A few weeks ago, one of the well-regarded vendors of the cloud storage world, Nirvanix, abruptly announced that it was closing its doors, giving its more than 1000 customers just two weeks to migrate their data off Nirvanix systems. While some crusty naysayers may waggle their pointer finger and say ‘I told you this cloud thing was a fad’, I don’t think this news is a death knell for the cloud. In fact, judging from the number of Google Ads that pop up when you search on Nirvanix, a host of enterprising cloud service providers are actively seeking to capitalize on Nirvanix’s demise.
However, if you are, or plan to be, a consumer of cloud services, Nirvanix should serve as a reminder of how important it is to have an end-to end plan for your cloud lifecycle.
It may be tempting to just click through the EULA on a CSP website without much scrutiny. Perhaps you’re just starting out with your test and dev environment, and you don’t need much in the way of service level agreements or security. But the cloud is a slippery slope, and once you prove its value in one capacity, you are likely to expand into more mission critical areas. Don’t just accept SLAs at face value. Aside from the obvious questions about availability, ask about ‘what ifs’. How do you get your data back if the provider goes belly up? How many copies of your data will be made for availability and disaster recovery? How is that data being secured?
Establish Plan B (and Plan C)
Even before you went to the cloud, you (hopefully) had a backup strategy in place that would help you recover critical systems in the event of an equipment malfunction or disaster. Perhaps your first foray into the cloud was as a backup measure, replacing tape or other backup media with highly scalable cloud storage. But if you are running primary or mission critical applications in the cloud, it’s even more critical that you have a plan should your provider go down for a few minutes—or forever.
If your applications and data are important, or if downtime will cost you money, you should absolutely use multiple service providers to ensure you have redundant primary and failover sites. Some providers also offer some good services for mirroring or moving data to other locations, so it’s definitely worth asking about.
Don’t forget security
The good news is that the highly virtualized nature of the cloud makes moving applications and data from point A to point B much easier than replicating physical hardware. But it creates unique security challenges.
Multi-tenancy: Let’s talk about multi-tenancy for a minute. As you probably know, CSP’s leverage virtualization so they can quickly deploy and move resources around for optimal performance and cost efficiency. But this also means that you’re sharing ‘your’ cloud with any number of other companies.
Administrator access: Virtualization collapses many of the air gaps and access controls that exist in physical server infrastructures. The administrators who manage the infrastructure have the keys to the kingdom. While we hope people are honest, and that our CSPs hire well, the evidence continues to illustrate that insiders can do a lot of damage.
Data at rest: If your data is not in use, it will sit at rest, co-mingled with the data from many other companies, in storage and potentially on other backup media like tapes, which may be stored off premise. If someone gains access to the storage network or backup media, there are no boundaries to prevent them from accessing everything. If your CSP goes out of business, you need to be sure that your data doesn’t get passed along with the CSPs hardware to the highest bidder at auction.
Replication: Multiple locations mean more copies of your data. As I mentioned earlier, it’s likely that even though you may create just one instance of an application in the cloud, your CSP has replicated it (and its data) to another location to guarantee availability and meet your SLAs. This means your applications are leaving little data footprints all over your CSP’s network.
As a best practice, encrypt your virtual machines and objects before you move them to any CSP, and ensure this encryption will stay with your VMs, even if you move or replicate them to another location. Also critical is that YOU control the encryption keys – not your CSP.
With just a little knowledge and a little technology, you CAN make a secure move to the cloud.