activity should be tracked and audited. That’s easy enough when the applications reside in-house. What we need to do is incorporate those same user provisioning capabilities in a holistic manner to public cloud.
The reality is that cloud isn’t an “all or nothing” proposition. Few businesses are likely to move all their applications to the public cloud. For the foreseeable future, companies will leverage a mix of in-house, virtual and public cloud applications. Having disjointed approaches to managing each becomes too cumbersome and negates much of the value derived from cloud in the first place.
The experience across these should be consistent. It should be entirely transparent to the user where the application actually is. If the provisioning looks and behaves exactly as it does not, that makes the transition far easier.
Security. While there are many aspects to security, there’s one flaw I see in many of the cloud security tools emerging on the market today. They lack real-time synchronization. In other words, there’s no way to see changes occurring in real time. It might take an hour or a day to identify breaches, and by that time, the damage has been done.
For example, an employee was terminated, all of their access rights should be disabled immediately, but that often doesn’t occur. Most provisioning systems perform these tasks in small batches throughout the day, causing risky delays. And the larger the organization, the longer the latency may be. For example, if there
Posted
Aug 21 2010, 11:55 AM
by
BobBentley