Recognizing and aggregating patterns is key to efficient and secure cloud operations.
Adapted from “Securing the Cloud” (Syngress, an imprint of Elsevier)
The cloud model brings many benefits for IT operations and support teams. Every step required to build and operate a traditional IT solution is overhead for the underlying goal, but it entails expensive skills and, often times, inefficient repeated effort.
Furthermore, traditional IT infrastructure can be dwarfed by the scale of cloud computing. Infrastructure at massive cloud scale demands automation. Even with a small cloud, automation is critical if you’re looking to accomplish IT processes such as provisioning and de-provisioning in a cost- and time-effective manner.
Cloud infrastructure demands efficient structure and organization. You must define and follow patterns at every step, from racking individual computers to cabling, operations and security. Only in this way can you incur savings and refine processes. An intelligently planned and organized cloud infrastructure can be more effectively and more efficiently built and operated by a smaller staff than if you were to take the same amount of hardware and disperse it across numerous server rooms.
Aggregating infrastructure components into patterns isn’t limited to computers, storage and network. Power and network cabling also benefit from regular patterns. This includes labeling or nomenclature. Patterns are empowering to the configuration management and change management processes.
These patterns have value when they’re optimized to eke even small margins in the build stage of a cloud. They have recurring benefit at every stage afterward: from provisioning virtual machines (VMs) to managing and operating cloud infrastructure. Objectives such as lights-out management, remote operations and fail-in-place contribute to the further pattern refinement.
Security has to be a part of this discussion on scale, structure and organization for the cloud. The combination of automation and structure also means you can still manage and operate immense clouds with a relatively small staff. Along with the technologies used in cloud computing, this will drive expansion of the skill set of cloud engineers. Simply put, you gain the advantage of graduating from a series of systems administrators associated with typical infrastructure or server closets to a dedicated team of cloud administrators and a dedicated security team.
Even when implementing a private cloud, the aggregated scale accrues benefits. The benefits of intelligently conceived patterns and automation can include fault tolerance, reliability and greater resiliency. There’s little question that a well-conceived and correctly implemented cloud network can offer a tenant or other customer better networking security than many could otherwise achieve on their own if they instead attempted to build, configure and operate a traditional network infrastructure.
First, established implementation patterns make for a more predictable and disciplined network than the typical infrastructure network or datacenter network. Second, when they hire their staff, most enterprises can’t afford the level of networking expertise that a cloud provider can deliver. There’s no question that the cloud customer benefits from this. Third, maintaining network security involves constant learning and intelligent response to new and emerging threats. It’s simply more cost-effective to benefit from the work that the cloud provider performs for its countless customers besides your company.
Every aspect of cloud infrastructure benefits from the scale and need for professional-grade gear and operations. Quite simply, the investment in security infrastructure needs to be greater with the cloud model. Given the scale of cloud infrastructures, you can do this and do so affordably with a cloud provider, especially when you consider the benefits of repeating patterns and the one-time cost associated with identity solutions or security development.
Among the many advantages of a cloud provider delivering network security is the tendency for a provider to employ carrier-grade network gear that has more sophisticated capabilities than typical enterprise networking gear. Sure, you could buy the same gear, but its cost would likely exceed the cost of all your other datacenter costs. Such carrier-grade gear also requires expertise to install, configure and operate.
The benefits of a cloud provider are truly substantial. Security functionality will afford greater resilience to dedicated attacks, as well as better automated-traffic inspection, among many other capabilities. Besides strong perimeter security, benefits include protection against a distributed denial of service (DDoS) attack, along with sophisticated VLAN capabilities.
Vic (J.R.) Winkler is a senior associate at Booz Allen Hamilton Inc., providing technical consultation to primarily U.S. government clients. He’s a published information security and cyber security researcher, as well as an expert in intrusion/anomaly detection.
©2011 Elsevier Inc. All rights reserved. Printed with permission from Syngress, an imprint of Elsevier. Copyright 2011. “Securing the Cloud” by Vic (J.R.) Winkler. For more information on this title and other similar books, please visit elsevierdirect.com.