Cloud Computing since 2003.
Cloud First means Data-center First.
Think better cost, performance and high availability for all private, hybrid and public infrastructure.
Cloud First is a safe and secure, future proof strategy developed for all business solutions…
All Cloud infrastructures make systems easier to monitor and manage.Traditional infrastructure stacks look to technical means to mitigate risk- Cloud First mitigates risk by contractual means.
A proper Cloud strategy should provide a framework for new projects and allow the migration of suitable systems to the cloud, extending the lifecycle of software and applications with the latest technologies.
Business can develop future applications without the need to purchase or invest capital, or provide and manage the computing infrastructure required to run them.
This means a successful project outcome without the costs of hardware management and hardware ownership to achieve operational costs expenditure for future Infrastructure, platforms, software, Big data, Internet of Things and site recovery cloud models.
Drawbacks of the traditional “on-premises” model
Drawbacks of the traditional “on-premises” model The upkeep of most technology means patching and updating with the need of eventual replacement. The decision about which parts to do and in which order with urgency is impossible to manage. The commitment of resources (budget, people) to provide upkeep with no promise of incremental business value can mean a strong likelihood of interruption and disruption.
A business approach invoking “upkeep and innovation” simultaneously is difficult. The maintenance of older infrastructure and systems in many cases with little documentation means the technical knowledge needed to maintain older systems is obtained through curiosity and chance, and is very time consuming. Any implementation experience tends to be mainly theory, never standardised or documented and is now unpractical. This lack of standardisation impedes business growth; delays to projects are caused by a repetitive learning curve of failed attempts and inevitable dead-end due to the time cycle needed to design, build and validate, rebuild and expand apply to each additional service you want to consume and increases across each project type. The hardware costs (compute, storage, network) are still on Capex, i.e. you pay for peak all of the time. Large scale monitoring and large dataset analysis is extremely difficult.
It is critical business understand the risks associated with using cloud services with their own level of risk tolerance, and then focus on mitigating the risks that the organization cannot afford to discount.
The company have to ensure their applications and data hosted in cloud services are secured in accordance with their security and compliance policies and verify that the master service agreement between the company and any future Cloud Service Provider, along with associated documents such as the service level agreement (SLA), contain all of their requirements. It is vital for the company to understand all the terms related to security and to ensure that those terms meet their needs. If a suitable master service agreement and SLA is not available, then it is inadvisable for an organization to proceed with the use of those cloud services at a specific provider.
Iaas, PaaS, SaaS and your Business.
The category of cloud service offered by the provider (IaaS, PaaS or SaaS) has a significant impact on the split of responsibilities between the company and the provider to manage security and associated risks. For IaaS, the Cloud Service Provider is supplying (and responsible for securing) basic IT resources such as machines, disks and networks. The business is typically responsible for the operating system and the entire software stack necessary to run applications, and is also responsible for the company data placed into the cloud computing environment.
Thus, most of the responsibility for securing the applications and the company data falls onto the company . In contrast, for software-as-a-service, the infrastructure, software and data are primarily the responsibility of the provider, since the company has little control over any of these features. These aspects need appropriate handling in the contract and the SLA (Service Level Agreement).
The costs are typically built into technology, resources, interventions, and audits. However, these costs will likely, pale in comparison with the potential liability and loss of reputation from an application security breach or the maintenance of legacy hardware systems. When developing and deploying applications in a cloud environment, the company should design their cloud applications and develop software in a structured methodology to engineer relevant security into their cloud applications, and develop “no vendor lock-in” type applications with regard for any high-availability strategy and synchronous database availability strategy across Cloud Service Provider and Private Cloud technologies. It should be noted that Big Data and IoT (Internet of things), DbaaS (Database as a service) models are services that are dependent on two or more of these cloud models combined.
Most organizations have established security and compliance policies and procedures that are used to protect their intellectual property and corporate assets, especially in the IT space. These policies and procedures are developed based upon analysis of the impact of having these assets compromised. A framework of controls and further procedures should be established to mitigate risk and serve as a benchmark for the execution and validation of compliance. These principles and policies, the enterprise security plan, and the surrounding quality improvement process constitute the enterprise security governance, risk management (including technical impact), and compliance model. The security controls for cloud services are similar to those in traditional IT environments.
However, the risks may be different because of:
- The division of responsibilities between the business and the cloud service provider, the fact that internal technical design and operational control of the public cloud service is in the hands of the cloud service provider
- The interface(s) that exist between the business and the cloud service provider.
- The public interface to private data at the Cloud Service Provider