MAY QUESTION TO OUR EXPERT PANEL MEMBERS:
What are the main reasons for private cloud failure and how can we overcome such failures
RESPONSES
One of the reasons many organizations indicate a preference for private cloud is the lack of security inherent in public cloud. That may be just perceived or it may be real, depending on the type of security being discussed. Either way security is still a significant driver to opt for private cloud implementations.
Unfortunately, many of those implementations are failing.
Pundits have a variety of reasons as to why that’s the case, but one common theme revolves around a failure to recognize that cloud – whether private or public – is a new operational model.
Organizations consistently make the mistake of viewing private cloud as a virtualized environment with a dash of orchestration thrown. They view private cloud from the perspective of someone building it, rather than someone using it and thus miss the reason so many developers and line of business stakeholders end up adopting public cloud services, many of which endanger the security posture of the entire organization: the consumption model.
In the case of private cloud, much like the culinary arts, success is as much about presentation as it is substance. The ability to easily consume resources – whether compute, network, storage or security – is paramount. Simply slapping an orchestration layer over a set of static virtual machines does not make a private cloud any more than sprinkling some parmesan over a bowl of iceberg lettuce makes a Caesar salad.
Organizations need to build their private cloud with a top-down (consumer) approach, taking into consideration both form and function to ensure that the operational model not only acts but looks like a cloud.
Charles S
A lot of companies make the mistake of thinking that if a cloud is private they are are some how better protected. An off premise environment – whether public or private – introduces by its very nature and because it is new, vulnerabilities that previously didn’t have to be managed or mitigated. Any one of these can lead to failure.
To help safeguard themselves from private cloud failure, organisations need to give due consideration to three key factors. Firstly, companies need to understand what the security practices from their cloud solution provider are; secondly, how often that is tested and by whom; and lastly what internal changes need to be made now that cloud is part of the IT infrastructure.
To find out more about our panel members visit the biographies page.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.