IT departments implement process controls to keep operations running as needed, and best practices, like ITIL, emerged because we need standardized ways to operate our IT practices so they run efficiently, reliably and securely. But,
Analysts with a credit card, some data and an interesting problem no longer need to wait for IT to respond to their ticket request for a server and analysis software. A developer who wants to test a new idea can upload source code and data to a cloud provider and be back to coding in minutes, without having to contend with bureaucratic procedures. The democratization of access to computing resources is no doubt a positive factor for businesses, governments and other organizations, but we need to retool our management procedures and governance practices to accommodate the way we work with cloud computing.
Cloud management services are stepping in to fill a need for more management oversight in the way we use cloud computing resources.
Cloud management services step in to fill a need for more management oversight in the way we use cloud computing resources. The market for these services has matured, but a set of basic and useful services also remains available.
Cloud management services, such as CloudEnable, CloudSoft, Enstratius (now part of Dell), RightScale and SmartScale, help bring some of the controls developed for on-premises operations to the cloud. How you use cloud services and the kinds of apps and data you work with in the cloud will influence your major concerns, but we will consider just four issues here: cost allocation and financial controls, access controls, key management, and auditing and reporting.
Cloud management vendors will vary in their strengths and areas of emphasis so you may want to prioritize your needs as you evaluate the relative strengths of various providers.
1. Cost allocation and financial controls. It's easy to run up a bill in the cloud. Provision an oversized server, keep it running longer than needed, store multiple copies of data on high performance (and high cost) storage devices and, before long, you have exceeded your budget. If you work with multiple clouds and have to track multiple groups of users, the challenge of tracking cloud expenditures is even more difficult. Cloud management services that offer financial controls can let you define budgets for groups of users, monitor resource allocation and limit resource use according to budget restrictions. This is especially important when a budget is spent with multiple cloud providers.
Consolidated cost accounting reports help reduce overhead with chargebacks. Rather than work with separate reports from multiple cloud vendors, users and managers can readily verify overall charges from a single report.
2. Access controls. Access controls are central to protecting applications and data. Organizations can spend substantial time establishing and maintaining user and resource directories that underlie authentication and authorization procedures. When applications and data move to the cloud, well established access controls may not.
Public cloud identity management systems, such as Amazon's Identity and Access Management (IAM), can integrate with on-premises Active Directory, but working with multiple clouds increases the management overhead of this kind of integration. By integrating your internal identity management directories with a cloud management provider, you may be able to reduce that overhead. Companies will still need to integrate their directories with their cloud management provider, but the provider can then integrate with multiple cloud providers on the customer's behalf.
3. Key management. Key management is another security-related area that cloud management services can support. Keeping encryption keys secure and intact is essential to protecting the confidentiality of your data and ensuring you will be able to recover that data in an event.
How are users in your organization managing their cloud encryption keys now? Do you have a secure key management system in place or are cloud users resorting to their own ad hoc methods for keeping them safe? Remember, if a private key is lost, any data encrypted with that key is essentially lost. Cloud management services that provide key management help protect keys and may offer additional benefits, such as helping enforce separation of duties and other best practices.
4. Auditing and reporting. Auditing and reporting support both compliance and ongoing operations management. A cloud management service can provide consolidated reports on user activities and resource use, leaving managers with more time to dig in to more complex oversight issues. For example, a report might identify an unusually large data transfer to cloud storage but not have the metadata necessary to indicate if that was confidential data or less-concerning public information.
About the author:
Dan Sullivan, M.Sc., is an author, systems architect and consultant with more than 20 years of IT experience. He has had engagements in advanced analytics, systems architecture, database design, enterprise security and business intelligence. He has worked in a broad range of industries, including financial services, manufacturing, pharmaceuticals, software development, government, retail and education. Dan has written extensively about topics that range from data warehousing, cloud computing and advanced analytics to security management, collaboration and text mining.
This was first published in August 2013