Cloud availability trumps security concerns when it comes to Shadow IT

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.

As pressure mounts to deliver value with ever-increasing speed, lines of business (LOB) are often drawn to cloud computing's ease of use, flexibility and rapid time-to-value. The resultant Shadow IT created by use of consumer grade cloud computing resources usually raises questions about enterprise security, but the real risk is the potential for downtime due to inadequate  availability.

Any interruption that impacts the customer experience will affect the bottom line -- and a company's reputation -- faster than you can say "temporarily unavailable."

So what can IT leaders do about it? With the cloud movement a foregone conclusion, how can they ensure the requisite availability standards are met -- and that their investments in availability are the right ones? There are five key success factors for addressing Shadow IT while ensuring availability in the cloud:

1. Think about which applications belong where. The first step is to know which applications make sense to deploy in the cloud and what their availability requirements are. Let's face it, not every application requires "nine nines" of availability. A basic collaboration tool can probably go down for a few minutes without bringing the business to a crashing halt. These applications may be just fine living in the public cloud because they have no special requirements for security, availability, or compliance. Mission-critical applications are a different story. Because these have strict requirements they are better suited to deployment in a private cloud, where you have greater control.

+ ALSO ON NETWORK WORLD Shadow IT: boon or burden? +

The goal is to balance the need for agility with the need to maintain appropriate levels of availability and security. Taking a "one size fits all" approach to availability can be extremely costly, while potentially leaving critical vulnerabilities. Analyzing your cost of downtime for specific apps, including cloud apps, is crucially important to ensure you're deploying them appropriately and making the right investments in availability.

2. Make availability understandable to the business. Ever feel like IT and the business are speaking different languages? Instead of getting frustrated that LOBs "don't get it," focus on helping business leaders understand how cloud availability impacts them. And listen carefully to what their needs are as they relate to flexibility and availability. Then work with LOBs to provide solutions that meet their business needs, while providing the level of availability required for specific applications. Here's where private clouds can be attractive, delivering the flexibility the business wants together with the control over availability that IT needs.

3. Read the fine print. With the rapid adoption of public cloud technologies there is no shortage of ambitious availability claims from mainstream vendors with familiar names. Unfortunately, many claims are more vapor than fact -- at least in terms of delivering true, mission-critical availability. It's wise to read the fine print in any public cloud vendors' service-level agreements. You may be surprised to find that some do not classify continuous outages as "downtime" unless they last 5 minutes or more. That means your application could go up and down all day long but, as long as it was not down for longer than 5 minutes at a time, they count that as 100% uptime. And if they do have an outage, all they offer is a 5% credit on your next bill for the server that was out.

The expectation of most public cloud providers is that your application needs to be constantly adjusting to their failures. This is exactly what led to the well-publicized Netflix outage last year. An entire Amazon region had availability issues and their expectation was that the individual customers needed to work around those failures. Better to have a solution that prevents failures from causing outages in the first place.

4. Tap the advantages of OpenStack for private clouds. Many enterprises are building private clouds to achieve control for applications with security, availability and compliance requirements. Which means making important decisions about which technology to build on. Implementing open source technology lets you avoid the dreaded "vendor lock-in" that can limit you down the road. OpenStack is emerging as the preeminent open source cloud computing platform. With broad industry support and open APIs, OpenStack offers greater flexibility to select the best-of-breed availability technologies that meet your needs -- including the new breed of software-defined availability (SDA) solutions. Why limit yourself to whatever the "closed solution" vendor may (or may not) provide? With OpenStack, you'll be able to keep your options open.

5. Keep an eye on the innovators. In a space moving as rapidly as cloud technology, there is tremendous innovation in the works -- including advances that offer exciting possibilities for private cloud availability. One such innovation on the horizon is technology that would enable selectable provisioning of availability on demand to ensure applications have the fault tolerance they need, when they need it.

For example, a financial application may only require the highest level of availability at the end of the month or quarter when the books are closing. Providing the highest fault tolerance during this timeframe, and lower fault tolerance the rest of the time, would be an efficient use of capacity while effectively managing business risk. Such an on-demand availability capability is not yet here. But it's coming.

The need to be more agile is driving LOBs to the cloud. The need to retain control over security and availability is driving IT organizations to deploy private clouds. By improving communication between LOBs and IT, by carefully evaluating real-world availability requirements, and by deploying the most flexible and open technologies, IT managers may just find a way to keep everyone happy.

Stratus Technologies is the leading provider of infrastructure based solutions that keep applications running continuously in today's always-on world.

Tags Configuration / maintenanceCloudsecurityhardware systemsinternetcloud computingData Center

More about Amazon Web ServicesNetflixStratusStratus Technologies

Comments

Comments are now closed

iiNet back in court over P2P file sharing

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]