Risk is everywhere, and in a cloud computing environment, there are new types of risks that are unique to this kind of environment. And in relation to workload management, we must identify the possible risks that would occur. For example, in the event of a major distributed denial of service (DDoS) attack, dynamic and intelligent provisioning, the pay-per-use model, and virtually unlimited computing resources that are the major fea- tures of cloud computing can be the Achilles heel of the organization but not exactly pose any risk to the system itself. You might already have an idea what sort of risk this poses to the organization.
Securing Data in the Cloud 113
A major DDoS attack will quickly load up the servers with requests and perceived traf- fic, which would make the system provision more and more resources in order to cope. The problem here is that the attack will not exactly cripple the system; it will just keep on pro- visioning more resources. The result is a massive spike in cost due to the spike in resource provisioning. If this goes unnoticed, it could really rack up costs, so it is important to watch out and plan for potential risks in a system that seems foolproof because sometimes strengths can be turned into weakness.
All systems have vulnerabilities; the most secure ones are simply the ones that are best at hiding them. In this regard, the practice of vulnerability management should be considered.
It is a security practice that has been specifically designed to proactively mitigate or totally prevent the exploitation of IT assets by external or internal threats. Vulnerabilities are first identified and classified, and then solutions are formulated. The solutions are then applied as patches on those vulnerabilities.
Because vulnerability management and other security measures are ongoing and we are unable to bring a system offline, properly scheduled server maintenance for patching should be considered. The fixes to vulnerabilities should also be well tested before application to prevent unexpected results, especially downtime.
Securing Data in the Cloud
Information has always been the biggest source of power in the history of man, and it is no surprise that people are always trying to steal it. To counter that, we are inventing new ways of keeping it safe. In the modern computer age, we became good at keeping data safe within our own cavernous data centers, away from prying eyes and sticky fingers. But the age of cloud computing threatens to destroy this security and expose our precious data by hiding it in public, in plain view of anyone who knows what to look for. That notion is indeed warranted, so we have to find new and unique ways for data management and security in the cloud.
Data becomes vulnerable in the cloud mostly during transport because it has to travel through public channels like the Internet. However, when it reaches its destination, which is most likely a remote cloud data center, then it is just as safe as if it were in the company’s in-house data center, so the problem now is how to secure data for transport when it needs to be out of the firewall.
Transporting data via a virtual private network (VPN) is often the best way to make your transported data invisible because you are essentially making the public web your own private network. Of course, encryption has to be put in place, and the complexity of that encryption would depend on the governance requirements of the data being transported.
Some organizations will probably opt for a private cloud infrastructure so they can main- tain control of their data while enjoying most of the functions of a cloud infrastructure, but not necessarily all of the benefits. A hybrid cloud can also be good choice, to have the best of both worlds. Sensitive data can be safe within the private cloud, while other data can come and go through the public cloud.
Managing Devices
The advance of personal computer and mobile technology means that most employees will prefer their own personal computers, in the form of laptops, tablets, and mobile phones, for office work rather than a company-issued device. And for the sake of data security and pro- tection, there must be a way to manage and control these devices.
And as employees become increasingly mobile, the need to support the devices they use to connect with work increases drastically. Because of the mobile trend, there is a greater demand for remote access of confidential company data from mobile devices, opening a whole new level of benefits and risk. When the bring your own device (BYOD) wave started, it created nightmares for IT. New processes and software for mobile device man- agement (MDM) and a new discipline called enterprise mobility management (EMM) were created, but they all proved to be tedious and inelegant solutions that turned IT into baby- sitters for devices simply because of the security risks they posed.
First, it important to understand what mobile device management and enterprise mobil- ity management are.
Mobile Device Management MDM basically refers to software solutions that are aimed at maintaining order amidst the chaos of device variety. It is often a clunky solution that has IT developing or sourcing different software for different device platforms and operat- ing systems. Either the same exact MDM software has to be ported to different mobile platforms or different MDM software solutions already present for individual mobile plat- forms have to be modified to work together. Without cloud applications, an enterprise must resort to an installed MDM solution. As mentioned, this requires IT to babysit devices and answer a lot of individual requests for device diagnosis and installation, not to mention all the trouble it would cause when a device is stolen or lost. The potential damage to the orga- nization would be tremendous.
Enterprise Mobility Management EMM is a relatively new field in IT management that has been specifically created because of the wide use of mobile devices in the work environ- ment. In short, because of the rapid increase of highly capable mobile devices, a business need for mobile management arose. The scope of this discipline includes security, applica- tion management, and financial management. This is a new discipline, so there are not so many practitioners and even fewer business entities implementing it. That is not to say that it is not a requirement; it is, especially if the organization has not yet embraced the cloud but needs to support mobile users. But the fact remains that it adds unnecessary strain to an organization’s IT infrastructure and workforce simply to support employee convenience.
MDM falls under EMM, but EMM is not a solution for workforce mobility and device management.
It is obvious by now that we are not advocates of MDM and EMM, and that is simply because they are unnecessary in cloud computing. Cloud computing allows the offloading of major computationally heavy processes from a connected device unto powerful serv- ers optimized for such tasks; that is the nature of cloud applications. This is where it gets interesting. With cloud computing, we can make little distinction between a tablet, a mere
Managing Devices 115
media consumption device, and an actual business laptop. Security problems arise when data is traveling long distances in a public channel because it can be intercepted and then rest on a mobile device that could easily be lost or stolen.
The solution is simple: keep data confined within the virtual environment. We call this solution the virtual desktop. It is nothing new, but it is revolutionary, and before cloud computing technology got to where it is now, it was not a complete solution. We will explain more in the next section.