Focusing on Data and Fact with less Hype

Jon Shende

Subscribe to Jon Shende: eMailAlertsEmail Alerts
Get Jon Shende: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Related Topics: Cloud Computing, Cloud Computing for SMBs, Cloud Application Management, Cloud Development Tools

Blog Post

Choosing Your Cloud Vendor

Questions impacting your service deployment

Expanding on the " introduction to cloud computing" article, here are some additional suggestions for choosing  a cloud service model  provider.

In a typical Cloud Computing data centre, an application set will generally be hosted over Virtual Machines running on a large number of Physical Machines
.

Total Cost of Ownership (TCO) is a definite factor when considering a move for some enterprise services into the cloud. There are certainly arguments both for and against the merits, especially when considering the impact of risk on an enterprise that choses to transfer risk with the adoption of a cloud service.

However as a customer you should ensure resources are in place to safeguard the maintenance and management of your identity management and authentication systems. Keep in mind that in the dynamic cloud computing environment traditional security practices may not fully apply and when designing your service/s for deployment in the cloud.

As customers you need to be clear that for every anticipated gain from such a deployment you will be giving up something else e.g.change in security metrics and loss of control of resources.

When drafting your Service Level Agreement (SLA) ensure that the provider explains items such as, their facilities to include business continuity plans, backup facilities, rack space, power, cooling, networking, physical security, logical security, (everything transferred to the cloud should be secured to the same level as you would implement at your enterprise to secure your applications in their Demilitarized Zone (DMZ)).

Conversely, be clear on the fact that once in the cloud any sort of communication that is not locked into your known and configured security processes is subject to being intercepted and/or compromised - a worse case sceanario, of course; but  IT risk management should be about preparing for the worst case sceanario.

With a cloud engagement you need to ensure that there are no conflicts between your security policies and protocols and that of the cloud vendor. A good rule of thumb is to look at how the cloud vendor will monitor systems, implement and configure firewall rules, anti-virus, intrusion detection/intrusion prevention systems and their protocol for log collection as well as packet filtering.

Bear  in mind that with the cloud there must be more of a focus on defining means to securing your services residing within this environment rather than an overt concern over network security.

So summarising some questions that should be resolved are:

  • 1) Does the vendor's implemented design meet your services requirements seamlessly?
  • 2) Will the cost of the cloud service be flexible and decrease over time and implementation?
  • 3) Does the cloud vendor's Business Continuity planning meet your Business Continuity requirements?
  • 4) Will your Cloud Computing vendor be able to provide an audit trail of all user activities within your cloud space? With respect to this question enterprise management may opt not to have audit teams deployed to each cloud vendor they may contract with simply because that is not economically healthy for enterprise operating revenues.
  • 5) How strong are their service and support platforms as well as company financial longevity?

More Stories By Jon Shende

Jon RG Shende is an executive with over 18 years of industry experience. He commenced his career, in the medical arena, then moved into the Oil and Gas environment where he was introduced to SCADA and network technologies,also becoming certified in Industrial Pump and Valve repairs. Jon gained global experience over his career working within several verticals to include pharma, medical sales and marketing services as well as within the technology services environment, eventually becoming the youngest VP of an international enterprise. He is a graduate of the University of Oxford, holds a Masters certificate in Business Administration, as well as an MSc in IT Security, specializing in Computer Crime and Forensics with a thesis on security in the Cloud. Jon, well versed with the technology startup and mid sized venture ecosystems, has contributed at the C and Senior Director level for former clients. As an IT Security Executive, Jon has experience with Virtualization,Strategy, Governance,Risk Management, Continuity and Compliance. He was an early adopter of web-services, web-based tools and successfully beta tested a remote assistance and support software for a major telecom. Within the realm of sales, marketing and business development, Jon earned commendations for turnaround strategies within the services and pharma industry. For one pharma contract he was responsibe for bringing low performing districts up to number 1 rankings for consecutive quarters; as well as outperforming quotas from 125% up to 314%. Part of this was achieved by working closely with sales and marketing teams to ensure message and product placement were on point. Professionally he is a Fellow of the BCS Chartered Institute for IT, an HITRUST Certified CSF Practitioner and holds the CITP and CRISC certifications.Jon Shende currently works as a Senior Director for a CSP. A recognised thought Leader, Jon has been invited to speak for the SANs Institute, has spoken at Cloud Expo in New York as well as sat on a panel at Cloud Expo Santa Clara, and has been an Ernst and Young CPE conference speaker. His personal blog is located at http://jonshende.blogspot.com/view/magazine "We are what we repeatedly do. Excellence, therefore, is not an act, but a habit."