Public cloud 101,One individual does not hold all the keys to the kingdom. Copy right IBM.

Public cloud 101: Benefits, strategies and security concerns

Page 2 of 12 Sponsored by


Contents

Gist uses IBM cloud to improve supply chain messaging

Cloud computing benefits may trump public cloud security fears

Building an IT infrastructure roadmap to the cloud

The public cloud can offer organizations a number of benefits but it also brings with it security concerns. Can the benefits of cloud outweigh the challenges? Our experts go head to head in this e-guide from SearchCloudComputing.com and explore how the right cloud platform can simplify management and reduce any major security headaches. In addition, find out how to plan out a proper IT infrastructure roadmap while understanding storage, management and cost concerns.

Gist uses IBM cloud to improve supply chain messaging By Cliff Saran Gist, a logistics company specialising in the distribution of chilled, frozen and ambient foods, has implemented IBM Sterling B2B Integration Services, to enable it to share logistics messages with manufacturers. IBM is transforming and managing Gist's IT infrastructure based on a cloud service. IT process integration is managed and automated in the IBM cloud, allowing Gist to focus its in-house integration expertise on its most business-critical processes, such as fast-tracking perishable goods across its warehouse, thereby helping Gist to provide the highest level of customer service. The centrally managed IBM platform also issues automatic status alerts to help ensure the accurate and timely delivery of fresh produce. Mike Flynn, business solutions director at Gist, said, "Previously we used a variety of legacy value added networks and our own IT. We found that the number of interfaces we needed to maintain [with manufacturers] was getting greater and greater as we needed more real-time communications." Since Gist did not plan to make its messaging system a business differentiator, he says that moving to a cloud provider to handle the messaging was a better option and would also offer greater standardisation.



Contents




"As our trading partner network increases in size and complexity, it was crucial to Gist that we further simplify and consolidate our B2B integration operations and provide scalability to all our trading partners," said Susannah Teixeira, application architect at Gist. The shared platform from IBM maps transport logistics messages from manufacturers to a form accpetable by Gist's own internal IT. This enables Gist to accommodate the challenges of food and flowers delivery, which range from ensuring timely stock replenishment to managing returns, by its fleet of 1,200 vehicles to clients in the supplier, distribution, and retail industries. The scalable service is hosted on a public cloud. It provides Gist with the ability to increase its supply chain operation's capacity when demand for products increases around Christmas, Mother's Day or Valentine's Day.

Cloud computing benefits may trump public cloud security fears By Marc Maiffret and Sean McDermott

Sean McDermott Marc Maiffret

Public Cloud: Game changer or security gamble?

52% 48% Sean McDermott: Public cloud services may offer certain enterprises a better alternative to on-premises data center infrastructures, if those enterprises choose the right cloud platform from. Day 1



Contents




I have spent over 20 years helping hundreds of global clients manage their IT environments. I literally live in this space and as you can imagine, spend a lot of time talking about cloud. Massive investments are going into cloud infrastructure, but is it really the way to go? Absolutely. Cloud is not only vital to IT for a number of reasons, it’s a game changer. The days of IT dictating to the end user what tools to use or what the type of mobile devices can be on the network is a thing of the past. End users now drive IT and push companies beyond their infrastructures’ capabilities. This requires companies to move to a technology that is scalable and available immediately at the request of the end user. Evolving business models, advancements in technology and constantly changing workforces drive businesses of all sizes to challenge their IT departments to do more with less. That is where cloud comes in. Cloud allows businesses to improve agility, reduce costs and reduce time to revenue. To put it simply: The time previously spent in “fire-fighting mode” can be replaced with time devoted to innovation. With cloud, companies’ IT applications and infrastructure are available at all times, everywhere. By orchestrating the tasks used to create, configure and provision, service delivery initiatives are supported and enhanced like never before. Maximum cost benefits are realized through scalability, which helps companies support sudden increases in demand while avoiding underutilized IT capacity during slow periods. Cost savings are also gained in several other areas, including IT equipment, labor and data center real estate -- not to mention power and cooling savings. Automation, an organic component of all cloud platforms, provides the opportunity to tailor any cloud to meet an organization’s unique needs. But it’s important to note that cloud computing isn’t simply a switch you turn on. It requires a deliberate and phased approach, with careful attention paid to processes.



