- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
Network World - Network World has conducted multiple tests of cloud-based services over the past year, and our overarching conclusion is that shifting compute processes to the cloud can help companies save money and become more flexible.
What's even more potentially game-changing is the attitude of cloud proponents, who view compute power as just another disposable commodity. In other words, hardware, and to an extent, software and applications, are just a means to an end, rather than hallowed and holy platforms to be venerated through long and arduous life cycles.
The interesting question going forward will be what effect this transformation in how companies acquire and consumer compute resources will have on longstanding relationships between traditional IT vendors and their customers.
Our overall conclusion, after conducting a variety of tests, is that the cloud services providers currently do a good job of delivering on their promises. One area they could improve on is security.
In our initial tests of private external clouds, we reviewed these secure connections to privately hosted external resources. The prices were high, we felt, compared with simply buying supplemental hardware. Yet expanding needs and crimped budgets can also make the convenience of expanding internal resources externally, attractive.
We wondered as we reviewed products in this grouping, about security within the privately connected expansion 'cloud.' We negotiated a VPN connection with each of the vendors in the review, as a VPN offers an encrypted communications path link between an organization and its external cloud resources.
Each of the vendors was able to help us connect to our admittedly non-Cisco-like virtual appliance router, from Vyatta. That covered the data link, and ostensibly, data flowing across a cloud hosting facility's network backbone.
Another type of data, however, flows across cloud instance storage resources. If the instance boots on a SAN, there aren't easy ways to ensure that iSCSI, Fibre Channel, or other externally connected storage resources are encrypted and secured.
So, we suggest that public or private cloud storage resources be encrypted, either through operating systems or filing subsystems. Disks might be local and ostensibly untouchable, but if they're part of a SAN connected by whatever means, assurances that data encryption is used is important.
The next question regarding a cloud facility has to do with physical access to a system. In our initial privately connected cloud test, only Bluelock gave us tacit assurance that physical access to resources that we used would be subject to a rigorous protocol. Employees had to follow a specific procedure to physically touch our equipment. They showed us cameras located in their network operations center. Others likely have this capability, too.
The nervousness surrounding physical access is important. Systems can 'accidentally' be rebooted after having malware or logging code injected into them. Port mirrors can be added. All sorts of mischief can be imposed by personnel. We like doing this ourselves, as we have a hacker's instinct for pushing sticks into hornet's nests so as to test new running shoes.