As the recent LinkedIn breach makes all too apparent, cloud data is a juicy target for hackers. It’s one thing to target a mid-sized company that may or may not be worth an attacker’s time; it’s quite another to target a cloud provider that is storing data for hundreds or thousands of organizations.
“The most important considerations going into any cloud engagement are figuring out who can access data, how that data will be protected, and how the provider will prove the data has been protected through regular auditing,” Bocek said.
One CipherCloud customer turned to them in order to tackle those very concerns. After an acquisition, a major U.S. bank (which prefers to remain anonymous) became one of the nation’s biggest mortgage and loan servicers. They gradually began the complex process of integrating people, processes and technologies between two Fortune 500 firms.
The bank faced two main concerns. First, sensitive documents uploaded by loan applicants, including W2s, pay stubs and financial statements, needed to be stored in encrypted databases. Second, any data uploaded by “un-trusted” parties (including loan applicants) needed to be scanned for malware. Unfortunately, the legacy malware solutions deployed at the bank were not capable of scanning documents in the cloud.
The bank eventually deployed CipherCloud’s data protection gateway to encrypt and protect data and ward off malware.
Other factors that must be addressed include strong authentication, fraud detection and data-loss prevention. Fortunately, as the cloud evolves, these types of advanced protections are becoming services that can be easily added to public clouds. Sometimes, they can even be consumed as add-ons.
Most of us have felt the frustration of a slow Web site, or one that constantly crashes. When you’re making purchases or conducting important business, this could lead you to ditch that site in favor of a more reliable competitor.
It’s not a simple problem to solve, though. Web pages are more complex these days. End users favor multiple browsers, and users could be coming to the site from mobile devices.
The adoption of cloud computing adds to that problem. Sometimes this means lost dollars as consumers go to a faster site to make purchases. Other times, this could mean completely losing a customer to a competitor.
However, moving to the cloud is an opportunity to improve the end-user experience. In your own on-premise data center, if there is a regional outage, you’re probably offline. In the cloud, if you have proper zone or regional failovers in place (and can also you use the cloud to failover from your on-premise infrastructure), the risks of outages and downtime can be minimized.
When AlertBoot moved its business to the cloud, it was worried about application latency and the potential for downtime, both of which could be disastrous. To address this problem, AlertBoot deployed Riverbed’sStingray 9.0, a virtual application delivery controller. Since Stingray is software based, it gives AlertBoot the flexibility to jump between clouds should they need to do so in the event of a failure. The device also integrates web content optimization, which helps accelerate content delivery to improve the end-user experience.
“If you can avoid downtime, deliver content quickly to end users anywhere in the world and achieve application portability, the move to the cloud more than justifies itself,” Maliyil said. “However, to achieve those goals, you almost need to rethink, from the ground up, what your infrastructure will look like. The cloud offers the opportunity to correct all the infrastructure mistakes and compromises you made in the past.”
It’s important to realize that you will most likely not rely on a single cloud provider. Rather, you will eventually use many clouds. You may develop your own private cloud services for internal users, while relying on a public cloud provider for app development and various customer-facing services. Meanwhile, more and more of the enterprise applications you depend on will stop being delivered as on-premise, server-based solutions, but will instead be delivered as SaaS.
Remember those bad old days of vendor lock? You were a Cisco, Juniper or Alcatel shop, and you were pretty much stuck with your original choice for the foreseeable future. Well, plenty of cloud providers are looking to reignite an era of vendor lock.
Thus, it’s important to knowbefore engaging with a cloud provider how you will get your data out of their cloud should you need to move to another provider, or even reuse the data in some other app.
The Google-backed startup CliQr Technologies, which just emerged from stealth mode this week, hopes to solve this problem. "Many businesses have found [the promises of cloud providers] too good to be true,” said Gaurav Manglik, CEO of CliQr Technologies. “Migrating their existing applications has been costly and complex, often involving cloud-specific re-coding, virtualization and, once on the cloud, sub-optimal performance.”
Manglik claims that CliQr's CloudCenter changes all of that. CloudCenter ports applications to the cloud and then monitors them for performance and security. It includes an abstraction layer that lets businesses avoid the trouble of recoding apps for each and every new deployment. CliQr claims that most apps can be migrated to the cloud (or shifted to a different cloud) in under a day.
Bonus cloud migration secret: Take the time and devote the resources to getting your cloud migration right. Moving to the cloud confers all sorts of advantages, but one false step can erase them. It’s doubly important to get your cloud migration right – and do so now – because in the not so distant future you’ll have a roadmap for when you have to do this all over again for mobile.