All posts by Damien Garvey

Recognising Cloud Risks and Dealing with It

Cloud computing is not free from risks. Smart organisations recognise the risks and deal with them. If your organisation is migrating to the cloud and is worried about security, it is a healthy sign. You are gearing up to identify possible risks and deal with them. We have listed a few commonly talked about risks below for starting you off on your journey of discovery.

Risk #1 – Data security. This is a real concern. You are entrusting your data to a third party cloud vendor. You may or may not know where your data will actually be stored, who will be given access to your data and how many times and on to what servers it will be replicated for redundancy and high availability. You do not have to take this risk blindfolded. You can get your vendor to spell out the details for you. You can evaluate the level of risk involved and take steps to ensure that your data remains your intellectual property, and will not be compromised in any manner by the activities of your cloud vendor. The good news is that most cloud service providers are ready to provide you with any information you may want in this direction and even willing to commit to keeping your data secure from unauthorized entities. You can retain control over your data by employing “user defined” encryption keys to encrypt your data on their storage vaults.

Risk #2 – Integration APIs require validation. True. Cloud services provide standard APIs. Customers using the cloud service must evaluate these APIs for any flaws and understand the extent of risk involved. Ask your cloud service provider all the right questions about the APIs and also about the underlying infrastructure sharing protocols, so that you are fully aware of how and where your data is stored and how accessible it is to others who are sharing that same infrastructure over the cloud. With the right tools and technology, you should be able to address the risks involved.

Risk #3 – Cloud can complicate IT budgeting. True, if you have not centralised your cloud service purchases, your budget could get a bit complicated. If multiple branches of your organisation are purchasing services from multiple cloud vendors, the risk of disintegration is great. Budgeting can get complicated, and confusion can prevail. Ensure that cloud service purchase is centralised and all your branches ride the same cloud. Centralizing your cloud services could even safe you money as the provider could add additional services as a package for smaller fees. Centralised management is convenient as usage can be monitored and users can be tracked from a single window interface.

Hybridisation for Business Advantage

Hybrid clouds straddle the chasm between public and private clouds. The conceptualisation is highly recommended for small and medium organisations as–will be admitted—not all business data is mission-critical warranting the use of highly expensive private storage facilities that small organisations can ill afford. Most of these businesses may draw upon and use repeatedly, bits of information that may exist in the public domain or can comfortably exist in the public domain without compromising the security, integrity, and privacy of the enterprise customers. Storing such data in the public cloud is a reasonable and cost effective option.

When questioned, almost all small and medium enterprises agree that a hybrid cloud strategy is what they would like to look at. The hybrid cloud can be built up from either end—the public end or the private end. If the enterprise has been using a wholly private solution, change can be efficiently managed by gradually migrating non-mission critical information to the public cloud while continuing to operate the purely private bits as before. If end users have been working with the public cloud, more private, mission-critical information can be gradually privatised without creating unnecessary ripples in the production environment.

From the above discussion, it is clear that there is a need for a closer look at how the small and medium organisation works across cloud boundaries. The relationship across the public-private cloud boundaries will determine how they will proceed with the hybridisation of your cloud.

If most of the enterprise applications burst across private to public cloud boundaries, hybrid cloud solutions will have to begin at the SMB data centre and pan out to the remote cloud server. They will have to look at public cloud resources that will run these applications on similar configurations even when the operating system used is different.

If the enterprise applications are designed to permanently reside in a public cloud, but are expected to burst through the private cloud, it is imperative that the SMB start the cloud saga by focusing on the public cloud end and then integrating it across the boundary with the help of the cloud service provider.

Moving on to a discussion of the economics of hybridisation, it must be pointed out that the SMB budget has a deterministic role to play in decision making in context. Organisations with a large budget, can afford to splurge on a private cloud and move out to the public cloud in stages. Organisations that are budget constrained may prefer to reverse the option with an emphasis on consolidation and cost effective redeployment of existing resources. A validation exercise with budgetary focus is a must in strategy formulation. Detailed planning will reduce risks involved in migrating data across cloud boundaries, and making appropriate hosting choices for their applications.

Testing the Cloud –Trials, are for Free—Part II

In the first part of this topic, Test the Cloud- Trials are Free, we dealt with some of the nuances of using and testing cloud computing with trial versions of the software. In this part, we will explore some of the aspects that could not be covered in the previous article.

Generally, trial versions of the cloud software can be downloaded for free. But, most trial versions require you to hand over credit card details.  The purpose of obtaining that input from you is to ease the process of getting your subscription if you decide to go on with them. (Most cloud providers are certain that you will continue with them unless you are looking for something very specific).  A note of caution:  you will be charged if you do not adhere to time limits stipulated for the trial or do not communicate your acceptance or your rejection at the end of the trial period.  So, if you are allowed a thirty-day trial, complete the trial within the specified time limit, if you do not want to be charged for services that you do not plan to use.

Sometimes, trial versions of the software could come with some limitations. Even where the trial version is fully functional, you may have a limit on the amount of data storage space that is allocated per trial download.  This may not be sufficient for your enterprise. However, some vendors may allow you additional space for your testing operations on specific request.  So, pay attention to the amount of space you get with the trials, and make up your mind whether the allocated space meets all your testing and loading needs. If not, do not hesitate to start a dialogue with the vendor. They may oblige you and allocate more space on request or a small charge.

If all features of the trial are not functional, you may be allowed access to a fully functional trial on request.

The trial period is also a good time to evaluate the level of customer service you will get.  You will get a sense of the responsiveness and support from the different kinds of interactions you have with the management and the support team. You will also have an understanding of the kind of technical expertise that is available with the vendor. Ultimately, your employees will have to draw upon the vendor support for many things.  So, make use of the opportunity fully.

