While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
Cloud computing offers a number of potential advantages to IT departments, namely lower IT and staffing costs. The cloud also presents a few challenges, one of which is that organizations open up their networks to new vulnerabilities. Here are five tips that will prepare an enterprise network for the cloud.
Tip 1: Set service-level agreements (SLAs) and quality-of-service (QOS) goals. Migrating applications to the cloud can introduce numerous performance and reliability issues, so negotiate a solid SLA with the cloud provider, including acceptable QOS goals for uptime and response time.
An SLA with a cloud provider needs to cover a number of different areas besides server uptime. These include network performance, storage of configuration information and support response time — typically the main IT functions that are important to most organizations.
Similarly, the IT organization has to ensure that its user requirements for QOS are met. That means factoring the potential for increased latency into the response times promised by the service provider. Whatever your organization finally settles on, read these agreements carefully and make sure you understand what the provider is promising.
Tip 2: Carefully consider the network architecture. Moving important applications to the cloud amounts to introducing another layer onto the network. When outsourcing applications to the cloud, think about everything from increased latency to new management requirements.
Latency is the most obvious consideration. Moving applications to the cloud almost always increases network latency because of the extra hop or hops needed to access the applications or data. A less obvious point is the potential effect of switching paths and its impact on increased network congestion. Adjusting to these issues may require IT managers to rearchitect the network to eliminate potential hot spots, improve performance and reduce the number of hops between the user and the cloud services.
This is generally not difficult, and on a modern network it is usually not expensive. However, it must be dealt with before moving important applications into the cloud. Typically, to rearchitect a network, IT managers will locate potential trouble spots and change the arrangement of the network to reduce or eliminate them.
For example, if the number of routers in the path increases latency unacceptably, the organization may need to change the topology of the network to eliminate one or more routers from that path. Alternatively, it may be necessary to add faster routers. Changing the topology isn't very expensive, but swapping out routers or other networking gear can be pricey.
Tip 3: Think about how running applications in the cloud changes the security equation. Most cloud service providers offer a variety of options to keep data secure. Still, moving into the cloud adds another potential vulnerability point to the network.
To deal with this, organizations can add additional encryption for individual files and applications and deploy virtual private networks (VPNs) to communicate securely with the cloud.
IT managers should also review the organization's security policies and permissions on the policies, such as which staff members have access to the data in the cloud, read-write permissions on material in the cloud, and who has the authority to add virtual machines to cloud-based servers.
Tip 4: Governance is still the organization's responsibility. Outsourcing applications and services to the cloud doesn't mean outsourcing responsibility. The organization is still responsible for meeting data governance and accessibility standards, such as Sarbanes-Oxley, HIPPA and other applicable regulations and standards.
An organization cannot escape responsibility for breaches or inadequate safeguards by blaming the cloud provider. Organizations need to review their responsibilities with the legal department to make sure those responsibilities are met.
Be especially cautious with new cloud services that move data across national boundaries. Most developed countries have data privacy regulations, and they vary considerably. Take the time to understand the local laws, and when it comes time to negotiate the contract, make sure the organization's cloud applications meet the standards of the country where the data is being managed.
Tip 5: Ensure visibility into the network. Whether on a private or public cloud, IT managers need to maintain visibility and management of the organization's data and applications. At the very least, this means making sure adequate management tools are in place to handle the material applications and data in the cloud at acceptable levels.
Ideally, the organization's existing network management tools should be compatible with the new cloud applications. The IT staff also needs to monitor performance of the cloud services.
Keep in mind that performance issues include not just the cloud itself, but the total performance, including the outside network that connects the enterprise to the cloud. The cloud itself may have perfectly acceptable performance, but the latency of the network between the enterprise and the cloud may add unacceptable delays. Generally, the cloud service provider covers these issues under the SLA and QOS agreements.