Contents




Fools rush into cloud without a strategy Most companies are so eager to jump on the cloud bandwagon they do so without the right vision and planning. In fact, I wonder if most companies looking into cloud can even correctly define cloud. To take it a step further, we’ve come across organizations that have already invested in commercial off-the-shelf cloud products without defining the services they plan to offer in their service catalogs. Vendors rush to market with cloud-based offerings while at the same time struggling to define their services. How can that be? Businesses are ready to spend massive amounts investing in technologies, yet they are still unclear as to what their best option really is. On top of that, companies forget the cloud needs to be managed. Organization needs to define “cloud” prior to choosing a product. To properly manage resources and services in the cloud, companies must implement a strategy that spans culture, organization, behavior and technology. Culture shifts are a huge hurdle for IT organizations. The shift from the technology mindset to service mindset will become imperative to the entire IT organization. Encourage change or fail in cloud Cloud computing demands a deep understanding of business needs coupled with multi-domain expertise that allow companies to design, build and operate highly efficient IT infrastructures that include legacy infrastructures aligned tightly with business priorities. Existing business behaviors and processes won’t change just because IT infrastructures do. Implementing cloud infrastructures demands a thorough evaluation of the impact on both people and relevant business processes; this seems to be a difficult lesson to learn. What gets lost is the right service-centric IT strategy that ensures alignment of IT decisions with business priorities. Cloud infrastructures must



Contents




seamlessly integrate with the existing environment as well as leverage rigorous automation to drive value into the organization. If you consider some of the benefits of public cloud in terms of scalability, mobility, access, and ease of deployments, it becomes apparent the standard processes that come out of the box are not tailored for all organizations. It’s important to remember the processes are simply guidelines. Companies need to spend time identifying the particular needs of the organization and developing a clear method for each unique end user to yield the best possible results in the cloud. To fully leverage cloud capabilities, organizations need to make sure there is a solid vision, and with that, I believe cloud’s full potential will exceed IT expectations. Marc Maiffret: When it comes to IT security, one size does not fit all. IT pros must spend time and energy to put things into the proper context to make the right decisions, particularly when evaluating whether to keep data on-premises or move to cloud computing. There is an ongoing debate over whether cloud-based architectures are good or bad. IT teams who argue for cloud believe its business benefits outweigh cloud computing security concerns. Cloud critics believe handing data to a third party with unknown levels of control just won’t work. The truth lies somewhere between the two extremes, and it depends on a variety of factors. Understanding when it makes sense to move data or systems to the cloud starts with understanding what the cloud actually is. The cloud is not so much a new technology as a new way of managing technology. The term “cloud” has come to mean everything from a single application normally hosted inside the organization to an application hosted by a third-party on the Internet. In the context of IaaS, cloud can also mean entrusting an entire IT infrastructure to another company.



Contents




Application choices matter with public cloud Each organization will have different considerations when deciding whether to move data or applications to the public cloud. Some of those decisions will depend on where data will reside in the cloud. From a security perspective, IT pros making decisions need to accurately assess whether the organization can truly secure data or infrastructure better than a potential cloud provider can. This is an important conversation that seems to get lost in the noise and nuanced debates about moving to the cloud. The reality is moving corporate email systems to the cloud makes a lot of sense for certain cases. For example, smaller organizations often lack the expertise in IT and security to manage Microsoft Exchange. Likewise, when you look at infrastructure providers such as Amazon, Rackspace or Google, it is hard to say a small or even midsized organization will do a better job securing cloud infrastructures. A one-size-fits-all approach to security might not be tailored enough for the security demands of a large enterprise, or even a smaller organization with specific security requirements.On the flip side, many large enterprises have advanced security processes, infrastructure and a seasoned security team in place. In these cases, it might make sense to keep certain technologies and infrastructure in-house, where security can be assured and might be stronger than with a cloud vendor. Cloud providers sometimes offer varying levels of security that small to midsized organization cannot; however, there are also some cloud providers that provide “one-size-fits-all” security. This one-size-fits-all approach to security might not be tailored enough for the security demands of a large enterprise, or even a smaller organization with more specific security requirements. The bottom line is to do the homework when looking at public cloud providers and understand what levels of security they provide. Then, it’s important to



Contents




not only ask if the cloud provider’s security is up to par, but if you can do it better.

Building an IT infrastructure roadmap to the cloud By Mike Laverick Infrastructure is where the public cloud model can offer the biggest benefit for startups. Public clouds allow startups to spin up their businesses quickly without eating into smaller cash flows by wasting dollars on building their own internal IT infrastructures. But there is an unhealthy assumption that by merely adopting a public cloud strategy, organizations will automatically save money. This is not necessarily true. Some employees may be using the cloud right now without even knowing. This represents a hidden "iceberg" of cost, where employees may be spending their organization’s money on virtual machines (VMs) with providers like Amazon EC2. This not only circumvents the standard operating procedures of many organizations but also their accounting and auditing systems as well. For two major reasons – to guarantee that commercially sensitive content remains private and to ensure the application of proper accountancy practices -- it may be time for organizations to legitimize public cloud for certain types of work. Costs will be incurred, but they should not be hidden from the business like a dirty little secret. Managing the cloud The two main areas of the cloud that users interact with are the service catalog and the self-service portal. It’s important to remember that having these features doesn't equal having a cloud; these are just the elements that are visible in the user interface.



