A group of representatives from GE, Intuit, FedEx, JP Morgan, Bank of America, and others have worked for the last six months with the Open Network User Group (ONUG) to develop that explores the challenges of using the hybrid cloud.
The ONUG Hybrid Cloud Working Group (HCWG) includes not only valuable advice from its cloud usage experiences but also a wish list of how these companies want these platforms to be.
1. Categorize applications at low, medium and high-risk levels
What applications should pass to the cloud? Before you answer that question, you must sort your applications to evaluate what you have. The HCWG members recommend the categorization as low, medium, medium and high-security applications.
Applications with the highest security risk should have the most stringent security protocols. Low-risk data includes public or non-sensitive information, such as customer-oriented data. Medium risk data such as ERP systems and business management applications, but not those that contain IP (intellectual property) or patent data – can go publicly with additional security precautions.
Medium applications are classified as data with non-classified controlled government information or subject to strict regulatory compliance. It is not recommended to use high-risk applications in the public cloud. It includes information such as patents, critical business process, and confidential financial information.
2. Use an agent
Once an organization has determined which applications are appropriate for the public cloud, the next challenge is to get them in the cloud. Businesses can access public cloud resources from any Internet connection. However, member companies of ONUG recommend the use of a cloud broker or “man-in-the-middle” for two reasons: security and performance. A cloud broker is typically a provider that provides access points to several public cloud providers.
The cloud agent can be considered the new end of a corporate data center, providing a safe place to inspect network traffic entering and exiting the cloud before it reaches the company or to the remote data center.
From the standpoint of performance, the broker can provide direct fiber connections to various IaaS cloud providers. The intermediary can also serve other purposes, from application delivery control functions such as DNS, DHCP, load balancing to hosting an active directory to authenticate users. Cloud broker is a buffer between the public cloud and the enterprise network, so it is an ideal place to host Intrusion Prevention System (IPS) or Firewall security, as well as other network monitoring and analysis tools.
3. Negotiate prices
Large enterprises negotiate directly with public cloud providers and enter into business deals with discounted prices. The price list is usually just a guide. The HCWG warns that contractual negotiations can be a long and arduous process.
4. Use professional negotiators
When negotiating a business agreement with vendors, use a professional arbitrator. Some HCWG companies were up to 18 months to negotiate a contract, and they spent hundreds of thousands of dollars in legal fees. Experienced negotiators may be internal legal staff or external experts.
5. Cloud Licensing
HCWG members warn that you need to be careful about licenses in the public cloud. Make sure any licensed software you use internally is legally allowed to be used in the cloud. Even if there is no legal restriction to host a local application in the public cloud, some licenses are not designed for the public cloud in mind.
The license can be based on the number of CPUs accessed by the software, which can significantly increase performance once the application is placed in the cloud. Search native software licenses for the public cloud whenever possible.
Cloud auditors who have the expertise in operating in an on-premise world may encounter challenges in the public cloud. The language of the cloud and the location of the assets is oblivious to many auditors. ONUG encourages public cloud providers to provide training programs and tools for auditors.
7. Beware of responsibility
Some members of UNOG encountered problems negotiating responsibility with their IaaS cloud provider. In a more traditional service management or other subcontracting arrangements, liability generally covers losses, damages, and liabilities up to the value of the subcontracted asset. Cloud providers sometimes offer a different kind of responsibility.
8. Beware of blocking
The lock-in of a public cloud provider in some cases is inevitable, and not necessarily bad, explains the HCWG. The document points to the relatively high cost of moving data between different vendors, reinforcing the idea that it is easy to get data in the cloud, but more expensive and difficult.
9. Encrypt all and manage the keys
It is common practice to encrypt all data that goes and is stored in the cloud. ONUG reminds end users to secure the keys they handle, as well as the use of role-based access controls, which means that, for example, not everyone in an organization has access to administrative controls in a cloud environment. These must be protected with at least two authentication factors.
10. Understanding the limits of the public cloud
Along with a detailed list of tips based on their experience in using the public cloud, members of the HCWG have a series of requests for providers on how to improve their platforms to make the cloud easier to use. HCWG members would like easier portability between public clouds, common encryption protocols between multiple cloud providers, and a common API.