Test the Cloud—Trials are for Free—Part I

You do not have to buy anything before you convince yourself that the cloud is ‘just what you need’.  Download trial versions of different cloud services and see how your applications and workloads perform before you take the next step of accepting or rejecting cloud computing.

Getting the best out of the trial version of cloud software (any software for that matter) requires some effort and hard work on your part.  You need to have an exact and accurate idea of your data loads, workflows, backup and recovery requirements, time frames, reporting requirements, disaster recovery compulsions, recovery point objectives (RPO), recovery time objectives (RTO) and so on.  Without this information, launching on a trial is as good as useless.

If you have ascertained all of the above, you are ready for your trial.  You need to use simulated or actual data to create the right computing environment you are likely to use.  You may like to replicate the effort by downloading trials from more than one cloud service provider, so that you have the data for comparison. You may like to conduct extensive research in parallel on what the cloud service offers you—the enterprise—in the service level agreement (SLA) and what kind of reputation does the service provider have, etc., while you are busy simulating your computing environment over the Internet hands-on.

Experts recommend that it is best to start small and then go full hog.  They would rightly advise you to migrate non-critical systems first and then a few critical systems to see what kind of performance metrics you get.  Appointing a test group for the purpose of the test is generally a very good idea.  They can keep a record of the performance and the problems experienced during the trial.

Ideally, the trial should be a three to six-month trial.  Many cloud vendors will allow you the luxury if they think you are a big customer—they cannot afford to lose—or you are a very serious customer, who will ultimately subscribe to their services.   Otherwise, most trial versions are available for free for a period of 30 days.

Make sure, that the trial versions you are downloading are fully functional. A few vendors bar some features from the trial version and this can be very annoying. You may not be able to fully test the potential of the software during the trial.

Part II of this article is found here: Testing the Cloud –Trials, are for Free— Part II

Cloud Service Closures—How Does One Deal with it?

The Nirvanix shut down created panic. What if your cloud service provider follows suit? Is it safe to transfer data to the cloud? How does one recover huge amounts of data entrusted to the cloud service, if the service suddenly decides to close shop? Smart cloud adopters are never fazed by these shutdowns! They have learnt the tricks of the trade and know how to hit the ground running even when their cloud service provider goes out of business. What is their secret?

They do not wait for bandwidth constraints to jam up their systems and force them to give up on their data. Most cloud vendors have the facility of backing up your data to removable media directly from their servers. This data will be copied in the encrypted format and can be shipped back to you. Ask your cloud vendor whether such a facility is available with them. Get your data shipped back to you in removable disk drives at frequent intervals for secure storage in your storage vaults.

Alternately, set up a remote server with a high speed Internet connection and ample bandwidth for transferring your data at frequent intervals during the lifetime of your contract with your cloud service provider. Many service providers permit simultaneous streaming of information to the local backup repositories, even when the data is being streamed to the remote cloud server owned by the service provider.

A few service providers offer local backup appliances or devices (as part of their package) that can connect to your network and download / replicate and mirror information that is streamed from various locations to the remote server in the cloud. This appliance / device remains with you and will be available to you even when your service provider goes out of business.

Smart users do know where their data is stored and how they can get their vendor to purge the data before the shut down. First, they sign up for services that allow them to encrypt the data with a user-defined impregnable key that remains in their custody. Un-purged data will pose no danger, as it cannot be decrypted without the key, and if accessed, it will make no sense to the person accessing. Second, they study the Service Level Agreement (SLA) in great detail and insist on the inclusion of purge clauses. They know exactly how their data is shared or used by the cloud service vendor and have control over their data at all times. They may even insist on the facility to “Delete” data from their end from all or any of the servers that are maintained by the cloud service vendor and go in and delete the data themselves.

Flexible Computing—Cloud Advantages

The cloud adopts a consumption service approach to computing. The cloud separates the application layer from the underlying resource layer and introduces an extraordinary level of flexibility to computing.  Resources can be requisitioned on the fly and resource utilisation can be maximised. Resource capacity levels can be set to meet aggregate needs and utilisation levels can be maximised to reduce the cost of infrastructure deployment. Business users can ask for and use the right amount of technology at the right time for the right activity.

This is true irrespective of the fact that, cloud computing is delivered through a variety of configurations on demand.  The cloud can be a private cloud that resides inside a firewall.  The cloud can be a public cloud that is hosted on infrastructures owned and managed by the service provider and used by multiple enterprises collectively. Hybrid clouds are clouds that bridge public and private resources and use resources that exist inside and outside the enterprise firewall.  Each of these models allow users acquire or discard additional resources on demand.

However, this promised flexibility has not been achieved overnight. It has evolved gradually, with a lot of interaction between the provider and the end user and an extraordinary understanding of the needs of the other.  Three decades of intense efforts that have paid off.  Organisations and cloud vendors that were initially focused on cost efficiency moved on to focus their attention on quality and then on to business agility and further reduction of operating and capital costs.  Vitalisation has enabled the aggregation and consolidation of data centres and promoted the creation of large elastic pools of computing resources.

Standardisation and automation of applications and services have given the users freedom to deploy or use applications when wanted.  Simplification and centralisation have freed administrators from repetitive troubleshooting, patching, and change management.  Policy based workflows empower the workforce access and use information from wherever they are , and on whatever device they may choose to use. All this translates into cost savings on an extraordinary scale and opportunities for businesses by reducing time to service.

In short, the flexible computing paradigm will create a revolution in the way people work.  The cloud may enforce standardisation, pre-packaging of services and evolution of “no-touch” concepts. Management will no longer avoid change, but embrace it and work with it, so that business flexibility and agility is exploited effectively and efficiently.

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal