F5 advises: 3 tips to help minimize hybrid cloud risks
By Khoo Boo Leong 10-May-2012
IDC's recent finding that Asia/Pacific financial services institutions seek greater clarity on cloud computing regulations and better articulation of business benefits by IT vendors emphasizes how not all businesses are ready cloud converts.
Enterprises making the transition to cloud computing, be it building and managing self-owned private clouds or consuming from third-party cloud services, will invariably face hurdles around IT management and control; service availability and performance; and data security and protection.
Nonetheless, cloud computing, like virtualization, is well on its way to becoming mainstream technology in the region as more businesses of all sizes exploit it for agility and efficiency. Frost & Sullivan projects that the cloud computing market for the Asia Pacific region (ex-Japan) will grow at a compounded annual growth rate of 39% from 2010 to 2015.
"The number one challenge with cloud computing, whether it is internal, hybrid or external, is managing the availability and performance, especially in [fulfilling] a service level agreement (SLA)," said Alan Murphy, manager of Technical Marketing at F5 Networks. "The second challenge is security. When you move services into the cloud, you give up some level of control. When you translate that control into user access for governance and compliance, for instance, it becomes a big issue."
1. Integrate management
So, enterprise customers must be able to manage the cloud with the same level of control as in an on-premise data center. "They should be able to choose any cloud provider or cloud model and still have the assurance that their users on the cloud are secure and their cloud applications are always fast, available and secure," said Murphy.
With the hybrid cloud model, the cloud can be a physical extension of the data center. "We created a way to connect our customers' off-premise cloud to their local on-premise data center," said Murphy. "We enable them to bring in new technologies like virtualization and cloud computing and plug in or integrate these new resources into one location and manage these in a dynamic and fluid environment from a single location. If a [cloud] application goes down, we can direct users to another cloud or back to the on-premise data center."
Underlying such capabilities are cloud orchestration and management platforms from industry players like HP, IBM, Microsoft, CA and BMC Software. "Vendors are embracing the idea that the data center is no longer physical; it can be in any location and it consists of systems, networks and applications," said Murphy.
2. Go with the managed service provider
When selecting a cloud service provider, an ideal option would be to go with a cloud service provider that has also been a managed service provider to your organization. "Service providers that have been offering managed services for years, such as SingTel, China Telecom and AT&T, have established trust in that environment," said Murphy. "That's [a better] option versus going with a completely isolated infrastructure managed by a public cloud provider that you've never used before. And nobody has SLA standards like these service providers both on the front end for mobile phones and user access as well as the back end for managed service."
"Service providers that have been offering managed services for years, such as SingTel, China Telecom and AT&T, have established trust in that environment."
- Alan Murphy,
With a hybrid approach, enterprises can also just spin out the services or applications that are needed dynamically or on an ad-hoc basis. "So, instead of moving these to the cloud, you're just turning them off and starting them somewhere else," Murphy added. "When you get to that model, [service provider] lock-in isn't much of risk." It will also pave the way for enterprises to try multiple cloud providers or new cloud environments.
3. Keep user credentials secret
"When you move an application to [a third-party or public] cloud, how do you move your user credential data out to the cloud service? That is a big issue for 2012 and we're beginning to see some solutions," said Murphy.
One solution is federated security through open authentication. For instance, an open protocol like AOL OpenAuth, coupled with the Security Assertion Markup Language (SAML) standard for exchanging authentication and authorization data, allows an enterprise to exchange user credentials for an access token that can be provided to a cloud provider for access to its services.
Similarly, cloud service providers can use the OAuth protocol along with OpenID, for instance, to allow users to access their data while protecting their account credentials. Google is using the OpenID standard to enable users to sign in to any web site that accepts OpenIDs via their Google accounts.
"Imagine an enterprise moving its applications to SaaS like Force.com, Google Apps and Amazon Web Services," said Murphy. "It can now generate from one location a single token and get it out to each provider to interpret the credentials any way they want."