Concerns about Security when considering Cloud technologies

I’ve been attending CloudCamps that have been hosted in the various TechDays cities (disclaimer: we sponsor the room and AV – events are completely run by CloudCamp organizers) and a very comment topic / thread comes up on issues of Security wen considering adopting Cloud technologies. Outside of the US – the number ONE flag that is thrown down is “The US Patriot Act”. Unfortunately – it is brought up in the wrong context and usually completely misunderstood by most everyone in the room. For more info on what I mean – check out IT World’s July 5th’s article written up by Jennifer Kavur (https://tinyurl/cloudexcuse).

I know – I’ve promised to write up a post on this specific topic – but honestly, I wasn’t ready to put pen to paper and will reserve my post until after the last CloudCamp I’m participating in takes place in Calgary on December 13th, 2010.

imageWhen you get your head around the whole “where the data resides and who has access too it” discussion, you should next focus on Who Can You Trust to provide you services? Ultimately, it is a conversation about outsourcing services (in this case, IT services) to someone else:

  • Have you done your research on their experience, capabilities, track record and ways of handling support issues?
  • Have you read the fine details about the Service Level Agreement you negotiated/accepted/purchased? (this is a big one – don’t treat it like a EULA that you click through)
  • Are they capable of working at large scale to give you the cost savings that were promised?

All of these questions need to be explored by you when evaluating your position on the cloud. They are only the starting point.

(side note for those of you interested in your career) I’ve been delivering a 65 minute session just on Cloud technologies and how it will affect IT Professionals in Canada. Overwhelmingly I am trying to convey a pretty simple message. It’s up to YOU to "get in front of the ball” and understand how Cloud technologies will help or hinder your business and services you provide. It’s coming at an alarmingly fast rate – way faster then previous waves of technology that affected our lives as IT Professionals.  You had best be in the Proactive conversation mode instead of a nay-sayer reactive mode without facts and content to back up your statements.

When I talk about all the offerings Microsoft has in the cloud environment (Azure / SQL Azure with PaaS, Office 365 / BPOS with SaaS, the forthcoming IaaS offering with Azure announced at PDC in September) and our commitment to have the best fit solution for you (On premise, Private cloud, Public Cloud, Hybrid approach) most people are quite shocked at what’s possible (it’s the “you guys do WHAT?” syndrome). We’ve been running global datacenters providing services at scale to hundreds of million users. We’re an active player and contributor in establishing industry standards for the ways Datacenters are designed, operated and managed as well as secured.  We have global teams of people responsible for ensuring we’re running our datacenters in a safe and secure manner for our customers and ourselves.

Intro one of my favourite stomping grounds for all things DataCenter related at Microsoft. The Microsoft Global Foundation Services website.

image

It’s your one stop shop for understanding a lot about what goes on with how we run our DataCenters. A great whitepaper came out specifically on the topic of “Information Security Management System for Microsoft Cloud Infrastructure” (rolls off the tongue, doesn’t it?).  In a nutshell, it covers how this program is applied to manage our cloud infrastructure providing services to our Software as a Service customers as well as giving an overview of our key certifications (ISO/IEC 27001:2005) an attestations (SAS 70 Type I and II). Remember that trust factor I mentioned above? You’re going to want to ensure your solutions provider has these credentials to back up their claims of being secure and well managed. While you are there – stop over to the Environment tab and check out this study on Cloud Computing and Sustainability: The environmental benefits of Moving to the Cloud.

Ultimately most IT Professionals will be working in some form of a Private Cloud or Hybrid cloud in the not too distant future. You can bet there will be mixed Hypervisor’s involved and you’ll want to investigate how to provide YOUR IT Services as a private cloud services with self service portals and on-demand provisioning with management hooks. Luckily we’ve got you covered for some free guidance and resources to get you started down the path in the right direction.

Cloud is a comin’. I’ve got my Tilley strapped on, Timmies in hand and I’m ready to go. You comin’?

Rick
IT Pro Team Blog | IT Managers Blog |Twitter | Facebook | LinkedIn