Security in the Cloud

As the industry moves further into Cloud Computing adoption, Security is one of the top concerns. While Cloud Computing has many definitions, one simple way to describe a Public Cloud – is a collection of server(s) connected and accessible via the Internet.

As individuals, most people inherently are careful to put anything that is extremely sensitive on a questionable server connected to the internet.  For a  business, using the Cloud, at least the Public Cloud means your software assets containing vital information about your business, highly confidential and strategic, are connected to the Internet. In the case of a Private Cloud the situation is a bit different.

The security concerns in the Cloud do not stem just from the Internet Connected nature, but also because of Multi-Tenancy. So what exactly is multi-tenancy in the context of the Cloud? Referring to the classical definition of Cloud Computing as maintained by NIST, #3 listed below is realized using multi-tenancy (Resource Pooling).

Copyright: Ron Batra, 2011. No reproduction in any form allowed unless authorized.

One way to think of Multi-Tenancy is living in an apartment complex.   Apartments have close proximity to each other, people know a bit about their neighbors. In addition, apartments have common services – plumbing, utilities, social areas – where people get together on social occasions, common gym etc.  Some people live in apartments largely for the social aspect. Others who want more privacy prefer not to live in an apartment .

Extending the analogy to Cloud Computing, Multi-tenancy makes some uncomfortable.  People worry about data-security, accidental password leaks, disasters – e.g. if the Power to the apartment is cut, all tenants lose power.  Similarly if the utility malfunctions, it can affect all the tenants. There is always the “snoopy neighbor” who always seem to know a bit more about everyone else.

It is best to weigh out the pros and cons not just for your business, but for various components.  For instance, one project, which doesn’t require extensive security, might be placed in a Multi-Tenancy environment.  Another, which requires the highest level of security, might be placed in a Private Cloud.  By selecting from an array of choices, you can better use those services you need for each specific purpose.  This is what Cloud Computing is all about.  Use what you need, in the best way possible for your applications—- and do it at the price that you can afford. Use different tools to solve different objectives

IDC’s 2011 Security Survey was very opportune and gave me an opportunity to hear how the industry is looking at Security across the entire spectrum of Cloud Service Models  including IaaS (Infrastructure as a Service), PaaS (Platform as a Service) and SaaS  (Software as a Service) across a range of industry verticals and company sizes from SMB’s to Enterprises.

Stay tuned…In my next post, I will give my readout of the IDC Review.

Are you using a Multi-Tenancy approach?  What are the ideal projects where you’d use it?  Where would you recommend another solution?  We look forward to hearing from you and getting your response.

The Networking Exchange Blog Team About NEB Team