Cloud computing and different checkpoints

English: Cloud Computing Image (Photo credit: Wikipedia)

The cloud is everywhere. The term ‘Cloud Computing’ has created much expectations and hype among its anticipants. Many companies are just embracing the cloud without much or a little check on it. However, conscious users have their view on the Cloud that calls for a strong check on the claims and assurance on the various Cloud compliance. Let us peek into some of the ground facts about Cloud computing and different checkpoints.
There are many choices for the buyers, making the cloud model increasingly complex to make an informed purchase decision. Presently, cloud owners are renting the services on hourly use basis. However, choices are more; still you need to do a good test before sending the final purchase order.

1. Machine Hardware Performance : Given the same RAM capacity and same Operating System, two different cloud models behave and perform separately. This variation in performance is definitely due to the variation in the machine. The chipset used and the different latest versions make the combination more robust and a super-performer.

2. Pricing: It has always been difficult to price software services. The SAAS model is the backbone of the Cloud business. Data storage and application use are subjected to be recurrently used. So every time your employees plug in to the cloud, you are charged accordingly. Check on the pricing aspect stringently when subscribing to the cloud services.

3.Migration of data : Users also have found that moving data between different cloud spaces is not that easy. When the amount of data is heavy, the time taken is even more. Every time you move the data that is also a cost to your wallet.

4.Security: Cloud compliance always is a first to check. The other understanding is to ensure security compliances over the cloud. Security breach has multiple avenues; and it can be at several access points. At the first instance, it may seem that you own the complete control of your machine; however, this can hold true, if the operating system is secured and the latest software patches are installed and importantly working fine.Compliance over the cloud has yet to have an authority. No one knows the laws perfectly.

Businesses now a day are always in a constant threat of survival. New technology and cost-effective services always entice to go for the available options, but in at the stake of your business. Cloud computing definitely is the choice of the moment for better cost management. It is a though, better to cautionary notice to be alert at the checkpoints.

Source:Internet

Read more...

Balancing in the Cloud: Performance vs Security

It seems most companies understand opportunities that cloud computing solutions and services open up for them, especially for SMBs. So now the question sounds like: how to choose a good provider and the right one for your company and to what extend cloud computing services should be used. The complexities are numerous – issues such as security management, attack response and recovery, system availability and performance, the vendor’s financial stability and its ability to comply with the law, all need to be considered. There may be a number of advice and tips formulated with this regards (some are taken from CIO article):
1) Choose trusted providers. Today it exists a number of cloud tech companies to choose from and new ones go live each month. Despite this for cloud services it’s better to stick with trusted and solid companies. To name a few: Microsoft, Google, Intuit, Dropbox, Apple, Amazon, Salesforce. These are companies with deep pockets and dealing with security, and your data is an important part of their business.
2) Distribute between free and paid accounts. For storing financial or alike information paid accounts are preferable. For less critical data and applications free accounts of big trusted cloud service providers may work well. For instance, Google can afford to offer decent free accounts because their business is well-established and their free services just act as bait aimed at attracting new users and then gently pushing them towards paid services and premium accounts.
3) Select the right apps and data for the public cloud. Some businesses, mainly start-up companies, begin using the public cloud for all applications, including mission-critical apps and their data. However, public clouds are neither for every organization nor for every application: what can be subject to the default security provided by most cloud service providers are websites, application development, testing, online product catalogs and product documentation.
4) Evaluate and add security if it makes sense. CSPs can provide significantly different levels of public cloud security. The ISO/IEC 27000 series of standards provides guidelines for evaluating this. If necessary security measures that are used in an organization’s internal private cloud may need to be extended to their public cloud instances, and some cloud products like CloudSpan allow doing this.
5) Get use of the third-party auditing services. When comes to security compliance, organizations need not simply take the CSP’s word for it. Third-party auditing services can be used to audit and then compare to the promised ones.
6) Add authentication layers. Most CSPs provide good authentication services for public cloud instances. Some products like Halo NetSec can help add an additional layer of authentication. Before doing this you need to weigh the benefits of better public cloud security against the costs of increased network latency, possible performance degradation and additional points of failure.
7) Weigh additional security effect on integration. Adding on top of default security by CSP may affect overall application performance and identity and access management. It’s especially important to consider if you work with mission-critical application that need to integrate with other business applications.
8) Make security guarantees from SLA clear for yourself. Public cloud security guarantees with CSPs should be clearly stipulated as service level agreements in the contract, so make sure that transparent monitoring and reporting functions are available to you as a customer as well as security processes, procedures and practices are transparent and verifiable so that you may rely on this information.
9) Streamline logging and monitoring. Comparing one CSP’s logging and monitoring practices with another before you sign a SLA may reveal subtle differences in the security that’s provided so it’s another key to ensuring public cloud security.
10) Add encryption. You may want to employ your own encryption instead of or in addition to the ones provided by the CSP. A number of installable products or SaaS vendors can do this type of encryption on the fly. (VPN-enabled cloud instances fall under this category of augmented public cloud security.) When this happens, only the customer and the third party know the key; the CSP does not.
11) Spread outages risk with multiple even redundant CSPs. Despite cloud provisioning tools these days come already integrated with leading CSPs, it’s possible to spin up additional instances of servers with multiple CSPs automatically on demand: they are turned on if average CPU utilization reaches a certain threshold and turned off once utilization drops. Also when spinning up additional instances, it may make sense to use different CSPs in a round-robin fashion.
Thus, as you may see, experience of using cloud services may be adjusted and improved through following some advice. What’s crucial is finding a balance between cloud security and performance. Naturally there’s always a tradeoff when adding layers of security may be at the expense of application running slower and potentially adding points of failure. Figuring out the right balance between security and performance, though being difficult, is a must-have to run a strong business today.

Read more...