Contents




There are management tasks that need to be carried out before users can even log on and start working. Envision the service catalog as the storefront or shop window from which the business offers pre-packaged and configured applications that consumers can use. The vApps in this catalog should represent the applications that business units want and need. Consider an audit of these applications to make sure that they are what different business units require. The service catalog needs to be presented in an attractive and simple way via the self-service portal. The real management challenges involve trying to integrate a cloud automation system on top of an existing virtual and physical infrastructure. Just as virtualization introduced new changes at the network and storage layer, so does the cloud. Private clouds may introduce new requirements that are go beyond normal virtualization needs. On the network side, you will need to ask your network team to create a significant number of VLANs on the physical switches to offer up pools of networks that cloud users can address. Typically, users creating new vApps initiate these requests. Network teams may react negatively to the idea that countless dormant VLANs are being created without knowing when they will be used. Therefore, the cloud and virtualization administration teams will have to explain, and justify in detail, the need for this configuration. Storage in the cloud Similarly, even larger pools of storage will need to be created, often using other tiers of arrays as well as different types and numbers of spindles, capacity and redundancy. These will then be displayed to users as data stores offering gold, silver and bronze classes of storage. Technologies such as thin provisioning and data deduplication may elevate this anxiety, but the main concern will be that the storage team is losing control of its part of the physical infrastructure.



Contents




The way most clouds present storage is at odds with the best practices of virtualization vendors. The general recommendation is to split the virtual disks across different classes for optimum performance -- fitting the demands of each virtual disk against its IOPS needs. The cloud doesn’t currently offer this level of granularity, with the boot OS, log files and data all being dumped on the same class of storage. Thus, it is possible for ancillary log files to be stored on some of the most expensive storage available. So there is tension surrounding the attempt to simplify the virtualization environment without losing the granularity that application owners have come to expect in recent years. Securing the cloud The focus of cloud security has been multi-tenancy, which can be compared to an office block that is shared by many different businesses: Businesses rent the space and services they need without the burden of managing and maintaining the physical infrastructure. Security practices must ensure that any shared-access model does not allow for one business to intrude upon another. After all, you might be sharing the office block with one of your competitors. One area of concern is whether the cloud security model allows for these organizational units to be secured from unauthorized access by a cloud provider. Who polices the police? If the cloud administrator has access to the underlying virtual infrastructure, then there is little to stop him or her from duplicating the data that resides inside a VM’s virtual disks and attaching that data to a VM for which they have system-wide administrative privileges. So one major challenge of the cloud model is ensuring that correct role-based access privileges have been assigned in such a way that one individual does not hold all the keys to the kingdom. In the case of the public cloud, it means trusting your provider to apply appropriate security procedures in its delegation process. Overemphasis on multi-tenancy unduly places focus purely on the network layer, often at the expense of analyzing how raw data is secured and



Contents




protected. For this reason, it is worth investigating private key encryption of data balanced against the regional laws that govern the physical location of the cloud. Before adopting any cloud automation layer, it’s necessary to conduct a root and branch audit of your existing virtual infrastructure. Whereas virtualization was a tactical solution that evolved into a strategic model, the cloud represents a strategic shift. Even more so than virtualization, cloud technology needs backing from senior managers and a project manager who is dedicated full time to delivering it.



Contents




Free resources for technology professionals TechTarget publishes targeted technology media that address your need for information and resources for researching products, developing strategy and making cost-effective purchase decisions. Our network of technology-specific Web sites gives you access to industry experts, independent content and analysis and the Web’s largest library of vendor-provided white papers, webcasts, podcasts, videos, virtual trade shows, research reports and more —drawing on the rich R&D resources of technology providers to address market trends, challenges and solutions. Our live events and virtual seminars give you access to vendor neutral, expert commentary and advice on the issues and challenges you face daily. Our social community IT Knowledge Exchange allows you to share real world information in real time with peers and experts. What makes TechTarget unique? TechTarget is squarely focused on the enterprise IT space. Our team of editors and network of industry experts provide the richest, most relevant content to IT professionals and management. We leverage the immediacy of the Web, the networking and face-to-face opportunities of events and virtual events, and the ability to interact with peers—all to create compelling and actionable information for enterprise IT professionals across all industries and markets. Related TechTarget Websites

Public cloud 101,One individual does not hold all the keys to the kingdom. Copy right IBM.

Technology

specific security requirements

end user

business priorities

public cloud

public cloud 101

office block

marc maiffret

service portal